Release workflow example

This repository is an example of a release workflow using GitHub Actions and branches protection.

It has 2 permanent branches:

• main, the default branch, protected with the following rulesets:
  • Restrict updates
  • Restrict deletions
• develop, the development branch against PRs are opened, protected with the following rulesets:
  • Restrict deletions
  • Require a pull request before merging

It's important to use rulesets instead of the legacy branch protection feature.

Release workflow

After some PRs have been merged into develop, a GitHub Action is responsible to:

• Bump the version in package.json
• Commit the change on develop
• Merge develop into main
• Draft a release, ready to be reviewed and published

Setup

How to setup the action to bypass branches protection

To bypass rulesets protection from a GitHub action:

• Create a deploy key with write permissions
• Save the private SSH key in a DEPLOY_KEY secret
• Add Deploy keys to the Bypass list of the rulesets (Bypass list > Add bypass > Deploy keys)
• Make your action checkouts the repo using the SSH key from the secret

Rotate the deploy key

Manually

• Create a deploy key with write permissions.
• Update the DEPLOY_KEY secret with the new SSH private key
• Remove the old deploy key

Automatically

Prerequisites:

• Node.js
• jq
• GitHub CLI

./rotate-deploy-key.sh <owner> <repo>