forked from Expensify/App
-
Notifications
You must be signed in to change notification settings - Fork 0
103 lines (89 loc) · 3.21 KB
/
createNewVersion.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
name: Create new version
on:
workflow_dispatch:
inputs:
SEMVER_LEVEL:
description: One of {BUILD, PATCH, MINOR, MAJOR}
required: true
default: BUILD
type: string
workflow_call:
inputs:
SEMVER_LEVEL:
description: One of {BUILD, PATCH, MINOR, MAJOR}
required: false
default: BUILD
type: string
outputs:
NEW_VERSION:
description: The new version string
value: ${{ jobs.createNewVersion.outputs.NEW_VERSION }}
secrets:
LARGE_SECRET_PASSPHRASE:
description: Passphrase used to decrypt GPG key
required: true
SLACK_WEBHOOK:
description: Webhook used to comment in slack
required: true
OS_BOTIFY_COMMIT_TOKEN:
description: OSBotify personal access token, used to workaround committing to protected branch
required: true
jobs:
validateActor:
runs-on: ubuntu-latest
outputs:
HAS_WRITE_ACCESS: ${{ contains(fromJSON('["write", "admin"]'), steps.getUserPermissions.outputs.PERMISSION) }}
steps:
- name: Get user permissions
id: getUserPermissions
run: echo "PERMISSION=$(gh api /repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission | jq -r '.permission')" >> "$GITHUB_OUTPUT"
env:
GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }}
createNewVersion:
runs-on: macos-latest
needs: validateActor
if: ${{ fromJSON(needs.validateActor.outputs.HAS_WRITE_ACCESS) }}
outputs:
NEW_VERSION: ${{ steps.bumpVersion.outputs.NEW_VERSION }}
steps:
- name: Run turnstyle
uses: softprops/turnstyle@ca99add00ff0c9cbc697d22631d2992f377e5bd5
with:
poll-interval-seconds: 10
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Check out
uses: actions/checkout@v4
with:
ref: main
# The OS_BOTIFY_COMMIT_TOKEN is a personal access token tied to osbotify
# This is a workaround to allow pushes to a protected branch
token: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }}
- name: Setup git for OSBotify
uses: ./.github/actions/composite/setupGitForOSBotify
id: setupGitForOSBotify
with:
GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
- name: Generate version
id: bumpVersion
uses: ./.github/actions/javascript/bumpVersion
with:
GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }}
SEMVER_LEVEL: ${{ inputs.SEMVER_LEVEL }}
- name: Commit new version
run: |
git add \
./package.json \
./package-lock.json \
./android/app/build.gradle \
./ios/NewExpensify/Info.plist \
./ios/NewExpensifyTests/Info.plist \
./ios/NotificationServiceExtension/Info.plist
git commit -m "Update version to ${{ steps.bumpVersion.outputs.NEW_VERSION }}"
- name: Update main branch
run: git push origin main
- name: Announce failed workflow in Slack
if: ${{ failure() }}
uses: ./.github/actions/composite/announceFailedWorkflowInSlack
with:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}