Add automated release workflow #559
Conversation
| - name: Upload to Hackage | ||
| run: cabal upload --publish hedgehog-${GITHUB_REF_NAME}.tar.gz | ||
| env: | ||
| HACKAGE_TOKEN: ${{ secrets.HACKAGE_TOKEN }} |
There was a problem hiding this comment.
We can generate and add one. Before we do that, we need to make sure that the Actions permissions are set to the minimal needed for each workflow/job, to avoid hijacking.
There was a problem hiding this comment.
Yes. I recommend this action to at least require an approval from a GitHub account with write access.
|
Thank you @BowTiedRadone! We can simplify the workflow by using cabal sdist, and speed up the checkout by doing a shallow clone (fetch-depth: 1). |
Addresses hedgehogqa#559 (comment).
Addresses hedgehogqa#559 (comment).
BowTiedRadone
changed the title
Co-authored-by: Nikos Baxevanis <[email protected]>
|
I think the last discussion item for this PR is the fact that it uses |
Yes, that's a good point 👍 |
Co-authored-by: Nikos Baxevanis <[email protected]>
|
@BowTiedRadone, what would be the easiest way to test this? |
|
@moodmosaic The easiest would be cutting a test tag (since the workflow does not publish anyway). The other way would be to use https://github.com/nektos/act for local debugging. For the second, I can share the steps if needed. |
2 participants
This PR adds a GitHub Actions workflow to automate the release process for the Hedgehog library. Key features:
GHCandcabal-installviaGHCup.cabal sdistto generate the tarball matching maintainer/Hackage requirements.cabal checkbefore upload.HACKAGE_TOKEN).Notes
The workflow expects a valid
HACKAGE_TOKENsecret to be set in the repository for Hackage uploads. The tarball creation logic is designed to match the official Hackage release process as closely as possible.Considerations
The new workflow's output was tested locally using
actand diff-checked agains the latest official Hackage release. This PR should be merged after one of the maintainers can confirm theHACKAGE_TOKENsecret addition.