diff --git a/.github/monthly-release b/.github/monthly-release new file mode 100755 index 0000000000..b7e90cca3c --- /dev/null +++ b/.github/monthly-release @@ -0,0 +1,40 @@ +#!/usr/bin/env python3 + +import argparse +import security_md +import subprocess +import re +import sys + +_TAG_RE = re.compile(r"^(\d+)\.(\d+)\.(\d+)$") + +def _main(): + parser = argparse.ArgumentParser("Create new tags on every stabilisation branches") + parser.add_argument("--dry-run", action="store_true", help="Do not create tags") + args = parser.parse_args() + + with open("SECURITY.md", encoding='utf-8') as security_file: + security = security_md.Security(security_file.read()) + + for branch in security.branches(): + subprocess.run(["git", "checkout", branch], check=True) + + last_tag = subprocess.run(['git', 'describe', '--tags', '--abbrev=0'], stdout=subprocess.PIPE, encoding='utf-8').stdout.strip() + last_tag_match = _TAG_RE.match(last_tag) + if last_tag_match is None: + print(f"Cannot parse tag {last_tag}") + sys.exit(1) + + major, minor, patch = map(int, last_tag_match.groups()) + new_tag = f"{major}.{minor}.{int(patch) + 1}" + + if args.dry_run: + print(f"On franch {branch} creating tag {new_tag}") + else: + print(f"Creating tag {branch}") + subprocess.run(["git", "tag", new_tag]) + subprocess.run(["git", "push", "origin", new_tag]) + + +if __name__ == "__main__": + _main() diff --git a/.github/workflows/monthly-release.yaml b/.github/workflows/monthly-release.yaml new file mode 100644 index 0000000000..dbd21d57b7 --- /dev/null +++ b/.github/workflows/monthly-release.yaml @@ -0,0 +1,21 @@ +name: Monthly release + +on: + schedule: + # The 10th at every month + - cron: '0 0 10 * *' + +jobs: + audit: + name: Monthly release + runs-on: ubuntu-24.04 + timeout-minutes: 5 + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - uses: actions/setup-python@v2 + - run: pip install --requirement=ci/requirements.txt + + - run: .github/monthly-release diff --git a/ci/requirements.txt b/ci/requirements.txt index c943f5a1cb..acdde95fa0 100644 --- a/ci/requirements.txt +++ b/ci/requirements.txt @@ -1,2 +1,3 @@ c2cciutils[checks,publish]==1.6.22 +security.md==0.2.3 pre-commit==3.8.0