Skip to content

Commit bf97268

Browse files
authored
Merge pull request #18 from github/release-updates
Release Updates
2 parents a8889c6 + 4c149df commit bf97268

29 files changed

+183
-140
lines changed

.github/workflows/acceptance.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ jobs:
1717
has_change: ${{ steps.diff.outputs.has_change}}
1818

1919
steps:
20-
- uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
20+
- uses: actions/checkout@v3
2121

2222
- id: fetch-base
2323
if: github.event_name == 'pull_request'
@@ -66,9 +66,9 @@ jobs:
6666
run: |
6767
echo "✅ Bypassing acceptance tests - they are not required for this change"
6868
69-
- name: Check out code
69+
- name: checkout
7070
if: ${{ needs.changes.outputs.has_change == 'true' }}
71-
uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
71+
uses: actions/checkout@v3
7272

7373
# Use Docker layer caching for 'docker build' and 'docker-compose build' commands.
7474
# https://github.com/satackey/action-docker-layer-caching/releases/tag/v0.0.11

.github/workflows/build.yml

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
name: build
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
pull_request:
8+
branches:
9+
- main
10+
workflow_call:
11+
12+
permissions:
13+
contents: read
14+
15+
jobs:
16+
build:
17+
name: build
18+
runs-on: ubuntu-latest
19+
20+
steps:
21+
- name: checkout
22+
uses: actions/checkout@v3
23+
24+
- uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # pin@v1.152.0
25+
with:
26+
bundler-cache: true
27+
28+
- name: bootstrap
29+
run: script/bootstrap
30+
31+
- name: build
32+
run: |
33+
GEM_NAME=$(ls | grep gemspec | cut -d. -f1)
34+
echo "Attempting to build gem $GEM_NAME..."
35+
gem build $GEM_NAME
36+
if [ $? -eq 0 ]; then
37+
echo "Gem built successfully!"
38+
else
39+
echo "Gem build failed!"
40+
exit 1
41+
fi

.github/workflows/codeql-analysis.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
name: "CodeQL"
1+
name: CodeQL
22

33
on:
44
push:
@@ -24,8 +24,8 @@ jobs:
2424
language: [ 'ruby' ]
2525

2626
steps:
27-
- name: Checkout repository
28-
uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
27+
- name: checkout
28+
uses: actions/checkout@v3
2929

3030
# Initializes the CodeQL tools for scanning.
3131
- name: Initialize CodeQL

.github/workflows/gem.yml

Lines changed: 0 additions & 30 deletions
This file was deleted.

.github/workflows/lint.yml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,11 @@ jobs:
1414
contents: read
1515

1616
steps:
17-
- name: Check out code
18-
uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
17+
- name: checkout
18+
uses: actions/checkout@v3
1919

20-
- uses: ruby/setup-ruby@8029ebd6e5bd8f4e0d6f7623ea76a01ec5b1010d # pin@v1.110.0
20+
- uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # pin@v1.152.0
2121
with:
22-
ruby-version: 3.1.2
2322
bundler-cache: true
2423

2524
- name: rubocop

.github/workflows/release.yml

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
name: release
2+
3+
on:
4+
workflow_dispatch:
5+
push:
6+
branches:
7+
- main
8+
paths:
9+
- lib/version.rb
10+
11+
permissions:
12+
contents: write
13+
packages: write
14+
15+
jobs:
16+
release:
17+
runs-on: ubuntu-latest
18+
19+
steps:
20+
- name: checkout
21+
uses: actions/checkout@v3
22+
23+
- uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # pin@v1.152.0
24+
with:
25+
bundler-cache: true
26+
27+
- name: bootstrap
28+
run: script/bootstrap
29+
30+
- name: lint
31+
run: bundle exec rubocop -c .rubocop.yml lib/ spec/
32+
33+
- name: test
34+
run: script/test
35+
36+
- name: set GEM_NAME from gemspec
37+
run: echo "GEM_NAME=$(ls | grep gemspec | cut -d. -f1)" >> $GITHUB_ENV
38+
39+
# builds the gem and saves the version to GITHUB_ENV
40+
- name: build
41+
run: echo "GEM_VERSION=$(gem build ${{ env.GEM_NAME }}.gemspec 2>&1 | grep Version | cut -d':' -f 2 | tr -d " \t\n\r")" >> $GITHUB_ENV
42+
43+
- name: publish to GitHub packages
44+
run: |
45+
export OWNER=$( echo ${{ github.repository }} | cut -d "/" -f 1 )
46+
GEM_HOST_API_KEY=${{ secrets.GITHUB_TOKEN }} gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} ${{ env.GEM_NAME }}-${{ env.GEM_VERSION }}.gem
47+
48+
- name: release
49+
uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # pin@v1.12.0
50+
with:
51+
artifacts: "${{ env.GEM_NAME }}-${{ env.GEM_VERSION }}.gem"
52+
tag: "v${{ env.GEM_VERSION }}"
53+
generateReleaseNotes: true

.github/workflows/test.yml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,11 @@ jobs:
1414
contents: read
1515

1616
steps:
17-
- name: Check out code
18-
uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
17+
- name: checkout
18+
uses: actions/checkout@v3
1919

20-
- uses: ruby/setup-ruby@8029ebd6e5bd8f4e0d6f7623ea76a01ec5b1010d # pin@v1.110.0
20+
- uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # pin@v1.152.0
2121
with:
22-
ruby-version: 3.1.2
2322
bundler-cache: true
2423

2524
- name: rspec tests

.rubocop.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,9 @@ inherit_gem:
33
- config/default.yml
44

55
AllCops:
6+
SuggestExtensions: false
67
DisplayCopNames: true
7-
TargetRubyVersion: 2.7.5
8+
TargetRubyVersion: 3.1
89
Exclude:
910
- 'bin/*'
1011
- 'spec/acceptance/fixtures/**/*'

Gemfile.lock

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
PATH
22
remote: .
33
specs:
4-
entitlements-github-plugin (0.2.0)
4+
entitlements-github-plugin (0.3.0)
55
contracts (= 0.17.0)
66
faraday (~> 2.0)
77
faraday-retry (~> 2.0)

README.md

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# entitlements-github-plugin
22

3-
[![acceptance](https://github.com/github/entitlements-github-plugin/actions/workflows/acceptance.yml/badge.svg)](https://github.com/github/entitlements-github-plugin/actions/workflows/acceptance.yml) [![test](https://github.com/github/entitlements-github-plugin/actions/workflows/test.yml/badge.svg)](https://github.com/github/entitlements-github-plugin/actions/workflows/test.yml) [![lint](https://github.com/github/entitlements-github-plugin/actions/workflows/lint.yml/badge.svg)](https://github.com/github/entitlements-github-plugin/actions/workflows/lint.yml) [![coverage](https://img.shields.io/badge/coverage-100%25-success)](https://img.shields.io/badge/coverage-100%25-success) [![style](https://img.shields.io/badge/code%20style-rubocop--github-blue)](https://github.com/github/rubocop-github)
3+
[![acceptance](https://github.com/github/entitlements-github-plugin/actions/workflows/acceptance.yml/badge.svg)](https://github.com/github/entitlements-github-plugin/actions/workflows/acceptance.yml) [![test](https://github.com/github/entitlements-github-plugin/actions/workflows/test.yml/badge.svg)](https://github.com/github/entitlements-github-plugin/actions/workflows/test.yml) [![lint](https://github.com/github/entitlements-github-plugin/actions/workflows/lint.yml/badge.svg)](https://github.com/github/entitlements-github-plugin/actions/workflows/lint.yml) [![release](https://github.com/github/entitlements-github-plugin/actions/workflows/release.yml/badge.svg)](https://github.com/github/entitlements-github-plugin/actions/workflows/release.yml) [![coverage](https://img.shields.io/badge/coverage-100%25-success)](https://img.shields.io/badge/coverage-100%25-success) [![style](https://img.shields.io/badge/code%20style-rubocop--github-blue)](https://github.com/github/rubocop-github)
44

55
`entitlements-github-plugin` is an [entitlements-app](https://github.com/github/entitlements-app) plugin allowing entitlements configs to be used to manage membership of GitHub.com Organizations and Teams.
66

@@ -82,3 +82,13 @@ For example, if there were a file `github.com/github/teams/new-team.txt` with a
8282
Entitlements configs can contain metadata which the plugin will use to make further configuration decisions.
8383
8484
`metadata_parent_team_name` - when defined in an entitlements config, the defined team will be made the parent team of this GitHub.com Team.
85+
86+
## Release 🚀
87+
88+
To release a new version of this Gem, do the following:
89+
90+
1. Update the version number in the [`lib/version.rb`](lib/version.rb) file
91+
2. Run `bundle install` to update the `Gemfile.lock` file with the new version
92+
3. Commit your changes, push them to GitHub, and open a PR
93+
94+
Once your PR is approved and the changes are merged, a new release will be created automatically by the [`release.yml`](.github/workflows/release.yml) workflow. The latest version of the Gem will be published to the GitHub Package Registry.

VERSION

Lines changed: 0 additions & 1 deletion
This file was deleted.

entitlements-github-plugin.gemspec

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,16 @@
11
# frozen_string_literal: true
22

3+
require_relative "lib/version"
4+
35
Gem::Specification.new do |s|
46
s.name = "entitlements-github-plugin"
5-
s.version = File.read("VERSION").chomp
7+
s.version = Entitlements::Version::VERSION
68
s.summary = "GitHub dotcom provider for entitlements-app"
7-
s.description = ""
9+
s.description = "Entitlements plugin to manage GitHub Orgs and Team memberships and access"
810
s.authors = ["GitHub, Inc. Security Ops"]
911
s.email = "security@github.com"
1012
s.license = "MIT"
11-
s.files = Dir.glob("lib/**/*") + %w[VERSION]
13+
s.files = Dir.glob("lib/**/*")
1214
s.homepage = "https://github.com/github/entitlements-github-plugin"
1315
s.executables = %w[]
1416

lib/entitlements/backend/github_org/controller.rb

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ def calculate
8383
validate_no_dupes! # calls read() for each group
8484

8585
if changes.any?
86-
print_differences(key: group_name, added: [], removed: [], changed: changes, ignored_users: ignored_users)
86+
print_differences(key: group_name, added: [], removed: [], changed: changes, ignored_users:)
8787
@actions.concat(changes)
8888
else
8989
logger.debug "UNCHANGED: No GitHub organization changes for #{group_name}"
@@ -398,11 +398,11 @@ def categorized_changes
398398
if removed.key?(member.downcase)
399399
# Already removed from a previous role. Therefore this is a move to a different role.
400400
removed.delete(member.downcase)
401-
moved[member.downcase] = { member: member, role: role }
401+
moved[member.downcase] = { member:, role: }
402402
else
403403
# Not removed from a previous role. Suspect this is an addition to the org (if we later spot a removal
404404
# from a role, then the code below will update that to be a move instead).
405-
added[member.downcase] = { member: member, role: role }
405+
added[member.downcase] = { member:, role: }
406406
end
407407
end
408408

@@ -414,12 +414,12 @@ def categorized_changes
414414
else
415415
# Not added to a previous role. Suspect this is a removal from the org (if we later spot an addition
416416
# to another role, then the code above will update that to be a move instead).
417-
removed[member.downcase] = { member: member, role: role }
417+
removed[member.downcase] = { member:, role: }
418418
end
419419
end
420420
end
421421

422-
{ added: added, removed: removed, moved: moved }
422+
{ added:, removed:, moved: }
423423
end
424424

425425
# Admins or members who are both `invited` and `pending` do not need to be re-invited. We're waiting for them

lib/entitlements/backend/github_org/service.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ def sync(implementation, role)
4444
Contract String, String => C::Bool
4545
def add_user_to_organization(user, role)
4646
Entitlements.logger.debug "#{identifier} add_user_to_organization(user=#{user}, org=#{org}, role=#{role})"
47-
new_membership = octokit.update_organization_membership(org, user: user, role: role)
47+
new_membership = octokit.update_organization_membership(org, user:, role:)
4848

4949
# Happy path
5050
if new_membership[:role] == role
@@ -70,7 +70,7 @@ def add_user_to_organization(user, role)
7070
Contract String => C::Bool
7171
def remove_user_from_organization(user)
7272
Entitlements.logger.debug "#{identifier} remove_user_from_organization(user=#{user}, org=#{org})"
73-
result = octokit.remove_organization_membership(org, user: user)
73+
result = octokit.remove_organization_membership(org, user:)
7474

7575
# If we removed the user, remove them from the cache of members, so that any GitHub team
7676
# operations in this organization will ignore this user.

lib/entitlements/backend/github_team/controller.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -61,12 +61,12 @@ def calculate
6161
end
6262

6363
if diff[:metadata] && diff[:metadata][:create_team]
64-
added << Entitlements::Models::Action.new(team_slug, provider.read(group), group, group_name, ignored_users: ignored_users)
64+
added << Entitlements::Models::Action.new(team_slug, provider.read(group), group, group_name, ignored_users:)
6565
else
66-
changed << Entitlements::Models::Action.new(team_slug, provider.read(group), group, group_name, ignored_users: ignored_users)
66+
changed << Entitlements::Models::Action.new(team_slug, provider.read(group), group, group_name, ignored_users:)
6767
end
6868
end
69-
print_differences(key: group_name, added: added, removed: [], changed: changed)
69+
print_differences(key: group_name, added:, removed: [], changed:)
7070

7171
@actions = added + changed
7272
end

lib/entitlements/backend/github_team/models/team.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ def initialize(team_id:, team_name:, members:, ou:, metadata:)
2727
@team_id = team_id
2828
@team_name = team_name.downcase
2929
@team_dn = ["cn=#{team_name.downcase}", ou].join(",")
30-
super(dn: @team_dn, members: Set.new(members.map { |m| m.downcase }), metadata: metadata)
30+
super(dn: @team_dn, members: Set.new(members.map { |m| m.downcase }), metadata:)
3131
end
3232
end
3333
end

lib/entitlements/backend/github_team/provider.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -127,7 +127,7 @@ def commit(entitlement_group)
127127
# Create the new team and invalidate the cache
128128
if github_team.nil?
129129
team_name = entitlement_group.cn.downcase
130-
github.create_team(entitlement_group: entitlement_group)
130+
github.create_team(entitlement_group:)
131131
github.invalidate_predictive_cache(entitlement_group)
132132
@github_team_cache.delete(team_name)
133133
github_team = github.read_team(entitlement_group)
@@ -168,7 +168,7 @@ def create_github_team_group(entitlement_group)
168168
team_name: entitlement_group.cn.downcase,
169169
members: Set.new,
170170
ou: github.ou,
171-
metadata: metadata
171+
metadata:
172172
)
173173
end
174174

lib/entitlements/backend/github_team/service.rb

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ def read_team(entitlement_group)
7878
team_id: -1,
7979
team_name: team_identifier,
8080
members: cached_members,
81-
ou: ou,
81+
ou:,
8282
metadata: team_metadata
8383
)
8484

@@ -108,7 +108,7 @@ def read_team(entitlement_group)
108108
team_id: teamdata[:team_id],
109109
team_name: team_identifier,
110110
members: Set.new(teamdata[:members]),
111-
ou: ou,
111+
ou:,
112112
metadata: team_metadata
113113
)
114114
rescue TeamNotFound
@@ -380,7 +380,7 @@ def graphql_team_data(team_slug)
380380
break
381381
end
382382

383-
{ members: result, team_id: team_id, parent_team_name: parent_team_name }
383+
{ members: result, team_id:, parent_team_name: }
384384
end
385385

386386
# Ensure that the given team ID actually matches up to the team slug on GitHub. This is in place
@@ -425,7 +425,7 @@ def add_user_to_team(user:, team:, role: "member")
425425
end
426426
Entitlements.logger.debug "#{identifier} add_user_to_team(user=#{user}, org=#{org}, team_id=#{team.team_id}, role=#{role})"
427427
validate_team_id_and_slug!(team.team_id, team.team_name)
428-
result = octokit.add_team_membership(team.team_id, user, role: role)
428+
result = octokit.add_team_membership(team.team_id, user, role:)
429429
result[:state] == "active" || result[:state] == "pending"
430430
end
431431

0 commit comments

Comments
 (0)