fix: configurable NameID format for SAML provider (#1482) #864
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
branches: | |
- master | |
- release/* | |
jobs: | |
release_please: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
pull-requests: write | |
outputs: | |
MAIN_RELEASE_VERSION: ${{ steps.versions.outputs.MAIN_RELEASE_VERSION }} | |
RELEASE_VERSION: ${{ steps.versions.outputs.RELEASE_VERSION }} | |
RELEASE_CANDIDATE: ${{ steps.versions.outputs.RELEASE_CANDIDATE }} | |
RELEASE_NAME: ${{ steps.versions.outputs.RELEASE_NAME }} | |
steps: | |
- uses: google-github-actions/release-please-action@v4 | |
id: release | |
with: | |
release-type: go | |
target-branch: ${{ github.ref_name }} | |
- uses: actions/checkout@v4 | |
if: ${{ steps.release.outputs.release_created == 'true' || steps.release.outputs.prs_created == 'true' }} | |
with: | |
fetch-depth: 0 | |
- if: ${{ steps.release.outputs.release_created == 'true' || steps.release.outputs.prs_created == 'true' }} | |
id: versions | |
run: | | |
set -ex | |
RELEASE_CANDIDATE=true | |
NOT_RELEASE_CANDIDATE='${{ steps.release.outputs.release_created }}' | |
if [ "$NOT_RELEASE_CANDIDATE" == "true" ] | |
then | |
RELEASE_CANDIDATE=false | |
fi | |
MAIN_RELEASE_VERSION=x | |
RELEASE_VERSION=y | |
if [ "$RELEASE_CANDIDATE" == "true" ] | |
then | |
# Release please doesn't tell you the candidate version when it | |
# creates the PR, so we have to take it from the title. | |
MAIN_RELEASE_VERSION=$(node -e "console.log('${{ steps.release.outputs.pr && fromJSON(steps.release.outputs.pr).title }}'.split(' ').reverse().find(x => x.match(/[0-9]+[.][0-9]+[.][0-9]+/)))") | |
# Use git describe tags to identify the number of commits the branch | |
# is ahead of the most recent non-release-candidate tag, which is | |
# part of the rc.<commits> value. | |
RELEASE_VERSION=$MAIN_RELEASE_VERSION-rc.$(node -e "console.log('$(git describe --tags --exclude *rc*)'.split('-')[1])") | |
# release-please only ignores releases that have a form like [A-Z0-9]<version>, so prefixing with rc<version> | |
RELEASE_NAME="rc$RELEASE_VERSION" | |
else | |
MAIN_RELEASE_VERSION=${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}.${{ steps.release.outputs.patch }} | |
RELEASE_VERSION="$MAIN_RELEASE_VERSION" | |
RELEASE_NAME="v$RELEASE_VERSION" | |
fi | |
echo "MAIN_RELEASE_VERSION=${MAIN_RELEASE_VERSION}" >> "${GITHUB_ENV}" | |
echo "RELEASE_VERSION=${RELEASE_VERSION}" >> "${GITHUB_ENV}" | |
echo "RELEASE_CANDIDATE=${RELEASE_CANDIDATE}" >> "${GITHUB_ENV}" | |
echo "RELEASE_NAME=${RELEASE_NAME}" >> "${GITHUB_ENV}" | |
echo "MAIN_RELEASE_VERSION=${MAIN_RELEASE_VERSION}" >> "${GITHUB_OUTPUT}" | |
echo "RELEASE_VERSION=${RELEASE_VERSION}" >> "${GITHUB_OUTPUT}" | |
echo "RELEASE_CANDIDATE=${RELEASE_CANDIDATE}" >> "${GITHUB_OUTPUT}" | |
echo "RELEASE_NAME=${RELEASE_NAME}" >> "${GITHUB_OUTPUT}" | |
- uses: actions/setup-go@v3 | |
if: ${{ steps.release.outputs.release_created == 'true' || steps.release.outputs.prs_created == 'true' }} | |
with: | |
go-version: "^1.21.0" # The Go version to download (if necessary) and use. | |
- name: Build release artifacts | |
if: ${{ steps.release.outputs.release_created == 'true' || steps.release.outputs.prs_created == 'true' }} | |
run: | | |
set -ex | |
RELEASE_VERSION=$RELEASE_VERSION make deps | |
RELEASE_VERSION=$RELEASE_VERSION make all | |
ln -s auth gotrue | |
tar -czvf auth-v$RELEASE_VERSION-x86.tar.gz auth gotrue migrations/ | |
mv auth-arm64 auth | |
tar -czvf auth-v$RELEASE_VERSION-arm64.tar.gz auth gotrue migrations/ | |
- name: Upload release artifacts | |
if: ${{ steps.release.outputs.release_created == 'true' || steps.release.outputs.prs_created == 'true' }} | |
run: | | |
set -ex | |
if [ "$RELEASE_CANDIDATE" == "true" ] | |
then | |
PR_NUMBER='${{ steps.release.outputs.pr && fromJSON(steps.release.outputs.pr).number }}' | |
GH_TOKEN='${{ github.token }}' gh release \ | |
create $RELEASE_NAME \ | |
--title "v$RELEASE_VERSION" \ | |
--prerelease \ | |
-n "This is a release candidate. See release-please PR #$PR_NUMBER for context." | |
GH_TOKEN='${{ github.token }}' gh pr comment "$PR_NUMBER" \ | |
-b "Release candidate [v$RELEASE_VERSION](https://github.com/supabase/gotrue/releases/tag/$RELEASE_NAME) published." | |
else | |
if [ "$GITHUB_REF" == "refs/heads/main" ] || [ "$GITHUB_REF" == "refs/heads/master" ] | |
then | |
IS_PATCH_ZERO=$(node -e "console.log('$RELEASE_VERSION'.endsWith('.0'))") | |
if [ "$IS_PATCH_ZERO" == "true" ] | |
then | |
# Only create release branch if patch version is 0, as this | |
# means that the release can be patched in the future. | |
GH_TOKEN='${{ github.token }}' gh api \ | |
--method POST \ | |
-H "Accept: application/vnd.github+json" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
/repos/supabase/gotrue/git/refs \ | |
-f "ref=refs/heads/release/${RELEASE_VERSION}" \ | |
-f "sha=$GITHUB_SHA" | |
fi | |
fi | |
fi | |
GH_TOKEN='${{ github.token }}' gh release upload $RELEASE_NAME ./auth-v$RELEASE_VERSION-x86.tar.gz ./auth-v$RELEASE_VERSION-arm64.tar.gz | |
publish: | |
needs: | |
- release_please | |
if: ${{ success() && needs.release_please.outputs.RELEASE_VERSION }} | |
uses: ./.github/workflows/publish.yml | |
secrets: inherit | |
with: | |
version: ${{ needs.release_please.outputs.RELEASE_VERSION }} |