-
Notifications
You must be signed in to change notification settings - Fork 233
131 lines (118 loc) · 5.84 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: release
on:
workflow_dispatch:
inputs:
versionNumber:
description: 'Release version number (v#.#.#)'
type: string
required: true
permissions:
contents: read # Changelog commit operations use service account PAT
env:
CI_COMMIT_AUTHOR: hc-github-team-tf-provider-devex
CI_COMMIT_EMAIL: [email protected]
jobs:
changelog-version:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.changelog-version.outputs.version }}
steps:
- id: changelog-version
run: echo "version=$(echo "${{ inputs.versionNumber }}" | cut -c 2-)" >> "$GITHUB_OUTPUT"
changelog:
needs: [ changelog-version, meta-version ]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
# Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job,
# to ensure we get the latest commit we use the ref for checkout: 'refs/heads/<branch_name>'
ref: ${{ github.ref }}
# Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations
# More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials
persist-credentials: false
- name: Batch changes
uses: miniscruff/changie-action@6dcc2533cac0495148ed4046c438487e4dceaa23 # v2.0.0
with:
version: latest
args: batch ${{ needs.changelog-version.outputs.version }}
- name: Merge changes
uses: miniscruff/changie-action@6dcc2533cac0495148ed4046c438487e4dceaa23 # v2.0.0
with:
version: latest
args: merge
- name: Git push changelog
run: |
git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}"
git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}"
git add .
git commit -a -m "Update changelog"
git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
meta-version:
needs: changelog-version
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
# Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job,
# to ensure we get the latest commit we use the ref for checkout: 'refs/heads/<branch_name>'
ref: ${{ github.ref }}
# Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations
# More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials
persist-credentials: false
- name: Update meta package SDKVersion
run: sed -i "s/var SDKVersion =.*/var SDKVersion = \"${{ needs.changelog-version.outputs.version }}\"/" meta/meta.go
- name: Git push meta
run: |
git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}"
git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}"
git add meta/meta.go
git commit -m "Update meta package SDKVersion"
git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
release-tag:
needs: changelog
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
# Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job,
# to ensure we get the latest commit we use the ref for checkout: 'refs/heads/<branch_name>'
ref: ${{ github.ref }}
# Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations
# More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials
persist-credentials: false
- name: Git push release tag
run: |
git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}"
git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}"
git tag "${{ inputs.versionNumber }}"
git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" "${{ inputs.versionNumber }}"
goreleaser:
needs: [ changelog-version, changelog, release-tag ]
runs-on: ubuntu-latest
permissions:
contents: write # Needed for goreleaser to create GitHub release
issues: write # Needed for goreleaser to close associated milestone
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ inputs.versionNumber }}
fetch-depth: 0
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version-file: 'go.mod'
- name: Generate Release Notes
run: |
cd .changes
sed -e "1{/# /d;}" -e "2{/^$/d;}" ${{ needs.changelog-version.outputs.version }}.md > /tmp/release-notes.txt
- uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
args: release --release-notes /tmp/release-notes.txt --clean