Skip to content
Release

Release #16

Sign in to view logs

Release

Release #16

Workflow file for this run

.github/workflows/release.yml at dc507e3
name: Release
on:
workflow_dispatch:
jobs:
approval:
name: Manual Approval
runs-on: ubuntu-latest
steps:
- name: Generate GitHub App token
id: generate_token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.HAWKY_APP_ID }}
private_key: ${{ secrets.HAWKY_APP_PRIVATE_KEY }}
- name: Wait for manual approval
uses: trstringer/manual-approval@v1
with:
secret: ${{ steps.generate_token.outputs.token }}
issue-title: "Release Approval for ${{ github.ref_name }}"
issue-body: "Please approve the release for ${{ github.ref_name }}."
approvers: engineering
minimum-approvals: 2
mode: issue
fail-on-denial: true
tag:
name: Confirm Tag Exists
runs-on: ubuntu-latest
needs: approval
steps:
- name: Confirm release tag exists
run: |
echo "Release tag is ${{ github.ref }}"
publish-pypi:
name: Publish to PyPI
runs-on: ubuntu-latest
environment: pypi
needs: tag
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install build dependencies
run: |
python -m pip install --upgrade pip
pip install build
- name: Build package
run: |
python -m build
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
# No password needed! Uses OIDC trusted publisher
publish-docker:
name: Publish Docker image
runs-on: ubuntu-latest
needs: tag
steps:
- uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: stackhawk/stackhawk-mcp:latest,stackhawk/stackhawk-mcp:${{ github.ref_name }}
platforms: linux/amd64,linux/arm64