deps: resolve vulnerabilities (#5) #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
branches: | |
- main | |
env: | |
GIT_USER_EMAIL: ${{ secrets.GIT_EMAIL }} | |
GIT_USER_NAME: ${{ secrets.GIT_NAME }} | |
permissions: | |
contents: write | |
packages: write | |
jobs: | |
bump_version: | |
if: "!startsWith(github.event.head_commit.message, 'bump:')" | |
runs-on: ubuntu-latest | |
name: 'Bump version' | |
outputs: | |
version: ${{ steps.cz.outputs.version }} | |
steps: | |
- name: Check out | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
token: '${{ secrets.ACCESS_TOKEN }}' | |
ref: 'main' | |
- name: Config Git User | |
run: | | |
git config --local user.email "$GIT_USER_EMAIL" | |
git config --local user.name "$GIT_USER_NAME" | |
git config --local pull.ff only | |
- name: Set up Python | |
uses: actions/[email protected] | |
with: | |
python-version: 3.11 | |
- name: Create bump and changelog | |
id: cz | |
run: | | |
python -m pip install -U commitizen | |
cz bump --yes | |
export REV=`cz version --project` | |
echo "version=\"v$REV\"" >> $GITHUB_OUTPUT | |
- name: Push changes | |
uses: ad-m/[email protected] | |
with: | |
github_token: ${{ secrets.ACCESS_TOKEN }} | |
repository: ${{ github.repository }} | |
branch: 'main' | |
directory: . | |
tags: true | |
- name: Print Version | |
run: echo "Bumped to version ${{ steps.cz.outputs.version }}" | |
build: | |
runs-on: ubuntu-latest | |
needs: | |
- bump_version | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Log in to GitHub container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
logout: false | |
- name: Set repo name | |
run: | | |
repo=$(echo "ghcr.io/${{ github.repository }}" | tr '[:upper:]' '[:lower:]') | |
echo "REPO=$repo" >> $GITHUB_ENV | |
- name: Build and push | |
run: | | |
docker buildx build --platform linux/amd64,linux/arm64 -t ${{ env.REPO }}:latest --push . | |
docker buildx build --platform linux/amd64,linux/arm64 -t ${{ env.REPO }}:${{ needs.bump_version.outputs.version }} --push . |