Fix uv lockfile sync + version incrementation checks #347
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Version Check | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, ready_for_review] | |
| paths: | |
| - 'socketsecurity/**' | |
| - 'pyproject.toml' | |
| - 'uv.lock' | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| issues: write | |
| jobs: | |
| check_version: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 | |
| with: | |
| fetch-depth: 0 # Fetch all history for all branches | |
| persist-credentials: false | |
| - name: Check version increment | |
| id: version_check | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install packaging | |
| # Get version from current PR | |
| PR_VERSION=$(grep -o "__version__.*" socketsecurity/__init__.py | awk '{print $3}' | tr -d "'") | |
| echo "PR_VERSION=$PR_VERSION" >> $GITHUB_ENV | |
| # Get version from main branch | |
| MAIN_VERSION=$(git show origin/main:socketsecurity/__init__.py | grep -o "__version__.*" | awk '{print $3}' | tr -d "'") | |
| echo "MAIN_VERSION=$MAIN_VERSION" >> $GITHUB_ENV | |
| # Compare versions using Python | |
| python3 -c " | |
| from packaging import version | |
| pr_ver = version.parse('${PR_VERSION}') | |
| main_ver = version.parse('${MAIN_VERSION}') | |
| if pr_ver <= main_ver: | |
| print(f'❌ Version must be incremented! Main: {main_ver}, PR: {pr_ver}') | |
| exit(1) | |
| print(f'✅ Version properly incremented from {main_ver} to {pr_ver}') | |
| " | |
| - name: Require uv.lock update when pyproject changes | |
| run: | | |
| CHANGED_FILES="$(git diff --name-only origin/main...HEAD)" | |
| if echo "$CHANGED_FILES" | grep -qx 'pyproject.toml'; then | |
| if ! echo "$CHANGED_FILES" | grep -qx 'uv.lock'; then | |
| echo "❌ pyproject.toml changed, but uv.lock was not updated." | |
| echo "Run 'uv lock' and commit uv.lock with the version bump." | |
| exit 1 | |
| fi | |
| fi | |
| - name: Manage PR Comment | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea | |
| if: always() && github.event.pull_request.head.repo.full_name == github.repository | |
| env: | |
| MAIN_VERSION: ${{ env.MAIN_VERSION }} | |
| PR_VERSION: ${{ env.PR_VERSION }} | |
| CHECK_RESULT: ${{ steps.version_check.outcome }} | |
| with: | |
| script: | | |
| const success = process.env.CHECK_RESULT === 'success'; | |
| const prNumber = context.payload.pull_request.number; | |
| const owner = context.repo.owner; | |
| const repo = context.repo.repo; | |
| const comments = await github.rest.issues.listComments({ | |
| owner: owner, | |
| repo: repo, | |
| issue_number: prNumber, | |
| }); | |
| const versionComment = comments.data.find(comment => | |
| comment.user.type === 'Bot' && | |
| comment.body.includes('Version Check') | |
| ); | |
| if (versionComment) { | |
| if (success) { | |
| // Delete the warning comment if check passes | |
| await github.rest.issues.deleteComment({ | |
| owner: owner, | |
| repo: repo, | |
| comment_id: versionComment.id | |
| }); | |
| } else { | |
| // Update existing warning | |
| await github.rest.issues.updateComment({ | |
| owner: owner, | |
| repo: repo, | |
| comment_id: versionComment.id, | |
| body: `❌ **Version Check Failed**\n\nPlease increment...` | |
| }); | |
| } | |
| } else if (!success) { | |
| // Create new warning comment only if check fails | |
| await github.rest.issues.createComment({ | |
| owner: owner, | |
| repo: repo, | |
| issue_number: prNumber, | |
| body: `❌ **Version Check Failed**\n\nPlease increment...` | |
| }); | |
| } |