11---
2- # This workflow runs when PRs labeled `major`, `minor`, or `patch` are closed
3- # and increments version numbers. Then, it opens a PR labeled `release` for the
4- # changes. When that PR is merged, a release is created (see `release.yaml`).
5- #
6- # Are you here because I left Mercury and now my personal access token is
7- # invalid for workflows, breaking CI? You'll want to go to
8- # https://github.com/MercuryTechnologies/ghciwatch/settings/secrets/actions
9- # and update the `REPO_GITHUB_TOKEN` secret to a new, valid token.
10-
2+ # This workflow is triggered manually to increment version numbers and open a
3+ # release PR. When that PR is merged, a release is created (see `release.yaml`).
114on :
12- pull_request_target :
13- types :
14- - closed
15- branches :
16- - main
5+ workflow_dispatch :
6+ inputs :
7+ bump_type :
8+ description : Version bump type
9+ required : true
10+ type : choice
11+ options :
12+ - patch
13+ - minor
14+ - major
15+ default : patch
1716
1817name : Update versions and create release PR
1918
2019jobs :
21- # We make `if_merged` a `needs:` of the other jobs here to only run this
22- # workflow on merged PRs.
23- if_merged :
24- name : Check that PR was merged and not closed
25- if : github.event.pull_request.merged == true
26- && ( contains(github.event.pull_request.labels.*.name, 'major')
27- || contains(github.event.pull_request.labels.*.name, 'minor')
28- || contains(github.event.pull_request.labels.*.name, 'patch')
29- )
30- runs-on : ubuntu-latest
31- steps :
32- - run : |
33- echo "This is a canonical hack to run GitHub Actions on merged PRs"
34- echo "See: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-your-pull_request-workflow-when-a-pull-request-merges"
35-
36- bump_type :
37- name : Determine version bump type
38- needs : if_merged
39- runs-on : ubuntu-latest
40- outputs :
41- bump_type : ${{ steps.bump_type.outputs.bump_type }}
42- steps :
43- - name : Set output
44- id : bump_type
45- env :
46- is_major : ${{ contains(github.event.pull_request.labels.*.name, 'major') }}
47- is_minor : ${{ contains(github.event.pull_request.labels.*.name, 'minor') }}
48- is_patch : ${{ contains(github.event.pull_request.labels.*.name, 'patch') }}
49- run : |
50- if [[ "$is_major" == "true" ]]; then
51- echo "bump_type=major" >> "$GITHUB_OUTPUT"
52- elif [[ "$is_minor" == "true" ]]; then
53- echo "bump_type=minor" >> "$GITHUB_OUTPUT"
54- elif [[ "$is_patch" == "true" ]]; then
55- echo "bump_type=patch" >> "$GITHUB_OUTPUT"
56- fi
57-
5820 version :
5921 name : Bump version and create release PR
60- needs :
61- - if_merged
62- - bump_type
6322 runs-on : ubuntu-latest
23+ environment : version-bump
6424 steps :
25+ # See: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#authenticating-with-github-app-generated-tokens
26+ - uses : actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
27+ id : generate_token
28+ with :
29+ app-id : ${{ secrets.APP_ID }}
30+ private-key : ${{ secrets.APP_PRIVATE_KEY }}
31+
6532 - name : Checkout
6633 uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
6734 with :
8047 run : echo "version=$(nix run .#get-crate-version)" >> "$GITHUB_OUTPUT"
8148
8249 - name : Increment `Cargo.toml` version
83- run : nix run .#make-release-commit -- ${{ needs.bump_type.outputs .bump_type }}
50+ run : nix run .#make-release-commit -- ${{ inputs .bump_type }}
8451
8552 - name : Get new version number
8653 id : new_cargo_metadata
@@ -90,17 +57,10 @@ jobs:
9057 id : release_pr
9158 uses : peter-evans/create-pull-request@4e1beaa7521e8b457b572c090b25bd3db56bf1c5 # v5.0.3
9259 with :
93- # We push with the repo-scoped GitHub token to avoid branch
94- # protections. This token is tied to my account (@9999years) which is
95- # excluded from branch protection restrictions.
96- #
97- # I'd love a better way of implementing this but GitHub doesn't have
98- # one: https://github.com/github-community/community/discussions/13836
99- #
100- # Also, PRs created with the default `secrets.GITHUB_TOKEN` won't
60+ # PRs created with the default `secrets.GITHUB_TOKEN` won't
10161 # trigger `pull_request` workflows, so regular CI won't run either.
10262 # See: https://github.com/orgs/community/discussions/65321
103- token : ${{ secrets.REPO_GITHUB_TOKEN }}
63+ token : ${{ steps.generate_token.outputs.token }}
10464 branch : release/${{ steps.new_cargo_metadata.outputs.version }}
10565 delete-branch : true
10666 base : main
@@ -109,12 +69,3 @@ jobs:
10969 Update version to ${{ steps.new_cargo_metadata.outputs.version }} with [cargo-release](https://github.com/crate-ci/cargo-release).
11070 Merge this PR to build and publish a new release.
11171 labels : release
112-
113- - name : Comment on PR with link to release PR
114- uses : peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1
115- with :
116- issue-number : ${{ github.event.pull_request.number }}
117- body : |
118- [A PR to release these changes has been created, bumping the version from ${{ steps.old_cargo_metadata.outputs.version }} to ${{ steps.new_cargo_metadata.outputs.version }}.][pr]
119-
120- [pr]: ${{ steps.release_pr.outputs.pull-request-url }}
0 commit comments