From 52e10e38e07f487d2380b396166e172c9bdb7997 Mon Sep 17 00:00:00 2001 From: Anurag Bandyopadhyay Date: Mon, 4 May 2026 22:46:27 +0530 Subject: [PATCH 1/2] feat: draft releases, version verification, and reusable workflows --- .github/workflows/main.yaml | 43 +++++++++++++------ .../pr-title-conventional-commit.yml | 11 +---- release-please-config.json | 1 + 3 files changed, 32 insertions(+), 23 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 9bb66f9..fc24bad 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -60,11 +60,37 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} slug: openfga/python-sdk - publish: + verify-version: runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/tags/v') needs: [test] + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Verify versions match + run: | + TAG_VERSION="${GITHUB_REF#refs/tags/v}" + MANIFEST_VERSION=$(jq -r '.["."]' .release-please-manifest.json) + PYPROJECT_VERSION=$(grep '^version = ' pyproject.toml | head -1 | sed 's/version = "\(.*\)"/\1/') + + echo "Tag: $TAG_VERSION | Manifest: $MANIFEST_VERSION | pyproject.toml: $PYPROJECT_VERSION" + + if [[ "$TAG_VERSION" != "$MANIFEST_VERSION" ]]; then + echo "ERROR: Tag version does not match manifest version" + exit 1 + fi + if [[ "$PYPROJECT_VERSION" != "$MANIFEST_VERSION" ]]; then + echo "ERROR: pyproject.toml version does not match manifest version" + exit 1 + fi + echo "All versions verified: $TAG_VERSION" + + publish: + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/tags/v') + needs: [verify-version] + permissions: id-token: write # Required for PyPI trusted publishing @@ -91,20 +117,9 @@ jobs: - name: Publish package uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 - create-release: - runs-on: ubuntu-latest + undraft-release: if: startsWith(github.ref, 'refs/tags/v') needs: [publish] permissions: contents: write - - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - - - uses: Roang-zero1/github-create-release-action@57eb9bdce7a964e48788b9e78b5ac766cb684803 # v3.0.1 - with: - version_regex: ^v[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+ - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: openfga/sdk-generator/.github/workflows/undraft-release.yml@main diff --git a/.github/workflows/pr-title-conventional-commit.yml b/.github/workflows/pr-title-conventional-commit.yml index 5926b3c..e5061b0 100644 --- a/.github/workflows/pr-title-conventional-commit.yml +++ b/.github/workflows/pr-title-conventional-commit.yml @@ -7,15 +7,8 @@ on: - main jobs: - validate-pr-title: - name: Validate PR Title - runs-on: ubuntu-latest + pr-title-check: permissions: pull-requests: read - steps: - - name: PR Conventional Commit Validation - uses: ytanikin/pr-conventional-commits@639145d78959c53c43112365837e3abd21ed67c1 # v1.5.2 - with: - task_types: '["feat","fix","docs","test","refactor","ci","perf","chore","revert","release"]' - add_label: 'false' + uses: openfga/sdk-generator/.github/workflows/pr-title-check.yml@main diff --git a/release-please-config.json b/release-please-config.json index 241dc9e..47a22dc 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -2,6 +2,7 @@ "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json", "release-type": "python", "pull-request-title-pattern": "release: v${version}", + "draft": true, "packages": { ".": { "package-name": "", From e249cb853f40e1b900d59d35c04f26d909f14f64 Mon Sep 17 00:00:00 2001 From: SoulPancake Date: Tue, 5 May 2026 18:39:38 +0530 Subject: [PATCH 2/2] fix: address comment --- .github/workflows/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index fc24bad..6e40bba 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -72,7 +72,7 @@ jobs: run: | TAG_VERSION="${GITHUB_REF#refs/tags/v}" MANIFEST_VERSION=$(jq -r '.["."]' .release-please-manifest.json) - PYPROJECT_VERSION=$(grep '^version = ' pyproject.toml | head -1 | sed 's/version = "\(.*\)"/\1/') + PYPROJECT_VERSION=$(python3 -c 'import tomllib; print(tomllib.load(open("pyproject.toml", "rb"))["project"]["version"])') echo "Tag: $TAG_VERSION | Manifest: $MANIFEST_VERSION | pyproject.toml: $PYPROJECT_VERSION"