-
Notifications
You must be signed in to change notification settings - Fork 67
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update release workflow to work with new branch protections (#229)
- Loading branch information
1 parent
79a603e
commit add1581
Showing
1 changed file
with
26 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,16 +8,13 @@ on: | |
| type: string | ||
| required: true | ||
|
|
||
| permissions: | ||
| contents: read # Changelog commit operations use service account PAT | ||
|
|
||
| env: | ||
| CI_COMMIT_AUTHOR: hc-github-team-tf-provider-devex | ||
| CI_COMMIT_EMAIL: [email protected] | ||
|
|
||
| permissions: | ||
| # Allow creating GitHub release | ||
| contents: write | ||
| # Allow closing associated milestone | ||
| issues: write | ||
|
|
||
| jobs: | ||
| changelog-version: | ||
| runs-on: ubuntu-latest | ||
|
|
@@ -26,6 +23,7 @@ jobs: | |
| steps: | ||
| - id: changelog-version | ||
| run: echo "version=$(echo "${{ inputs.versionNumber }}" | cut -c 2-)" >> "$GITHUB_OUTPUT" | ||
|
|
||
| changelog: | ||
| needs: changelog-version | ||
| runs-on: ubuntu-latest | ||
|
|
@@ -34,27 +32,27 @@ jobs: | |
| uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 | ||
| with: | ||
| fetch-depth: 0 | ||
| # Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations | ||
| # More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials | ||
| persist-credentials: false | ||
| - name: Batch changes | ||
| uses: miniscruff/changie-action@b6d52c80deb236a5b548f8774cd5a18b87da9e9a # v1.0.1 | ||
| with: | ||
| version: latest | ||
| args: batch ${{ needs.changelog-version.outputs.version }} | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Merge changes | ||
| uses: miniscruff/changie-action@b6d52c80deb236a5b548f8774cd5a18b87da9e9a # v1.0.1 | ||
| with: | ||
| version: latest | ||
| args: merge | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Git push changelog | ||
| run: | | ||
| git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}" | ||
| git config --global user.email "${{ env.CI_COMMIT_EMAIL }}" | ||
| git add . | ||
| git commit -a -m "Update changelog" | ||
| git push | ||
| git push "https://${{ env.CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" | ||
| release-tag: | ||
| needs: changelog | ||
| runs-on: ubuntu-latest | ||
|
|
@@ -63,30 +61,44 @@ jobs: | |
| uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 | ||
| with: | ||
| fetch-depth: 0 | ||
| # Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job, | ||
| # to ensure we get the latest commit we use the ref for checkout: 'refs/heads/<branch_name>' | ||
| ref: ${{ github.ref }} | ||
| # Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations | ||
| # More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials | ||
| persist-credentials: false | ||
|
|
||
| - name: Git push release tag | ||
| run: | | ||
| git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}" | ||
| git config --global user.email "${{ env.CI_COMMIT_EMAIL }}" | ||
| git pull | ||
| git tag "${{ inputs.versionNumber }}" | ||
| git push origin "${{ inputs.versionNumber }}" | ||
| git push "https://${{ env.CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" "${{ inputs.versionNumber }}" | ||
| goreleaser: | ||
| needs: [ changelog-version, changelog, release-tag ] | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write # Needed for goreleaser to create GitHub release | ||
| issues: write # Needed for goreleaser to close associated milestone | ||
| steps: | ||
| - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 | ||
| with: | ||
| ref: ${{ inputs.versionNumber }} | ||
| fetch-depth: 0 | ||
|
|
||
| - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 | ||
| with: | ||
| go-version-file: 'go.mod' | ||
|
|
||
| - name: Generate Release Notes | ||
| run: | | ||
| cd .changes | ||
| sed -e "1{/# /d;}" -e "2{/^$/d;}" ${{ needs.changelog-version.outputs.version }}.md > /tmp/release-notes.txt | ||
| - uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| with: | ||
| args: release --release-notes /tmp/release-notes.txt --rm-dist | ||
| args: release --release-notes /tmp/release-notes.txt --clean | ||