Add create release branch workflow #9
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create release branch | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| major_minor_version: | |
| description: 'Major.Minor release version' | |
| required: true | |
| base_commit: | |
| description: 'Base commit SHA' | |
| required: true | |
| pull_request: | |
| # Workflow should only ever be run from main, so exclude | |
| # running on pull requests to release branch resources. | |
| branches: ['main'] | |
| paths: | |
| # Run workflow on changes to the workflow definition and its | |
| # dependencies to spot check the workflow functionality. | |
| - '.github/workflows/create-release-branch.yml' | |
| - 'scripts/create-release-branch.sh' | |
| - 'scripts/build-third-party-licenses.sh' | |
| - 'scripts/update-getting-started-guide-.sh' | |
| env: | |
| MAJOR_MINOR_VERSION: '' | |
| BASE_COMMIT: '' | |
| jobs: | |
| test-create-branch: | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Mock workflow inputs on pull request | |
| run: | | |
| echo "MAJOR_MINOR_VERSION=0.${{ github.event.pull_request.number }}" >> $GITHUB_ENV | |
| echo "BASE_COMMIT=${{ github.sha }}" >> $GITHUB_ENV | |
| - name: Test create release branch | |
| run: bash scripts/create-release-branch.sh --assert --base ${{ env.BASE_COMMIT }} --dry-run ${{ env.MAJOR_MINOR_VERSION }} | |
| - name: Install go-licenses | |
| run: go install github.com/google/[email protected] | |
| - name: Generate third party licenses file | |
| run: bash scripts/build-third-party-licenses.sh | |
| - name: Test update getting started version in release branch | |
| run: bash scripts/update-getting-started-guide-version.sh --assert ${{ env.MAJOR_MINOR_VERSION }} | |
| - name: Test rollback create releae branch | |
| run: bash scripts/create-release-branch.sh --assert --dry-run --rollback ${{ env.MAJOR_MINOR_VERSION }} | |
| create-branch: | |
| if: github.event_name == 'workflow_dispatch' | |
| runs-on: ubuntu-20.04 | |
| permissions: | |
| # Write permissions needed to create release branch. | |
| # Risk for pwn requests is mitigated by seperating jobs such that | |
| # workflows running with write permissions only use code from main. | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| sparse-checkout: | | |
| scripts/create-release-branch.sh | |
| - name: Set environment variables for workflow | |
| run: | | |
| echo "MAJOR_MINOR_VERSION=${{ github.event.inputs.major_minor_version }}" >> $GITHUB_ENV | |
| echo "BASE_COMMIT=${{ github.event.inputs.base_commit }}" >> $GITHUB_ENV | |
| - name: Create release branch | |
| run: bash scripts/create-release-branch.sh --dry-run --base ${{ env.BASE_COMMIT }} ${{ env.MAJOR_MINOR_VERSION }} | |
| initial-pr: | |
| needs: create-branch | |
| if: github.event_name == 'workflow_dispatch' && needs.create-branch.result == 'success' | |
| runs-on: ubuntu-20.04 | |
| permissions: | |
| # Write permissions needed to create pull request. | |
| # Risk for pwn requests is mitigated by seperating jobs such that | |
| # workflows running with write permissions only use code from the | |
| # branch which was cut from main. | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: release/${{ env.MAJOR_MINOR_VERSION }} | |
| - uses: actions/setup-go@v5 | |
| - name: Install go-licenses | |
| run: go install github.com/google/[email protected] | |
| - name: Generate third party licenses file | |
| run: bash scripts/build-third-party-licenses.sh | |
| - name: Update getting started version in release branch | |
| run: bash scripts/update-getting-started-guide-version.sh --verbose "${{ env.MAJOR_MINOR_VERSION }}.0" | |
| - name: Create PR | |
| uses: peter-evans/create-pull-request@v6 | |
| with: | |
| title: 'Prepare release ${{ env.MAJOR_MINOR_VERSION }}' | |
| commit-message: | | |
| Prepare release ${{ env.MAJOR_MINOR_VERSION }} | |
| This change adds the THIRD_PARTY_LICENSES file and updates the getting started guide for release/${{ env.MAJOR_MINOR_VERSION }}. | |
| body: | | |
| This change adds the THIRD_PARTY_LICENSES file and updates the getting started guide for release/${{ env.MAJOR_MINOR_VERSION }}. | |
| Auto-generated by [create-pull-request](https://github.com/peter-evans/create-pull-request) | |
| labels: easy-to-review, automated-pr | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| author: "GitHub <[email protected]>" | |
| signoff: true | |
| branch: 'create-pull-request/prepare-release-${{ env.MAJOR_MINOR_VERSION }}' | |
| base: 'release/${{ env.MAJOR_MINOR_VERSION }}' | |
| delete-branch: true | |
| auto-rollback: | |
| needs: initial-pr | |
| # If the workflow was unable to create the pull request with the THIRD_PARTY_LICENSES file | |
| # and getting started guide version updates, then the release branch should be rolled back. | |
| if: github.event_name == 'workflow_dispatch' && needs.initial-pr.result == 'failure' | |
| runs-on: ubuntu-20.04 | |
| permissions: | |
| # Write permissions needed to rollback release branch. | |
| # Risk for pwn requests is mitigated by seperating jobs such that | |
| # workflows running with write permissions only use code from main. | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| sparse-checkout: | | |
| scripts/create-release-branch.sh | |
| - name: Delete release branch | |
| run: bash scripts/create-release-branch.sh --rollback ${{ env.MAJOR_MINOR_VERSION }} |