Skip to content

Commit

Permalink
Merge pull request #24 from github/release-updates
Browse files Browse the repository at this point in the history
Release Updates
  • Loading branch information
GrantBirki authored Aug 29, 2023
2 parents a380771 + 978a05d commit f9b81cf
Show file tree
Hide file tree
Showing 58 changed files with 179 additions and 92 deletions.
9 changes: 5 additions & 4 deletions .github/workflows/acceptance.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
has_change: ${{ steps.diff.outputs.has_change}}

steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3

- id: fetch-base
if: github.event_name == 'pull_request'
Expand Down Expand Up @@ -61,8 +61,9 @@ jobs:
contents: read

steps:
- uses: ruby/setup-ruby@v1
- uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # [email protected]
with:
bundler-cache: true
ruby-version: ${{ matrix.ruby }}

# If source files were not changed, we don't need the acceptance test suite
Expand All @@ -71,9 +72,9 @@ jobs:
run: |
echo "✅ Bypassing acceptance tests - they are not required for this change"
- name: Check out code
- name: checkout
if: ${{ needs.changes.outputs.has_change == 'true' }}
uses: actions/checkout@v2
uses: actions/checkout@v3

# Use Docker layer caching for 'docker build' and 'docker-compose build' commands.
# https://github.com/satackey/action-docker-layer-caching/releases/tag/v0.0.11
Expand Down
41 changes: 41 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: build

on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_call:

permissions:
contents: read

jobs:
build:
name: build
runs-on: ubuntu-latest

steps:
- name: checkout
uses: actions/checkout@v3

- uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # [email protected]
with:
bundler-cache: true

- name: bootstrap
run: script/bootstrap

- name: build
run: |
GEM_NAME=$(ls | grep gemspec | cut -d. -f1)
echo "Attempting to build gem $GEM_NAME..."
gem build $GEM_NAME
if [ $? -eq 0 ]; then
echo "Gem built successfully!"
else
echo "Gem build failed!"
exit 1
fi
6 changes: 3 additions & 3 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: "CodeQL"
name: CodeQL

on:
push:
Expand All @@ -24,8 +24,8 @@ jobs:
language: [ 'ruby' ]

steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: checkout
uses: actions/checkout@v3

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,12 @@ jobs:
contents: read

steps:
- name: Check out code
uses: actions/checkout@v2
- name: checkout
uses: actions/checkout@v3

- uses: ruby/setup-ruby@v1
- uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # [email protected]
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true

- run: bundle exec rubocop -c .rubocop.yml lib/ spec/
61 changes: 61 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: release

on:
workflow_dispatch:
push:
branches:
- main
paths:
- lib/version.rb

permissions:
contents: write
packages: write

jobs:
release:
runs-on: ubuntu-latest

steps:
- name: checkout
uses: actions/checkout@v3

- uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # [email protected]
with:
bundler-cache: true

- name: bootstrap
run: script/bootstrap

- name: lint
run: bundle exec rubocop -c .rubocop.yml lib/ spec/

- name: test
run: script/test

- name: set GEM_NAME from gemspec
run: echo "GEM_NAME=$(ls | grep gemspec | cut -d. -f1)" >> $GITHUB_ENV

# builds the gem and saves the version to GITHUB_ENV
- name: build
run: echo "GEM_VERSION=$(gem build ${{ env.GEM_NAME }}.gemspec 2>&1 | grep Version | cut -d':' -f 2 | tr -d " \t\n\r")" >> $GITHUB_ENV

- name: publish to GitHub packages
run: |
export OWNER=$( echo ${{ github.repository }} | cut -d "/" -f 1 )
GEM_HOST_API_KEY=${{ secrets.GITHUB_TOKEN }} gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} ${{ env.GEM_NAME }}-${{ env.GEM_VERSION }}.gem
- name: release
uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # [email protected]
with:
artifacts: "${{ env.GEM_NAME }}-${{ env.GEM_VERSION }}.gem"
tag: "v${{ env.GEM_VERSION }}"
generateReleaseNotes: true

- name: Publish to RubyGems
run: |
mkdir -p ~/.gem
echo -e "---\n:rubygems_api_key: ${{ secrets.RUBYGEMS_API_KEY }}" > ~/.gem/credentials
chmod 0600 ~/.gem/credentials
gem push ${{ env.GEM_NAME }}-${{ env.GEM_VERSION }}.gem
rm ~/.gem/credentials
7 changes: 4 additions & 3 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,12 @@ jobs:
contents: read

steps:
- name: Check out code
uses: actions/checkout@v2
- name: checkout
uses: actions/checkout@v3

- uses: ruby/setup-ruby@v1
- uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # [email protected]
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true

- run: script/test -d
2 changes: 2 additions & 0 deletions .rubocop.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,12 @@ inherit_gem:
- config/default.yml

AllCops:
SuggestExtensions: false
DisplayCopNames: true
TargetRubyVersion: 3.1.2
Exclude:
- 'bin/*'
- 'vendor/**/*'
- 'spec/acceptance/fixtures/**/*'
- 'spec/unit/fixtures/**/*'
- 'vendor/gems/**/*'
Expand Down
52 changes: 27 additions & 25 deletions Gemfile.lock
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
PATH
remote: .
specs:
entitlements-app (0.2.1)
entitlements-app (0.3.0)
concurrent-ruby (= 1.1.9)
faraday (~> 2.0)
net-ldap (~> 0.17)
Expand All @@ -11,50 +11,52 @@ PATH
GEM
remote: https://rubygems.org/
specs:
activesupport (7.0.3.1)
activesupport (7.0.7.2)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
addressable (2.8.1)
addressable (2.8.5)
public_suffix (>= 2.0.2, < 6.0)
ast (2.4.2)
concurrent-ruby (1.1.9)
crack (0.4.5)
rexml
debug (1.6.2)
irb (>= 1.3.6)
debug (1.8.0)
irb (>= 1.5.0)
reline (>= 0.3.1)
diff-lcs (1.5.0)
docile (1.4.0)
faraday (2.7.4)
faraday (2.7.10)
faraday-net_http (>= 2.0, < 3.1)
ruby2_keywords (>= 0.0.4)
faraday-net_http (3.0.2)
hashdiff (1.0.1)
i18n (1.12.0)
i18n (1.14.1)
concurrent-ruby (~> 1.0)
io-console (0.5.11)
irb (1.4.1)
reline (>= 0.3.0)
json (2.6.2)
minitest (5.16.3)
net-ldap (0.17.1)
io-console (0.6.0)
irb (1.7.4)
reline (>= 0.3.6)
json (2.6.3)
minitest (5.19.0)
net-ldap (0.18.0)
octokit (4.25.1)
faraday (>= 1, < 3)
sawyer (~> 0.9)
optimist (3.0.0)
parallel (1.22.1)
parser (3.1.2.1)
parallel (1.23.0)
parser (3.2.2.3)
ast (~> 2.4.1)
public_suffix (5.0.0)
rack (2.2.4)
racc
public_suffix (5.0.3)
racc (1.7.1)
rack (3.0.8)
rainbow (3.1.1)
rake (13.0.6)
regexp_parser (2.5.0)
reline (0.3.1)
regexp_parser (2.8.1)
reline (0.3.8)
io-console (~> 0.5)
rexml (3.2.5)
rexml (3.2.6)
rspec (3.8.0)
rspec-core (~> 3.8.0)
rspec-expectations (~> 3.8.0)
Expand All @@ -77,8 +79,8 @@ GEM
rubocop-ast (>= 1.17.0, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 3.0)
rubocop-ast (1.21.0)
parser (>= 3.1.1.0)
rubocop-ast (1.29.0)
parser (>= 3.2.1.0)
rubocop-github (0.17.0)
rubocop
rubocop-performance
Expand All @@ -90,7 +92,7 @@ GEM
activesupport (>= 4.2.0)
rack (>= 1.1)
rubocop (>= 1.7.0, < 2.0)
ruby-progressbar (1.11.0)
ruby-progressbar (1.13.0)
ruby2_keywords (0.0.5)
rugged (0.27.5)
sawyer (0.9.2)
Expand All @@ -103,9 +105,9 @@ GEM
simplecov-erb (1.0.1)
simplecov (< 1.0)
simplecov-html (0.10.2)
tzinfo (2.0.5)
tzinfo (2.0.6)
concurrent-ruby (~> 1.0)
unicode-display_width (2.2.0)
unicode-display_width (2.4.2)
vcr (4.0.0)
webmock (3.4.2)
addressable (>= 2.3.6)
Expand Down
22 changes: 16 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
# entitlements-app

[![acceptance](https://github.com/github/entitlements-app/actions/workflows/acceptance.yml/badge.svg)](https://github.com/github/entitlements-app/actions/workflows/acceptance.yml) [![test](https://github.com/github/entitlements-app/actions/workflows/test.yml/badge.svg)](https://github.com/github/entitlements-app/actions/workflows/test.yml) [![lint](https://github.com/github/entitlements-app/actions/workflows/lint.yml/badge.svg)](https://github.com/github/entitlements-app/actions/workflows/lint.yml) [![coverage](https://img.shields.io/badge/coverage-100%25-success)](https://img.shields.io/badge/coverage-100%25-success) [![style](https://img.shields.io/badge/code%20style-rubocop--github-blue)](https://github.com/github/rubocop-github)
[![acceptance](https://github.com/github/entitlements-app/actions/workflows/acceptance.yml/badge.svg)](https://github.com/github/entitlements-app/actions/workflows/acceptance.yml) [![test](https://github.com/github/entitlements-app/actions/workflows/test.yml/badge.svg)](https://github.com/github/entitlements-app/actions/workflows/test.yml) [![lint](https://github.com/github/entitlements-app/actions/workflows/lint.yml/badge.svg)](https://github.com/github/entitlements-app/actions/workflows/lint.yml) [![build](https://github.com/github/entitlements-app/actions/workflows/build.yml/badge.svg)](https://github.com/github/entitlements-app/actions/workflows/build.yml) [![release](https://github.com/github/entitlements-app/actions/workflows/release.yml/badge.svg)](https://github.com/github/entitlements-app/actions/workflows/release.yml) [![codeql](https://github.com/github/entitlements-app/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/github/entitlements-app/actions/workflows/codeql-analysis.yml) [![coverage](https://img.shields.io/badge/coverage-100%25-success)](https://img.shields.io/badge/coverage-100%25-success) [![style](https://img.shields.io/badge/code%20style-rubocop--github-blue)](https://github.com/github/rubocop-github)

`entitlements-app` is a Ruby gem which provides git-managed LDAP group configuration and access provisioning to your declared resources. It powers Entitlements, GitHub's internal Identity and Access Management (IAM) system. Entitlements is a pluggable system designed to alleviate IAM pain points.

## Quick Start

See [getting started](docs/getting-started.md) for quick start, and [entitlements-config](https://github.com/github/entitlements-config) for example configuration.

# Inputs
## Inputs

Entitlements currently supports a single input option of configuration files in the form of `.txt`, `.rb` and `.yaml`.

## Git-managed config
### Git-managed config

Entitlements receives input from configuration files. By using git to back the config files, every file has a complete and visible audit trail.

Expand Down Expand Up @@ -48,15 +48,15 @@ For examples on filters, see [filters](docs/filters.md)

There is an example configuration repo [here](https://github.com/github/entitlements-config)

# Outputs
## Outputs

## LDAP
### LDAP

Out of the box, Entitlements will output your sets to LDAP.

See the [OpenLDAP documentation](https://www.openldap.org/doc/) for more on LDAP.

# Plugins
## Plugins

Entitlements is a pluggable system. Plugins can be built for additional inputs and outputs.

Expand All @@ -69,3 +69,13 @@ Please see [CONTRIBUTING](CONTRIBUTING.md) for details.
## Security

We take security very seriously. Please see [SECURITY](SECURITY.md) for details on how to proceed if you find a security issue.

## Release 🚀

To release a new version of this Gem, do the following:

1. Update the version number in the [`lib/version.rb`](lib/version.rb) file
2. Run `bundle install` to update the `Gemfile.lock` file with the new version
3. Commit your changes, push them to GitHub, and open a PR

Once your PR is approved and the changes are merged, a new release will be created automatically by the [`release.yml`](.github/workflows/release.yml) workflow. The latest version of the Gem will be published to the GitHub Package Registry and RubyGems.
1 change: 0 additions & 1 deletion VERSION

This file was deleted.

8 changes: 5 additions & 3 deletions entitlements-app.gemspec
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
# frozen_string_literal: true

require_relative "lib/version"

Gem::Specification.new do |s|
s.name = ENV['GEM_NAME'] ? ENV['GEM_NAME'] : 'entitlements-app'
s.version = File.read("VERSION").chomp
s.name = ENV["GEM_NAME"] ? ENV["GEM_NAME"] : "entitlements-app"
s.version = Entitlements::Version::VERSION
s.summary = "git-managed LDAP group configurations"
s.description = "The Ruby Gem that Powers Entitlements - GitHub's Identity and Access Management System"
s.authors = ["GitHub, Inc. Security Ops"]
s.email = "[email protected]"
s.license = "MIT"
s.files = Dir.glob("lib/**/*") + %w[bin/deploy-entitlements VERSION]
s.files = Dir.glob("lib/**/*") + %w[bin/deploy-entitlements]
s.homepage = "https://github.com/github/entitlements-app"
s.executables = %w[deploy-entitlements]

Expand Down
7 changes: 7 additions & 0 deletions lib/version.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# frozen_string_literal: true

module Entitlements
module Version
VERSION = "0.3.0"
end
end
Loading

0 comments on commit f9b81cf

Please sign in to comment.