SocketDev · flowstate · Nov 7, 2024 · Nov 9, 2024 · Nov 13, 2024 · Nov 13, 2024
@@ -0,0 +1,43 @@
+name: Mark Release as Stable
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to mark as stable (e.g., 1.2.3)'
+        required: true
+
+jobs:
+  stable:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Check if version exists in PyPI
+        id: version_check
+        run: |
+          if ! curl -s -f https://pypi.org/pypi/socketsecurity/${{ inputs.version }}/json > /dev/null; then
+            echo "Error: Version ${{ inputs.version }} not found on PyPI"
+            exit 1
+          fi
+          echo "Version ${{ inputs.version }} found on PyPI - proceeding with release"
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build & Push Stable Docker
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: socketdev/cli:stable
+          build-args: |
+            CLI_VERSION=${{ inputs.version }}
@@ -0,0 +1,168 @@
+name: PR Preview
+on:
+  pull_request:
+    types: [opened, synchronize, ready_for_review]
+
+jobs:
+  preview:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      # Install all dependencies from pyproject.toml
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e .
+
+      - name: Set preview version
+        run: |
+          BASE_VERSION=$(python -c "from socketsecurity import __version__; print(__version__)")
+          PREVIEW_VERSION="${BASE_VERSION}.dev${{ github.event.pull_request.number }}${{ github.event.pull_request.commits }}"
+          echo "VERSION=${PREVIEW_VERSION}" >> $GITHUB_ENV
+
+          # Update version in __init__.py
+          echo "__version__ = \"${PREVIEW_VERSION}\"" > socketsecurity/__init__.py.tmp
+          cat socketsecurity/__init__.py | grep -v "__version__" >> socketsecurity/__init__.py.tmp
+          mv socketsecurity/__init__.py.tmp socketsecurity/__init__.py
+
+          # Verify the change
+          echo "Updated version in __init__.py:"
+          python -c "from socketsecurity import __version__; print(__version__)"
+
+      - name: Check if version exists on Test PyPI
+        id: version_check
+        env:
+          VERSION: ${{ env.VERSION }}
+        run: |
+          if curl -s -f https://test.pypi.org/pypi/socketsecurity/$VERSION/json > /dev/null; then
+            echo "Version ${VERSION} already exists on Test PyPI"
+            echo "exists=true" >> $GITHUB_OUTPUT
+          else
+            echo "Version ${VERSION} not found on Test PyPI"
+            echo "exists=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Build package
+        if: steps.version_check.outputs.exists != 'true'
+        run: |
+          pip install build
+          python -m build
+
+      - name: Restore original version
+        if: always()
+        run: |
+          BASE_VERSION=$(echo $VERSION | cut -d'.' -f1-3)
+          echo "__version__ = \"${BASE_VERSION}\"" > socketsecurity/__init__.py.tmp
+          cat socketsecurity/__init__.py | grep -v "__version__" >> socketsecurity/__init__.py.tmp
+          mv socketsecurity/__init__.py.tmp socketsecurity/__init__.py
+
+      - name: Publish to Test PyPI
+        if: steps.version_check.outputs.exists != 'true'
+        uses: pypa/[email protected]
+        with:
+          repository-url: https://test.pypi.org/legacy/
+          password: ${{ secrets.TEST_PYPI_TOKEN }}
+          verbose: true
+
+      - name: Comment on PR
+        if: steps.version_check.outputs.exists != 'true'
+        uses: actions/github-script@v7
+        env:
+          VERSION: ${{ env.VERSION }}
+        with:
+          script: |
+            const version = process.env.VERSION;
+            const prNumber = context.payload.pull_request.number;
+            const owner = context.repo.owner;
+            const repo = context.repo.repo;
+            // Find existing bot comments
+            const comments = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: prNumber,
+            });
+
+            const botComment = comments.data.find(comment =>
+              comment.user.type === 'Bot' &&
+              comment.body.includes('🚀 Preview package published!')
+            );
+
+            const comment = `
+            🚀 Preview package published!
+
+            Install with:
+            \`\`\`bash
+            pip install --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple socketsecurity==${version}
+            \`\`\`
+
+            Docker image: \`socketdev/cli:pr-${prNumber}\`
+            `;
+
+            if (botComment) {
+              // Update existing comment
+              await github.rest.issues.updateComment({
+                owner: owner,
+                repo: repo,
+                comment_id: botComment.id,
+                body: comment
+              });
+            } else {
+              // Create new comment
+              await github.rest.issues.createComment({
+                owner: owner,
+                repo: repo,
+                issue_number: prNumber,
+                body: comment
+              });
+            }
+
+      - name: Verify package is available
+        if: steps.version_check.outputs.exists != 'true'
+        id: verify_package
+        env:
+          VERSION: ${{ env.VERSION }}
+        run: |
+          for i in {1..30}; do
+            if pip install --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple socketsecurity==${VERSION}; then
+              echo "Package ${VERSION} is now available and installable on Test PyPI"
+              pip uninstall -y socketsecurity
+              echo "success=true" >> $GITHUB_OUTPUT
+              exit 0
+            fi
+            echo "Attempt $i: Package not yet installable, waiting 20s... (${i}/30)"
+            sleep 20
+          done
+          echo "success=false" >> $GITHUB_OUTPUT
+          exit 1
+
+      - name: Login to Docker Hub
+        if: steps.verify_package.outputs.success == 'true'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build & Push Docker Preview
+        if: steps.verify_package.outputs.success == 'true'
+        uses: docker/build-push-action@v5
+        env:
+          VERSION: ${{ env.VERSION }}
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            socketdev/cli:pr-${{ github.event.pull_request.number }}
+          build-args: |
+            CLI_VERSION=${{ env.VERSION }}
+            PIP_INDEX_URL=https://test.pypi.org/simple
+            PIP_EXTRA_INDEX_URL=https://pypi.org/simple
@@ -0,0 +1,107 @@
+name: Release
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Get Version
+        id: version
+        run: |
+          RAW_VERSION=$(python -c "from socketsecurity import __version__; print(__version__)")
+          echo "VERSION=$RAW_VERSION" >> $GITHUB_ENV
+          if [ "v$RAW_VERSION" != "${{ github.ref_name }}" ]; then
+            echo "Error: Git tag (${{ github.ref_name }}) does not match package version (v$RAW_VERSION)"
+            exit 1
+          fi
+
+      - name: Check if version exists on PyPI
+        id: version_check
+        env:
+          VERSION: ${{ env.VERSION }}
+        run: |
+          if curl -s -f https://pypi.org/pypi/socketsecurity/$VERSION/json > /dev/null; then
+            echo "Version ${VERSION} already exists on PyPI"
+            echo "pypi_exists=true" >> $GITHUB_OUTPUT
+          else
+            echo "Version ${VERSION} not found on PyPI - proceeding with PyPI deployment"
+            echo "pypi_exists=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Check Docker image existence
+        id: docker_check
+        env:
+          VERSION: ${{ env.VERSION }}
+        run: |
+          if curl -s -f "https://hub.docker.com/v2/repositories/socketdev/cli/tags/${{ env.VERSION }}" > /dev/null; then
+            echo "Docker image socketdev/cli:${VERSION} already exists"
+            echo "docker_exists=true" >> $GITHUB_OUTPUT
+          else
+            echo "docker_exists=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Build package
+        if: steps.version_check.outputs.pypi_exists != 'true'
+        run: |
+          pip install build
+          python -m build
+
+      - name: Publish to PyPI
+        if: steps.version_check.outputs.pypi_exists != 'true'
+        uses: pypa/[email protected]
+        with:
+          password: ${{ secrets.PYPI_TOKEN }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Verify package is installable
+        id: verify_package
+        env:
+          VERSION: ${{ env.VERSION }}
+        run: |
+          for i in {1..30}; do
+            if pip install socketsecurity==${VERSION}; then
+              echo "Package ${VERSION} is now available and installable on PyPI"
+              pip uninstall -y socketsecurity
+              echo "success=true" >> $GITHUB_OUTPUT
+              exit 0
+            fi
+            echo "Attempt $i: Package not yet installable, waiting 20s... (${i}/30)"
+            sleep 20
+          done
+          echo "success=false" >> $GITHUB_OUTPUT
+          exit 1
+
+      - name: Build & Push Docker
+        if: |
+          steps.verify_package.outputs.success == 'true' &&
+          steps.docker_check.outputs.docker_exists != 'true'
+        uses: docker/build-push-action@v5
+        env:
+          VERSION: ${{ env.VERSION }}
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            socketdev/cli:latest
+            socketdev/cli:${{ env.VERSION }}
+          build-args: |
+            CLI_VERSION=${{ env.VERSION }}