chore: Automatically bump release version on PR merge

.actrc

@@ -0,0 +1,6 @@
+--no-skip-checkout
+--pull=false
+--container-architecture linux/amd64
+--platform ubuntu-latest=ghcr.io/cloud-city-crafted/gh-runners:ubuntu-latest
+--env-file .env
+--secret-file secrets.env

.github/hooks/pre-commit

@@ -18,12 +18,21 @@ else
 	exit 1
 fi
 
-linting_results=$(poetry run pylint src tests)
+python_linting_results=$(poetry run pylint src tests)
 if [[ "$?" == "0" ]]; then
-    echo "✅ Linting"
+    echo "✅ Python Linting"
 else
-    echo "❌ Linting"
-    echo "$linting_results"
+    echo "❌ Python Linting"
+    echo "$python_linting_results"
+	exit 1
+fi
+
+gh_actions_linting_results=$(act --dryrun)
+if [[ "$?" == "0" ]]; then
+    echo "✅ GitHub Actions Linting"
+else
+    echo "❌ GitHub Actions Linting"
+    echo "$gh_actions_linting_results"
 	exit 1
 fi
 

.github/workflows/delivery.yml

@@ -9,15 +9,20 @@ on:
 
 env:
   BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
+  SERVICE_ACCOUNT_USERNAME: "ccc-service-account"
+  SERVICE_ACCOUNT_EMAIL_ADDRESS: "145862681+ccc-service-account@users.noreply.github.com"
 
 jobs:
-  test:
+  release:
     if: github.event.pull_request.merged == true
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout Source Code
         uses: actions/checkout@v4
+        with:
+          ref: main
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install Poetry
         run: pipx install poetry
@@ -28,25 +33,45 @@ jobs:
           cache: "poetry"
 
       - name: Install Python Dependencies
-        run: poetry install
+        run: poetry install --no-ansi --without dev
 
       - name: Run End-to-End Tests
         run: poetry run pytest tests/e2e
 
-      - name: Bump Version
-        id: bump-version
+      - name: Configure Git GPG Signing
+        id: configure-git-gpg
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.SERVICE_ACCOUNT_GPG_PRIVATE_KEY }}
+          GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.SERVICE_ACCOUNT_GPG_PASSPHRASE }}
         run: |
-          package_version="$(poetry version ${{ startsWith(env.BRANCH_NAME, 'bug') || startsWith(env.BRANCH_NAME, 'fix') && 'patch' || 'minor' }} --short)"
-          git config user.name ccc-service-account
-          git config user.email service@cloudcitycrafted.io
-          git commit -am "chore: Bump package version to v$package_version"
-          git push
-          echo "new-version=$package_version" >> $GITHUB_OUTPUT
+          echo "$GPG_PRIVATE_KEY" | gpg --import --pinentry-mode loopback --passphrase "$GPG_PRIVATE_KEY_PASSPHRASE"
+          key_metadata=$(gpg --with-colons --with-keygrip --list-secret-keys $SERVICE_ACCOUNT_EMAIL_ADDRESS)
+          keyid=$(echo "$key_metadata" | awk -F: 'NR == 1 { print $5 }')
+          keyfingerprint=$(echo "$key_metadata" | awk -F: 'NR == 2 { print $10 }')
+          keygrip=$(echo "$key_metadata" | awk -F: 'NR == 3 { print $10 }')
+          echo "$GPG_PRIVATE_KEY_PASSPHRASE" | "$(gpgconf --list-dirs libexecdir)"/gpg-preset-passphrase --preset $keygrip
+
+          git config --global user.name $SERVICE_ACCOUNT_USERNAME
+          git config --global user.email $SERVICE_ACCOUNT_EMAIL_ADDRESS
+          git config --global user.signingkey $keyid
+          git config --global commit.gpgsign true
+          git config --global tag.gpgsign true
 
-      - name: Build Package
-        run: poetry build
+          echo "gpg-key-fingerprint=$keyfingerprint" >> $GITHUB_OUTPUT
 
       - name: Create GitHub Release
-        run: gh release create --generate-notes --latest 'v${{ steps.bump-version.outputs.new-version }}' ./dist/*.tar.gz
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          BUMP_TYPE: ${{ startsWith(env.BRANCH_NAME, 'bug') || startsWith(env.BRANCH_NAME, 'fix') && 'patch' || 'minor' }}
+        run: |
+          package_version="$(poetry version $BUMP_TYPE --short)"
+          poetry build
+          git add pyproject.toml
+          git commit -m "chore: Bump package version to v$package_version" --no-verify
+          git push
+          gh release create --generate-notes "v$package_version" "./dist/*$package_version0*"
+
+      - name: Clean Up GPG Credentials
+        env:
+          GPG_PRIVATE_KEY_FINGERPRINT: ${{ steps.configure-git-gpg.outputs.gpg-key-fingerprint }}
+        run: echo $GPG_PRIVATE_KEY_FINGERPRINT | xargs gpg --batch --yes --delete-secret-and-public-keys

.gitignore

@@ -98,8 +98,8 @@ celerybeat.pid
 *.sage.py
 
 # Environments
-.env
-.venv
+.env/
+.venv/
 env/
 venv/
 ENV/
@@ -129,3 +129,6 @@ dmypy.json
 
 # Cython debug symbols
 cython_debug/
+
+# Configuration files
+*.env

README.md

@@ -48,6 +48,18 @@ pytest tests/e2e          # Run end-to-end tests
 pytest tests              # Run all tests
 ```
 
+### (Optional) Running CI Workflow Tests
+
+Ensure [Docker](https://docs.docker.com/get-docker/) and [`act`](https://github.com/nektos/act#installation) are installed and a [github-act-cache-server](https://github.com/sp-ricard-valverde/github-act-cache-server) is up and running.
+
+Local workflow runs are executed via `act`. Once all dependencies are setup, you can test workflows with:
+
+```shell
+# TBD script to run all tests
+```
+
+See [example `act` commands](https://github.com/nektos/act#example-commands) to better understand how to run GitHub actions locally.
+
 ## Configuring Developer Standards
 
 Use `git` to install commit message, pre-commit, and pre-push commit hooks:

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "package-name"
-version = "1.3.0"
+version = "1.4.0"
 description = "Package description"
 license = "MIT"
 authors = ["Author Name <author.email@example.com>"]

tests/ci/fixtures/pull_request_merged.json

@@ -0,0 +1,5 @@
+{
+  "pull_request": {
+    "merged": true
+  }
+}