-
Notifications
You must be signed in to change notification settings - Fork 103
118 lines (106 loc) · 3.83 KB
/
cut-release.yaml
File metadata and controls
118 lines (106 loc) · 3.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: Cut release
on:
workflow_dispatch:
inputs:
version:
description: 'Version to release (e.g. v0.5.1)'
required: true
type: string
permissions: {}
jobs:
validate:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
fetch-tags: true
persist-credentials: false
- name: Validate version format
env:
VERSION: ${{ inputs.version }}
run: |
if ! [[ "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?$ ]]; then
echo "::error::Version '$VERSION' must match v<major>.<minor>.<patch>[-prerelease]"
exit 1
fi
- name: Resolve allowed minor from VERSION.md
id: minor
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
table=$(gh api "repos/$GITHUB_REPOSITORY/contents/VERSION.md" --jq .content | base64 -d)
allowed=$(grep -F "| $GITHUB_REF_NAME |" <<< "$table" | cut -d'|' -f3 | tr -d ' ')
if [ -z "$allowed" ]; then
echo "::error::Branch '$GITHUB_REF_NAME' not found in default-branch VERSION.md"
exit 1
fi
echo "Branch '$GITHUB_REF_NAME' is allowed minor '$allowed'"
echo "allowed=$allowed" >> "$GITHUB_OUTPUT"
- name: Validate version matches branch's allowed minor
env:
VERSION: ${{ inputs.version }}
ALLOWED: ${{ steps.minor.outputs.allowed }}
run: |
if [[ "$VERSION" != "${ALLOWED}."* ]]; then
echo "::error::Version $VERSION does not belong to branch $GITHUB_REF_NAME (allowed minor: $ALLOWED)"
exit 1
fi
- name: Validate version is next-sequential
env:
VERSION: ${{ inputs.version }}
ALLOWED: ${{ steps.minor.outputs.allowed }}
run: |
v_core="${VERSION%%-*}"
latest=$(git tag -l "${ALLOWED}.*" | grep -v -- '-' | sort --version-sort | tail -n1 || true)
if [ -z "$latest" ]; then
if [ "$v_core" != "${ALLOWED}.0" ]; then
echo "::error::No prior ${ALLOWED} tags; first version must be ${ALLOWED}.0 (got $v_core)"
exit 1
fi
echo "First release on ${ALLOWED} line: OK"
else
patch="${latest##*.}"
expected="${ALLOWED}.$((patch + 1))"
if [ "$v_core" != "$expected" ]; then
echo "::error::Latest ${ALLOWED} tag is $latest; next must be $expected (got $v_core)"
exit 1
fi
echo "Next sequential after $latest: OK"
fi
- name: Validate tag does not already exist
env:
VERSION: ${{ inputs.version }}
run: |
if git rev-parse "$VERSION" >/dev/null 2>&1; then
echo "::error::Tag '$VERSION' already exists"
exit 1
fi
tag:
needs: validate
runs-on: ubuntu-latest
permissions:
contents: write
actions: write
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Configure git identity
run: |
git config user.name 'github-actions[bot]'
git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
- name: Create and push tag
env:
VERSION: ${{ inputs.version }}
run: |
git tag -a "$VERSION" -m "Release $VERSION"
git push origin "$VERSION"
- name: Trigger On release workflow
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VERSION: ${{ inputs.version }}
run: |
gh workflow run release.yaml --repo "$GITHUB_REPOSITORY" --ref "$VERSION"