ensure decode_password
function properly handles plaintext but vali…
#3116
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Fides | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- "*" | |
jobs: | |
upload_to_pypi: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # This is required to properly tag packages | |
- name: Setup Python 3.9 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
- name: Use Node.js 20 | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- name: Install node modules | |
run: | | |
cd clients | |
npm install | |
- name: Build and export frontend files | |
run: | | |
cd clients | |
npm run prod-export-admin-ui | |
- name: Install Twine and wheel | |
run: pip install twine wheel | |
# The git reset is required here because the build modifies | |
# egg-info and the wheel becomes a dirty version | |
- name: Build the sdist | |
run: | | |
python setup.py sdist | |
git reset --hard | |
- name: Build the wheel | |
run: python setup.py bdist_wheel | |
- name: Check Prod Tag | |
id: check-prod-tag | |
run: | | |
if [[ ${{ github.event.ref }} =~ ^refs/tags/[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
echo "match=true" >> $GITHUB_OUTPUT | |
else | |
echo "match=false" >> $GITHUB_OUTPUT | |
fi | |
- name: Check RC Tag | |
id: check-rc-tag | |
run: | | |
if [[ ${{ github.event.ref }} =~ ^refs/tags/[0-9]+\.[0-9]+\.[0-9]+rc[0-9]+$ ]]; then | |
echo "match=true" >> $GITHUB_OUTPUT | |
else | |
echo "match=false" >> $GITHUB_OUTPUT | |
fi | |
- name: Check alpha Tag | |
id: check-alpha-tag | |
run: | | |
if [[ ${{ github.event.ref }} =~ ^refs/tags/[0-9]+\.[0-9]+\.[0-9]+a[0-9]+$ ]]; then | |
echo "match=true" >> $GITHUB_OUTPUT | |
else | |
echo "match=false" >> $GITHUB_OUTPUT | |
fi | |
- name: Check beta Tag | |
id: check-beta-tag | |
run: | | |
if [[ ${{ github.event.ref }} =~ ^refs/tags/[0-9]+\.[0-9]+\.[0-9]+b[0-9]+$ ]]; then | |
echo "match=true" >> $GITHUB_OUTPUT | |
else | |
echo "match=false" >> $GITHUB_OUTPUT | |
fi | |
# Prod, 'rc' and 'beta' tags go to PyPI; 'alpha', all other tags and untagged commits go to TestPyPI | |
# 2.10.0 (prod tag, official release commit) --> PyPI | |
# 2.10.0b1 (beta tag, used on main) --> PyPI | |
# 2.10.0.rc0 (rc tag, used on release branches before release is cut) --> PyPI | |
# 2.10.0.a0 (alpha tag, used on feature branches) --> TestPyPI | |
# 2.10.0.dev0 (no match, arbitrary dev tag) --> TestPyPI | |
# no tag, just a vanilla commit/merge pushed to `main` --> TestPyPI | |
# Upload to TestPyPI if it is not a release (prod), rc or beta tag | |
- name: Upload to test pypi | |
if: steps.check-prod-tag.outputs.match == 'false' && steps.check-rc-tag.outputs.match == 'false' && steps.check-beta-tag.outputs.match == 'false' | |
run: twine upload --verbose --repository testpypi dist/* | |
env: | |
TWINE_USERNAME: __token__ | |
TWINE_PASSWORD: ${{ secrets.TEST_PYPI_TOKEN }} | |
# If the tag matches either a release, rc or a beta tag, allow publishing to PyPi: | |
- name: Upload to pypi | |
if: steps.check-prod-tag.outputs.match == 'true' || steps.check-rc-tag.outputs.match == 'true' || steps.check-beta-tag.outputs.match == 'true' | |
run: twine upload --verbose dist/* | |
env: | |
TWINE_USERNAME: __token__ | |
TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }} | |
# Notify Fidesplus about a feature tag to trigger an integrated build on an alpha/beta tag | |
- name: Send Repository Dispatch Event | |
# only run on an alpha or beta tag | |
if: steps.check-alpha-tag.outputs.match == 'true' || steps.check-beta-tag.outputs.match == 'true' | |
uses: peter-evans/repository-dispatch@v2 | |
with: | |
client-payload: '{"tag": "${{ github.ref_name }}"}' | |
event-type: new-fides-feature-tag | |
repository: ethyca/fidesplus | |
token: ${{ secrets.DISPATCH_ACCESS_TOKEN }} |