@@ -104,7 +104,8 @@ jobs:
104104 print(f"stable.toml -> {stable_version}")
105105 print(f"dev.toml -> {dev_version}")
106106 PY
107- name : Commit bumped versions back to main (signed via GitHub API)
107+ name : Push signed bump commit to a release branch
108+ id : bump_commit
108109 env :
109110 GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
110111 VERSION : ${{ steps.version.outputs.version }}
@@ -114,12 +115,39 @@ jobs:
114115 import json
115116 import os
116117 import subprocess
118+ import urllib.error
117119 import urllib.request
118120
119121 head_oid = subprocess.check_output(["git", "rev-parse", "HEAD"], text=True).strip()
120122 repo = os.environ["GITHUB_REPOSITORY"]
121123 token = os.environ["GH_TOKEN"]
122124 version = os.environ["VERSION"]
125+ branch = f"release/bump-v{version}"
126+
127+ def api(path, method="GET", body=None):
128+ req = urllib.request.Request(
129+ f"https://api.github.com/{path}",
130+ data=(json.dumps(body).encode("utf-8") if body is not None else None),
131+ headers={
132+ "Authorization": f"Bearer {token}",
133+ "Accept": "application/vnd.github+json",
134+ "Content-Type": "application/json",
135+ },
136+ method=method,
137+ )
138+ with urllib.request.urlopen(req) as resp:
139+ raw = resp.read()
140+ return json.loads(raw) if raw else None
141+
142+ try:
143+ api(
144+ f"repos/{repo}/git/refs",
145+ method="POST",
146+ body={"ref": f"refs/heads/{branch}", "sha": head_oid},
147+ )
148+ except urllib.error.HTTPError as error:
149+ if error.code != 422: # 422 = ref already exists; OK to reuse
150+ raise
123151
124152 def b64(path: str) -> str:
125153 with open(path, "rb") as fp:
@@ -139,7 +167,7 @@ jobs:
139167 "input": {
140168 "branch": {
141169 "repositoryNameWithOwner": repo,
142- "branchName": "main" ,
170+ "branchName": branch ,
143171 },
144172 "message": {
145173 "headline": f"Bump version to v{version} [skip ci]",
@@ -169,8 +197,31 @@ jobs:
169197 body = json.loads(resp.read())
170198 if body.get("errors"):
171199 raise SystemExit(f"GraphQL error: {body['errors']}")
172- print(body["data"]["createCommitOnBranch"]["commit"])
200+ commit = body["data"]["createCommitOnBranch"]["commit"]
201+ print(f"bump commit: {commit['oid']} -> {commit['url']}")
202+
203+ with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as fp:
204+ fp.write(f"branch={branch}\n")
205+ fp.write(f"oid={commit['oid']}\n")
173206 PY
207+ name : Open PR for the version bump
208+ env :
209+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
210+ VERSION : ${{ steps.version.outputs.version }}
211+ BRANCH : ${{ steps.bump_commit.outputs.branch }}
212+ run : |
213+ gh pr create \
214+ --base main \
215+ --head "$BRANCH" \
216+ --title "Bump version to v${VERSION} [skip ci]" \
217+ --body "Automated patch bump emitted by the stable publish workflow. [skip ci]"
218+ name : Try to auto-merge the bump PR
219+ env :
220+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
221+ BRANCH : ${{ steps.bump_commit.outputs.branch }}
222+ run : |
223+ gh pr merge "$BRANCH" --squash --auto --delete-branch \
224+ || echo "auto-merge unavailable; PR left open for manual merge"
174225name : Use stable.toml as pyproject.toml
175226 run : cp stable.toml pyproject.toml
176227 - name : Build sdist and wheel
@@ -185,7 +236,9 @@ jobs:
185236 - name : Create GitHub Release
186237 env :
187238 GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
239+ BUMP_OID : ${{ steps.bump_commit.outputs.oid }}
188240 run : |
189241 gh release create "v${{ steps.version.outputs.version }}" dist/* \
190242 --title "v${{ steps.version.outputs.version }}" \
191- --generate-notes
243+ --generate-notes \
244+ --target "$BUMP_OID"
0 commit comments