ReversecLabs · ThomasCross · Jan 23, 2026
diff --git a/.github/workflows/release-workflow.yml b/.github/workflows/release-workflow.yml
@@ -0,0 +1,179 @@
+name: Release Drozer
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version tag (e.g., 3.1.0). Add build numbers (e.g. 3.1.0-1) if re-uploads are required.'
+        required: true
+      update_version:
+        description: 'Update version file'
+        type: boolean
+        default: true
+      push_to_docker_hub:
+        description: 'Build and push to Docker Hub'
+        type: boolean
+        default: true
+      push_to_pypi:
+        description: 'Build and push to PyPI'
+        type: boolean
+        default: true
+
+jobs:
+  get-version:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.version_step.outputs.version }}
+    steps:
+      - name: Determine version
+        id: version_step
+        run: |
+          VERSION=""
+          if [ "${{ github.event_name }}" == "release" ]; then
+            VERSION=$(echo "${{ github.event.release.tag_name }}" | sed 's/^v//')
+          else
+            VERSION="${{ github.event.inputs.version }}"
+          fi
+          echo "Version determined: $VERSION"
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+
+  update-version:
+    name: Update Version Number in `src/drozer/__init__.py`
+    runs-on: ubuntu-latest
+    needs: get-version
+    if: ${{ needs.get-version.outputs.version != '' && (github.event_name == 'release' || github.event.inputs.update_version == 'true') }}
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+        with:
+          ref: 'develop'
+
+      - name: Update version in __init__.py
+        run: |
+          VERSION=${{ needs.get-version.outputs.version }}
+          echo "Updating version to $VERSION in src/drozer/__init__.py"
+          sed -i "s/__version__ = .*/__version__ = \"$VERSION\"/" src/drozer/__init__.py
+
+      - name: Verify file content
+        run: cat src/drozer/__init__.py
+
+      - name: Commit and push changes
+        run: |
+          git config --global user.name 'Publish-o-tron[bot]'
+          git config --global user.email 'drozer-bot@reversec.com'
+          git add src/drozer/__init__.py
+          git commit -m "chore: Update version to ${{ needs.get-version.outputs.version }}"
+          git push
+
+  docker-hub:
+    name: Build and Push Docker Image
+    runs-on: ubuntu-latest
+    needs: [get-version, update-version]
+    if: |
+      always() &&
+      needs.get-version.outputs.version != '' &&
+      (github.event_name == 'release' || github.event.inputs.push_to_docker_hub == 'true')
+
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v4
+      with:
+          ref: 'develop'
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+       username: ${{ vars.DOCKERHUB_USERNAME }}
+       password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Build and push to Docker Hub
+      uses: docker/build-push-action@v5
+      with:
+        context: "{{defaultContext}}:docker"
+        push: true
+        platforms: linux/amd64,linux/arm64
+        tags: |
+          uvmaster/drozer-testbed:latest
+          uvmaster/drozer-testbed:${{ needs.get-version.outputs.version }}
+
+  pypi:
+    name: Build and publish to PyPI
+    runs-on: ubuntu-latest
+    needs: [get-version, update-version]
+    if: |
+      always() &&
+      needs.get-version.outputs.version != '' &&
+      (github.event_name == 'release' || github.event.inputs.push_to_pypi == 'true')
+
+    permissions:
+      id-token: write
+
+    environment: 
+      name: pypi
+      url: https://pypi.org/p/drozer-testbed
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+        with:
+          ref: 'develop'
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.x"
+
+      - name: Install build dependencies
+        run: python -m pip install --upgrade pip build twine
+
+      - name: Build package
+        run: python -m build
+
+      - name: Publish package to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+      - name: Upload Python packages as artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: python-packages
+          path: dist/
+
+  github-release:
+    name: Attach Assets to GitHub Release
+    runs-on: ubuntu-latest
+    needs: pypi # Ensures packages are built and uploaded as artifacts first
+    if: github.event_name == 'release' # This condition is the key to your request
+
+    permissions:
+      contents: write # Required to write to a release
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+        with:
+          ref: 'develop'
+
+      - name: Download built Python packages
+        uses: actions/download-artifact@v4
+        with:
+          name: python-packages
+          path: dist
+
+      - name: Display structure of downloaded files
+        run: ls -R
+
+      - name: Upload assets to release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          find dist/ -maxdepth 1 -type f ! -name '*.publish.attestation' | xargs \
+            gh release upload ${{ github.event.release.tag_name }}