Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added github actions for updating .py files and generating releases #3

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

Cx01N
Copy link
Member

@Cx01N Cx01N commented May 2, 2024

No description provided.

@Cx01N Cx01N requested a review from vinnybod May 2, 2024 22:54

NEW_VERSION="${MAJOR}.${MINOR}.${PATCH}"
echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV
echo "::set-output name=new_version::$NEW_VERSION"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

git push

- name: Create pull request from dev to main
uses: repo-sync/pull-request@v2
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This action is deprecated. I think you should update it to match the action used in Empire and Starkiller https://github.com/BC-SECURITY/Empire/blob/main/.github/workflows/release-private-start.yml#L66


jobs:
create_release:
if: ${{ github.event.pull_request.merged == true }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Something seems off about this unless I am misunderstanding.

I manually run the update_files workflow. That updates files, pushes to dev and opens a PR to main
I merge the PR to main
That triggers the tag_release workflow that creates the release based off the version in the CHANGELOG

When does the release workflow come into play?

I think you could replicate the Empire flow by checking that the PR being merged is a release PR https://github.com/BC-SECURITY/Empire/blob/main/.github/workflows/release-private-tag.yml#L11

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Almost, here is the flow:

  1. You run "update_files", which creates a branch with the new .py files. It will also open a PR to the dev branch.
  2. You run "release", which will update the changelog and version number. Then it will open a PR from dev to Main.
  3. The "tag_release" gets triggered automatically when a PR is closed to main which creates a new release with the notes and files.

draft: false
prerelease: false

- name: Upload Release Asset for NetFramework 4.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the benefit of the zip files here? Since a release automatically contains the source code tar.gz, it seems like duplicate assets

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is a duplicate, but typically you are only going to need one set of those so it makes it easy to just grab the necessary ones. I can remove it if you think that's dumb.

gh pr close $EXISTING_PR --delete-branch
fi

- name: Create New Branch and Handle Changes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would stick to one way of opening PRs for simplicity. I think using gh cli is actually pretty clean, maybe replace the deprecated action above with this if you prefer it over the one used in Empire

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants