diff --git a/.craft.yml b/.craft.yml index 1d7cfec..60981d6 100644 --- a/.craft.yml +++ b/.craft.yml @@ -1,6 +1,6 @@ minVersion: 0.23.1 changelogPolicy: auto -preReleaseCommand: pwsh -cwa '' +preReleaseCommand: pwsh scripts/update-version.ps1 artifactProvider: name: none targets: diff --git a/.github/workflows/danger-workflow-tests.yml b/.github/workflows/danger-workflow-tests.yml index dd9877a..0b27a3a 100644 --- a/.github/workflows/danger-workflow-tests.yml +++ b/.github/workflows/danger-workflow-tests.yml @@ -8,6 +8,8 @@ on: jobs: danger: uses: ./.github/workflows/danger.yml + with: + _workflow_version: ${{ github.sha }} test-outputs: runs-on: ubuntu-latest diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml index 6cdf715..ac426f1 100644 --- a/.github/workflows/danger.yml +++ b/.github/workflows/danger.yml @@ -1,6 +1,12 @@ # Runs DangerJS with a pre-configured set of rules on a Pull Request. on: workflow_call: + inputs: + _workflow_version: + description: 'Internal: specify github-workflows (this repo) revision to use when checking out scripts.' + type: string + required: false + default: '2.14.1' # Note: this is updated during release process outputs: outcome: description: Whether the Danger run finished successfully. Possible values are success, failure, cancelled, or skipped. @@ -18,10 +24,8 @@ jobs: - name: Download dangerfile.js and utilities run: | - # Extract the ref from GITHUB_WORKFLOW_REF (e.g., getsentry/github-workflows/.github/workflows/danger.yml@refs/pull/109/merge -> refs/pull/109/merge) - WORKFLOW_REF=$(echo "${{ github.workflow_ref }}" | sed 's/.*@//') - wget https://raw.githubusercontent.com/getsentry/github-workflows/${WORKFLOW_REF}/danger/dangerfile.js -P ${{ runner.temp }} - wget https://raw.githubusercontent.com/getsentry/github-workflows/${WORKFLOW_REF}/danger/dangerfile-utils.js -P ${{ runner.temp }} + wget https://raw.githubusercontent.com/getsentry/github-workflows/${{ inputs._workflow_version }}/danger/dangerfile.js -P ${{ runner.temp }} + wget https://raw.githubusercontent.com/getsentry/github-workflows/${{ inputs._workflow_version }}/danger/dangerfile-utils.js -P ${{ runner.temp }} # Using a pre-built docker image in GitHub container registry instaed of NPM to reduce possible attack vectors. - name: Run DangerJS diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml index dfe349b..975e8f7 100644 --- a/.github/workflows/updater.yml +++ b/.github/workflows/updater.yml @@ -38,6 +38,11 @@ on: type: string required: false default: create + _workflow_version: + description: 'Internal: specify github-workflows (this repo) revision to use when checking out scripts.' + type: string + required: false + default: '2.14.1' # Note: this is updated during release process secrets: api-token: required: true @@ -136,13 +141,11 @@ jobs: # Note: cannot use `actions/checkout` at the moment because you can't clone outside of the repo root. # Follow https://github.com/actions/checkout/issues/197 run: | - # Extract the ref from GITHUB_WORKFLOW_REF (e.g., getsentry/github-workflows/.github/workflows/updater.yml@refs/pull/109/merge -> refs/pull/109/merge) - $workflowRef = '${{ github.workflow_ref }}' -replace '.*@', '' - New-Item -ItemType Directory -Force -Path '${{ runner.temp }}/ghwf' - Set-Location '${{ runner.temp }}/ghwf' + mkdir -p ${{ runner.temp }}/ghwf + cd ${{ runner.temp }}/ghwf git init git remote add origin https://github.com/getsentry/github-workflows.git - git fetch --depth 1 origin $workflowRef + git fetch --depth 1 origin ${{ inputs._workflow_version }} git checkout FETCH_HEAD - name: Update to the latest version diff --git a/.github/workflows/workflow-tests.yml b/.github/workflows/workflow-tests.yml index da01947..aeeb351 100644 --- a/.github/workflows/workflow-tests.yml +++ b/.github/workflows/workflow-tests.yml @@ -12,6 +12,7 @@ jobs: name: WORKFLOW-TEST-DEPENDENCY-DO-NOT-MERGE pattern: '^2\.0\.' pr-strategy: update + _workflow_version: ${{ github.sha }} secrets: api-token: ${{ github.token }} @@ -22,6 +23,7 @@ jobs: name: Workflow args test script runs-on: macos-latest pattern: '.*' + _workflow_version: ${{ github.sha }} secrets: api-token: ${{ github.token }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 522fbaa..02405c7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## Unreleased + +### Fixes + +- Danger and updater download script URLs cannot use GITHUB_WORKFLOW_REF ([#111](https://github.com/getsentry/github-workflows/pull/111)) + ## 2.14.1 ### Fixes diff --git a/scripts/update-version.ps1 b/scripts/update-version.ps1 new file mode 100644 index 0000000..57ca601 --- /dev/null +++ b/scripts/update-version.ps1 @@ -0,0 +1,44 @@ +#!/usr/bin/env pwsh + +param( + [Parameter(Mandatory=$true, Position=0)] + [string]$OldVersion, + + [Parameter(Mandatory=$true, Position=1)] + [string]$NewVersion +) + +Set-StrictMode -Version Latest +$ErrorActionPreference = "Stop" +$PSNativeCommandUseErrorActionPreference = $true + +Write-Host "Updating version from $OldVersion to $NewVersion" + +# Update specific workflow files with _workflow_version inputs +Write-Host "Updating workflow files..." +$workflowFiles = @( + ".github/workflows/updater.yml", + ".github/workflows/danger.yml" +) + +foreach ($filePath in $workflowFiles) { + $content = Get-Content -Path $filePath -Raw + + # Check if this file has _workflow_version input with a default value + if ($content -match '(?ms)_workflow_version:.*?default:\s*([^\s#]+)') { + Write-Host "Updating $filePath..." + $oldDefault = $Matches[1] + + # Replace the default value for _workflow_version + $newContent = $content -replace '((?ms)_workflow_version:.*?default:\s*)([^\s#]+)', "`${1}'$NewVersion'" + + # Write the updated content back to the file + $newContent | Out-File -FilePath $filePath -Encoding utf8 -NoNewline + + Write-Host " Updated default from '$oldDefault' to '$NewVersion'" + } else { + Write-Error "No _workflow_version default found in $filePath" + } +} + +Write-Host "Version update completed successfully!"