-
Notifications
You must be signed in to change notification settings - Fork 9
127 lines (110 loc) · 5.42 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Release
on:
workflow_dispatch:
inputs:
releaseType:
description: "Release type: M (Major); m (Minor); p (Path)."
required: true
horusecCLIversion:
description: "Version of horusec-cli for this release. Ex: 0.0.0"
required: true
permissions:
contents: write
jobs:
Release:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2
with:
fetch-depth: 0
token: ${{ secrets.HORUSEC_PUSH_TOKEN }}
- name: Set up nodejs
uses: actions/setup-node@v2
with:
node-version: 14
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.17
- name: Install Mage
run: go install github.com/magefile/[email protected]
# Compile a binary from the mage file and move it to the workflow go bin.
- name: Compile Mage
run: cd deployments/mage/ && mage -compile /home/runner/go/bin/mage-vscode
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
# Run a script contained in the devkit repository that gets the latest release version and create an output
# containing the next versions.
- name: Version increment
id: updated-version
run: mage-vscode UpVersions ${{ github.event.inputs.releaseType }}
env:
HORUSEC_REPOSITORY_ORG: ${{ github.repository_owner }}
HORUSEC_REPOSITORY_NAME: ${{ github.event.repository.name }}
# Checkout into the release branch, if not exist create one.
- name: Checkout Release Branch
run: mage-vscode CheckoutReleaseBranch ${{ steps.updated-version.outputs.nextReleaseBranchName }}
# This step updates the package.json to the new vs code plugin version, also updates the cli version passed
# in for the input informed.
- name: Update versioning files
run: mage-vscode UpdateVersioningFiles
env:
HORUSEC_CLI_VERSION: ${{ github.event.inputs.horusecCLIversion }}
HORUSEC_VSCODE_VERSION: ${{ steps.updated-version.outputs.nextReleaseVersionStripped }}
# The changes made in the last step are committed to the branch that the workflow was triggered, this commit is not
# going to trigger any workflow cause the skip ci in the commit message.
- name: Commit changes
uses: EndBug/[email protected]
with:
push: true
commit: --signoff
author_name: Horusec
author_email: [email protected]
committer_name: Horusec
committer_email: [email protected]
message: "versioning:release - [skip ci] automatic commit updating versioning files"
# Create a GitHub release for the repository using mage.
- name: Create github release
run: mage-vscode CreateRelease
env:
HORUSEC_REPOSITORY_ORG: ${{ github.repository_owner }}
HORUSEC_REPOSITORY_NAME: ${{ github.event.repository.name }}
GITHUB_TOKEN: ${{ secrets.HORUSEC_PUSH_TOKEN }}
HORUSEC_VSCODE_VERSION: ${{ steps.updated-version.outputs.nextReleaseVersion }}
# This step gets the sha of last commit made, witch is the updating versioning files commit, after that creates a
# branch from the origin main and cherry pick this commit on it. This process need to occur only when the release
# workflow is started from a branch that isn't the main branch, for example a release branch.
# When the workflow it's triggered to run on main, the commit it's going to be made directly to the main branch.
- name: Cherry pick
id: cherry-pick
run: mage-vscode CherryPick
# This step utilizes an action to create a pull request with the branch that was cherry picked on the last step
# into the main branch. As the last commit, this also needs to run only when the release workflow is started from a
# branch that isn't the main branch. Others workflows should be skipped cause of the skip ci in the pull request title.
- name: Create Pull Request
uses: repo-sync/pull-request@v2
with:
source_branch: "${{ steps.cherry-pick.outputs.cherryPickBranchName }}"
destination_branch: "main"
pr_title: "versioning:release - [skip ci] automatic pull request updating versioning files"
pr_body: "This is a automatic pull request that contains changes to files that need to be updated with the new release version. Where the commit ${{ steps.cherry-pick.outputs.commitShaToPick }} was cherry picked from the release branch, which already contains all the necessary changes."
github_token: ${{ secrets.HORUSEC_PUSH_TOKEN }}