Deploy #34

Workflow file for this run

.github/workflows/deploy.yaml at 1c9859e

	---
	name: Deploy

	on:
	workflow_dispatch:
	inputs:
	command: # be careful when editing these, fusionauth-app expects certain commands
	type: choice
	options:
	- build # build only
	- publish # build & publish to pypi
	- release # build & release to svn
	default: build

	permissions:
	contents: read
	id-token: write

	jobs:
	deploy:
	runs-on: ubuntu-latest
	defaults:
	run:
	shell: /usr/bin/bash -l -e -o pipefail {0}
	steps:
	- name: checkout
	uses: actions/checkout@v4

	- name: setup python
	uses: actions/setup-python@v5
	with:
	python-version: 3.12.6

	- name: setup java
	uses: actions/setup-java@v4
	with:
	distribution: temurin
	java-version: 21
	java-package: jre

	- name: install savant
	run: \|
	curl -O https://repository.savantbuild.org/org/savantbuild/savant-core/2.0.0/savant-2.0.0.tar.gz
	tar xzvf savant-2.0.0.tar.gz
	savant-2.0.0/bin/sb --version
	SAVANT_PATH=$(realpath -s "./savant-2.0.0/bin")
	echo "${SAVANT_PATH}" >> $GITHUB_PATH
	mkdir -p ~/.savant/plugins
	cat << EOF > ~/.savant/plugins/org.savantbuild.plugin.java.properties
	21=${JAVA_HOME}
	EOF

	### Everything below this line will only run on a workflow_dispatch publish or release

	- name: set aws credentials
	if: inputs.command == 'release' \|\| inputs.command == 'publish'
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: arn:aws:iam::752443094709:role/gha-fusionauth-python-client
	role-session-name: aws-auth-action
	aws-region: us-west-2

	- name: get secret
	if: inputs.command == 'release' \|\| inputs.command == 'publish'
	run: \|
	while IFS=$'\t' read -r key value; do
	echo "::add-mask::${value}"
	echo "${key}=${value}" >> $GITHUB_ENV
	done < <(aws secretsmanager get-secret-value \
	--region us-west-2 \
	--secret-id platform/pypi \
	--query SecretString \
	--output text \| \
	jq -r 'to_entries[] \| [.key, .value] \| @tsv')

	- name: set pypi credentials
	if: inputs.command == 'publish'
	run: \|
	cat << EOF > ~/.pypirc
	[distutils]
	index-servers =
	pypi
	fusionauth-client
	[pypi]
	username = __token__
	password = ${{ env.API_KEY }}
	[fusionauth-client]
	repository = https://upload.pypi.org/legacy/
	username = __token__
	password = ${{ env.API_KEY }}
	EOF

	- name: release to svn
	if: inputs.command == 'release'
	run: sb release

	- name: publish to pypi
	if: inputs.command == 'publish'
	run: sb publish

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deploy #34

Workflow file

Deploy #34

Uh oh!

Workflow file for this run