-
Notifications
You must be signed in to change notification settings - Fork 450
160 lines (136 loc) · 5.82 KB
/
rollback-release.yml
File metadata and controls
160 lines (136 loc) · 5.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: Rollback release
on:
# You can trigger this workflow via workflow dispatch to start a rollback.
# This will create a draft release that mirrors the release for `rollback-tag`.
workflow_dispatch:
inputs:
rollback-tag:
type: string
description: "The tag of an old release to roll-back to."
required: true
# Only for dry-runs of changes to the workflow.
push:
paths:
- .github/workflows/rollback-release.yml
jobs:
prepare:
name: "Prepare release"
if: github.repository == 'github/codeql-action'
permissions:
contents: read
uses: ./.github/workflows/prepare-release.yml
rollback:
name: "Create rollback release"
if: github.repository == 'github/codeql-action'
runs-on: ubuntu-latest
timeout-minutes: 45
# Don't set the deployment environment for test runs
environment: ${{ github.event_name == 'workflow_dispatch' && 'Automation' || '' }}
needs:
- prepare
permissions:
contents: write # needed to push to the repo (tags and releases)
steps:
- name: Checkout repository
uses: actions/checkout@v5
with:
fetch-depth: 0 # Need full history for calculation of diffs
- name: Configure runner for release
uses: ./.github/actions/release-initialise
- name: Create tag for testing
if: github.event_name != 'workflow_dispatch'
shell: bash
run: git tag v0.0.0
# We start by preparing the mergeback branch, mainly so that we have the updated changelog
# readily available for the partial changelog that's needed for the release.
- name: Prepare mergeback branch
id: mergeback-branch
env:
BASE_BRANCH: "main"
VERSION: ${{ needs.prepare.outputs.version }}
run: |
set -x
# Checkout the base branch, since we may be testing on a different branch
git checkout "$BASE_BRANCH"
# Generate a new branch name for the mergeback PR
short_sha="${GITHUB_SHA:0:8}"
NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${short_sha}"
echo "new-branch=${NEW_BRANCH}" >> $GITHUB_OUTPUT
# Create the mergeback branch
git checkout -b "${NEW_BRANCH}"
- name: Prepare rollback changelog
env:
NEW_CHANGELOG: "${{ runner.temp }}/new_changelog.md"
# We usually expect to checkout `inputs.rollback-tag` (required for `workflow_dispatch`),
# but use `v0.0.0` for testing.
ROLLBACK_TAG: ${{ inputs.rollback-tag || 'v0.0.0' }}
LATEST_TAG: ${{ needs.prepare.outputs.latest_tag }}
VERSION: "${{ needs.prepare.outputs.version }}"
run: |
python .github/workflows/script/rollback_changelog.py "${ROLLBACK_TAG:1}" "${LATEST_TAG:1}" "$VERSION" > $NEW_CHANGELOG
echo "::group::New CHANGELOG"
cat $NEW_CHANGELOG
echo "::endgroup::"
- name: Create tags
shell: bash
env:
# We usually expect to checkout `inputs.rollback-tag` (required for `workflow_dispatch`),
# but use `v0.0.0` for testing.
ROLLBACK_TAG: ${{ inputs.rollback-tag || 'v0.0.0' }}
RELEASE_TAG: ${{ needs.prepare.outputs.version }}
MAJOR_VERSION_TAG: ${{ needs.prepare.outputs.major_version }}
run: |
git checkout "refs/tags/${ROLLBACK_TAG}"
git tag --annotate "${RELEASE_TAG}" --message "${RELEASE_TAG}"
git tag --annotate "${MAJOR_VERSION_TAG}" --message "${MAJOR_VERSION_TAG}" --force
- name: Push tags
if: github.event_name == 'workflow_dispatch'
shell: bash
env:
RELEASE_TAG: ${{ needs.prepare.outputs.version }}
MAJOR_VERSION_TAG: ${{ needs.prepare.outputs.major_version }}
run: |
git push origin --atomic --force refs/tags/"${RELEASE_TAG}" refs/tags/"${MAJOR_VERSION_TAG}"
- name: Prepare partial Changelog
env:
NEW_CHANGELOG: "${{ runner.temp }}/new_changelog.md"
PARTIAL_CHANGELOG: "${{ runner.temp }}/partial_changelog.md"
VERSION: "${{ needs.prepare.outputs.version }}"
run: |
python .github/workflows/script/prepare_changelog.py $NEW_CHANGELOG "$VERSION" > $PARTIAL_CHANGELOG
echo "::group::Partial CHANGELOG"
cat $PARTIAL_CHANGELOG
echo "::endgroup::"
- name: Generate token
if: github.event_name == 'workflow_dispatch'
uses: actions/create-github-app-token@v2.1.1
id: app-token
with:
app-id: ${{ vars.AUTOMATION_APP_ID }}
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
- name: Create the rollback release
if: github.event_name == 'workflow_dispatch'
env:
PARTIAL_CHANGELOG: "${{ runner.temp }}/partial_changelog.md"
VERSION: "${{ needs.prepare.outputs.version }}"
GH_TOKEN: ${{ steps.app-token.outputs.token }}
run: |
# Do not mark this release as latest. The most recent CLI release must be marked as latest.
# Set as a draft to give us an opportunity to review the rollback release.
gh release create \
"$VERSION" \
--latest=false \
--draft \
--title "$VERSION" \
--notes-file "$PARTIAL_CHANGELOG"
- name: Create mergeback branch and PR
uses: ./.github/actions/prepare-mergeback-branch
with:
base: "main"
head: ""
branch: "${{ steps.mergeback-branch.outputs.new-branch }}"
version: "${{ needs.prepare.outputs.version }}"
token: "${{ secrets.GITHUB_TOKEN }}"
# Setting this to `true` for non-workflow_dispatch events will
# still push the `branch`, but won't create a corresponding PR
dry-run: "${{ github.event_name != 'workflow_dispatch' }}"