Prowler 3.15.1 - Children of the Damned #60
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: pypi-release | |
| on: | |
| release: | |
| types: [published] | |
| env: | |
| RELEASE_TAG: ${{ github.event.release.tag_name }} | |
| PYTHON_VERSION: 3.11 | |
| CACHE: "poetry" | |
| # This base branch is used to create a PR with the updated version | |
| # We'd need to handle the base branch for v4 and v3, since they will be | |
| # `master` and `3.0-dev`, respectively | |
| GITHUB_BASE_BRANCH: "master" | |
| GIT_COMMITTER_EMAIL: "[email protected]" | |
| jobs: | |
| release-prowler-job: | |
| runs-on: ubuntu-latest | |
| env: | |
| POETRY_VIRTUALENVS_CREATE: "false" | |
| name: Release Prowler to PyPI | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install dependencies | |
| run: | | |
| pipx install poetry | |
| pipx inject poetry poetry-bumpversion | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: ${{ env.CACHE }} | |
| - name: Update Poetry and config version | |
| run: | | |
| poetry version ${{ env.RELEASE_TAG }} | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@v4 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| - name: Push updated version to the release tag | |
| run: | | |
| # Configure Git | |
| git config user.name "github-actions" | |
| git config user.email "${{ env.GIT_COMMITTER_EMAIL }}" | |
| # Add the files with the version changed | |
| git add prowler/config/config.py pyproject.toml | |
| git commit -m "chore(release): ${{ env.RELEASE_TAG }}" --no-verify -S | |
| # Replace the tag with the version updated | |
| git tag -fa ${{ env.RELEASE_TAG }} -m "chore(release): ${{ env.RELEASE_TAG }}" --sign | |
| # Push the tag | |
| git push -f origin ${{ env.RELEASE_TAG }} | |
| - name: Create new branch for the version update | |
| run: | | |
| git switch -c release-${{ env.RELEASE_TAG }} | |
| git push --set-upstream origin release-${{ env.RELEASE_TAG }} | |
| - name: Build Prowler package | |
| run: | | |
| poetry build | |
| - name: Publish Prowler package to PyPI | |
| run: | | |
| poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }} | |
| poetry publish | |
| - name: Create PR to update version in the branch | |
| run: | | |
| echo "### Description | |
| This PR updates Prowler Version to ${{ env.RELEASE_TAG }}. | |
| ### License | |
| By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license." |\ | |
| gh pr create \ | |
| --base ${{ env.GITHUB_BASE_BRANCH }} \ | |
| --head release-${{ env.RELEASE_TAG }} \ | |
| --title "chore(release): update Prowler Version to ${{ env.RELEASE_TAG }}." \ | |
| --body-file - | |
| env: | |
| GH_TOKEN: ${{ secrets.PROWLER_ACCESS_TOKEN }} | |
| - name: Replicate PyPI package | |
| run: | | |
| rm -rf ./dist && rm -rf ./build && rm -rf prowler.egg-info | |
| pip install toml | |
| python util/replicate_pypi_package.py | |
| poetry build | |
| - name: Publish prowler-cloud package to PyPI | |
| run: | | |
| poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }} | |
| poetry publish |