v0.9.4-rc.4 #139
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and publish to Docker Hub | |
| on: | |
| release: | |
| # job will automatically run after a new "release" is create on github. | |
| types: [published] | |
| jobs: | |
| # Validate that the release tag and prerelease flag are consistent. | |
| # Pre-releases must have a semver prerelease identifier (rc, beta, alpha, dev) | |
| # and GA releases must not. | |
| validate_release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Validate release tag matches prerelease flag | |
| run: | | |
| TAG="${{ github.event.release.tag_name }}" | |
| IS_PRERELEASE="${{ github.event.release.prerelease }}" | |
| # Strip optional 'v' prefix for checking | |
| VERSION="${TAG#v}" | |
| # Check if the tag contains a prerelease identifier (hyphen after version numbers) | |
| if echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+-.+'; then | |
| TAG_IS_PRERELEASE="true" | |
| else | |
| TAG_IS_PRERELEASE="false" | |
| fi | |
| echo "Tag: $TAG, tag_is_prerelease: $TAG_IS_PRERELEASE, release_is_prerelease: $IS_PRERELEASE" | |
| if [ "$IS_PRERELEASE" = "true" ] && [ "$TAG_IS_PRERELEASE" = "false" ]; then | |
| echo "::error::Release is marked as pre-release but tag '$TAG' has no pre-release identifier (e.g. -rc1, -beta1, -alpha1). Pre-release tags must include a semver pre-release suffix." | |
| exit 1 | |
| fi | |
| if [ "$IS_PRERELEASE" = "false" ] && [ "$TAG_IS_PRERELEASE" = "true" ]; then | |
| echo "::error::Tag '$TAG' has a pre-release identifier but the release is not marked as pre-release. Either mark the release as pre-release or use a GA tag (e.g. 0.8.0)." | |
| exit 1 | |
| fi | |
| echo "Validation passed." | |
| # Build once, run e2e validation, and only then fan out to publish variants | |
| build_and_test: | |
| needs: validate_release | |
| runs-on: ubuntu-latest | |
| env: | |
| github_token: ${{ secrets.TOKEN_GITHUB }} | |
| permissions: | |
| id-token: write | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Docker Compose install | |
| run: | | |
| curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
| chmod +x /usr/local/bin/docker-compose | |
| - name: Echo version tag | |
| run: | | |
| echo "The version tag that will be published to docker hub is: ${{ github.event.release.tag_name }}" | |
| - name: Build client for testing | |
| id: build_client | |
| uses: docker/build-push-action@v6 | |
| with: | |
| file: docker/Dockerfile | |
| push: false | |
| target: client | |
| cache-from: type=registry,ref=permitio/opal-client:latest | |
| cache-to: type=inline | |
| load: true | |
| tags: | | |
| permitio/opal-client:test | |
| - name: Build server for testing | |
| id: build_server | |
| uses: docker/build-push-action@v6 | |
| with: | |
| file: docker/Dockerfile | |
| push: false | |
| target: server | |
| cache-from: type=registry,ref=permitio/opal-server:latest | |
| cache-to: type=inline | |
| load: true | |
| tags: | | |
| permitio/opal-server:test | |
| - name: Create modified docker compose file | |
| run: sed 's/:latest/:test/g' docker/docker-compose-example.yml > docker/docker-compose-test.yml | |
| - name: Bring up stack | |
| run: docker compose -f docker/docker-compose-test.yml up -d | |
| - name: Check if OPA is healthy | |
| run: ./scripts/wait-for.sh -t 60 http://localhost:8181/v1/data/users -- sleep 10 && curl -s "http://localhost:8181/v1/data/users" | jq '.result.bob.location.country == "US"' | |
| - name: Output container logs | |
| run: docker compose -f docker/docker-compose-test.yml logs | |
| - name: Output local docker images | |
| run: docker image ls --digests | grep opal | |
| publish_docker_images: | |
| needs: | |
| - build_and_test | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| pull-requests: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: client | |
| repository: permitio/opal-client | |
| target: client | |
| version_suffix: "" | |
| - name: client-alpine | |
| repository: permitio/opal-client | |
| target: client-alpine | |
| version_suffix: "-alpine" | |
| - name: client-standalone | |
| repository: permitio/opal-client-standalone | |
| target: client-standalone | |
| version_suffix: "" | |
| - name: client-standalone-alpine | |
| repository: permitio/opal-client-standalone | |
| target: client-standalone-alpine | |
| version_suffix: "-alpine" | |
| - name: client-cedar | |
| repository: permitio/opal-client-cedar | |
| target: client-cedar | |
| version_suffix: "" | |
| - name: client-cedar-alpine | |
| repository: permitio/opal-client-cedar | |
| target: client-cedar-alpine | |
| version_suffix: "-alpine" | |
| - name: client-eopa | |
| repository: permitio/opal-client-eopa | |
| target: client-eopa | |
| version_suffix: "" | |
| - name: client-eopa-alpine | |
| repository: permitio/opal-client-eopa | |
| target: client-eopa-alpine | |
| version_suffix: "-alpine" | |
| - name: server | |
| repository: permitio/opal-server | |
| target: server | |
| version_suffix: "" | |
| - name: server-alpine | |
| repository: permitio/opal-server | |
| target: server-alpine | |
| version_suffix: "-alpine" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Prepare tags | |
| id: tags | |
| run: | | |
| version_tag="${{ github.event.release.tag_name }}" | |
| repo="${{ matrix.repository }}" | |
| suffix="${{ matrix.version_suffix }}" | |
| latest_tag="latest${suffix}" | |
| tags="${repo}:${version_tag}${suffix}" | |
| if [ "${{ github.event.release.prerelease }}" != "true" ]; then | |
| tags="${repo}:${latest_tag}"$'\n'"${tags}" | |
| fi | |
| { | |
| echo "tags<<EOF" | |
| echo "${tags}" | |
| echo "EOF" | |
| } >> "$GITHUB_OUTPUT" | |
| echo "cache_ref=${repo}:${latest_tag}" >> "$GITHUB_OUTPUT" | |
| - name: Python setup | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11.8' | |
| - name: Bump version - packaging__.py | |
| run: | | |
| # Install required packages | |
| pip install semver packaging | |
| # Get version tag and remove 'v' prefix | |
| version_tag=${{ github.event.release.tag_name }} | |
| version_tag=${version_tag#v} | |
| # Convert semver to PyPI version using the script | |
| pypi_version=$(python semver2pypi.py $version_tag) | |
| # Update only the __version__ in __packaging__.py | |
| sed -i "s/__version__ = VERSION_STRING/__version__ = \"$pypi_version\"/" packages/__packaging__.py | |
| # Print the result for verification | |
| echo "Original version tag: $version_tag" | |
| echo "PyPI version: $pypi_version" | |
| cat packages/__packaging__.py | |
| - name: Build and push ${{ matrix.name }} | |
| uses: docker/build-push-action@v6 | |
| with: | |
| file: docker/Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| target: ${{ matrix.target }} | |
| cache-from: type=registry,ref=${{ steps.tags.outputs.cache_ref }} | |
| cache-to: type=inline | |
| tags: ${{ steps.tags.outputs.tags }} | |
| publish_python_packages: | |
| needs: | |
| - build_and_test | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Python setup | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11.8' | |
| - name: Bump version - packaging__.py | |
| run: | | |
| # Install required packages | |
| pip install semver packaging | |
| # Get version tag and remove 'v' prefix | |
| version_tag=${{ github.event.release.tag_name }} | |
| version_tag=${version_tag#v} | |
| # Convert semver to PyPI version using the script | |
| pypi_version=$(python semver2pypi.py $version_tag) | |
| # Update only the __version__ in __packaging__.py | |
| sed -i "s/__version__ = VERSION_STRING/__version__ = \"$pypi_version\"/" packages/__packaging__.py | |
| # Print the result for verification | |
| echo "Original version tag: $version_tag" | |
| echo "PyPI version: $pypi_version" | |
| cat packages/__packaging__.py | |
| - name: Build every sub-packages | |
| run: | | |
| pip install build | |
| cd packages/opal-common/ ; rm -rf *.egg-info build/ dist/ | |
| python -m build | |
| cd ../.. | |
| cd packages/opal-client/ ; rm -rf *.egg-info build/ dist/ | |
| python -m build | |
| cd ../.. | |
| cd packages/opal-server/ ; rm -rf *.egg-info build/ dist/ | |
| python -m build | |
| cd ../.. | |
| # Upload package distributions to the release - All assets in one step | |
| - name: Upload assets to release | |
| uses: shogo82148/actions-upload-release-asset@v1.7.5 | |
| with: | |
| upload_url: ${{ github.event.release.upload_url }} | |
| asset_path: | | |
| packages/opal-common/dist/* | |
| packages/opal-client/dist/* | |
| packages/opal-server/dist/* | |
| # Publish package distributions to PyPI | |
| # skip-existing allows re-runs to succeed if some files were already uploaded | |
| # verbose enables detailed error messages from PyPI for debugging upload failures | |
| - name: Publish package distributions to PyPI - Opal-Common | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| password: ${{ secrets.PYPI_TOKEN }} | |
| packages-dir: packages/opal-common/dist/ | |
| skip-existing: true | |
| verbose: true | |
| env: | |
| name: pypi | |
| url: https://pypi.org/p/opal-common/ | |
| - name: Publish package distributions to PyPI - Opal-Client | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| password: ${{ secrets.PYPI_TOKEN }} | |
| packages-dir: packages/opal-client/dist/ | |
| skip-existing: true | |
| verbose: true | |
| env: | |
| name: pypi | |
| url: https://pypi.org/p/opal-client/ | |
| - name: Publish package distributions to PyPI - Opal-Server | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| password: ${{ secrets.PYPI_TOKEN }} | |
| packages-dir: packages/opal-server/dist/ | |
| skip-existing: true | |
| verbose: true | |
| env: | |
| name: pypi | |
| url: https://pypi.org/p/opal-server/ |