diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml index acdeedc..20154e0 100644 --- a/.github/workflows/create-release.yaml +++ b/.github/workflows/create-release.yaml @@ -9,32 +9,81 @@ on: jobs: release: runs-on: ubuntu-latest + permissions: + contents: write steps: - name: Checkout repo uses: actions/checkout@v5.0.0 - - name: Set up git user + - name: Get current tag name + id: current_tag + run: echo "current_tag=${GITHUB_REF##*/}" >> $GITHUB_ENV + + - name: Get previous tag + id: previous_tag run: | - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" + git fetch --tags + tags=($(git tag --sort=-creatordate)) + current=${{ env.current_tag }} + prev="" + for i in "${!tags[@]}"; do + if [[ "${tags[i]}" == "$current" ]]; then + if [[ $i -lt $((${#tags[@]} - 1)) ]]; then + prev=${tags[$((i + 1))]} + fi + break + fi + done + echo "previous_tag=$prev" >> $GITHUB_ENV - - name: Create GitHub release - uses: actions/create-release@v1 - with: - tag_name: ${{ env.RELEASE_TAG }} - release_name: Release ${{ env.RELEASE_TAG }} - draft: false - prerelease: false - body: "See: https://github.com/Gridness/k8s-hooks/commits/${{ env.RELEASE_TAG }}" + - run: | + echo "Current tag: ${{ env.current_tag }}" + echo "Previous tag: ${{ steps.previous_tag.outputs.previous_tag }}" - name: Update README with new tag + shell: python run: | - sed -i "s|rev: .*|rev: ${RELEASE_TAG} # updated by release action|" README.md + import re + from pathlib import Path + + with Path("README.md").open("r") as f: + content = f.read() + + current_tag = ${{ env.CURRENT_TAG }} + + def replace_rev(matches): + lines = matches.group(0).split("\n") + for i, line in enumerate(lines): + if re.search(r"\s*rev:\s*.+$", line): + lines[i] = f" rev: {current_tag} # or a specific tag/commit" + return "\n".join(lines) + + updated_rev_exapmple = re.sub(r'``````', replace_rev, content, flags=re.DOTALL) + + with Path("README.md", "w") as f: + f.write(updated_rev_exapmple) + + print("Updated README with current tag revision") + + - name: Configure git user + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" - name: Commit and push README update run: | git add README.md - git commit -m "chore: update rev tag to ${RELEASE_TAG} in README" - git push + git commit -m "chore: update rev tag to ${{ env.CURRENT_TAG }} in README" + git push origin main + + - name: Create GitHub release + uses: comnoco/create-release@v2 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.GH_TOKEN }} + with: + tag_name: ${{ env.current_tag }} + release_name: ${{ env.current_tag }} + draft: false + prerelease: false + body: | + See: [https://github.com/Gridness/k8s-hooks/commits/${{ env.previous_tag }}..${{ env.current_tag }}](https://github.com/Gridness/k8s-hooks/commits/${{ env.previous_tag }}..${{ env.current_tag }}) diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index 72d4a16..9317f6f 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -1,9 +1,9 @@ - id: kubeseal-secrets name: Kubeseal secrets files entry: python3 ./kubeseal-secrets.py - language: system + language: python args: - - '*secret*' + - "*secret*" description: | Finds secret files matching the pattern and creates sealed secrets using kubeseal. stages: [commit]