agentready/.github/workflows/release.yml at main · ambient-code/agentready · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
name: Release

on:
  push:
    branches:
      - main
  workflow_dispatch:

permissions:
  contents: write
  issues: write
  pull-requests: write
  id-token: write  # Required for trusted publishing to PyPI

jobs:
  release:
    name: Create Release
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Setup Node.js
        uses: actions/setup-node@v6
        with:
          node-version: 'lts/*'

      - name: Install semantic-release
        run: |
          npm install -g semantic-release @semantic-release/changelog @semantic-release/git @semantic-release/github @semantic-release/exec

      - name: Get version before release
        id: version_before
        run: echo "version=$(grep '^version = ' pyproject.toml | cut -d'"' -f2)" >> "$GITHUB_OUTPUT"

      - name: Run semantic-release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: npx semantic-release

      - name: Get version after release
        id: version_after
        run: echo "version=$(grep '^version = ' pyproject.toml | cut -d'"' -f2)" >> "$GITHUB_OUTPUT"

      - name: Check if new release
        id: check_release
        run: |
          if [ "${{ steps.version_before.outputs.version }}" != "${{ steps.version_after.outputs.version }}" ]; then
            echo "new_release=true" >> "$GITHUB_OUTPUT"
            echo "version=${{ steps.version_after.outputs.version }}" >> "$GITHUB_OUTPUT"
          else
            echo "new_release=false" >> "$GITHUB_OUTPUT"
          fi

      - name: Set up Python
        if: steps.check_release.outputs.new_release == 'true'
        uses: actions/setup-python@v6
        with:
          python-version: '3.12'

      - name: Install build dependencies
        if: steps.check_release.outputs.new_release == 'true'
        run: |
          python -m pip install --upgrade pip
          pip install build

      - name: Build package
        if: steps.check_release.outputs.new_release == 'true'
        run: |
          python -m build
          echo "📦 Built distribution files:"
          ls -lh dist/

      - name: Publish to Test PyPI
        if: steps.check_release.outputs.new_release == 'true'
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          repository-url: https://test.pypi.org/legacy/
          attestations: false  # Disable to avoid conflict with production PyPI

      - name: Publish to PyPI
        if: steps.check_release.outputs.new_release == 'true'
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          attestations: true  # Enable attestations for production

    outputs:
      new_release: ${{ steps.check_release.outputs.new_release }}
      version: ${{ steps.check_release.outputs.version }}

  build-container:
    name: Build and Push Container
    runs-on: ubuntu-latest
    needs: release
    if: needs.release.outputs.new_release == 'true'
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v6
        with:
          ref: main

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v4

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v4
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata
        id: meta
        uses: docker/metadata-action@v6
        with:
          images: ghcr.io/ambient-code/agentready
          tags: |
            type=semver,pattern={{version}},value=${{ needs.release.outputs.version }}
            type=semver,pattern={{major}}.{{minor}},value=${{ needs.release.outputs.version }}
            type=semver,pattern={{major}},value=${{ needs.release.outputs.version }}
            type=raw,value=latest

      - name: Build and push container
        uses: docker/build-push-action@v7
        with:
          context: .
          file: ./Containerfile.scratch
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          platforms: linux/amd64,linux/arm64

      - name: Container summary
        env:
          VERSION: ${{ needs.release.outputs.version }}
          REPOSITORY: ${{ github.repository }}
        run: |
          {
            echo "## Container Published to GHCR"
            echo ""
            echo "📦 **Version**: $VERSION"
            echo "🐳 **Registry**: ghcr.io/$REPOSITORY"
            echo ""
            echo "### Usage"
            echo "\`\`\`bash"
            echo "# Pull latest"
            echo "podman pull ghcr.io/$REPOSITORY:latest"
            echo ""
            echo "# Pull specific version"
            echo "podman pull ghcr.io/$REPOSITORY:$VERSION"
            echo ""
            echo "# Run assessment"
            echo "podman run --rm -v /path/to/repo:/repo:ro ghcr.io/$REPOSITORY:latest assess /repo --output-dir /tmp/out"
            echo "\`\`\`"
          } >> "$GITHUB_STEP_SUMMARY"