Skip to content

release

release #20

Workflow file for this run

name: release
on:
workflow_dispatch:
inputs:
versionNumber:
description: 'Release version number (v#.#.#)'
type: string
required: true
permissions:
contents: read # Changelog commit operations use service account PAT
jobs:
changelog-version:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.changelog-version.outputs.version }}
steps:
- id: changelog-version
run: echo "version=$(echo "${{ inputs.versionNumber }}" | cut -c 2-)" >> "$GITHUB_OUTPUT"
changelog:
needs: changelog-version
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
# Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations
# More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials
persist-credentials: false
- name: Batch changes
uses: miniscruff/changie-action@6dcc2533cac0495148ed4046c438487e4dceaa23 # v2.0.0
with:
version: latest
args: batch ${{ needs.changelog-version.outputs.version }}
- name: Merge changes
uses: miniscruff/changie-action@6dcc2533cac0495148ed4046c438487e4dceaa23 # v2.0.0
with:
version: latest
args: merge
- name: Git push changelog
run: |
git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}"
git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}"
git add .
git commit -a -m "Update changelog"
git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
release-tag:
needs: changelog
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
# Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job,
# to ensure we get the latest commit we use the ref for checkout: 'refs/heads/<branch_name>'
ref: ${{ github.ref }}
# Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations
# More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials
persist-credentials: false
- name: Git push release tag
run: |
git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}"
git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}"
git tag "${{ inputs.versionNumber }}"
git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" "${{ inputs.versionNumber }}"
goreleaser:
needs: [ changelog-version, changelog, release-tag ]
runs-on: ubuntu-latest
permissions:
contents: write # Needed for goreleaser to create GitHub release
issues: write # Needed for goreleaser to close associated milestone
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ inputs.versionNumber }}
fetch-depth: 0
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: 'go.mod'
- name: Generate Release Notes
run: |
cd .changes
sed -e "1{/# /d;}" -e "2{/^$/d;}" ${{ needs.changelog-version.outputs.version }}.md > /tmp/release-notes.txt
- uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
args: release --release-notes /tmp/release-notes.txt --clean