From 953f70e7faea4e9d25c6a25b13dce6e64985180a Mon Sep 17 00:00:00 2001 From: Brian Li Date: Mon, 8 Apr 2024 14:12:34 -0400 Subject: [PATCH 1/3] chore: Release 0.3.0 --- src/firebase_functions/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/firebase_functions/__init__.py b/src/firebase_functions/__init__.py index 9b9af4f..474f4be 100644 --- a/src/firebase_functions/__init__.py +++ b/src/firebase_functions/__init__.py @@ -15,4 +15,4 @@ Firebase Functions for Python. """ -__version__ = "0.2.0" +__version__ = "0.3.0" From cbc800b818a793e061cbfa99476f5bbd41e121cc Mon Sep 17 00:00:00 2001 From: Brian Li Date: Mon, 8 Apr 2024 20:31:02 -0400 Subject: [PATCH 2/3] trusted publisher release --- .github/scripts/publish_preflight_check.sh | 12 ++++++------ .github/workflows/release.yaml | 12 ++++++++---- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/.github/scripts/publish_preflight_check.sh b/.github/scripts/publish_preflight_check.sh index 948f2fe..eba7c85 100755 --- a/.github/scripts/publish_preflight_check.sh +++ b/.github/scripts/publish_preflight_check.sh @@ -138,19 +138,19 @@ echo_info "---< git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true >--- git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true echo "" -readonly EXISTING_TAG=`git rev-parse -q --verify "refs/tags/v${RELEASE_VERSION}"` || true +readonly EXISTING_TAG=`git rev-parse -q --verify "refs/tags/${RELEASE_VERSION}"` || true if [[ -n "${EXISTING_TAG}" ]]; then - echo_warn "Tag v${RELEASE_VERSION} already exists. Exiting." + echo_warn "Tag ${RELEASE_VERSION} already exists. Exiting." echo_warn "If the tag was created in a previous unsuccessful attempt, delete it and try again." - echo_warn " $ git tag -d v${RELEASE_VERSION}" - echo_warn " $ git push --delete origin v${RELEASE_VERSION}" + echo_warn " $ git tag -d ${RELEASE_VERSION}" + echo_warn " $ git push --delete origin ${RELEASE_VERSION}" - readonly RELEASE_URL="https://github.com/firebase/firebase-functions-python/releases/tag/v${RELEASE_VERSION}" + readonly RELEASE_URL="https://github.com/firebase/firebase-functions-python/releases/tag/${RELEASE_VERSION}" echo_warn "Delete any corresponding releases at ${RELEASE_URL}." terminate fi -echo_info "Tag v${RELEASE_VERSION} does not exist." +echo_info "Tag ${RELEASE_VERSION} does not exist." echo_info "" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 269420a..cea0228 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -80,9 +80,16 @@ jobs: runs-on: ubuntu-latest + permissions: + # Used to create a short-lived OIDC token which is given to PyPi to identify this workflow job + # See: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings + # and https://docs.pypi.org/trusted-publishers/using-a-publisher/ + id-token: write + contents: write + steps: - name: Checkout source for publish - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Download the artifacts created by the stage_release job. - name: Download release candidates @@ -113,6 +120,3 @@ jobs: - name: Publish to Pypi uses: pypa/gh-action-pypi-publish@release/v1 - with: - user: firebase - password: ${{ secrets.PYPI_PASSWORD }} \ No newline at end of file From c11129bfe175003838449157e38005903635b001 Mon Sep 17 00:00:00 2001 From: Brian Li Date: Mon, 8 Apr 2024 20:36:42 -0400 Subject: [PATCH 3/3] revert version bump --- src/firebase_functions/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/firebase_functions/__init__.py b/src/firebase_functions/__init__.py index 474f4be..9b9af4f 100644 --- a/src/firebase_functions/__init__.py +++ b/src/firebase_functions/__init__.py @@ -15,4 +15,4 @@ Firebase Functions for Python. """ -__version__ = "0.3.0" +__version__ = "0.2.0"