Updated github actions worfklow and pre-commit setup

.github/workflows/create-release.yaml

@@ -9,32 +9,81 @@ on:
 jobs:
   release:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
       - name: Checkout repo
         uses: actions/checkout@v5.0.0
 
-      - name: Set up git user
+      - name: Get current tag name
+        id: current_tag
+        run: echo "current_tag=${GITHUB_REF##*/}" >> $GITHUB_ENV
+
+      - name: Get previous tag
+        id: previous_tag
         run: |
-          git config user.name "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git fetch --tags
+          tags=($(git tag --sort=-creatordate))
+          current=${{ env.current_tag }}
+          prev=""
+          for i in "${!tags[@]}"; do
+            if [[ "${tags[i]}" == "$current" ]]; then
+              if [[ $i -lt $((${#tags[@]} - 1)) ]]; then
+                prev=${tags[$((i + 1))]}
+              fi
+              break
+            fi
+          done
+          echo "previous_tag=$prev" >> $GITHUB_ENV
 
-      - name: Create GitHub release
-        uses: actions/create-release@v1
-        with:
-          tag_name: ${{ env.RELEASE_TAG }}
-          release_name: Release ${{ env.RELEASE_TAG }}
-          draft: false
-          prerelease: false
-          body: "See: https://github.com/Gridness/k8s-hooks/commits/${{ env.RELEASE_TAG }}"
+      - run: |
+          echo "Current tag: ${{ env.current_tag }}"
+          echo "Previous tag: ${{ steps.previous_tag.outputs.previous_tag }}"
 
       - name: Update README with new tag
+        shell: python
         run: |
-          sed -i "s|rev: .*|rev: ${RELEASE_TAG} # updated by release action|" README.md
+          import re
+          from pathlib import Path
+
+          with Path("README.md").open("r") as f:
+              content = f.read()
+
+          current_tag = ${{ env.CURRENT_TAG }}
+
+          def replace_rev(matches):
+              lines = matches.group(0).split("\n")
+              for i, line in enumerate(lines):
+                  if re.search(r"\s*rev:\s*.+$", line):
+                      lines[i] = f"    rev: {current_tag}  # or a specific tag/commit"
+              return "\n".join(lines)
+
+          updated_rev_exapmple = re.sub(r'``````', replace_rev, content, flags=re.DOTALL)
+
+          with Path("README.md", "w") as f:
+              f.write(updated_rev_exapmple)
+
+          print("Updated README with current tag revision")
+
+      - name: Configure git user
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
 
       - name: Commit and push README update
         run: |
           git add README.md
-          git commit -m "chore: update rev tag to ${RELEASE_TAG} in README"
-          git push
+          git commit -m "chore: update rev tag to ${{ env.CURRENT_TAG }} in README"
+          git push origin main
+
+      - name: Create GitHub release
+        uses: comnoco/create-release@v2
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+        with:
+          tag_name: ${{ env.current_tag }}
+          release_name: ${{ env.current_tag }}
+          draft: false
+          prerelease: false
+          body: | 
+            See: [https://github.com/Gridness/k8s-hooks/commits/${{ env.previous_tag }}..${{ env.current_tag }}](https://github.com/Gridness/k8s-hooks/commits/${{ env.previous_tag }}..${{ env.current_tag }})

.pre-commit-hooks.yaml

@@ -1,9 +1,9 @@
 - id: kubeseal-secrets
   name: Kubeseal secrets files
   entry: python3 ./kubeseal-secrets.py
-  language: system
+  language: python
   args:
-    - '*secret*'
+    - "*secret*"
   description: |
     Finds secret files matching the pattern and creates sealed secrets using kubeseal.
   stages: [commit]