name: authentik-api-py-publish on: push: branches: [main] paths: - "schema.yml" workflow_dispatch: jobs: build: runs-on: ubuntu-latest permissions: id-token: write steps: - id: generate_token uses: tibdex/github-app-token@v2 with: app_id: ${{ secrets.GH_APP_ID }} private_key: ${{ secrets.GH_APP_PRIVATE_KEY }} - uses: actions/checkout@v4 with: token: ${{ steps.generate_token.outputs.token }} - name: Install poetry & deps shell: bash run: | pipx install poetry || true sudo apt-get update sudo apt-get install --no-install-recommends -y libpq-dev openssl libxmlsec1-dev pkg-config gettext - name: Setup python and restore poetry uses: actions/setup-python@v5 with: python-version-file: "pyproject.toml" cache: "poetry" - name: Generate API Client run: make gen-client-py - name: Publish package working-directory: gen-py-api/ run: | poetry build - name: Publish package to PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: packages-dir: gen-py-api/dist/ # We can't easily upgrade the API client being used due to poetry being poetry # so we'll have to rely on dependabot # - name: Upgrade / # run: | # export VERSION=$(cd gen-py-api && poetry version -s) # poetry add "authentik_client=$VERSION" --allow-prereleases --lock # - uses: peter-evans/create-pull-request@v6 # id: cpr # with: # token: ${{ steps.generate_token.outputs.token }} # branch: update-root-api-client # commit-message: "root: bump API Client version" # title: "root: bump API Client version" # body: "root: bump API Client version" # delete-branch: true # signoff: true # # ID from https://api.github.com/users/authentik-automation[bot] # author: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com> # - uses: peter-evans/enable-pull-request-automerge@v3 # with: # token: ${{ steps.generate_token.outputs.token }} # pull-request-number: ${{ steps.cpr.outputs.pull-request-number }} # merge-method: squash