devops: pushing the automation job

.github/workflows/release.yml

@@ -51,27 +51,31 @@ jobs:
             echo "enable_tag_build=false" >> ${GITHUB_OUTPUT}
             exit 1
           fi
-
+ 
   highflame-package:
     needs:
       - highflame-validate
     permissions:
       contents: 'read'
       id-token: 'write'
     runs-on: ubuntu-24.04
+    outputs:
+      version: ${{ steps.version.outputs.VERSION }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v6
         with:
           persist-credentials: false
 
       - name: Setting up the Package Version
+        id: version
         env:
           PY_VER_FILE: "pyproject.toml"
           RELEASE_NAME: ${{ github.event.release.name }}
         shell: bash
         run: |-
           export RELEASE_VERSION=$(echo ${{ env.RELEASE_NAME }} | sed 's|^v||g')
+          echo "VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT
           if [[ -f ${{ env.PY_VER_FILE }} ]] ; then
             sed -i "s|^version = \".*\"|version = \"${RELEASE_VERSION}\"|g" ${{ env.PY_VER_FILE }}
             cat ${{ env.PY_VER_FILE }}
@@ -96,9 +100,76 @@ jobs:
         shell: bash
         run: |-
           python -m build
+
+      - name: Upload versioned pyproject.toml
+        uses: actions/upload-artifact@v7
+        with:
+         name: pyproject-toml
+         path: pyproject.toml
+         retention-days: 1
 
       - name: Publish Package
         uses: pypa/gh-action-pypi-publish@v1.13.0
         # with:
         #   user: __token__
-        #   password: ${{ secrets.PYPI_API_TOKEN }}
+        #   password: ${{ secrets.PYPI_API_TOKEN }}
+
+
+  highflame-version-update:
+    needs:
+      - highflame-package-version
+    permissions:
+      contents: 'write'
+      id-token: 'write'
+    runs-on: ubuntu-24.04
+    env:
+      PKG_VER: ${{ needs.highflame-package-version.outputs.version }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Download versioned pyproject.toml
+        uses: actions/download-artifact@v8
+        with:
+          name: pyproject-toml
+          path: .
+
+      - name: Check for changes
+        id: check_changes
+        shell: bash
+        run: |-
+          if [ -n "$(git status --porcelain)" ]; then
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+          else
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+            echo "No changes detected, skipping push"
+          fi
+
+      - name: Create APP token
+        uses: actions/create-github-app-token@v3
+        id: token
+        with:
+          client-id: ${{ secrets.HIGHFLAME_GITHUB_APP_ID }}
+          private-key: ${{ secrets.HIGHFLAME_GITHUB_APP_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+
+      - name: Push changes
+        if: steps.check_changes.outputs.has_changes == 'true'
+        env:
+          GH_TOKEN: ${{ steps.token.outputs.token }}
+        shell: bash
+        run: |-
+          git config user.name "Highflame GitHub Bot"
+          git config user.email "bot@github.com"
+
+          git remote set-url origin \
+            https://x-access-token:${GH_TOKEN}@github.com/${{ github.repository }}.git
+
+          git pull origin main
+          git add .
+          git commit -m "devops: Automated version update" || exit 0
+
+          git push origin HEAD:main