1515 description : " Version String for task.h on main branch (leave empty to leave as-is)."
1616 required : false
1717 default : ' '
18+ github_token :
19+ description : ' GitHub token for creating releases and pushing changes'
20+ required : true
1821
1922jobs :
2023 release-packager :
3134 with :
3235 architecture : x64
3336 env :
34- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
37+ GITHUB_TOKEN : ${{ github.event.inputs.github_token }}
3538
3639 - name : Install GitHub CLI
3740 run : |
@@ -64,21 +67,29 @@ jobs:
6467 git config --global user.name "$ACTOR"
6568 git config --global user.email "$ACTOR"@users.noreply.github.com
6669
67- name : Create release preparation branch
70+ name : Create version branch
6871 env :
6972 VERSION_NUMBER : ${{ github.event.inputs.version_number }}
7073 COMMIT_ID : ${{ github.event.inputs.commit_id }}
7174 working-directory : ./local_kernel
7275 run : |
73- git checkout -b "release-prep-$VERSION_NUMBER" "$COMMIT_ID"
76+ git checkout -b "$VERSION_NUMBER" "$COMMIT_ID"
77+ git push -u origin "$VERSION_NUMBER"
7478 echo "COMMIT_SHA_1=$(git rev-parse HEAD)" >> $GITHUB_ENV
7579
80+ name : Create release preparation branch
81+ env :
82+ VERSION_NUMBER : ${{ github.event.inputs.version_number }}
83+ working-directory : ./local_kernel
84+ run : |
85+ git checkout -b "release-prep-$VERSION_NUMBER"
86+
7687name : Update source files with version info
7788 env :
7889 VERSION_NUMBER : ${{ github.event.inputs.version_number }}
7990 MAIN_BR_VERSION_NUMBER : ${{ github.event.inputs.main_br_version }}
8091 COMMIT_SHA_1 : ${{ env.COMMIT_SHA_1 }}
81- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
92+ GITHUB_TOKEN : ${{ github.event.inputs.github_token }}
8293 run : |
8394 # Install deps and run
8495 pip install -r ./tools/.github/scripts/release-requirements.txt
@@ -114,24 +125,27 @@ jobs:
114125name : Create pull request
115126 env :
116127 VERSION_NUMBER : ${{ github.event.inputs.version_number }}
117- GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
128+ GH_TOKEN : ${{ github.event.inputs.github_token }}
129+ REPO_FULL_NAME : ${{ github.repository }}
118130 working-directory : ./local_kernel
119131 run : |
120132 PR_URL=$(gh pr create \
121- --base main \
133+ --repo "$REPO_FULL_NAME" \
134+ --base "$VERSION_NUMBER" \
122135 --head "release-prep-$VERSION_NUMBER" \
123136 --title "[AUTO][RELEASE]: Release $VERSION_NUMBER" \
124137 --body "Automated release preparation for $VERSION_NUMBER. Updates version numbers in source files and manifest.yml.")
125138 echo "PR_URL=$PR_URL" >> $GITHUB_ENV
126139
127140name : Wait for PR to be merged
128141 env :
129- GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
142+ GH_TOKEN : ${{ github.event.inputs.github_token }}
143+ REPO_FULL_NAME : ${{ github.repository }}
130144 working-directory : ./local_kernel
131145 run : |
132146 PR_NUMBER=$(echo "$PR_URL" | grep -oE '[0-9]+$')
133147 while true; do
134- STATE=$(gh pr view "$PR_NUMBER" --json state --jq .state)
148+ STATE=$(gh pr view "$PR_NUMBER" --repo "$REPO_FULL_NAME" -- json state --jq .state)
135149 if [ "$STATE" = "MERGED" ]; then
136150 echo "PR merged successfully"
137151 break
@@ -147,24 +161,29 @@ jobs:
147161 uses : actions/checkout@v4.1.1
148162 with :
149163 path : local_kernel
150- ref : main
164+ ref : ${{ github.event.inputs.version_number }}
151165 fetch-depth : 0
152166
153167 - name : Generate SBOM
154168 uses : FreeRTOS/CI-CD-Github-Actions/sbom-generator@main
155169 with :
156- repo_path : ./local_kernel
157- source_path : ./
170+ directory : ./local_kernel
171+ distribution-type : repository
172+ creator : Amazon Web Services, Inc.
173+ download-location : git+https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}.git@${{ github.event.inputs.version_number }}
174+ homepage : https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}
175+ namespace-prefix : https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}/releases/download/${{ github.event.inputs.version_number }}/
176+ include-file-hashes : true
158177
159178 - name : Commit SBOM file
160179 env :
161180 VERSION_NUMBER : ${{ github.event.inputs.version_number }}
181+ GITHUB_TOKEN : ${{ github.event.inputs.github_token }}
162182 working-directory : ./local_kernel
163183 run : |
164- git checkout -b "release-$VERSION_NUMBER"
165184 git add .
166185 git commit -m '[AUTO][RELEASE]: Update SBOM'
167- git push -u origin "release- $VERSION_NUMBER"
186+ git push -u origin "$VERSION_NUMBER"
168187 echo "COMMIT_SHA_2=$(git rev-parse HEAD)" >> $GITHUB_ENV
169188
170189name : Release
@@ -173,7 +192,7 @@ jobs:
173192 MAIN_BR_VERSION_NUMBER : ${{ github.event.inputs.main_br_version }}
174193 COMMIT_SHA_2 : ${{ env.COMMIT_SHA_2 }}
175194 REPO_OWNER : ${{ github.repository_owner }}
176- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
195+ GITHUB_TOKEN : ${{ github.event.inputs.github_token }}
177196 run : |
178197 # Install deps and run
179198 pip install -r ./tools/.github/scripts/release-requirements.txt
@@ -192,14 +211,13 @@ jobs:
192211 if : always()
193212 env :
194213 VERSION_NUMBER : ${{ github.event.inputs.version_number }}
195- GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
214+ GH_TOKEN : ${{ github.event.inputs.github_token }}
196215 working-directory : ./local_kernel
197216 run : |
198217 # Only delete release-prep branch if the PR was already merged
199- PR_STATE=$(gh pr list --head "release-prep-$VERSION_NUMBER" --json state --jq '.[0].state' 2>/dev/null || echo "")
218+ PR_STATE=$(gh pr list --repo "${{ github.repository }}" -- head "release-prep-$VERSION_NUMBER" --json state --jq '.[0].state' 2>/dev/null || echo "")
200219 if [ "$PR_STATE" = "MERGED" ] || [ -z "$PR_STATE" ]; then
201220 git push origin --delete "release-prep-$VERSION_NUMBER" || true
202221 else
203222 echo "Skipping release-prep branch deletion — PR is still open (state: $PR_STATE)"
204223 fi
205- git push origin --delete "release-$VERSION_NUMBER" || true
0 commit comments