chore(ci/release): 権限と実行順の調整など

taiyme · Sep 11, 2024 · b8c1cf2 · b8c1cf2
1 parent 9539f2f
commit b8c1cf2
Show file tree

Hide file tree

Showing 2 changed files with 84 additions and 72 deletions.
diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml
@@ -14,6 +14,7 @@ env:
 permissions:
   contents: read
   packages: write
+  id-token: write
 
 jobs:
   # see https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -33,105 +33,83 @@ jobs:
 
       - name: Check base version
         run: |
-          BASE="${{ github.event.inputs.base_version }}"
-          if [ -z "$BASE" ]; then
+          base="${{ inputs.base_version }}"
+          if [ -z "$base" ]; then
             exit 1
           fi
-          YEAR=$(echo "$BASE" | cut -d. -f1)
-          if [[ ! "$YEAR" =~ ^[0-9]+$ ]]; then
+
+          year="$(echo "$base" | cut -d. -f1)"
+          if [[ ! "$year" =~ ^[0-9]+$ ]]; then
             exit 1
           fi
-          MONTH=$(echo "$BASE" | cut -d. -f2)
-          if [[ "$MONTH" -lt 1 && "$MONTH" -gt 12 ]]; then
+
+          month="$(echo "$base" | cut -d. -f2)"
+          if [[ "$month" -lt 1 && "$month" -gt 12 ]]; then
             exit 1
           fi
-          PATCH=$(echo "$BASE" | cut -d. -f3)
-          if [[ ! "$PATCH" =~ ^[0-9]+$ ]]; then
+
+          patch="$(echo "$base" | cut -d. -f3)"
+          if [[ ! "$patch" =~ ^[0-9]+$ ]]; then
             exit 1
           fi
 
-  parse_new_version:
+  parse_version:
     name: Parse new version
     runs-on: ubuntu-22.04
     needs:
       - check_context
     outputs:
-      NEW_VERSION: ${{ steps.gen_version.outputs.NEXT_VERSION }}
+      NEW_VERSION: ${{ steps.generate.outputs.NEW_VERSION }}
     steps:
-      - name: Checkout ${{ env.develop_branch }} branch
+      - name: Checkout ${{ github.sha }}
         uses: actions/checkout@v4
         with:
-          ref: ${{ env.develop_branch }}
+          ref: ${{ github.sha }}
           fetch-depth: 1
 
-      - name: Generate next version
-        id: gen_version
+      - name: Generate new version
+        id: generate
         run: |
-          CURRENT_VERSION=$(cat package.json | jq -r '.version')
-          CURRENT_BASE_VERSION=$(echo $CURRENT_VERSION | sed 's/-.*//')
-          NEXT_BASE_VERSION="${{ github.event.inputs.base_version }}"
-          NEXT_BASE_VERSION="${NEXT_BASE_VERSION:-$CURRENT_BASE_VERSION}"
-          NEXT_TAIYME_VERSION=""
-          if [ "$CURRENT_VERSION" != "$CURRENT_BASE_VERSION" ] && [ "$CURRENT_BASE_VERSION" = "$NEXT_BASE_VERSION" ]; then
-            NEXT_TAIYME_VERSION="$(($(echo $CURRENT_VERSION | cut -d- -f2 | cut -d. -f2) + 1))"
+          current_version="$(cat package.json | jq -r '.version')"
+          current_base="$(echo $current_version | sed 's/-.*//')"
+          new_base="${{ inputs.base_version }}"
+          new_base="${new_base:-$current_base}"
+          new_suffix=""
+          if [[ "$current_version" != "$current_base" && "$current_base" == "$new_base" ]]; then
+            new_suffix="$(($(echo $current_version | cut -d- -f2 | cut -d. -f2) + 1))"
           fi
-          NEXT_TAIYME_VERSION="${NEXT_TAIYME_VERSION:-"0"}"
-          NEXT_VERSION="$NEXT_BASE_VERSION-taiyme.$NEXT_TAIYME_VERSION"
-          echo "NEXT_VERSION=$NEXT_VERSION" >> $GITHUB_OUTPUT
-
-  create_pr:
-    name: Create PR
-    runs-on: ubuntu-22.04
-    needs:
-      - parse_new_version
-    outputs:
-      PR_NUMBER: ${{ steps.create_pr.outputs.CREATED_PR }}
-    env:
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Checkout ${{ env.develop_branch }} branch
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ env.develop_branch }}
-          fetch-depth: 0
-
-      - name: Create PR
-        id: create_pr
-        run: |
-          CREATED_PR=$(gh pr create --draft --base ${{ env.release_branch }} --head ${{ env.develop_branch }} --title "Release: ${{ needs.parse_new_version.outputs.NEW_VERSION }}" --body "")
-          CREATED_PR=$(echo $CREATED_PR | awk -F '/' '/\/pull\/[0-9]+$/ {print $NF}')
-          echo "CREATED_PR=$CREATED_PR" >> $GITHUB_OUTPUT
+          new_suffix="${new_suffix:-"0"}"
+          new_version="${new_base}-taiyme.${new_suffix}"
+          echo "NEW_VERSION=${new_version}" >> $GITHUB_OUTPUT
 
   bump_version_update:
     name: Bump version (update)
     runs-on: ubuntu-22.04
     needs:
-      - parse_new_version
+      - parse_version
     steps:
-      - name: Checkout ${{ env.develop_branch }} branch
+      - name: Checkout ${{ github.sha }}
         uses: actions/checkout@v4
         with:
-          ref: ${{ env.develop_branch }}
+          ref: ${{ github.sha }}
           fetch-depth: 1
 
       - name: Update package.json (root)
         run: |
-          jq --tab '.version = "${{ needs.parse_new_version.outputs.NEW_VERSION }}"' package.json > tmp
+          jq --tab '.version = "${{ needs.parse_version.outputs.NEW_VERSION }}"' package.json > tmp
           mv tmp package.json
 
       - name: Update package.json (misskey-js)
         working-directory: packages/misskey-js
         run: |
-          jq --tab '.version = "${{ needs.parse_new_version.outputs.NEW_VERSION }}"' package.json > tmp
+          jq --tab '.version = "${{ needs.parse_version.outputs.NEW_VERSION }}"' package.json > tmp
           mv tmp package.json
 
       - name: Update compose_example.yml
         run: |
-          OLD_DOCKER_IMAGE=$(yq '.services.web.image' compose_example.yml)
-          NEW_DOCKER_IMAGE='ghcr.io/${{ env.repository }}:${{ needs.parse_new_version.outputs.NEW_VERSION }}'
-          sed -i "s|image: $OLD_DOCKER_IMAGE|image: $NEW_DOCKER_IMAGE|g" compose_example.yml
+          old_docker_image="$(yq '.services.web.image' compose_example.yml)"
+          new_docker_image='ghcr.io/${{ env.repository }}:${{ needs.parse_version.outputs.NEW_VERSION }}'
+          sed -i "s|image: ${old_docker_image}|image: ${new_docker_image}|g" compose_example.yml
 
       - name: Upload artifacts
         uses: actions/upload-artifact@v4
@@ -146,11 +124,13 @@ jobs:
     name: Bump version (upload)
     runs-on: ubuntu-22.04
     needs:
-      - parse_new_version
-      - create_pr
+      - parse_version
       - bump_version_update
+    permissions:
+      contents: write
+      id-token: write
     steps:
-      - name: Checkout ${{ env.develop_branch }} branch
+      - name: Checkout ${{ env.develop_branch }}
         uses: actions/checkout@v4
         with:
           ref: ${{ env.develop_branch }}
@@ -166,36 +146,66 @@ jobs:
           git config --global user.name "github-actions[bot]"
           git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
           git add .
-          git commit -m "Release: ${{ needs.parse_new_version.outputs.NEW_VERSION }}"
-          git tag ${{ needs.parse_new_version.outputs.NEW_VERSION }}
+          git commit -m "Release: ${{ needs.parse_version.outputs.NEW_VERSION }}"
+          git tag ${{ needs.parse_version.outputs.NEW_VERSION }}
           git push origin HEAD
-          git push origin ${{ needs.parse_new_version.outputs.NEW_VERSION }}
+          git push origin ${{ needs.parse_version.outputs.NEW_VERSION }}
+
+  create_pr:
+    name: Create PR
+    runs-on: ubuntu-22.04
+    needs:
+      - parse_version
+      - bump_version_upload
+    outputs:
+      PR_NUMBER: ${{ steps.create_pr.outputs.CREATED_PR }}
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Checkout ${{ env.develop_branch }}
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.develop_branch }}
+          fetch-depth: 0
+
+      - name: Create PR
+        id: create_pr
+        run: |
+          created_pr="$(gh pr create --draft --base ${{ env.release_branch }} --head ${{ env.develop_branch }} --title "Release: ${{ needs.parse_version.outputs.NEW_VERSION }}" --body "")"
+          created_pr="$(echo $created_pr | awk -F '/' '/\/pull\/[0-9]+$/ {print $NF}')"
+          echo "CREATED_PR=${created_pr}" >> $GITHUB_OUTPUT
 
   publish_docker_image:
     name: Publish Docker image
     needs:
-      - parse_new_version
+      - parse_version
       - bump_version_upload
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
     uses: ./.github/workflows/docker-publish.yaml
     with:
       tags: |
-        ${{ needs.parse_new_version.outputs.NEW_VERSION }}
+        ${{ needs.parse_version.outputs.NEW_VERSION }}
         latest
 
   merge_pr:
     name: Merge PR
     runs-on: ubuntu-22.04
     needs:
-      - parse_new_version
       - create_pr
       - publish_docker_image
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     permissions:
-      pull-requests: write
       contents: write
+      pull-requests: write
+      id-token: write
     steps:
-      - name: Checkout ${{ env.develop_branch }} branch
+      - name: Checkout ${{ env.develop_branch }}
         uses: actions/checkout@v4
         with:
           ref: ${{ env.develop_branch }}
@@ -210,19 +220,20 @@ jobs:
     name: Release
     runs-on: ubuntu-22.04
     needs:
-      - parse_new_version
+      - parse_version
       - merge_pr
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     permissions:
       contents: write
+      id-token: write
     steps:
-      - name: Checkout ${{ env.release_branch }} branch
+      - name: Checkout ${{ env.release_branch }}
         uses: actions/checkout@v4
         with:
           ref: ${{ env.release_branch }}
           fetch-depth: 0
 
-      - name: Release
+      - name: Create Release
         run: |
-          gh release create ${{ needs.parse_new_version.outputs.NEW_VERSION }} --generate-notes
+          gh release create ${{ needs.parse_version.outputs.NEW_VERSION }} --generate-notes