Bump crazy-max/ghaction-virustotal from 3 to 4 (#533) #210
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "v*.*.*" | |
| jobs: | |
| variables: | |
| name: Set enviroment variables | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: "*" | |
| - name: Set variables | |
| run: | | |
| _past_full_release=$(cat .github/configs/latest_release.yml) | |
| _ref_name=${{ github.ref_name }} | |
| echo "past_ref_name=$_past_full_release" >> $GITHUB_ENV | |
| echo "valid_semver=${_ref_name:1}" >> $GITHUB_ENV | |
| echo "past_valid_semver=$(python src/subsearch/data/version.py --get-version)" >> $GITHUB_ENV | |
| echo "local_appdata=${LOCALAPPDATA}" >> $GITHUB_ENV | |
| shell: bash | |
| outputs: | |
| past_valid_semver: "${{ env.past_valid_semver }}" | |
| valid_semver: "${{ env.valid_semver }}" | |
| past_ref_name: "${{ env.past_ref_name }}" | |
| local_appdata: "${{ env.local_appdata }}" | |
| test_tox: | |
| name: Test with tox | |
| runs-on: windows-latest | |
| strategy: | |
| matrix: | |
| python-version: ["3.10.*", "3.11.*"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install tox tox-gh-actions | |
| - name: Test with tox | |
| run: tox | |
| black_isort: | |
| name: Reformat codebase with black & isort | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| git_config_global: true | |
| - name: Install black & isort | |
| run: | | |
| pip install black | |
| pip install isort | |
| isort ./src --profile 'black' | |
| black ./src -l 125 | |
| isort ./tests --profile 'black' | |
| black ./tests -l 125 | |
| - name: Push black & isort changes | |
| run: | | |
| git status | |
| git add -A | |
| git commit -S -m "Reformat codebase with black & isort" | |
| git fetch origin main | |
| git push origin HEAD:main | |
| bump_version: | |
| name: Bump version | |
| needs: [variables, test_tox, black_isort] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: "*" | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| git_config_global: true | |
| - name: Bump version.py | |
| run: python scripts/bump_version.py ${{ needs.variables.outputs.valid_semver }} | |
| - name: Push new version | |
| run: | | |
| git status | |
| git add src/subsearch/data/version.py | |
| git commit -S -m "Bump version ${{ needs.variables.outputs.past_valid_semver }} → ${{ needs.variables.outputs.valid_semver }}" | |
| git fetch origin main | |
| git push origin HEAD:main | |
| build_msi: | |
| name: Build MSI | |
| needs: [variables, bump_version] | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - name: Setup Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: "*" | |
| - name: Install requirements | |
| run: | | |
| git fetch origin main | |
| python -m pip install --upgrade pip | |
| pip install -e .[dev,optional] | |
| - name: Build executable and MSI installer | |
| id: build_msi | |
| run: | | |
| python setup.py bdist_msi -d . | |
| - name: Upload msi artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: Subsearch-${{ needs.variables.outputs.valid_semver }}-win64.msi | |
| path: Subsearch-${{ needs.variables.outputs.valid_semver }}-win64.msi | |
| msi_verification: | |
| name: MSI verification | |
| needs: [variables, bump_version, build_msi] | |
| runs-on: windows-latest | |
| steps: | |
| - name: Download MSI artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: Subsearch-${{ needs.variables.outputs.valid_semver }}-win64.msi | |
| path: . | |
| - name: Install Subsearch-${{ needs.variables.outputs.valid_semver }}-win64.msi & verify install | |
| id: install_msi | |
| run: | | |
| Start-Process -FilePath msiexec.exe -ArgumentList @("/i Subsearch-${{ needs.variables.outputs.valid_semver }}-win64.msi", "/norestart", "/quiet") -Wait | |
| $files = Get-ChildItem -Path "${{ needs.variables.outputs.local_appdata }}\Programs\Subsearch" -Recurse -Include "Subsearch.exe" -ErrorAction SilentlyContinue | |
| $registry = Get-Item -LiteralPath HKCU:\Software\Classes\*\shell\Subsearch -ErrorAction SilentlyContinue | |
| if ($files.Count -eq 1 -and $registry.Count -eq 1) { | |
| Write-Output "MSI package installed successfully" | |
| } else { | |
| Write-Output "MSI package failed to install" | |
| Exit 1 | |
| } | |
| shell: pwsh | |
| - name: Uninstall Subsearch-${{ needs.variables.outputs.valid_semver }}-win64.msi & verify uninstall | |
| id: uninstall_msi | |
| run: | | |
| Start-Process -FilePath msiexec.exe -ArgumentList @("/x Subsearch-${{ needs.variables.outputs.valid_semver }}-win64.msi", "/norestart", "/quiet") -Wait | |
| $files = Get-ChildItem -Path "${{ needs.variables.outputs.local_appdata }}\Programs\Subsearch" -Recurse -Include "Subsearch.exe" -ErrorAction SilentlyContinue | |
| $registry = Get-Item -LiteralPath HKCU:\Software\Classes\*\shell\Subsearch -ErrorAction SilentlyContinue | |
| if ($files.Count -gt 0 -or $registry.Count -gt 0) { | |
| Write-Output "MSI package failed to uninstall" | |
| Exit 1 | |
| } else { | |
| Write-Output "MSI package uninstalled successfully." | |
| } | |
| shell: pwsh | |
| generate_changelog: | |
| name: Generate changelog | |
| needs: [variables, bump_version, msi_verification] | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - name: Download MSI artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: Subsearch-${{ needs.variables.outputs.valid_semver }}-win64.msi | |
| path: . | |
| - name: Build changelog for pre-release | |
| id: changelog_pre_release | |
| uses: mikepenz/release-changelog-builder-action@v4 | |
| if: ${{ contains(github.ref_name, 'rc') || contains(github.ref_name, 'b') || contains(github.ref_name, 'a') }} | |
| with: | |
| configuration: .github/configs/changelog_builder.json | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build changelog for full-release | |
| id: changelog_full_release | |
| uses: mikepenz/release-changelog-builder-action@v4 | |
| if: ${{ !contains(github.ref_name, 'rc') && !contains(github.ref_name, 'b') && !contains(github.ref_name, 'a') }} | |
| with: | |
| fromTag: ${{ needs.variables.outputs.past_ref_name }} | |
| toTag: ${{ github.ref_name }} | |
| configuration: .github/configs/changelog_builder.json | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Update changelog | |
| id: update_changelog | |
| run: | | |
| $pre_releases = @('rc', 'a', 'b') | |
| $is_pre_release = $null -ne ($pre_releases | ? { "${{ github.ref_name }}" -match $_ }) | |
| $sha256_hash = Get-FileHash -Path "Subsearch-${{ needs.variables.outputs.valid_semver }}-win64.msi" -Algorithm SHA256 | Select-Object -ExpandProperty Hash | |
| $subsearch_repo = "https://github.com/vagabondHustler/subsearch" | |
| $virustotal_no_file = "VirusTotal analysis: No file uploaded" | |
| $virustotal_url = "VirusTotal analysis: [Subsearch-${{ needs.variables.outputs.valid_semver }}-win64.msi](https://www.virustotal.com/gui/file/$sha256_hash)" | |
| if ($is_pre_release){$virustotal_analysis = $virustotal_no_file} else {$virustotal_analysis = $virustotal_url} | |
| $comparison_link = "[${{ github.ref_name }}]($subsearch_repo/compare/${{ needs.variables.outputs.past_ref_name }}...${{ github.ref_name }})" | |
| $full_changelog = "Full changelog: $comparison_link" | |
| if ($is_pre_release) { | |
| echo "${{ steps.changelog_pre_release.outputs.changelog }}" > changelog-${{ needs.variables.outputs.valid_semver }}.md | |
| } else { | |
| echo "${{ steps.changelog_full_release.outputs.changelog }}" > changelog-${{ needs.variables.outputs.valid_semver }}.md | |
| } | |
| echo "###### $virustotal_analysis$hash_info<p>$full_changelog" >> changelog-${{ needs.variables.outputs.valid_semver }}.md | |
| - name: Upload changelog artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: changelog-${{ needs.variables.outputs.valid_semver }}.md | |
| path: changelog-${{ needs.variables.outputs.valid_semver }}.md | |
| publish_github: | |
| name: Publish to GitHub | |
| needs: [variables, bump_version, build_msi, msi_verification, generate_changelog] | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| git_config_global: true | |
| - name: Download changelog artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: changelog-${{ needs.variables.outputs.valid_semver }}.md | |
| path: . | |
| - name: Download MSI artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: Subsearch-${{ needs.variables.outputs.valid_semver }}-win64.msi | |
| path: . | |
| - name: Create hashes file | |
| id: hashes | |
| run: | | |
| $filenames = @( | |
| "Subsearch-${{ needs.variables.outputs.valid_semver }}-win64.msi" | |
| ) | |
| $hashAlgorithm = "SHA256" | |
| $targetFilePath = "hashes.sha256" | |
| foreach ($filename in $filenames) { | |
| $filePath = $filename | |
| $hash = Get-FileHash -Path $filePath -Algorithm $hashAlgorithm | Select-Object -ExpandProperty Hash | |
| $line = "$hash *$filename" | |
| $line | Out-File -FilePath $targetFilePath -Append | |
| } | |
| - name: Upload hashes artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: hashes.sha256 | |
| path: hashes.sha256 | |
| - name: Publish release | |
| uses: softprops/action-gh-release@v1 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| name: ${{ needs.variables.outputs.valid_semver }} | |
| body_path: changelog-${{ needs.variables.outputs.valid_semver }}.md | |
| token: ${{ secrets.ACTIONS_TOKEN }} | |
| prerelease: ${{ contains(github.ref_name, 'rc') || contains(github.ref_name, 'b') || contains(github.ref_name, 'a') }} | |
| files: | | |
| hashes.sha256 | |
| Subsearch-${{ needs.variables.outputs.valid_semver }}-win64.msi | |
| publish_pypi: | |
| if: ${{ !contains(github.ref_name, 'b') && !contains(github.ref_name, 'a') }} | |
| name: Publish to PyPi | |
| needs: [bump_version, generate_changelog] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: "*" | |
| - name: Install requirements | |
| run: | | |
| git fetch origin main | |
| python -m pip install --upgrade --disable-pip-version-check pip | |
| python -m pip install --upgrade build twine | |
| - name: Build wheel and source distributions | |
| run: | | |
| python -m build | |
| - name: Upload to PyPI via Twine | |
| env: | |
| TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }} | |
| run: | | |
| twine upload --verbose -u '__token__' dist/* | |
| update_latest_release: | |
| if: ${{ !contains(github.ref_name, 'rc') && !contains(github.ref_name, 'b') && !contains(github.ref_name, 'a') }} | |
| name: Update latest_release.yml | |
| needs: [generate_changelog] | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| git_config_global: true | |
| - name: Write to latest_release | |
| run: | | |
| echo "${{ github.ref_name }}" > .github/configs/latest_release.yml | |
| - name: Push origin HEAD:main | |
| run: | | |
| git status | |
| git add .github/configs/latest_release.yml | |
| git commit -S -m "Chore update latest_release.yml" | |
| git fetch origin main | |
| git push origin HEAD:main |