-
Notifications
You must be signed in to change notification settings - Fork 2.2k
100 lines (90 loc) · 3.65 KB
/
release-hotfix.yml
File metadata and controls
100 lines (90 loc) · 3.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: Release Hotfix
# Permissions required for creating git tags, pushing changes, and creating PRs
permissions:
contents: write
pull-requests: write
on:
push:
branches:
- hotfix
jobs:
# Job 1: Check if there are unconsumed changesets
setup:
runs-on: ubuntu-latest
outputs:
has-changesets: ${{ steps.has-changesets.outputs.has-changesets }}
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Check if repo has unconsumed changesets
id: has-changesets
uses: ./.github/actions/has-changesets
# Note: if there are no changesets, that means either
# (1) "Version Packages" PR was just merged, or
# (2) no commits with changesets have been merged after packages were last published.
#
# In either case, we'll attempt to publish the packages. In case of (1), publish will succeed. In
# case of (2), `@changesets/action` will know that packages have already been published and will
# skip publish.
# Job 2: Run release verification tests when Version Packages PR is merged
# This ensures all tests pass before publishing
release-verification:
# Only run when there are no changesets (meaning Version Packages PR was merged)
needs: setup
if: needs.setup.outputs.has-changesets != 'true'
secrets:
GH_TOKEN_STAGING_READ: ${{ secrets.GH_TOKEN_STAGING_READ }}
CYPRESS_GOOGLE_CLIENTID: ${{ secrets.CYPRESS_GOOGLE_CLIENTID }}
CYPRESS_GOOGLE_CLIENT_SECRET: ${{ secrets.CYPRESS_GOOGLE_CLIENT_SECRET }}
CYPRESS_GOOGLE_REFRESH_TOKEN: ${{ secrets.CYPRESS_GOOGLE_REFRESH_TOKEN }}
uses: ./.github/workflows/callable-release-verification.yml
# Job 3: Publish packages after all tests pass
publish:
runs-on: ubuntu-latest
needs: release-verification
if: github.repository_owner == 'aws-amplify'
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: amplify-js
token: ${{ secrets.GH_TOKEN_AMPLIFY_JS_WRITE }}
fetch-depth: 0
- name: Setup node and build the repository
uses: ./amplify-js/.github/actions/node-and-build
- name: Publish to @latest
uses: changesets/action@aba318e9165b45b7948c60273e0b72fce0a64eb9 # v1.4.7
with:
cwd: ./amplify-js
publish: yarn publish:latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
# Job 4: Create PR to merge hotfix back into main
create-pr-to-main:
needs: publish
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BASE_BRANCH: "main"
HEAD_BRANCH: "hotfix"
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
# Check if hotfix -> main PR already exists
- name: Check for existing PR
id: check-pr
run: |
PR_EXISTS=$(gh pr list --base $BASE_BRANCH --head $HEAD_BRANCH --json number --jq 'length > 0')
echo "exists=$PR_EXISTS" >> $GITHUB_OUTPUT
# Create a new PR if one doesn't exist
- name: Create PR to main
if: steps.check-pr.outputs.exists == 'false'
run: |
gh pr create \
--base $BASE_BRANCH \
--head $HEAD_BRANCH \
--title "chore: Merge hotfix into main" \
--body "Merge the recently completed hotfix back into the main development branch. Generated by the release-hotfix workflow."