Skip to content

Putting dataset test results behind security flag (#5573) #3021

Putting dataset test results behind security flag (#5573)

Putting dataset test results behind security flag (#5573) #3021

name: Publish Fides
on:
push:
branches:
- main
tags:
- "*"
jobs:
upload_to_pypi:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # This is required to properly tag packages
- name: Setup Python 3.9
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Use Node.js 20
uses: actions/setup-node@v4
with:
node-version: 20
- name: Install node modules
run: |
cd clients
npm install
- name: Build and export frontend files
run: |
cd clients
npm run prod-export-admin-ui
- name: Install Twine and wheel
run: pip install twine wheel
# The git reset is required here because the build modifies
# egg-info and the wheel becomes a dirty version
- name: Build the sdist
run: |
python setup.py sdist
git reset --hard
- name: Build the wheel
run: python setup.py bdist_wheel
- name: Check Prod Tag
id: check-prod-tag
run: |
if [[ ${{ github.event.ref }} =~ ^refs/tags/[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "match=true" >> $GITHUB_OUTPUT
else
echo "match=false" >> $GITHUB_OUTPUT
fi
- name: Check RC Tag
id: check-rc-tag
run: |
if [[ ${{ github.event.ref }} =~ ^refs/tags/[0-9]+\.[0-9]+\.[0-9]+rc[0-9]+$ ]]; then
echo "match=true" >> $GITHUB_OUTPUT
else
echo "match=false" >> $GITHUB_OUTPUT
fi
- name: Check alpha Tag
id: check-alpha-tag
run: |
if [[ ${{ github.event.ref }} =~ ^refs/tags/[0-9]+\.[0-9]+\.[0-9]+a[0-9]+$ ]]; then
echo "match=true" >> $GITHUB_OUTPUT
else
echo "match=false" >> $GITHUB_OUTPUT
fi
- name: Check beta Tag
id: check-beta-tag
run: |
if [[ ${{ github.event.ref }} =~ ^refs/tags/[0-9]+\.[0-9]+\.[0-9]+b[0-9]+$ ]]; then
echo "match=true" >> $GITHUB_OUTPUT
else
echo "match=false" >> $GITHUB_OUTPUT
fi
# Prod, 'rc' and 'beta' tags go to PyPI; 'alpha', all other tags and untagged commits go to TestPyPI
# 2.10.0 (prod tag, official release commit) --> PyPI
# 2.10.0b1 (beta tag, used on main) --> PyPI
# 2.10.0.rc0 (rc tag, used on release branches before release is cut) --> PyPI
# 2.10.0.a0 (alpha tag, used on feature branches) --> TestPyPI
# 2.10.0.dev0 (no match, arbitrary dev tag) --> TestPyPI
# no tag, just a vanilla commit/merge pushed to `main` --> TestPyPI
# Upload to TestPyPI if it is not a release (prod), rc or beta tag
- name: Upload to test pypi
if: steps.check-prod-tag.outputs.match == 'false' && steps.check-rc-tag.outputs.match == 'false' && steps.check-beta-tag.outputs.match == 'false'
run: twine upload --verbose --repository testpypi dist/*
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.TEST_PYPI_TOKEN }}
# If the tag matches either a release, rc or a beta tag, allow publishing to PyPi:
- name: Upload to pypi
if: steps.check-prod-tag.outputs.match == 'true' || steps.check-rc-tag.outputs.match == 'true' || steps.check-beta-tag.outputs.match == 'true'
run: twine upload --verbose dist/*
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
# Notify Fidesplus about a feature tag to trigger an integrated build on an alpha/beta tag
- name: Send Repository Dispatch Event
# only run on an alpha or beta tag
if: steps.check-alpha-tag.outputs.match == 'true' || steps.check-beta-tag.outputs.match == 'true'
uses: peter-evans/repository-dispatch@v2
with:
client-payload: '{"tag": "${{ github.ref_name }}"}'
event-type: new-fides-feature-tag
repository: ethyca/fidesplus
token: ${{ secrets.DISPATCH_ACCESS_TOKEN }}