-
Notifications
You must be signed in to change notification settings - Fork 9
111 lines (99 loc) · 3.97 KB
/
prepare_release.yml
File metadata and controls
111 lines (99 loc) · 3.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: 'Prepare Release'
on:
workflow_call:
inputs:
version:
description: 'Version to be released.'
required: true
type: string
base-branch:
description: 'The branch that will be used as the origin for the release branch.'
required: false
default: ''
type: string
secrets:
github_pat:
# Provide a fine-grained token with the following repository permissions:
# * Contents: Read and write
# * Metadata: Read-only (mandatory, default)
# * Pull requests: Read and write
description: 'The token used to interact with GitHub'
required: true
ssh_private_key:
description: 'The SSH private key used to sign commits and tags.'
required: true
env:
GIT_AUTHOR_NAME: OpenVoxProjectBot
GIT_AUTHOR_EMAIL: 215568489+OpenVoxProjectBot@users.noreply.github.com
GIT_COMMITTER_NAME: OpenVoxProjectBot
GIT_COMMITTER_EMAIL: 215568489+OpenVoxProjectBot@users.noreply.github.com
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
BUNDLE_WITH: release
jobs:
prepare_release:
name: 'Prepare Release'
environment: release
runs-on: ubuntu-24.04
if: github.repository_owner == 'OpenVoxProject'
steps:
- name: Validate version format
run: |
# Agent/Server look like 8.23.0-1 or just 8.23.0
# puppet-runtime looks like 2025.09.08.1
if ! echo "${{ inputs.version }}" | grep -qE '^[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+(-[[:alnum:].]+)?$|^[[:digit:]]{4}\.[[:digit:]]{2}\.[[:digit:]]{2}\.[[:digit:]]+$'; then
echo "::error::Version '${{ inputs.version }}' does not match expected format (semver like 8.23.0 or calver like 2025.09.08.1)"
exit 1
fi
- name: Checkout repository
uses: actions/checkout@v6
with:
ref: ${{ inputs.base-branch }}
fetch-depth: 0
token: ${{ secrets.github_pat }}
- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: '3.3'
bundler-cache: true
- name: Add SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.ssh_private_key }}" > ~/.ssh/github_actions
chmod 600 ~/.ssh/github_actions
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add ~/.ssh/github_actions
- name: Setup git
run: |
git config --global user.email "$GIT_AUTHOR_EMAIL"
git config --global user.name "$GIT_AUTHOR_NAME"
git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/github_actions
git config --global commit.gpgsign true
git config --global tag.gpgsign true
- name: Display bundle environment
run: |
bundle env
- name: Update to new version
run: |
bundle exec rake vox:version:bump:full[${{ inputs.version }}]
- name: Prepare the release
env:
# https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication
CHANGELOG_GITHUB_TOKEN: '${{ secrets.github_pat }}'
run: bundle exec rake release:prepare
- name: Create pull Request
uses: peter-evans/create-pull-request@v8
with:
commit-message: "Release ${{ inputs.version }}"
branch: "release-${{ inputs.version }}"
delete-branch: true
title: "Release ${{ inputs.version }}"
labels: skip-changelog
token: '${{ secrets.github_pat }}'
assignees: '${{ github.triggering_actor }}'
author: '${{ env.GIT_AUTHOR_NAME }} <${{ env.GIT_AUTHOR_EMAIL }}>'
committer: '${{ env.GIT_COMMITTER_NAME }} <${{ env.GIT_COMMITTER_EMAIL }}>'
signoff: true
body: |
Automated release-prep through https://github.com/OpenVoxProject/shared-actions/ from commit ${{ github.sha }}.
After merging this PR, run the **Release** workflow to create the tag and GitHub release.