bump version to v0.5.0 #93
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: phase1-ci-and-release | |
| on: | |
| pull_request: | |
| push: | |
| branches: ["main", "phase1"] | |
| tags: ["v*"] | |
| workflow_dispatch: | |
| inputs: | |
| publish: | |
| description: "Run ordered publish jobs" | |
| required: true | |
| default: "false" | |
| type: choice | |
| options: ["false", "true"] | |
| jobs: | |
| quality: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip pre-commit pytest bandit | |
| python -m pip install -e predicate_contracts -e predicate_authority | |
| - name: Verify package release order | |
| run: python scripts/verify_release_order.py | |
| - name: Run tests | |
| run: python -m pytest -q | |
| - name: Run auth module security checks | |
| run: | | |
| python -m bandit -q -r predicate_authority/bridge.py predicate_authority/daemon.py predicate_authority/control_plane.py | |
| python scripts/check_no_plaintext_okta_secrets.py | |
| - name: Run pre-commit checks | |
| run: pre-commit run --all-files | |
| publish-predicate-contracts: | |
| runs-on: ubuntu-latest | |
| needs: [quality] | |
| if: (github.event_name == 'workflow_dispatch' && inputs.publish == 'true') || startsWith(github.ref, 'refs/tags/v') | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install build tooling | |
| run: python -m pip install --upgrade pip build twine | |
| - name: Verify release order | |
| run: python scripts/verify_release_order.py | |
| - name: Validate release tag version | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: python scripts/validate_release_tag.py --tag "${GITHUB_REF_NAME}" | |
| - name: Build predicate-contracts | |
| run: python -m build predicate_contracts | |
| - name: Validate distribution metadata | |
| run: twine check predicate_contracts/dist/* | |
| - name: Publish predicate-contracts to PyPI | |
| env: | |
| TWINE_USERNAME: __token__ | |
| TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN_PREDICATE_CONTRACTS }} | |
| run: twine upload predicate_contracts/dist/* | |
| publish-predicate-authority: | |
| runs-on: ubuntu-latest | |
| needs: [publish-predicate-contracts] | |
| if: (github.event_name == 'workflow_dispatch' && inputs.publish == 'true') || startsWith(github.ref, 'refs/tags/v') | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install build tooling | |
| run: python -m pip install --upgrade pip build twine | |
| - name: Verify release order | |
| run: python scripts/verify_release_order.py | |
| - name: Validate release tag version | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: python scripts/validate_release_tag.py --tag "${GITHUB_REF_NAME}" | |
| - name: Build predicate-authority | |
| run: python -m build predicate_authority | |
| - name: Validate distribution metadata | |
| run: twine check predicate_authority/dist/* | |
| - name: Publish predicate-authority to PyPI | |
| env: | |
| TWINE_USERNAME: __token__ | |
| TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN_PREDICATE_AUTHORITY }} | |
| run: twine upload predicate_authority/dist/* |