Refactor the publish workflows

OpenZeppelin · Dec 11, 2023 · 4b71bcb · 4b71bcb
1 parent 627c313
commit 4b71bcb
Show file tree

Hide file tree

Showing 6 changed files with 78 additions and 332 deletions.
diff --git a/.github/workflows/rc-publish-test.yml b/.github/workflows/rc-publish-test.yml
diff --git a/.github/workflows/rc-publish.yml b/.github/workflows/rc-publish.yml
@@ -22,6 +22,8 @@ jobs:
 
       - name: Checkout Repo
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
 
       - name: Install yq
         run: |
@@ -33,11 +35,15 @@ jobs:
       - name: Get last commit details
         id: commit
         run: |
-          COMMIT_SHA=$(git rev-parse HEAD)
-          COMMIT_DETAILS=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-                          "https://api.github.com/repos/${{ github.repository }}/commits/$COMMIT_SHA")
-          echo "author=$(echo $COMMIT_DETAILS | yq '.author.login')" >> $GITHUB_OUTPUT
-          echo "message=$(echo $COMMIT_DETAILS | yq '.commit.message')" >> $GITHUB_OUTPUT
+
+          COMMIT_SHA="$(git rev-parse HEAD)"
+          AUTHOR=$(git show -s --format='%an' $COMMIT_SHA)
+          MESSAGE=$(git show -s --format='%s' $COMMIT_SHA)
+          echo "author=$AUTHOR" >> $GITHUB_OUTPUT
+          echo "message=$MESSAGE" >> $GITHUB_OUTPUT
+          echo "Author of the commit is $AUTHOR"
+          echo "Message of the commit is $MESSAGE"
+
 
   prepare:
     needs: check_author
@@ -68,7 +74,7 @@ jobs:
       node-version: "16.20.0"
 
   tag:
-    name: Publish & Tag RC candidate for all packages
+    name: Tag RC candidate for all packages
     permissions:
       id-token: write
       contents: write
@@ -85,6 +91,8 @@ jobs:
 
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          token: ${{ secrets.SAI_PAT }}
 
       - name: Import GPG key
         uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
@@ -156,6 +164,8 @@ jobs:
         run: |
           git tag -a ${{ steps.get_version.outputs.rc_version }} -m "${{ steps.get_version.outputs.rc_version }}"
           git push origin ${{ steps.get_version.outputs.rc_version }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   create-release:
     permissions:

diff --git a/.github/workflows/rc-push.yml b/.github/workflows/rc-push.yml
@@ -1,4 +1,4 @@
-name: push rc
+name: Push RC
 
 on:
   schedule:
@@ -9,6 +9,7 @@ on:
 permissions: read-all
 
 jobs:
+
   # check for changed packages
   verify-packages:
     name: Verify changed packages
@@ -61,8 +62,8 @@ jobs:
       # Give the default GITHUB_TOKEN write permission to commit and push the
       # added or changed files to the repository.
       contents: write
+      pull-requests: write
     needs: verify-packages
-    if: needs.verify-packages.outputs.changed_packages > 0
     runs-on: ubuntu-22.04
     steps:
       - name: Harden Runner
@@ -72,7 +73,13 @@ jobs:
 
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          token: ${{ secrets.SAI_PAT }}
 
+      - name: Use node@16
+        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        with:
+          node-version: 16.20.0
 
       - name: Update RC candidate version ( excluding deploy client )
         run: |
@@ -82,17 +89,50 @@ jobs:
             yarn versionup:prerelease && ./hack/cross-dependency.sh
           fi
 
-      - name: Commit changes
+      - name: get latest version
         id: update_version
         run: |
           TAG_NAME=$(node -p "require('./lerna.json').version")
           echo "rc_version=v$TAG_NAME" >> $GITHUB_OUTPUT
 
-      # Commit all changed files back to the repository
-      - uses: planetscale/ghcommit-action@6ca6b06e9d2de1296143831c53e1d601831ba2a2
+      - name: Verify version
+        id: verify_version
+        run: |
+          CURRENT_VERSION=$(echo "${{ needs.verify-packages.outputs.latest_tag }}" | sed 's/^v//')
+          NEW_VERSION=$(echo "${{ steps.update_version.outputs.rc_version }}" | sed 's/^v//')
+
+          CURRENT_MINOR=$(echo "$CURRENT_VERSION" | cut -d. -f2)
+          NEW_MINOR=$(echo "$NEW_VERSION" | cut -d. -f2)
+
+          if (( NEW_MINOR != CURRENT_MINOR + 1 )); then
+            echo "New version is not one minor version ahead of the current version"
+            exit 1
+          fi
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
+        with:
+          gpg_private_key: ${{ secrets.SVC_GPG_KEY }}
+          passphrase: ${{ secrets.SVC_GPG_PASSPHRASE }}
+          git_config_global: true
+          git_tag_gpgsign: true
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
+      # Raise PR to the branch
+      - name: Raise PR to the branch
+        id: cpr
+        uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38
         with:
-          commit_message: "🤖 Update version to ${{ steps.update_version.outputs.rc_version }}"
-          repo: ${{ github.repository }}
-          branch: ${{ github.head_ref || github.ref_name }}
-        env:
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          commit-message: "🤖 Update version to ${{ steps.update_version.outputs.rc_version }}"
+          branch: 'update-version/${{ steps.update_version.outputs.rc_version }}'
+          title: "🤖 [Automated Pr] Update version to ${{ steps.update_version.outputs.rc_version }}"
+          committer: svc-gh-is-01 <[email protected]>
+          author: svc-gh-is-01 <[email protected]>
+          delete-branch: true
+          body: |
+            This PR updates the version to ${{ steps.update_version.outputs.rc_version }}.
+            Please review and merge this PR if it looks good.
+
+
+            This is an automated PR created by github actions.