generated from bitwarden/template
-
Notifications
You must be signed in to change notification settings - Fork 38
144 lines (133 loc) · 6.18 KB
/
github-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: Create GitHub Release
on:
workflow_dispatch:
inputs:
artifact-run-id:
description: 'GitHub Action Run ID containing artifacts'
required: true
type: string
draft:
description: 'Create as draft release'
type: boolean
default: true
prerelease:
description: 'Mark as pre-release'
type: boolean
default: true
branch-protection-type:
description: 'Branch protection type'
type: choice
options:
- Branch Name
- GitHub API
default: Branch Name
env:
ARTIFACTS_PATH: artifacts
jobs:
create-release:
runs-on: ubuntu-24.04
permissions:
contents: write
actions: read
steps:
- name: Check out repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Get branch from workflow run
id: get_release_branch
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
BRANCH_PROTECTION_TYPE: ${{ inputs.branch-protection-type }}
run: |
release_branch=$(gh run view $ARTIFACT_RUN_ID --json headBranch -q .headBranch)
case "$BRANCH_PROTECTION_TYPE" in
"Branch Name")
if [[ "$release_branch" != "main" && ! "$release_branch" =~ ^release/ ]]; then
echo "::error::Branch '$release_branch' is not 'main' or a release branch starting with 'release/'. Releases must be created from protected branches."
exit 1
fi
;;
"GitHub API")
#NOTE requires token with "administration:read" scope
if ! gh api "repos/${{ github.repository }}/branches/$release_branch/protection" | grep -q "required_status_checks"; then
echo "::error::Branch '$release_branch' is not protected. Releases must be created from protected branches. If that's not correct, confirm if the github token user has the 'administration:read' scope."
exit 1
fi
;;
*)
echo "::error::Unsupported branch protection type: $BRANCH_PROTECTION_TYPE"
exit 1
;;
esac
echo "release_branch=$release_branch" >> $GITHUB_OUTPUT
- name: Get last release tag
id: get_last_tag
run: |
last_release_id=$(git tag -l --sort=-authordate | head -n 1)
echo "last_release_id=$last_release_id" >> $GITHUB_OUTPUT
- name: Download artifacts
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
run: ./Scripts/download-artifacts.sh $ARTIFACTS_PATH $ARTIFACT_RUN_ID
- name: Parse version info
id: version_info
run: |
unzip -o "$ARTIFACTS_PATH/version-info.zip" -d "tmp"
filepath="tmp/version-info/version_info.json"
version_name=$(jq -r '.version_name' "$filepath")
version_number=$(jq -r '.version_number' "$filepath")
echo "version_number=$version_number" >> $GITHUB_OUTPUT
echo "version_name=$version_name" >> $GITHUB_OUTPUT
rm -rf tmp
- name: Create GitHub Release
id: create_release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Create release with generated notes
url=$(gh release create "v${{ steps.version_info.outputs.version_name }}" \
--title "${{ steps.version_info.outputs.version_name }} (${{ steps.version_info.outputs.version_number }})" \
--target ${{ steps.get_release_branch.outputs.release_branch }} \
--generate-notes \
--notes-start-tag "${{ steps.get_last_tag.outputs.last_release_id }}" \
--prerelease=${{ inputs.prerelease }} \
--draft=${{ inputs.draft }} \
$ARTIFACTS_PATH/*)
# Extract release tag from URL
release_id=$(echo "$url" | sed 's/.*\/tag\///')
echo "release_id=$release_id" >> $GITHUB_OUTPUT
- name: Update Release Description
id: update_release_description
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RELEASE_ID: ${{ steps.create_release.outputs.release_id }}
ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
run: |
# Add builds source to the end of the release description
current_body=$(gh release view $RELEASE_ID --json body --jq .body)
updated_body="${current_body}
**Builds Source:** https://github.com/${{ github.repository }}/actions/runs/$ARTIFACT_RUN_ID"
new_url=$(gh release edit $RELEASE_ID --notes "$updated_body")
# draft release links change after editing
echo "release_url=$new_url" >> $GITHUB_OUTPUT
- name: Add Release Summary
env:
RELEASE_ID: ${{ steps.create_release.outputs.release_id }}
RELEASE_TAG: "v${{ steps.version_info.outputs.version_name }}"
RELEASE_BRANCH: ${{ steps.get_release_branch.outputs.release_branch }}
LAST_RELEASE_TAG: ${{ steps.get_last_tag.outputs.last_release_id }}
RELEASE_URL: ${{ steps.update_release_description.outputs.release_url }}
run: |
echo "# :fish_cake: Release ready at:" >> $GITHUB_STEP_SUMMARY
echo "$RELEASE_URL" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo ":clipboard: Confirm that the defined GitHub Release options are correct:" >> $GITHUB_STEP_SUMMARY
echo " * :bookmark: New tag name: \`$RELEASE_TAG\`" >> $GITHUB_STEP_SUMMARY
echo " * :palm_tree: Target branch: \`$RELEASE_BRANCH\`" >> $GITHUB_STEP_SUMMARY
echo " * :ocean: Previous tag set in the description \"Full Changelog\" link: \`$LAST_RELEASE_TAG\`" >> $GITHUB_STEP_SUMMARY
echo " * :white_check_mark: Description has automated release notes and they match the commits in the release branch" >> $GITHUB_STEP_SUMMARY
echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
echo "> Commits directly pushed to branches without a Pull Request won't appear in the automated release notes." >> $GITHUB_STEP_SUMMARY