Skip to content

Commit

Permalink
Merge pull request #17 from github/release-updates
Browse files Browse the repository at this point in the history
Release Updates
  • Loading branch information
GrantBirki authored Aug 29, 2023
2 parents dc5910c + 9620550 commit 7129561
Show file tree
Hide file tree
Showing 27 changed files with 168 additions and 117 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/acceptance.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
has_change: ${{ steps.diff.outputs.has_change}}

steps:
- uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
- uses: actions/checkout@v3

- id: fetch-base
if: github.event_name == 'pull_request'
Expand Down Expand Up @@ -65,9 +65,9 @@ jobs:
run: |
echo "✅ Bypassing acceptance tests - they are not required for this change"
- name: Check out code
- name: checkout
if: ${{ needs.changes.outputs.has_change == 'true' }}
uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
uses: actions/checkout@v3

# Use Docker layer caching for 'docker build' and 'docker-compose build' commands.
# https://github.com/satackey/action-docker-layer-caching/releases/tag/v0.0.11
Expand Down
41 changes: 41 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: build

on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_call:

permissions:
contents: read

jobs:
build:
name: build
runs-on: ubuntu-latest

steps:
- name: checkout
uses: actions/checkout@v3

- uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # [email protected]
with:
bundler-cache: true

- name: bootstrap
run: script/bootstrap

- name: build
run: |
GEM_NAME=$(ls | grep gemspec | cut -d. -f1)
echo "Attempting to build gem $GEM_NAME..."
gem build $GEM_NAME
if [ $? -eq 0 ]; then
echo "Gem built successfully!"
else
echo "Gem build failed!"
exit 1
fi
4 changes: 2 additions & 2 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: "CodeQL"
name: CodeQL

on:
push:
Expand All @@ -25,7 +25,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
uses: actions/checkout@v3

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
Expand Down
58 changes: 45 additions & 13 deletions .github/workflows/gem.yml
Original file line number Diff line number Diff line change
@@ -1,29 +1,61 @@
name: Publish and Release Gem
name: release

on:
push:
branches: [ $default-branch ]
paths: [ "VERSION" ]
workflow_dispatch:
push:
branches:
- main
paths:
- lib/version.rb

permissions:
contents: write
packages: write

jobs:
release:
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
- name: checkout
uses: actions/checkout@v3

- name: Setup Ruby
uses: ruby/setup-ruby@8a45918450651f5e4784b6031db26f4b9f76b251
- uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # [email protected]
with:
bundler-cache: true

- name: Run Tests
- name: bootstrap
run: script/bootstrap

- name: lint
run: bundle exec rubocop -c .rubocop.yml lib/ spec/

- name: test
run: script/test

- name: Build Gem
- name: set GEM_NAME from gemspec
run: echo "GEM_NAME=$(ls | grep gemspec | cut -d. -f1)" >> $GITHUB_ENV

# builds the gem and saves the version to GITHUB_ENV
- name: build
run: echo "GEM_VERSION=$(gem build ${{ env.GEM_NAME }}.gemspec 2>&1 | grep Version | cut -d':' -f 2 | tr -d " \t\n\r")" >> $GITHUB_ENV

- name: publish to GitHub packages
run: |
echo "GEM_VERSION=$(gem build entitlements-gitrepo-auditor-plugin.gemspec 2>&1 | grep Version | cut -d':' -f 2 | tr -d " \t\n\r")" >> $GITHUB_ENV
- name: Publish to GitHub Packages
export OWNER=$( echo ${{ github.repository }} | cut -d "/" -f 1 )
GEM_HOST_API_KEY=${{ secrets.GITHUB_TOKEN }} gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} ${{ env.GEM_NAME }}-${{ env.GEM_VERSION }}.gem
- name: release
uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # [email protected]
with:
artifacts: "${{ env.GEM_NAME }}-${{ env.GEM_VERSION }}.gem"
tag: "v${{ env.GEM_VERSION }}"
generateReleaseNotes: true

- name: Publish to RubyGems
run: |
GEM_HOST_API_KEY=${{ secrets.GITHUB_TOKEN }} gem push --KEY github --host https://rubygems.pkg.github.com/github entitlements-gitrepo-auditor-plugin-${{ env.GEM_VERSION }}.gem
mkdir -p ~/.gem
echo -e "---\n:rubygems_api_key: ${{ secrets.RUBYGEMS_API_KEY }}" > ~/.gem/credentials
chmod 0600 ~/.gem/credentials
gem push ${{ env.GEM_NAME }}-${{ env.GEM_VERSION }}.gem
rm ~/.gem/credentials
7 changes: 3 additions & 4 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,11 @@ jobs:
contents: read

steps:
- name: Check out code
uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
- name: checkout
uses: actions/checkout@v3

- uses: ruby/setup-ruby@8029ebd6e5bd8f4e0d6f7623ea76a01ec5b1010d # pin@v1.110.0
- uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # pin@v1.152.0
with:
ruby-version: 3.1.2
bundler-cache: true

- name: rubocop
Expand Down
7 changes: 3 additions & 4 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,11 @@ jobs:
contents: read

steps:
- name: Check out code
uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
- name: checkout
uses: actions/checkout@v3

- uses: ruby/setup-ruby@8029ebd6e5bd8f4e0d6f7623ea76a01ec5b1010d # pin@v1.110.0
- uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # pin@v1.152.0
with:
ruby-version: 3.1.2
bundler-cache: true

- name: rspec tests
Expand Down
3 changes: 2 additions & 1 deletion .rubocop.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,9 @@ inherit_gem:
- config/default.yml

AllCops:
SuggestExtensions: false
DisplayCopNames: true
TargetRubyVersion: 2.7.5
TargetRubyVersion: 3.1
Exclude:
- 'bin/*'
- 'spec/acceptance/fixtures/**/*'
Expand Down
10 changes: 5 additions & 5 deletions Gemfile.lock
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
PATH
remote: .
specs:
entitlements-gitrepo-auditor-plugin (0.2.3)
entitlements-gitrepo-auditor-plugin (0.3.0)
contracts (= 0.17)
entitlements (= 0.2.0)

GEM
remote: https://rubygems.org/
specs:
activesupport (7.0.6)
activesupport (7.0.7.2)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
addressable (2.8.4)
addressable (2.8.5)
public_suffix (>= 2.0.2, < 6.0)
ast (2.4.2)
concurrent-ruby (1.1.9)
Expand All @@ -36,7 +36,7 @@ GEM
i18n (1.14.1)
concurrent-ruby (~> 1.0)
json (2.6.3)
minitest (5.18.1)
minitest (5.19.0)
net-ldap (0.18.0)
octokit (4.25.1)
faraday (>= 1, < 3)
Expand All @@ -52,7 +52,7 @@ GEM
rainbow (3.1.1)
rake (13.0.6)
regexp_parser (2.8.1)
rexml (3.2.5)
rexml (3.2.6)
rspec (3.8.0)
rspec-core (~> 3.8.0)
rspec-expectations (~> 3.8.0)
Expand Down
12 changes: 11 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# entitlements-gitrepo-auditor-plugin

[![acceptance](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/acceptance.yml/badge.svg)](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/acceptance.yml) [![test](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/test.yml/badge.svg)](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/test.yml) [![lint](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/lint.yml/badge.svg)](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/lint.yml) [![coverage](https://img.shields.io/badge/coverage-100%25-success)](https://img.shields.io/badge/coverage-100%25-success) [![style](https://img.shields.io/badge/code%20style-rubocop--github-blue)](https://github.com/github/rubocop-github)
[![acceptance](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/acceptance.yml/badge.svg)](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/acceptance.yml) [![test](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/test.yml/badge.svg)](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/test.yml) [![lint](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/lint.yml/badge.svg)](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/lint.yml) [![build](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/build.yml/badge.svg)](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/build.yml) [![release](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/gem.yml/badge.svg)](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/gem.yml) [![codeql](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/github/entitlements-gitrepo-auditor-plugin/actions/workflows/codeql-analysis.yml) [![coverage](https://img.shields.io/badge/coverage-100%25-success)](https://img.shields.io/badge/coverage-100%25-success) [![style](https://img.shields.io/badge/code%20style-rubocop--github-blue)](https://github.com/github/rubocop-github)

`entitlements-gitrepo-auditor-plugin` is an [entitlements-app](https://github.com/github/entitlements-app) plugin allowing further auditing capabilities in entitlements by writing each deploy log to a separate GitHub repo.

Expand Down Expand Up @@ -71,3 +71,13 @@ auditors:
```
At the end of each `entitlements-app` run, the `entitlements-gitrepo-auditor-plugin` will write a commit to the repo defined above with the details of the deployment.
## Release 🚀
To release a new version of this Gem, do the following:
1. Update the version number in the [`lib/version.rb`](lib/version.rb) file
2. Run `bundle install` to update the `Gemfile.lock` file with the new version
3. Commit your changes, push them to GitHub, and open a PR
Once your PR is approved and the changes are merged, a new release will be created automatically by the [`release.yml`](.github/workflows/gem.yml) workflow. The latest version of the Gem will be published to the GitHub Package Registry and RubyGems.
1 change: 0 additions & 1 deletion VERSION

This file was deleted.

8 changes: 5 additions & 3 deletions entitlements-gitrepo-auditor-plugin.gemspec
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
# frozen_string_literal: true

require_relative "lib/version"

Gem::Specification.new do |s|
s.name = "entitlements-gitrepo-auditor-plugin"
s.version = File.read("VERSION").chomp
s.version = Entitlements::Version::VERSION
s.summary = "Entitlements GitRepo Auditor"
s.description = ""
s.description = "Entitlements plugin for a robust audit log"
s.authors = ["GitHub, Inc. Security Ops"]
s.email = "[email protected]"
s.license = "MIT"
s.files = Dir.glob("lib/**/*") + %w[VERSION]
s.files = Dir.glob("lib/**/*")
s.homepage = "https://github.com/github/entitlements-gitrepo-auditor-plugin"
s.executables = %w[]

Expand Down
10 changes: 5 additions & 5 deletions lib/entitlements/auditor/gitrepo.rb
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ def setup
@repo = Entitlements::Util::GitRepo.new(
repo: config["repo"],
sshkey: Base64.decode64(config["sshkey"]),
logger: logger
logger:
)
@repo.github = config["github_override"] if config["github_override"]
@repo.send(operation, checkout_directory)
Expand Down Expand Up @@ -59,10 +59,10 @@ def commit(actions:, successful_actions:, provider_exception:)
%w[update_files delete_files].each do |m|
send(
m.to_sym,
action_hash: action_hash,
successful_actions: successful_actions,
sync_changes: sync_changes,
valid_changes: valid_changes
action_hash:,
successful_actions:,
sync_changes:,
valid_changes:
)
end

Expand Down
7 changes: 7 additions & 0 deletions lib/version.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# frozen_string_literal: true

module Entitlements
module Version
VERSION = "0.3.0"
end
end
40 changes: 0 additions & 40 deletions script/release

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ RUN gem install bundler
# Bootstrap files and caching for speed
COPY "vendor/cache/" "/data/entitlements/vendor/cache/"
COPY "script/" "/data/entitlements/script/"
COPY [".rubocop.yml", ".ruby-version", "entitlements-gitrepo-auditor-plugin.gemspec", "Gemfile", "Gemfile.lock", "VERSION", "/data/entitlements/"]
COPY [".rubocop.yml", ".ruby-version", "entitlements-gitrepo-auditor-plugin.gemspec", "Gemfile", "Gemfile.lock", "/data/entitlements/"]
COPY "lib/version.rb" "/data/entitlements/lib/version.rb"
RUN ./script/bootstrap

# Source Files
Expand Down
2 changes: 1 addition & 1 deletion spec/acceptance/tests/spec_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ def run(fixture_dir, args = [])
command_parts = [binary, "--config-file", configfile] + args
command = command_parts.map { |i| Shellwords.escape(i) }.join(" ")
stdout, stderr, exitstatus = Open3.capture3(command)
OpenStruct.new({ stdout: stdout, stderr: stderr, exitstatus: exitstatus.exitstatus, success?: exitstatus.exitstatus == 0 })
OpenStruct.new({ stdout:, stderr:, exitstatus: exitstatus.exitstatus, success?: exitstatus.exitstatus == 0 })
end

def log(priority, pattern)
Expand Down
Loading

0 comments on commit 7129561

Please sign in to comment.