Added github actions for updating .py files and generating releases #3
Conversation
|
|
||
| NEW_VERSION="${MAJOR}.${MINOR}.${PATCH}" | ||
| echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV | ||
| echo "::set-output name=new_version::$NEW_VERSION" |
There was a problem hiding this comment.
This is deprecated and may break in the near future https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/#examples
| git push | ||
|
|
||
| - name: Create pull request from dev to main | ||
| uses: repo-sync/pull-request@v2 |
There was a problem hiding this comment.
This action is deprecated. I think you should update it to match the action used in Empire and Starkiller https://github.com/BC-SECURITY/Empire/blob/main/.github/workflows/release-private-start.yml#L66
|
|
||
| jobs: | ||
| create_release: | ||
| if: ${{ github.event.pull_request.merged == true }} |
There was a problem hiding this comment.
Something seems off about this unless I am misunderstanding.
I manually run the update_files workflow. That updates files, pushes to dev and opens a PR to main
I merge the PR to main
That triggers the tag_release workflow that creates the release based off the version in the CHANGELOG
When does the release workflow come into play?
I think you could replicate the Empire flow by checking that the PR being merged is a release PR https://github.com/BC-SECURITY/Empire/blob/main/.github/workflows/release-private-tag.yml#L11
There was a problem hiding this comment.
Almost, here is the flow:
- You run "update_files", which creates a branch with the new .py files. It will also open a PR to the dev branch.
- You run "release", which will update the changelog and version number. Then it will open a PR from dev to Main.
- The "tag_release" gets triggered automatically when a PR is closed to main which creates a new release with the notes and files.
| draft: false | ||
| prerelease: false | ||
|
|
||
| - name: Upload Release Asset for NetFramework 4.0 |
There was a problem hiding this comment.
What's the benefit of the zip files here? Since a release automatically contains the source code tar.gz, it seems like duplicate assets
There was a problem hiding this comment.
It is a duplicate, but typically you are only going to need one set of those so it makes it easy to just grab the necessary ones. I can remove it if you think that's dumb.
| gh pr close $EXISTING_PR --delete-branch | ||
| fi | ||
|
|
||
| - name: Create New Branch and Handle Changes |
There was a problem hiding this comment.
I would stick to one way of opening PRs for simplicity. I think using gh cli is actually pretty clean, maybe replace the deprecated action above with this if you prefer it over the one used in Empire
No description provided.