From e22ebd8497b738f5ad2dac01abeb14420f668951 Mon Sep 17 00:00:00 2001
From: jmeridth <jmeridth@gmail.com>
Date: Sun, 28 Apr 2024 18:19:32 -0500
Subject: [PATCH] feat: release on specific labels

Related to https://github.com/github/github-ospo/issues/105

Only generate a release and new action container images
if our semver related labels (`breaking`, `enhancement`) or
the `release` label are used on a merged pull request.

Changed from push (merge) on main branch to release generation
happening when a pull_request is merged to main branch.

This gives us access to the pull requests labels without having
to make API cals.

Currently we'd still need to label a pull request with `release` if
it is a dependabot or manual pull request related to a CVE or security
fix.

- [x] update CONTRIBUTING.md with new release information
- [x] manually add `vuln` and `release` labels to repository

Signed-off-by: jmeridth <jmeridth@gmail.com>
---
 .github/workflows/release.yml | 14 +++++++++++++-
 CONTRIBUTING.md               |  4 +++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c6ace06..8ace7f6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,7 +3,9 @@ name: Release
 
 on:
   workflow_dispatch:
-  push:
+  pull_request:
+    types:
+      - closed
     branches:
       - main
 
@@ -12,6 +14,16 @@ permissions:
 
 jobs:
   create_release:
+    # release if
+    # manual deployment OR
+    # merged to main and labelled with release labels
+    if: |
+      (github.event_name == 'workflow_dispatch') ||
+      (github.event.pull_request.merged == true &&
+      (contains(github.event.pull_request.labels.*.name, 'breaking') ||
+      contains(github.event.pull_request.labels.*.name, 'enhancement') ||
+      contains(github.event.pull_request.labels.*.name, 'vuln') ||
+      contains(github.event.pull_request.labels.*.name, 'release')))
     outputs:
       full-tag: ${{ steps.release-drafter.outputs.tag_name }}
       short-tag: ${{ steps.get_tag_name.outputs.SHORT_TAG }}
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index bed38d4..f6f601d 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -78,4 +78,6 @@ We are using [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.
 
 ## Releases
 
-Releases are automated but if you need to manually initiate a release you can do so through the GitHub Actions UI.  If you have permissions to do so, you can navigate to the [Actions tab](https://github.com/github/stale-repos/actions/workflows/release.yml) and select the `Run workflow` button.  This will allow you to select the branch to release from and the version to release.
+Releases are automated if a pull request is labelled with our [semver related labels](.github/release-drafter.yml) or with the `vuln` or `release` labels.
+
+You can also manually initiate a release you can do so through the GitHub Actions UI.  If you have permissions to do so, you can navigate to the [Actions tab](https://github.com/github/stale-repos/actions/workflows/release.yml) and select the `Run workflow` button.  This will allow you to select the branch to release from and the version to release.