From f749a72c0e980f540fa99c0f98d3e7246a783a80 Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Fri, 23 Jan 2026 11:33:40 -0500 Subject: [PATCH 1/5] refactor: use GHA to generate & release SDKs --- .github/workflows/sdk.yml | 163 ++++++++++++++++++++++++++++++++++++++ Makefile | 19 +++++ scripts/generate.sh | 28 ++++--- scripts/release.sh | 34 +++++--- scripts/test.sh | 34 +++++--- 5 files changed, 241 insertions(+), 37 deletions(-) create mode 100644 .github/workflows/sdk.yml diff --git a/.github/workflows/sdk.yml b/.github/workflows/sdk.yml new file mode 100644 index 00000000000..63b149ab232 --- /dev/null +++ b/.github/workflows/sdk.yml @@ -0,0 +1,163 @@ +name: SDK Generation and Release + +on: + push: + branches: + - master + pull_request: + branches: + - master + workflow_dispatch: + inputs: + project: + description: 'Project name (e.g. kratos)' + required: true + version: + description: 'Version (e.g. v0.0.1)' + required: true + +jobs: + preflight: + runs-on: ubuntu-latest + outputs: + project: ${{ steps.extract.outputs.project }} + version: ${{ steps.extract.outputs.version }} + should_run: ${{ steps.extract.outputs.should_run }} + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Extract Project and Version + id: extract + env: + FORCE_PROJECT: ${{ github.event.inputs.project }} + FORCE_VERSION: ${{ github.event.inputs.version }} + run: | + if [ -n "$FORCE_PROJECT" ] && [ -n "$FORCE_VERSION" ]; then + echo "project=$FORCE_PROJECT" >> $GITHUB_OUTPUT + echo "version=$FORCE_VERSION" >> $GITHUB_OUTPUT + echo "should_run=true" >> $GITHUB_OUTPUT + exit 0 + fi + + COMMIT_MSG=$(git log -1 --pretty=%B) + if echo "$COMMIT_MSG" | grep -q "Add spec for"; then + PROJECT=$(echo "$COMMIT_MSG" | head -n 1 | sed -E 's/Add spec for (.+):(.+)$/\1/') + VERSION=$(echo "$COMMIT_MSG" | head -n 1 | sed -E 's/Add spec for (.+):(.+)$/\2/') + + echo "project=$PROJECT" >> $GITHUB_OUTPUT + echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "should_run=true" >> $GITHUB_OUTPUT + else + echo "Commit message does not indicate spec update. Skipping." + echo "should_run=false" >> $GITHUB_OUTPUT + fi + + sdk: + needs: preflight + if: needs.preflight.outputs.should_run == 'true' + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + language: [typescript, typescript-fetch, java, php, python, ruby, golang, dotnet, dart, rust, elixir] + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '17' + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.2' + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Setup Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: '3.0' + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: '1.21' + + - name: Setup Dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: '8.0.x' + + - name: Setup Dart + uses: dart-lang/setup-dart@v1 + + - name: Setup Rust + uses: dtolnay/rust-toolchain@stable + + - name: Setup Elixir + uses: erlef/setup-beam@v1 + with: + elixir-version: '1.14' + otp-version: '25' + + - name: Install Dependencies (System) + run: | + sudo apt-get update + sudo apt-get install -y gettext-base fail2ban- gnupg + + - name: Initialize Environment + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + RUBYGEMS_TOKEN: ${{ secrets.RUBYGEMS_TOKEN }} + MVN_CENTRAL_USERNAME: ${{ secrets.MVN_CENTRAL_USERNAME }} + MVN_CENTRAL_PASSWORD: ${{ secrets.MVN_CENTRAL_PASSWORD }} + MVN_PGP_KEY_ID: ${{ secrets.MVN_PGP_KEY_ID }} + MVN_PGP_PASSPHRASE: ${{ secrets.MVN_PGP_PASSPHRASE }} + MVN_GPG_ASC_BASE64: ${{ secrets.MVN_GPG_ASC_BASE64 }} + run: ./scripts/init.sh + + - name: Generate SDK + env: + PROJECT: ${{ needs.preflight.outputs.project }} + VERSION: ${{ needs.preflight.outputs.version }} + LANGUAGE: ${{ matrix.language }} + run: make generate + + - name: Test SDK + env: + PROJECT: ${{ needs.preflight.outputs.project }} + VERSION: ${{ needs.preflight.outputs.version }} + LANGUAGE: ${{ matrix.language }} + run: make test + + - name: Release SDK + if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' + env: + PROJECT: ${{ needs.preflight.outputs.project }} + VERSION: ${{ needs.preflight.outputs.version }} + LANGUAGE: ${{ matrix.language }} + NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }} + CARGO_TOKEN: ${{ secrets.CARGO_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + RUBYGEMS_TOKEN: ${{ secrets.RUBYGEMS_TOKEN }} + MVN_CENTRAL_USERNAME: ${{ secrets.MVN_CENTRAL_USERNAME }} + MVN_CENTRAL_PASSWORD: ${{ secrets.MVN_CENTRAL_PASSWORD }} + MVN_PGP_KEY_ID: ${{ secrets.MVN_PGP_KEY_ID }} + MVN_PGP_PASSPHRASE: ${{ secrets.MVN_PGP_PASSPHRASE }} + MVN_GPG_ASC_BASE64: ${{ secrets.MVN_GPG_ASC_BASE64 }} + run: make release diff --git a/Makefile b/Makefile index e637b8d87f0..3ad089384f3 100644 --- a/Makefile +++ b/Makefile @@ -10,3 +10,22 @@ node_modules: package-lock.json docker: docker build -t oryd/sdk:latest . + +# Default values +PROJECT ?= +VERSION ?= +LANGUAGE ?= + +# Helper to check required variables +check-env: + @if [ -z "$(PROJECT)" ]; then echo "PROJECT is not set"; exit 1; fi + @if [ -z "$(VERSION)" ]; then echo "VERSION is not set"; exit 1; fi + +generate: check-env + FORCE_PROJECT=$(PROJECT) FORCE_VERSION=$(VERSION) ./scripts/generate.sh $(LANGUAGE) + +test: check-env + FORCE_PROJECT=$(PROJECT) FORCE_VERSION=$(VERSION) ./scripts/test.sh $(LANGUAGE) + +release: check-env + FORCE_PROJECT=$(PROJECT) FORCE_VERSION=$(VERSION) ./scripts/release.sh $(LANGUAGE) diff --git a/scripts/generate.sh b/scripts/generate.sh index e327dfca1cb..035b4a91126 100755 --- a/scripts/generate.sh +++ b/scripts/generate.sh @@ -323,17 +323,21 @@ elixir () { cp "LICENSE" "clients/${PROJECT}/elixir" } -elixir -typescript -typescript_fetch -rust -golang -java -php -python -ruby -# TODO: https://github.com/ory/sdk/issues/434 -# dotnet -dart +if [ -z "$1" ]; then + elixir + typescript + typescript_fetch + rust + golang + java + php + python + ruby + # TODO: https://github.com/ory/sdk/issues/434 + # dotnet + dart +else + $1 +fi cleanup diff --git a/scripts/release.sh b/scripts/release.sh index fd461a945cc..c0f53b9cb50 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -222,19 +222,27 @@ FAIL_REASON="" echo "starting" -python || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} python,"; } -ruby || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} ruby,"; } -golang || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} golang,"; } -php || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} php,"; } -typescript || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} typescript,"; } -typescript_fetch || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} typescript_fetch,"; } -dart || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} dart,"; } -rust || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} rust,"; } -elixir || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} elixir,"; } -java || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} java,"; } -# TODO: https://github.com/ory/sdk/issues/434 -# dotnet || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} dotnet,"; } -upstream || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} upstream,"; } +run_all() { + python || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} python,"; } + ruby || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} ruby,"; } + golang || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} golang,"; } + php || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} php,"; } + typescript || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} typescript,"; } + typescript_fetch || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} typescript_fetch,"; } + dart || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} dart,"; } + rust || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} rust,"; } + elixir || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} elixir,"; } + java || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} java,"; } + # TODO: https://github.com/ory/sdk/issues/434 + # dotnet || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} dotnet,"; } + upstream || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} upstream,"; } +} + +if [ -z "$1" ]; then + run_all +else + $1 || { let "FAIL+=1" && FAIL_REASON="${FAIL_REASON} $1,"; } +fi echo "$FAIL" diff --git a/scripts/test.sh b/scripts/test.sh index 03eb30f88bb..eaa97153e1a 100755 --- a/scripts/test.sh +++ b/scripts/test.sh @@ -101,15 +101,25 @@ elixir () { (cd "${dir}"; mix test) } -elixir -typescript -typescript_fetch -rust -golang -java -php -python -ruby -dartpub -# TODO: https://github.com/ory/sdk/issues/434 -# csharp +if [ -z "$1" ]; then + elixir + typescript + typescript_fetch + rust + golang + java + php + python + ruby + dartpub + # TODO: https://github.com/ory/sdk/issues/434 + # csharp +else + if [ "$1" == "dart" ]; then + dartpub + elif [ "$1" == "dotnet" ]; then + csharp + else + $1 + fi +fi From 5eda41561b1143807beb0d35142043b96f3724de Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Fri, 23 Jan 2026 11:39:47 -0500 Subject: [PATCH 2/5] chore: u --- .github/workflows/sdk.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sdk.yml b/.github/workflows/sdk.yml index 63b149ab232..8c98a3101d6 100644 --- a/.github/workflows/sdk.yml +++ b/.github/workflows/sdk.yml @@ -51,8 +51,15 @@ jobs: echo "version=$VERSION" >> $GITHUB_OUTPUT echo "should_run=true" >> $GITHUB_OUTPUT else - echo "Commit message does not indicate spec update. Skipping." - echo "should_run=false" >> $GITHUB_OUTPUT + if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then + PROJECT="client" + VERSION=$(cat spec/$PROJECT/latest) + echo "project=$PROJECT" >> $GITHUB_OUTPUT + echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "should_run=true" >> $GITHUB_OUTPUT + else + echo "should_run=false" >> $GITHUB_OUTPUT + fi fi sdk: From 91aaa2800225abeaccbea45624a88148b86ff244 Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Fri, 23 Jan 2026 11:42:50 -0500 Subject: [PATCH 3/5] chore: u --- .github/workflows/sdk.yml | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/.github/workflows/sdk.yml b/.github/workflows/sdk.yml index 8c98a3101d6..01e3b9ef318 100644 --- a/.github/workflows/sdk.yml +++ b/.github/workflows/sdk.yml @@ -127,16 +127,6 @@ jobs: sudo apt-get update sudo apt-get install -y gettext-base fail2ban- gnupg - - name: Initialize Environment - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - RUBYGEMS_TOKEN: ${{ secrets.RUBYGEMS_TOKEN }} - MVN_CENTRAL_USERNAME: ${{ secrets.MVN_CENTRAL_USERNAME }} - MVN_CENTRAL_PASSWORD: ${{ secrets.MVN_CENTRAL_PASSWORD }} - MVN_PGP_KEY_ID: ${{ secrets.MVN_PGP_KEY_ID }} - MVN_PGP_PASSPHRASE: ${{ secrets.MVN_PGP_PASSPHRASE }} - MVN_GPG_ASC_BASE64: ${{ secrets.MVN_GPG_ASC_BASE64 }} - run: ./scripts/init.sh - name: Generate SDK env: @@ -152,6 +142,18 @@ jobs: LANGUAGE: ${{ matrix.language }} run: make test + - name: Initialize Environment + if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + RUBYGEMS_TOKEN: ${{ secrets.RUBYGEMS_TOKEN }} + MVN_CENTRAL_USERNAME: ${{ secrets.MVN_CENTRAL_USERNAME }} + MVN_CENTRAL_PASSWORD: ${{ secrets.MVN_CENTRAL_PASSWORD }} + MVN_PGP_KEY_ID: ${{ secrets.MVN_PGP_KEY_ID }} + MVN_PGP_PASSPHRASE: ${{ secrets.MVN_PGP_PASSPHRASE }} + MVN_GPG_ASC_BASE64: ${{ secrets.MVN_GPG_ASC_BASE64 }} + run: ./scripts/init.sh + - name: Release SDK if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' env: From 848df3ee14bd499288e0af2345234ee10d86ff55 Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Fri, 23 Jan 2026 11:48:31 -0500 Subject: [PATCH 4/5] chore: u --- .circleci/config.yml | 34 ---------------------------------- .github/workflows/sdk.yml | 3 ++- 2 files changed, 2 insertions(+), 35 deletions(-) delete mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 6f321ce4124..00000000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,34 +0,0 @@ -version: 2.1 -orbs: - slack: circleci/slack@4.9.3 - -jobs: - publish: - docker: - - image: oryd/sdk:latest - working_directory: /sdk - steps: - - checkout - - run: | - if [ -z "$(git log -1 --pretty=%B | grep 'Add spec for' | grep -v '.pre.')" ]; then - circleci-agent step halt - fi - - run: - name: Authenticate with registry - command: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc - - run: ./scripts/init.sh - - run: ./scripts/generate.sh - - run: ./scripts/test.sh - - run: ./scripts/release.sh - - slack/notify: - event: fail - template: basic_fail_1 - -workflows: - publish: - jobs: - - publish: - filters: - branches: - only: master - context: slack-secrets diff --git a/.github/workflows/sdk.yml b/.github/workflows/sdk.yml index 01e3b9ef318..454d35a9ac3 100644 --- a/.github/workflows/sdk.yml +++ b/.github/workflows/sdk.yml @@ -69,7 +69,8 @@ jobs: strategy: fail-fast: false matrix: - language: [typescript, typescript-fetch, java, php, python, ruby, golang, dotnet, dart, rust, elixir] + # TODO: add dotnet (https://github.com/ory/sdk/issues/434) + language: [typescript, typescript_fetch, java, php, python, ruby, golang, dart, rust, elixir] steps: - name: Checkout uses: actions/checkout@v4 From 8a766854003d33ef11c3353c1fc2f63923d4ede7 Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Fri, 23 Jan 2026 11:55:22 -0500 Subject: [PATCH 5/5] chore: u --- .github/workflows/sdk.yml | 32 ++++++++++---------------------- 1 file changed, 10 insertions(+), 22 deletions(-) diff --git a/.github/workflows/sdk.yml b/.github/workflows/sdk.yml index 454d35a9ac3..77d84a6af07 100644 --- a/.github/workflows/sdk.yml +++ b/.github/workflows/sdk.yml @@ -47,19 +47,17 @@ jobs: PROJECT=$(echo "$COMMIT_MSG" | head -n 1 | sed -E 's/Add spec for (.+):(.+)$/\1/') VERSION=$(echo "$COMMIT_MSG" | head -n 1 | sed -E 's/Add spec for (.+):(.+)$/\2/') + echo "project=$PROJECT" >> $GITHUB_OUTPUT + echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "should_run=true" >> $GITHUB_OUTPUT + elif [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then + PROJECT="client" + VERSION=$(cat spec/$PROJECT/latest) echo "project=$PROJECT" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT echo "should_run=true" >> $GITHUB_OUTPUT else - if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then - PROJECT="client" - VERSION=$(cat spec/$PROJECT/latest) - echo "project=$PROJECT" >> $GITHUB_OUTPUT - echo "version=$VERSION" >> $GITHUB_OUTPUT - echo "should_run=true" >> $GITHUB_OUTPUT - else - echo "should_run=false" >> $GITHUB_OUTPUT - fi + echo "should_run=false" >> $GITHUB_OUTPUT fi sdk: @@ -143,18 +141,6 @@ jobs: LANGUAGE: ${{ matrix.language }} run: make test - - name: Initialize Environment - if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - RUBYGEMS_TOKEN: ${{ secrets.RUBYGEMS_TOKEN }} - MVN_CENTRAL_USERNAME: ${{ secrets.MVN_CENTRAL_USERNAME }} - MVN_CENTRAL_PASSWORD: ${{ secrets.MVN_CENTRAL_PASSWORD }} - MVN_PGP_KEY_ID: ${{ secrets.MVN_PGP_KEY_ID }} - MVN_PGP_PASSPHRASE: ${{ secrets.MVN_PGP_PASSPHRASE }} - MVN_GPG_ASC_BASE64: ${{ secrets.MVN_GPG_ASC_BASE64 }} - run: ./scripts/init.sh - - name: Release SDK if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' env: @@ -170,4 +156,6 @@ jobs: MVN_PGP_KEY_ID: ${{ secrets.MVN_PGP_KEY_ID }} MVN_PGP_PASSPHRASE: ${{ secrets.MVN_PGP_PASSPHRASE }} MVN_GPG_ASC_BASE64: ${{ secrets.MVN_GPG_ASC_BASE64 }} - run: make release + run: | + ./scripts/init.sh + make release