release #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| versionNumber: | |
| description: 'Release version number (v#.#.#)' | |
| type: string | |
| required: true | |
| permissions: | |
| contents: read # Changelog commit operations use service account PAT | |
| jobs: | |
| major-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.major-version.outputs.version }} | |
| steps: | |
| - id: major-version | |
| run: echo "version=$(echo "${{ inputs.versionNumber }}" | cut -d. -f1)" >> "$GITHUB_OUTPUT" | |
| changelog-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.changelog-version.outputs.version }} | |
| steps: | |
| - id: changelog-version | |
| run: echo "version=$(echo "${{ inputs.versionNumber }}" | cut -c 2-)" >> "$GITHUB_OUTPUT" | |
| changelog: | |
| needs: changelog-version | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| with: | |
| fetch-depth: 0 | |
| # Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations | |
| # More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials | |
| persist-credentials: false | |
| - name: Batch changes | |
| uses: miniscruff/changie-action@6dcc2533cac0495148ed4046c438487e4dceaa23 # v2.0.0 | |
| with: | |
| version: latest | |
| args: batch ${{ needs.changelog-version.outputs.version }} | |
| - name: Merge changes | |
| uses: miniscruff/changie-action@6dcc2533cac0495148ed4046c438487e4dceaa23 # v2.0.0 | |
| with: | |
| version: latest | |
| args: merge | |
| - name: Git push changelog | |
| run: | | |
| git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}" | |
| git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}" | |
| git add . | |
| git commit -a -m "Update changelog" | |
| git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" | |
| update-package-version: | |
| needs: changelog | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| with: | |
| fetch-depth: 0 | |
| # Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job, | |
| # to ensure we get the latest commit we use the ref for checkout: 'refs/heads/<branch_name>' | |
| ref: ${{ github.ref }} | |
| # Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations | |
| # More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials | |
| persist-credentials: false | |
| - name: Set up Node.js | |
| uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
| with: | |
| node-version: 20 | |
| - name: Update package version | |
| run: npm version "${{ inputs.versionNumber }}" --git-tag-version false | |
| - name: Git push | |
| run: | | |
| git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}" | |
| git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}" | |
| git add . | |
| git commit -a -m "Update package version" | |
| git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" | |
| release-tag: | |
| needs: [ update-package-version, major-version ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| with: | |
| fetch-depth: 0 | |
| # Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job, | |
| # to ensure we get the latest commit we use the ref for checkout: 'refs/heads/<branch_name>' | |
| ref: ${{ github.ref }} | |
| # Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations | |
| # More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials | |
| persist-credentials: false | |
| - name: Git push release tag | |
| run: | | |
| git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}" | |
| git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}" | |
| git tag "${{ inputs.versionNumber }}" | |
| git tag -f "${{ needs.major-version.outputs.version }}" | |
| git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" "${{ inputs.versionNumber }}" | |
| git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" -f "${{ needs.major-version.outputs.version }}" | |
| release: | |
| needs: [ changelog-version, release-tag ] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # Needed to create GitHub release | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| with: | |
| ref: ${{ inputs.versionNumber }} | |
| fetch-depth: 0 | |
| - name: Generate Release Notes | |
| run: | | |
| cd .changes | |
| sed -e "1{/# /d;}" -e "2{/^$/d;}" ${{ needs.changelog-version.outputs.version }}.md > /tmp/release-notes.txt | |
| - name: GH Release | |
| run: | | |
| gh release create "${{ inputs.versionNumber }}" --notes-file /tmp/release-notes.txt --title "${{ inputs.versionNumber }}" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |