Release Branch Automation #11
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Branch Automation | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: 'Release Version (semver ie. 0.9.0):' | |
type: string | |
required: true | |
jobs: | |
branch_bump_tag: | |
runs-on: smart-contracts-linux-medium | |
env: | |
RELEASE_NOTES_FILENAME: release_notes | |
outputs: | |
create_pr: ${{ env.CREATE_PR }} | |
next_version_snapshot: ${{ env.NEXT_VERSION_SNAPSHOT }} | |
pr_title: ${{ env.PR_TITLE }} | |
release_branch: ${{ env.RELEASE_BRANCH }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
with: | |
egress-policy: audit | |
- name: Parse Version | |
id: version_parser | |
uses: step-security/semver-utils@a24a84bec134bf99b85937a44b58cc9a1d268edd # v4.3.0 | |
with: | |
lenient: false | |
version: ${{ github.event.inputs.version }} | |
- name: Set Release Environment Variables | |
run: | | |
PREMINOR_VERSION=${{ steps.version_parser.outputs.inc-preminor }} | |
NEXT_VERSION_SNAPSHOT=${PREMINOR_VERSION//-0/-SNAPSHOT} | |
RELEASE_BRANCH="release/${{ steps.version_parser.outputs.major }}.${{ steps.version_parser.outputs.minor }}" | |
[[ -z "${{ steps.version_parser.outputs.prerelease }}" ]] && \ | |
VERSION=${{ steps.version_parser.outputs.release }} || \ | |
VERSION="${{ steps.version_parser.outputs.release }}-${{ steps.version_parser.outputs.prerelease }}" | |
RELEASE_TAG="v${VERSION}" | |
cat >> $GITHUB_ENV <<EOF | |
NEXT_VERSION_SNAPSHOT=$NEXT_VERSION_SNAPSHOT | |
RELEASE_BRANCH=$RELEASE_BRANCH | |
RELEASE_TAG=$RELEASE_TAG | |
VERSION=$VERSION | |
EOF | |
- name: Checkout repository | |
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
- name: Import GPG Key | |
id: gpg_importer | |
uses: step-security/ghaction-import-gpg@6c8fe4d0126a59d57c21f87c9ae5dd3451fa3cca # v6.1.0 | |
with: | |
git_commit_gpgsign: true | |
git_tag_gpgsign: true | |
git_user_signingkey: true | |
gpg_private_key: ${{ secrets.GPG_KEY_CONTENTS }} | |
passphrase: ${{ secrets.GPG_KEY_PASSPHRASE }} | |
- name: Create and Switch to Release Branch | |
run: | | |
git checkout ${RELEASE_BRANCH} | |
echo "CREATE_PR=true" >> $GITHUB_ENV | |
echo "PR_TITLE=chore(release): Bump versions for v$NEXT_VERSION_SNAPSHOT" >> $GITHUB_ENV | |
- name: Set up Node.js | |
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 | |
with: | |
node-version: '20' | |
- name: Install make | |
run: sudo apt-get update; sudo apt-get install build-essential -y | |
- name: Install dependencies | |
run: npm ci | |
- name: Bump Versions | |
run: npm version ${{ env.VERSION }} --no-commit-hooks --no-git-tag-version | |
- name: Create Release Notes | |
if: ${{ steps.milestone.outputs.milestone_id != '' }} | |
uses: Decathlon/release-notes-generator-action@98423db7024696a339f3988ac8a2b051c5860741 # v3.1.6 | |
env: | |
FILENAME: ${{ env.RELEASE_NOTES_FILENAME }} | |
GITHUB_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }} | |
MILESTONE_NUMBER: ${{ steps.milestone.outputs.milestone_id }} | |
- name: Commit and Tag | |
uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 | |
with: | |
commit_author: ${{ steps.gpg_importer.outputs.name }} <${{ steps.gpg_importer.outputs.email }}> | |
commit_message: 'chore(release): Bump versions for ${{ env.RELEASE_TAG }}' | |
commit_options: '--no-verify --signoff' | |
commit_user_name: ${{ steps.gpg_importer.outputs.name }} | |
commit_user_email: ${{ steps.gpg_importer.outputs.email }} | |
tagging_message: ${{ env.RELEASE_TAG }} | |
- name: Create Github Release | |
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
with: | |
bodyFile: ${{ env.RELEASE_NOTES_FILENAME }}.md | |
commit: ${{ env.RELEASE_BRANCH }} | |
draft: true | |
name: ${{ env.RELEASE_TAG }} | |
omitBody: ${{ steps.milestone.outputs.milestone_id == '' }} | |
prerelease: ${{ steps.version_parser.outputs.prerelease != '' }} | |
tag: ${{ env.RELEASE_TAG }} | |
token: ${{ secrets.GH_ACCESS_TOKEN }} | |
create_snapshot_pr: | |
name: Create snapshot PR | |
runs-on: smart-contracts-linux-medium | |
needs: branch_bump_tag | |
if: ${{ needs.branch_bump_tag.outputs.create_pr == 'true' }} | |
env: | |
NEXT_VERSION_SNAPSHOT: ${{ needs.branch_bump_tag.outputs.next_version_snapshot }} | |
RELEASE_BRANCH: ${{ needs.branch_bump_tag.outputs.release_branch }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
with: | |
egress-policy: audit | |
- name: Checkout Repository | |
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
with: | |
fetch-depth: 0 | |
ref: main | |
token: ${{ secrets.GH_ACCESS_TOKEN }} | |
- name: Import GPG Key | |
id: gpg_importer | |
uses: step-security/ghaction-import-gpg@6c8fe4d0126a59d57c21f87c9ae5dd3451fa3cca # v6.1.0 | |
with: | |
git_commit_gpgsign: true | |
git_tag_gpgsign: true | |
git_user_signingkey: true | |
gpg_private_key: ${{ secrets.GPG_KEY_CONTENTS }} | |
passphrase: ${{ secrets.GPG_KEY_PASSPHRASE }} | |
- name: Set up Node.js | |
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 | |
with: | |
node-version: '20' | |
- name: Install make | |
run: sudo apt-get update; sudo apt-get install build-essential -y | |
- name: Install dependencies | |
run: npm ci | |
- name: Bump Versions | |
run: npm version ${{ env.NEXT_VERSION_SNAPSHOT }} | |
- name: Create Pull Request | |
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 | |
with: | |
body: 'chore(release): Bump versions for ${{ env.NEXT_VERSION_SNAPSHOT }}' | |
branch: create-pull-request/${{ env.NEXT_VERSION_SNAPSHOT }} | |
commit-message: 'chore(release): Bump versions for v${{ env.NEXT_VERSION_SNAPSHOT }}' | |
committer: ${{ steps.gpg_importer.outputs.name }} <${{ steps.gpg_importer.outputs.email }}> | |
author: ${{ steps.gpg_importer.outputs.name }} <${{ steps.gpg_importer.outputs.email }}> | |
delete-branch: true | |
signoff: true | |
title: ${{ needs.branch_bump_tag.outputs.pr_title }} | |
token: ${{ secrets.GH_ACCESS_TOKEN }} |