---
name: Stable release
on:
workflow_dispatch:
schedule:
- cron: "12 * * * *"
permissions:
contents: write
jobs:
tags:
runs-on: ubuntu-latest
steps:
- id: app-token
uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf with:
app-id: "${{ secrets.GH_APP_ID }}"
private-key: "${{ secrets.GH_APP_PRIVATE_KEY }}"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with:
fetch-depth: 0
token: "${{ steps.app-token.outputs.token }}"
- id: tags
name: Get list of missing tags
run: |
tags="$(gh --repo goauthentik/authentik release list --exclude-drafts --json tagName --jq '.[].tagName' |
tac |
while read -r tag; do
if ! git show "$tag" >/dev/null 2>/dev/null; then
echo "$tag"
fi
done | jq -R -s -c 'split("\n") | map(select(length > 0))')"
should_run="$([ "$(echo "$tags" | jq '.|length')" -eq 0 ] && echo false || echo true)"
echo "tags=$tags" >> "$GITHUB_OUTPUT"
echo "should_run=$should_run" >> "$GITHUB_OUTPUT"
env:
GH_TOKEN: "${{ steps.app-token.outputs.token }}"
outputs:
tags: "${{ steps.tags.outputs.tags }}"
should_run: "${{ steps.tags.outputs.should_run }}"
release:
runs-on: ubuntu-latest
needs:
- tags
if: "${{ needs.tags.outputs.should_run == 'true' }}"
strategy:
fail-fast: false
max-parallel: 1
matrix:
tag: "${{ fromJson(needs.tags.outputs.tags) }}"
steps:
- id: app-token
uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf with:
app-id: "${{ secrets.GH_APP_ID }}"
private-key: "${{ secrets.GH_APP_PRIVATE_KEY }}"
- id: get-user-id
name: Get GitHub app user ID
run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
env:
GH_TOKEN: "${{ steps.app-token.outputs.token }}"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with:
fetch-depth: 0
token: "${{ steps.app-token.outputs.token }}"
path: client-rust
- name: Setup rust
uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c - name: Fetch schema
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with:
repository: goauthentik/authentik
token: "${{ steps.app-token.outputs.token }}"
ref: "${{ matrix.tag }}"
path: authentik
sparse-checkout: |
schema.yml
sparse-checkout-cone-mode: false
- name: Publish
working-directory: client-rust
run: |
tag="${{ matrix.tag }}"
version="$(echo -n "$tag" | sed 's/version\///')"
branch="$(echo -n "$tag" | sed 's/\//-/' | grep -oE "^version-[0-9]{4}\.[0-9]{1,2}")"
if ! git ls-remote --heads origin "$branch" | grep -q "$branch"; then
git checkout -b "$branch"
else
git checkout "$branch"
fi
make version="$version"
git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com'
git add .
git commit -m "Version $version" || exit 0
git tag "$tag"
git push origin "$branch"
git push --tags
cargo publish
gh release create "$tag" --latest --title "$version"
env:
GH_TOKEN: "${{ steps.app-token.outputs.token }}"
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
RUSTFLAGS: -Awarnings