Fix release workflow with PRs from forks #211
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# This workflow runs when PRs labeled `major`, `minor`, or `patch` are closed | |
# and increments version numbers. Then, it opens a PR labeled `release` for the | |
# changes. When that PR is merged, a release is created (see `release.yaml`). | |
# | |
# Are you here because I left Mercury and now my personal access token is | |
# invalid for workflows, breaking CI? You'll want to go to | |
# https://github.com/MercuryTechnologies/ghciwatch/settings/secrets/actions | |
# and update the `REPO_GITHUB_TOKEN` secret to a new, valid token. | |
on: | |
pull_request_target: | |
types: | |
- closed | |
branches: | |
- main | |
name: Update versions and create release PR | |
jobs: | |
# We make `if_merged` a `needs:` of the other jobs here to only run this | |
# workflow on merged PRs. | |
if_merged: | |
name: Check that PR was merged and not closed | |
if: github.event.pull_request.merged == true | |
&& ( contains(github.event.pull_request.labels.*.name, 'major') | |
|| contains(github.event.pull_request.labels.*.name, 'minor') | |
|| contains(github.event.pull_request.labels.*.name, 'patch') | |
) | |
runs-on: ubuntu-latest | |
steps: | |
- run: | | |
echo "This is a canonical hack to run GitHub Actions on merged PRs" | |
echo "See: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-your-pull_request-workflow-when-a-pull-request-merges" | |
bump_type: | |
name: Determine version bump type | |
needs: if_merged | |
runs-on: ubuntu-latest | |
outputs: | |
bump_type: ${{ steps.bump_type.outputs.bump_type }} | |
steps: | |
- name: Set output | |
id: bump_type | |
env: | |
is_major: ${{ contains(github.event.pull_request.labels.*.name, 'major') }} | |
is_minor: ${{ contains(github.event.pull_request.labels.*.name, 'minor') }} | |
is_patch: ${{ contains(github.event.pull_request.labels.*.name, 'patch') }} | |
run: | | |
if [[ "$is_major" == "true" ]]; then | |
echo "bump_type=major" >> "$GITHUB_OUTPUT" | |
elif [[ "$is_minor" == "true" ]]; then | |
echo "bump_type=minor" >> "$GITHUB_OUTPUT" | |
elif [[ "$is_patch" == "true" ]]; then | |
echo "bump_type=patch" >> "$GITHUB_OUTPUT" | |
fi | |
version: | |
name: Bump version and create release PR | |
needs: | |
- if_merged | |
- bump_type | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
# Fetch all history/tags (needed to compute versions) | |
fetch-depth: 0 | |
- uses: cachix/install-nix-action@v22 | |
with: | |
github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
extra_nix_config: | | |
extra-experimental-features = nix-command flakes | |
accept-flake-config = true | |
- name: Get old version number | |
id: old_cargo_metadata | |
run: echo "version=$(nix run .#get-crate-version)" >> "$GITHUB_OUTPUT" | |
- name: Increment `Cargo.toml` version | |
run: nix run .#make-release-commit -- ${{ needs.bump_type.outputs.bump_type }} | |
- name: Get new version number | |
id: new_cargo_metadata | |
run: echo "version=$(nix run .#get-crate-version)" >> "$GITHUB_OUTPUT" | |
- name: Create release PR | |
id: release_pr | |
uses: peter-evans/create-pull-request@v5 | |
with: | |
# We push with the repo-scoped GitHub token to avoid branch | |
# protections. This token is tied to my account (@9999years) which is | |
# excluded from branch protection restrictions. | |
# | |
# I'd love a better way of implementing this but GitHub doesn't have | |
# one: https://github.com/github-community/community/discussions/13836 | |
# | |
# Also, PRs created with the default `secrets.GITHUB_TOKEN` won't | |
# trigger `pull_request` workflows, so regular CI won't run either. | |
# See: https://github.com/orgs/community/discussions/65321 | |
token: ${{ secrets.REPO_GITHUB_TOKEN }} | |
branch: release/${{ steps.new_cargo_metadata.outputs.version }} | |
delete-branch: true | |
base: main | |
title: Release version ${{ steps.new_cargo_metadata.outputs.version }} | |
body: | | |
Update version to ${{ steps.new_cargo_metadata.outputs.version }} with [cargo-release](https://github.com/crate-ci/cargo-release). | |
Merge this PR to build and publish a new release. | |
labels: release | |
- name: Comment on PR with link to release PR | |
uses: peter-evans/create-or-update-comment@v2 | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
body: | | |
[A PR to release these changes has been created, bumping the version from ${{ steps.old_cargo_metadata.outputs.version }} to ${{ steps.new_cargo_metadata.outputs.version }}.][pr] | |
[pr]: ${{ steps.release_pr.outputs.pull-request-url }} |