diff --git a/.github/workflows/build-test-publish.yml b/.github/workflows/build-test-publish.yml index ca398e1..3e082c7 100755 --- a/.github/workflows/build-test-publish.yml +++ b/.github/workflows/build-test-publish.yml @@ -273,9 +273,19 @@ jobs: trivy_exit_code: ${{ inputs.trivy_exit_code }} docker_meta: ${{ inputs.docker_meta }} + set_git_tag: + if: ${{ github.event_name == 'push' }} + needs: [test_and_build, security_scan_artifacts] + uses: ./.github/workflows/set-git-tag.yml + with: + runner: ${{ inputs.runner }} + tool: ${{ inputs.tool }} + root_dir: ${{ inputs.root_dir }} + artifact_path: ${{ inputs.artifact_path }} + publish_docker_image: if: ${{ github.event_name == 'push' && inputs.docker_meta != '' }} - needs: [test_and_build, security_scan_artifacts] + needs: [test_and_build, security_scan_artifacts, set_git_tag] uses: ./.github/workflows/publish-docker-image.yml with: root_dir: ${{ inputs.root_dir }} @@ -290,7 +300,7 @@ jobs: publish_npm_libraries: if: ${{ github.event_name == 'push' && inputs.library_path != '' }} - needs: [test_and_build, security_scan_artifacts] + needs: [test_and_build, security_scan_artifacts, set_git_tag] uses: ./.github/workflows/publish-npm-libraries.yml with: root_dir: ${{ inputs.root_dir }} @@ -303,7 +313,7 @@ jobs: publish_python_libraries: if: ${{ github.event_name == 'push' && inputs.tool == 'uv' && inputs.publish_python_libraries == 'true' }} - needs: [test_and_build, security_scan_artifacts] + needs: [test_and_build, security_scan_artifacts, set_git_tag] uses: ./.github/workflows/publish-python-libraries.yml with: root_dir: ${{ inputs.root_dir }} @@ -313,7 +323,7 @@ jobs: publish_firefox_extension: if: ${{ github.event_name == 'push' && inputs.addon_guid != '' && inputs.xpi_path != '' }} - needs: [test_and_build, security_scan_artifacts] + needs: [test_and_build, security_scan_artifacts, set_git_tag] uses: ./.github/workflows/publish-firefox-extension.yml with: runner: ${{ inputs.runner }} @@ -325,7 +335,7 @@ jobs: release_android_apk: if: ${{ github.event_name == 'push' && inputs.app_root != '' }} - needs: [test_and_build, security_scan_artifacts] + needs: [test_and_build, security_scan_artifacts, set_git_tag] uses: ./.github/workflows/release-android-apk.yml with: runner: ${{ inputs.runner }} @@ -337,7 +347,7 @@ jobs: release_github: if: ${{ github.event_name == 'push' && inputs.artifact_path != '' && inputs.publish_github_release == 'true' }} - needs: [test_and_build, security_scan_artifacts] + needs: [test_and_build, security_scan_artifacts, set_git_tag] uses: ./.github/workflows/release-github.yml with: runner: ${{ inputs.runner }} @@ -348,7 +358,7 @@ jobs: publish_crates_io: if: ${{ github.event_name == 'push' && inputs.tool == 'cargo' }} - needs: [test_and_build, security_scan_artifacts] + needs: [test_and_build, security_scan_artifacts, set_git_tag] uses: ./.github/workflows/publish-crates-io.yml with: runner: ${{ inputs.runner }} @@ -378,6 +388,7 @@ jobs: test_and_build, security_scan_source, security_scan_artifacts, + set_git_tag, publish_docker_image, publish_npm_libraries, publish_python_libraries, diff --git a/.github/workflows/publish-docker-image.yml b/.github/workflows/publish-docker-image.yml index 129f2d0..2038bc7 100644 --- a/.github/workflows/publish-docker-image.yml +++ b/.github/workflows/publish-docker-image.yml @@ -114,19 +114,6 @@ jobs: echo "::notice::[Docker] No version found, publishing latest only" fi - - name: set git tag if not yet set - if: ${{ env.DOCKER_VERSION_TAG != '' && (inputs.artifact_path == '' || steps.check_artifact_exists.outputs.exists == 'true') && matrix.docker.name == fromJson(inputs.docker_meta)[0].name }} - run: | - if git ls-remote --tags origin "${{ env.DOCKER_VERSION_TAG }}" | grep -q "${{ env.DOCKER_VERSION_TAG }}"; then - echo "::warning::[Docker] Tag ${{ env.DOCKER_VERSION_TAG }} already exists, skipping tag creation" - else - git tag "${{ env.DOCKER_VERSION_TAG }}" - git push origin "${{ env.DOCKER_VERSION_TAG }}" - echo "::notice::[Docker] Created and pushed tag ${{ env.DOCKER_VERSION_TAG }}" - fi - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: run docker pre script if: ${{ inputs.docker_pre != '' && (inputs.artifact_path == '' || steps.check_artifact_exists.outputs.exists == 'true') }} run: ${{ inputs.docker_pre }} diff --git a/.github/workflows/publish-npm-libraries.yml b/.github/workflows/publish-npm-libraries.yml index 3d34efb..69b94b7 100644 --- a/.github/workflows/publish-npm-libraries.yml +++ b/.github/workflows/publish-npm-libraries.yml @@ -81,31 +81,6 @@ jobs: ${{ inputs.root_dir }}/yarn.lock ${{ inputs.root_dir }}/pnpm-lock.yaml - - name: extract version from package.json - if: ${{ steps.check_artifact_exists.outputs.exists == 'true' }} - id: extract_version - run: | - VERSION=$(jq -r .version package.json) - if [[ -z "${VERSION}" || "${VERSION}" == "null" ]]; then - echo "::warning::[NPM] Could not extract version from package.json, skipping git tag" - else - echo "release_tag=v${VERSION}" >> $GITHUB_OUTPUT - echo "::notice::[NPM] Extracted version: v${VERSION}" - fi - - - name: set git tag if not yet set - if: ${{ steps.check_artifact_exists.outputs.exists == 'true' && steps.extract_version.outputs.release_tag != '' }} - run: | - if git ls-remote --tags origin "${{ steps.extract_version.outputs.release_tag }}" | grep -q "${{ steps.extract_version.outputs.release_tag }}"; then - echo "::warning::[NPM] Tag ${{ steps.extract_version.outputs.release_tag }} already exists, skipping tag creation" - else - git tag "${{ steps.extract_version.outputs.release_tag }}" - git push origin "${{ steps.extract_version.outputs.release_tag }}" - echo "::notice::[NPM] Created and pushed tag ${{ steps.extract_version.outputs.release_tag }}" - fi - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: install latest npm for OIDC support run: npm install -g npm@latest diff --git a/.github/workflows/publish-python-libraries.yml b/.github/workflows/publish-python-libraries.yml index 7b06806..e95d26b 100644 --- a/.github/workflows/publish-python-libraries.yml +++ b/.github/workflows/publish-python-libraries.yml @@ -55,32 +55,3 @@ jobs: echo "FAILURE_REASON=missing_artifact" >> $GITHUB_ENV exit 1 - - name: extract version from pyproject.toml - if: ${{ steps.check_artifact_exists.outputs.exists == 'true' }} - id: extract_version - run: | - if [[ -f pyproject.toml ]]; then - VERSION=$(grep -m1 '^version' pyproject.toml | cut -d'"' -f2) - else - echo "::error::[PyPI] Cannot find pyproject.toml" - exit 1 - fi - if [[ -z "${VERSION}" || "${VERSION}" == "null" ]]; then - echo "::error::[PyPI] Could not extract version from pyproject.toml (got: '${VERSION}')" - exit 1 - fi - echo "release_tag=v${VERSION}" >> $GITHUB_OUTPUT - echo "::notice::[PyPI] Extracted version: v${VERSION}" - - - name: set git tag if not yet set - if: ${{ steps.check_artifact_exists.outputs.exists == 'true' }} - run: | - if git ls-remote --tags origin "${{ steps.extract_version.outputs.release_tag }}" | grep -q "${{ steps.extract_version.outputs.release_tag }}"; then - echo "::warning::[PyPI] Tag ${{ steps.extract_version.outputs.release_tag }} already exists, skipping tag creation" - else - git tag "${{ steps.extract_version.outputs.release_tag }}" - git push origin "${{ steps.extract_version.outputs.release_tag }}" - echo "::notice::[PyPI] Created and pushed tag ${{ steps.extract_version.outputs.release_tag }}" - fi - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-github.yml b/.github/workflows/release-github.yml index b74dbf6..ca2a5c8 100644 --- a/.github/workflows/release-github.yml +++ b/.github/workflows/release-github.yml @@ -88,19 +88,6 @@ jobs: echo "release_tag=v${VERSION}" >> $GITHUB_OUTPUT echo "::notice::[Release] Extracted version: v${VERSION}" - - name: set git tag if not yet set - if: ${{ steps.check_artifact_exists.outputs.exists == 'true' }} - run: | - if git ls-remote --tags origin "${{ steps.extract_version.outputs.release_tag }}" | grep -q "${{ steps.extract_version.outputs.release_tag }}"; then - echo "::warning::[Release] Tag ${{ steps.extract_version.outputs.release_tag }} already exists, skipping tag creation" - else - git tag "${{ steps.extract_version.outputs.release_tag }}" - git push origin "${{ steps.extract_version.outputs.release_tag }}" - echo "::notice::[Release] Created and pushed tag ${{ steps.extract_version.outputs.release_tag }}" - fi - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: check if release already exists if: ${{ steps.check_artifact_exists.outputs.exists == 'true' }} id: check_release_exists diff --git a/.github/workflows/set-git-tag.yml b/.github/workflows/set-git-tag.yml new file mode 100644 index 0000000..0210e59 --- /dev/null +++ b/.github/workflows/set-git-tag.yml @@ -0,0 +1,80 @@ +name: set git tag + +on: + workflow_call: + inputs: + runner: + description: "workflow-runner" + default: "ubuntu-latest" + required: false + type: string + tool: + description: "build tool - uv, npm, yarn, cargo, etc." + default: "none" + required: false + type: string + root_dir: + description: "path to project root (where the manifest file is)" + default: "." + required: false + type: string + artifact_path: + description: "path to artifact files (used as fallback for uv version.json)" + default: "" + required: false + type: string + +jobs: + set_git_tag: + name: set git tag + runs-on: ${{ inputs.runner }} + timeout-minutes: 5 + permissions: + contents: write + defaults: + run: + working-directory: ${{ inputs.root_dir }} + steps: + - name: checkout repository + uses: actions/checkout@v6 + + - name: extract version from manifest + id: extract_version + run: | + if [[ "${{ inputs.tool }}" == "npm" || "${{ inputs.tool }}" == "yarn" ]]; then + VERSION=$(jq -r .version package.json) + elif [[ "${{ inputs.tool }}" == "uv" ]]; then + if [[ -f pyproject.toml ]]; then + VERSION=$(grep -m1 '^version' pyproject.toml | cut -d'"' -f2) + elif [[ -f "${{ inputs.artifact_path }}/version.json" ]]; then + VERSION=$(jq -r .version "${{ inputs.artifact_path }}/version.json") + else + echo "::error::[Tag] Cannot find pyproject.toml or version.json for uv project" + exit 1 + fi + elif [[ "${{ inputs.tool }}" == "cargo" ]]; then + VERSION=$(grep -m1 '^version' Cargo.toml | cut -d'"' -f2) + else + echo "::notice::[Tag] Unsupported tool '${{ inputs.tool }}' for version extraction, skipping tag" + exit 0 + fi + + if [[ -z "${VERSION}" || "${VERSION}" == "null" ]]; then + echo "::warning::[Tag] Could not extract version from manifest (got: '${VERSION}'), skipping tag" + exit 0 + fi + echo "release_tag=v${VERSION}" >> $GITHUB_OUTPUT + echo "::notice::[Tag] Extracted version: v${VERSION}" + + - name: set git tag if not yet set + if: ${{ steps.extract_version.outputs.release_tag != '' }} + run: | + if git ls-remote --tags origin "${{ steps.extract_version.outputs.release_tag }}" | grep -q "${{ steps.extract_version.outputs.release_tag }}"; then + echo "::warning::[Tag] Tag ${{ steps.extract_version.outputs.release_tag }} already exists, skipping tag creation" + else + git tag "${{ steps.extract_version.outputs.release_tag }}" + git push origin "${{ steps.extract_version.outputs.release_tag }}" + echo "::notice::[Tag] Created and pushed tag ${{ steps.extract_version.outputs.release_tag }}" + fi + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}