From df3e8d66ac0a5aafca5c2ac0571817cb6c8dd0c2 Mon Sep 17 00:00:00 2001
From: Katherine Chen <cykatherinee@gmail.com>
Date: Tue, 12 Mar 2024 09:50:23 +1100
Subject: [PATCH] UID2-2330 Create
 .github/workflows/shared-publish-to-pypi-versioned.yaml (#81)

* Create .github/workflows/shared-publish-to-pypi-versioned.yaml

* Make changes for testing simple version

* Update changelog

* Revert testing changes
---
 .../shared-publish-to-pypi-versioned.yaml     | 107 ++++++++++++++++++
 1 file changed, 107 insertions(+)
 create mode 100644 .github/workflows/shared-publish-to-pypi-versioned.yaml

diff --git a/.github/workflows/shared-publish-to-pypi-versioned.yaml b/.github/workflows/shared-publish-to-pypi-versioned.yaml
new file mode 100644
index 00000000..d0fb2655
--- /dev/null
+++ b/.github/workflows/shared-publish-to-pypi-versioned.yaml
@@ -0,0 +1,107 @@
+name: Shared Pipeline to build and publish Python packages to Pypi
+on:
+  workflow_call:
+    inputs:
+      release_type:
+        description: The type of version number to return. Must be one of [Patch, Minor or Major]
+        required: true
+        type: string
+      vulnerability_failure_severity:
+        description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. Must be one of ['CRITICAL', 'CRITICAL,HIGH' or 'CRITICAL,HIGH,MEDIUM'] (without space in between).
+        type: string
+        default: 'CRITICAL,HIGH'
+      working_dir:
+        description: The path to the directory for which the version should be determined.
+        type: string
+        default: '.'
+
+env:
+  REPO: ${{ github.event.repository.name }}
+
+jobs:
+  release:
+    name: Create Release
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: write
+      security-events: write
+      packages: write
+    steps:
+      - name: Show Context
+        run: |
+          printenv
+          echo "$GITHUB_CONTEXT"
+        shell: bash
+        env: 
+            GITHUB_CONTEXT: ${{ toJson(github) }}
+
+      - name: Check branch and release type
+        id: checkRelease
+        uses: IABTechLab/uid2-shared-actions/actions/check_branch_and_release_type@v2
+        with:
+          release_type: ${{ inputs.release_type }}
+    
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Vulnerability Scan
+        uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v2
+        with:
+          scan_severity: HIGH,CRITICAL
+          failure_severity: ${{ inputs.vulnerability_failure_severity }}
+
+      - name: Set version number
+        id: version
+        uses: IABTechLab/uid2-shared-actions/actions/version_number@v2
+        with:
+          type: ${{ inputs.release_type }}
+          branch_name: ${{ github.ref }}
+          working_dir: ${{ inputs.working_dir }}
+          short_name: Yes
+
+      - name: Update pyproject.toml
+        run: |
+          OLD_VERSION=`cat ${{ inputs.working_dir }}/pyproject.toml | grep ^version | cut -d '"' -f 2`
+          OLD_VERSION="\"$OLD_VERSION\""
+          NEW_VERSION="\"${{ steps.version.outputs.new_version }}\""
+          sed -i "s+version = $OLD_VERSION+version = $NEW_VERSION+g" ${{ inputs.working_dir }}/pyproject.toml
+
+      - name: Build
+        run: |
+          python3 -m pip install --upgrade build
+          python3 -m build
+
+      - name: Publish
+        run: |
+          python3 -m pip install --upgrade twine
+          python3 -m twine upload dist/* -u __token__ -p "${{ secrets.PYPI_API_KEY }}"
+
+      - name: Commit pyproject.toml, version.json and set tag
+        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v2
+        with:
+          add: '${{ inputs.working_dir }}/pyproject.toml ${{ inputs.working_dir }}/version.json'
+          message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}'
+          tag: v${{ steps.version.outputs.new_version }}          
+
+      - name: Build Changelog
+        id: github_release
+        uses: mikepenz/release-changelog-builder-action@v4
+        with:
+          toTag: v${{ steps.version.outputs.new_version }}
+          configurationJson: |
+            {
+                "template": "#{{CHANGELOG}}\n## Pypi\n```\n<dependency>\n    <groupId>com.uid2</groupId>\n    <artifactId>${{ env.REPO }}</artifactId>\n    <version>${{ steps.version.outputs.new_version }}</version>\n</dependency>\n```\n\n## Pypi Files\n- [uid2_client-${{ steps.version.outputs.new_version }}.tar.gz](https://pypi.org/project/uid2-client/)\n\n## Changelog\n#{{UNCATEGORIZED}}",
+                "pr_template": " - #{{TITLE}} - ( PR: ##{{NUMBER}} )"
+            }
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v1
+        with:
+          name: v${{ steps.version.outputs.new_version }}
+          body: ${{ steps.github_release.outputs.changelog }}
+          draft: true