Hotfix CI job (#3186)

# Description This job creates a hotfix release once a PR with the corresponding(`hotfix`) label is merged into `main`. I had to create a new github token with `workflow` permissions, so the deployment job can be triggered. A test run: https://github.com/cowprotocol/services/actions/runs/12546315481?pr=3194 A deployment was triggered: https://github.com/cowprotocol/services/actions/runs/12546317827 ~~A release was created: https://github.com/cowprotocol/services/releases/tag/v2.291.2~~ I removed the release to avoid confusions, here is a screenshot: <img width="1231" alt="image" src="https://github.com/user-attachments/assets/2b9f88fe-d21f-4665-a9f2-a4698052b69d" />
cowprotocol · Dec 31, 2024 · 77fc336 · 77fc336
1 parent 292d42e
commit 77fc336
Showing 1 changed file with 87 additions and 0 deletions.
diff --git a/.github/workflows/hotfix.yml b/.github/workflows/hotfix.yml
@@ -0,0 +1,87 @@
+name: Hotfix Release
+
+permissions:
+  contents: write
+
+on:
+  pull_request_target:
+    types: [closed]
+    branches:
+      - main
+
+jobs:
+  hotfix_release:
+    if: ${{ github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'hotfix') }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out
+        uses: actions/checkout@v4
+        with:
+          token: "${{ secrets.HOTFIX_ACTION_JOB }}"
+          fetch-depth: 0
+
+      - name: Configure git
+        run: |
+          git config user.name 'github-actions-bot'
+          git config user.email '[email protected]'
+          git fetch --tags
+
+      - name: Get latest release version tag
+        id: fetch_tag
+        run: |
+          LATEST_VERSION=$(curl -s https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r '.tag_name')
+          if ! [[ "$LATEST_VERSION" =~ ^v[0-9]+\.[0-9]+\..* ]]; then
+            echo "Invalid tag format, cannot bump version of: $LATEST_VERSION"
+            exit 1
+          fi
+          echo "latest=$LATEST_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Determine next patch version
+        id: bump
+        run: |
+          VERSION="${{ steps.fetch_tag.outputs.latest }}"
+          VERSION_NO_PREFIX="${VERSION#v}"
+          IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION_NO_PREFIX"
+          NEW_PATCH=$((PATCH + 1))
+          NEW_TAG="v$MAJOR.$MINOR.$NEW_PATCH"
+          echo "tag=$NEW_TAG" >> $GITHUB_OUTPUT
+
+      - name: Create and switch to hotfix branch
+        run: |
+          git checkout "${{ steps.fetch_tag.outputs.latest }}"
+          git checkout -b "hotfix/${{ steps.bump.outputs.tag }}"
+
+      - name: Cherry-pick merged commit
+        run: |
+          MERGE_COMMIT_SHA="${{ github.event.pull_request.merge_commit_sha }}"
+          if ! git cherry-pick "$MERGE_COMMIT_SHA"; then
+            echo "Cherry-pick failed. Please resolve conflicts manually."
+            exit 1
+          fi
+
+      - name: Create and push tag
+        id: tag_version
+        run: |
+          git tag "${{ steps.bump.outputs.tag }}"
+          git push origin "${{ steps.bump.outputs.tag }}"
+
+      - name: "Create hotfix release"
+        uses: actions/github-script@v6
+        with:
+          github-token: "${{ secrets.HOTFIX_ACTION_TOKEN }}"
+          script: |
+            try {
+              const response = await github.rest.repos.createRelease({
+                draft: false,
+                generate_release_notes: true,
+                name: "Hotfix ${{ steps.bump.outputs.tag }}",
+                owner: context.repo.owner,
+                prerelease: false,
+                repo: context.repo.repo,
+                tag_name: "${{ steps.bump.outputs.tag }}",
+              });
+              core.exportVariable('RELEASE_ID', response.data.id);
+              core.exportVariable('RELEASE_UPLOAD_URL', response.data.upload_url);
+            } catch (error) {
+              core.setFailed(error.message);
+            }