Skip to content

update workflows #742

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
furlongm merged 1 commit into from
Feb 4, 2026
+24 −68
Merged

update workflows #742

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/workflows/codeql-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@v4
- name: Autobuild
uses: github/codeql-action/autobuild@v3
uses: github/codeql-action/autobuild@v4
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@v4
86 changes: 21 additions & 65 deletions .github/workflows/create-release-and-upload-assets.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@
jobs:
create-release:
runs-on: ubuntu-latest
outputs:
upload_url: ${{ steps.create_release.outputs.upload_url }}
steps:
- uses: actions/checkout@v4
with:
Expand All @@ -17,22 +19,14 @@
git fetch --all
- name: Create release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
tag_name: ${{ github.ref_name }}
name: Release ${{ github.ref_name }}
draft: false
prerelease: false
- name: Create upload_url artifact
run: |
echo "${{ steps.create_release.outputs.upload_url }}" > upload_url.txt
- name: Upload upload_url artifact
uses: actions/upload-artifact@v4
with:
name: upload_url.txt
path: upload_url.txt
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
update-version-and-changelog:
needs: create-release
runs-on: ubuntu-latest
Expand Down Expand Up @@ -74,130 +68,92 @@
gbp dch --new-version=$(cat VERSION.txt)-1 --release --distribution=stable --spawn-editor=never --commit --commit-msg="${COMMIT_MSG}"
git push origin main
build-and-upload-deb-assets:
needs: update-version-and-changelog
needs: [create-release, update-version-and-changelog]
runs-on: ubuntu-latest
container:
image: debian:bookworm
steps:
- name: Install build dependencies
run: |
apt update
export DEBIAN_FRONTEND=noninteractive
apt -y install python3-setuptools debhelper dh-exec dh-python git-buildpackage
- name: Fix sh so env vars propogate
run: |
rm /bin/sh
ln -sf /bin/bash /bin/sh
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: main
- name: git fetch --all
run: |
git config --global --add safe.directory /__w/patchman/patchman
git fetch --all
- name: Get version
run: |
export version=$(echo "${{ github.ref }}" | cut -dv -f2)
echo "version=${version}" >> $GITHUB_ENV
- name: Download upload_url artifact
uses: actions/download-artifact@v4
with:
name: upload_url.txt
path: /home/runner/work/patchman/patchman
- name: Get upload_url
run: |
export upload_url=$(<upload_url.txt)
rm upload_url.txt
echo "upload_url=${upload_url}" >> $GITHUB_ENV
- name: Build deb packages
env:
EMAIL: furlongm@gmail.com
COMMIT_MSG: |
auto-commit
skip-checks: true
run: |
export version=$(echo "${{ github.ref }}" | cut -dv -f2)
echo "${version}" > VERSION.txt
git add VERSION.txt
git diff --quiet && git diff --staged --quiet || git commit -m "${COMMIT_MSG}"
gbp dch --new-version=${version}-1 --release --distribution=stable --spawn-editor=never --commit --commit-msg="${COMMIT_MSG}"
git tag --delete v${version}
git tag v${version}
gbp buildpackage --git-upstream-tree=${{ github.ref }} -uc -us
- name: Upload python3-patchman deb
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload deb assets
uses: softprops/action-gh-release@v2
with:
upload_url: ${{ env.upload_url }}
asset_name: ${{ format('python3-patchman_{0}-1_all.deb', env.version) }}
asset_path: ../${{ format('python3-patchman_{0}-1_all.deb', env.version) }}
asset_content_type: application/vnd.debian.binary-package
- name: Upload patchman-client deb
uses: actions/upload-release-asset@v1
tag_name: ${{ github.ref_name }}
files: |
../python3-patchman_${{ env.version }}-1_all.deb
../patchman-client_${{ env.version }}-1_all.deb
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ env.upload_url }}
asset_name: ${{ format('patchman-client_{0}-1_all.deb', env.version) }}
asset_path: ../${{ format('patchman-client_{0}-1_all.deb', env.version) }}
asset_content_type: application/vnd.debian.binary-package
build-and-upload-rpm-assets:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
needs: update-version-and-changelog
needs: [create-release, update-version-and-changelog]
runs-on: ubuntu-latest
container:
image: quay.io/centos/centos:stream9
steps:
- name: Install build dependencies
run: |
dnf -y install epel-release
dnf -y install rpm-build python3 python3-setuptools git
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: main
- name: git fetch --all
run: |
git config --global --add safe.directory /__w/patchman/patchman
git fetch --all
- name: Get version
run: |
export version=$(echo "${{ github.ref }}" | cut -dv -f2)
echo "version=${version}" >> $GITHUB_ENV
- name: Download upload_url artifact
uses: actions/download-artifact@v4
with:
name: upload_url.txt
path: /home/runner/work/patchman/patchman
- name: Get upload_url
run: |
export upload_url=$(<upload_url.txt)
rm upload_url.txt
echo "upload_url=${upload_url}" >> $GITHUB_ENV
- name: Build rpm packages
run: |
python3 setup.py bdist_rpm --python=/usr/bin/python3
rpmbuild -bb patchman-client.spec
- name: Upload patchman rpm
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload rpm assets
uses: softprops/action-gh-release@v2
with:
upload_url: ${{ env.upload_url }}
asset_name: ${{ format('patchman-{0}-1.noarch.rpm', env.version) }}
asset_path: ${{ format('dist/patchman-{0}-1.noarch.rpm', env.version) }}
asset_content_type: application/x-rpm
- name: Upload patchman-client rpm
uses: actions/upload-release-asset@v1
tag_name: ${{ github.ref_name }}
files: |
dist/patchman-${{ env.version }}-1.noarch.rpm
dist/noarch/patchman-client-${{ env.version }}-1.noarch.rpm
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ env.upload_url }}
asset_name: ${{ format('patchman-client-{0}-1.noarch.rpm', env.version) }}
asset_path: ${{ format('dist/noarch/patchman-client-{0}-1.noarch.rpm', env.version) }}
asset_content_type: application/x-rpm
upload-package-to-pypi:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
needs: update-version-and-changelog
runs-on: ubuntu-latest
steps:
Expand Down