-
Notifications
You must be signed in to change notification settings - Fork 0
96 lines (79 loc) · 3.08 KB
/
tag.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
name: Tag version
on:
push:
branches: [main]
jobs:
tag:
name: Check and tag
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Check out source
uses: actions/checkout@v4
- name: Check for tagged version
id: check
uses: silverlyra/[email protected]
with:
script: |
const [owner, repo] = env.GITHUB_REPOSITORY.split("/", 2);
const { version } = JSON.parse(await fs.readFile("deno.json", "utf-8"));
const ref = await getRef();
if (ref != null) {
console.log(chalk.cyan(`Current version (${version}) already tagged.`));
console.log(`${ref.object.type} ${ref.object.sha}`);
return { pending: false, version: "" };
}
console.log(chalk.green(`New version: ${version}`));
console.log();
const { sha, commit, author } = await getCommit(env.GITHUB_SHA);
const subject = commit.message.split("\n", 1)[0];
console.log(chalk.bold(`“${subject}”`), chalk.gray(`[${sha}]`));
console.log(
`committed by ${chalk.bold(author.login)}`,
`(${commit.author.name})`,
chalk.gray(commit.author.date)
);
const members = await listMembers();
if (!members.has(author.login)) {
throw new Error(`${author.login} is not a member of ${owner}`);
}
if (!commit.verification.verified) {
const { reason } = commit.verification;
throw new Error(`Commit is not verified (${JSON.stringify(reason)})`);
}
return { pending: true, version };
async function getRef() {
try {
const { data } = await github.rest.git.getRef({ owner, repo, ref: `tags/v${version}` });
return data;
} catch (err) {
if (err.status === 404) return null;
throw err;
}
}
async function getCommit(sha) {
const { data } = await github.rest.repos.getCommit({ owner, repo, ref: sha });
return data;
}
async function listMembers() {
const { data } = await github.rest.orgs.listMembers({ org: "kure-sh" });
return new Map(data.map(member => [member.login, member]));
}
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v6
if: fromJson(steps.check.outputs.result).pending
with:
gpg_private_key: ${{ secrets.RELEASE_SIGNING_KEY_PEM }}
trust_level: 5
git_user_signingkey: true
git_tag_gpgsign: true
git_committer_name: "Kure Releases"
- name: Tag commit and push
if: fromJson(steps.check.outputs.result).pending
env:
TAG_NAME: v${{ fromJson(steps.check.outputs.result).version }}
run: |
git tag -a -m "$TAG_NAME" "$TAG_NAME"
git tag -v "$TAG_NAME"
git push origin "$TAG_NAME"