authentik/.github/workflows/api-py-publish.yml

name: authentik-api-py-publish
on:
  push:
    branches: [main]
    paths:
      - "schema.yml"
  workflow_dispatch:
jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
    steps:
      - id: generate_token
        uses: tibdex/github-app-token@v2
        with:
          app_id: ${{ secrets.GH_APP_ID }}
          private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      - uses: actions/checkout@v4
        with:
          token: ${{ steps.generate_token.outputs.token }}
      - name: Install poetry & deps
        shell: bash
        run: |
          pipx install poetry || true
          sudo apt-get update
          sudo apt-get install --no-install-recommends -y libpq-dev openssl libxmlsec1-dev pkg-config gettext
      - name: Setup python and restore poetry
        uses: actions/setup-python@v5
        with:
          python-version-file: "pyproject.toml"
          cache: "poetry"
      - name: Generate API Client
        run: make gen-client-py
      - name: Publish package
        working-directory: gen-py-api/
        run: |
          poetry build
      - name: Publish package to PyPI
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          packages-dir: gen-py-api/dist/
      # We can't easily upgrade the API client being used due to poetry being poetry
      # so we'll have to rely on dependabot
      # - name: Upgrade /
      #   run: |
      #     export VERSION=$(cd gen-py-api && poetry version -s)
      #     poetry add "authentik_client=$VERSION" --allow-prereleases --lock
      # - uses: peter-evans/create-pull-request@v6
      #   id: cpr
      #   with:
      #     token: ${{ steps.generate_token.outputs.token }}
      #     branch: update-root-api-client
      #     commit-message: "root: bump API Client version"
      #     title: "root: bump API Client version"
      #     body: "root: bump API Client version"
      #     delete-branch: true
      #     signoff: true
      #     # ID from https://api.github.com/users/authentik-automation[bot]
      #     author: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
      # - uses: peter-evans/enable-pull-request-automerge@v3
      #   with:
      #     token: ${{ steps.generate_token.outputs.token }}
      #     pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
      #     merge-method: squash