-
Notifications
You must be signed in to change notification settings - Fork 68
104 lines (92 loc) · 4.12 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
name: release
on:
workflow_dispatch:
inputs:
versionNumber:
description: 'Release version number (v#.#.#)'
type: string
required: true
permissions:
contents: read # Changelog commit operations use service account PAT
env:
CI_COMMIT_AUTHOR: hc-github-team-tf-provider-devex
CI_COMMIT_EMAIL: github-team-tf-provider-devex@hashicorp.com
jobs:
changelog-version:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.changelog-version.outputs.version }}
steps:
- id: changelog-version
run: echo "version=$(echo "${{ inputs.versionNumber }}" | cut -c 2-)" >> "$GITHUB_OUTPUT"
changelog:
needs: changelog-version
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
fetch-depth: 0
# Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations
# More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials
persist-credentials: false
- name: Batch changes
uses: miniscruff/changie-action@b6d52c80deb236a5b548f8774cd5a18b87da9e9a # v1.0.1
with:
version: latest
args: batch ${{ needs.changelog-version.outputs.version }}
- name: Merge changes
uses: miniscruff/changie-action@b6d52c80deb236a5b548f8774cd5a18b87da9e9a # v1.0.1
with:
version: latest
args: merge
- name: Git push changelog
run: |
git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
git config --global user.email "${{ env.CI_COMMIT_EMAIL }}"
git add .
git commit -a -m "Update changelog"
git push "https://${{ env.CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
release-tag:
needs: changelog
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
fetch-depth: 0
# Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job,
# to ensure we get the latest commit we use the ref for checkout: 'refs/heads/<branch_name>'
ref: ${{ github.ref }}
# Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations
# More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials
persist-credentials: false
- name: Git push release tag
run: |
git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
git config --global user.email "${{ env.CI_COMMIT_EMAIL }}"
git tag "${{ inputs.versionNumber }}"
git push "https://${{ env.CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" "${{ inputs.versionNumber }}"
goreleaser:
needs: [ changelog-version, changelog, release-tag ]
runs-on: ubuntu-latest
permissions:
contents: write # Needed for goreleaser to create GitHub release
issues: write # Needed for goreleaser to close associated milestone
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
ref: ${{ inputs.versionNumber }}
fetch-depth: 0
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version-file: 'go.mod'
- name: Generate Release Notes
run: |
cd .changes
sed -e "1{/# /d;}" -e "2{/^$/d;}" ${{ needs.changelog-version.outputs.version }}.md > /tmp/release-notes.txt
- uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
args: release --release-notes /tmp/release-notes.txt --clean