-
Notifications
You must be signed in to change notification settings - Fork 1
123 lines (104 loc) · 3.7 KB
/
create-release-tag.yml
File metadata and controls
123 lines (104 loc) · 3.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: Create Release Tag
on:
workflow_dispatch:
inputs:
bump:
description: Release bump type
required: true
default: patch
type: choice
options:
- patch
- minor
- major
permissions:
contents: read
jobs:
create-release-tag:
runs-on: ubuntu-latest
steps:
- name: Reject disabled major releases
if: ${{ inputs.bump == 'major' }}
run: |
echo "::error::Major releases are not enabled yet. Choose patch or minor."
exit 1
- name: Validate release tag token
env:
RELEASE_TAG_TOKEN: ${{ secrets.RELEASE_TAG_TOKEN }}
run: |
if [ -z "$RELEASE_TAG_TOKEN" ]; then
echo "::error::RELEASE_TAG_TOKEN is required so pushed tags trigger the release workflow. Configure a fine-grained PAT with Contents: Read and write for this repository."
exit 1
fi
- uses: actions/checkout@v4
with:
ref: main
fetch-depth: 0
token: ${{ secrets.RELEASE_TAG_TOKEN }}
- uses: actions/setup-go@v5
with:
go-version: '1.23'
- name: Run tests
run: make test
- name: Run container smoke test
run: make docker-smoke IMAGE_TAG=release-candidate
- name: Compute next tag
id: next-tag
run: |
set -euo pipefail
git fetch --force --tags origin
semver_pattern='^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)$'
latest_tag=$(git tag --list 'v[0-9]*.[0-9]*.[0-9]*' | grep -E "$semver_pattern" | sort -V | tail -n 1 || true)
if [ -z "$latest_tag" ]; then
latest_tag="v0.0.0"
fi
version="${latest_tag#v}"
IFS=. read -r major minor patch <<< "$version"
case "${{ inputs.bump }}" in
patch)
patch=$((patch + 1))
;;
minor)
minor=$((minor + 1))
patch=0
;;
*)
echo "::error::Unsupported bump type: ${{ inputs.bump }}"
exit 1
;;
esac
next_tag="v${major}.${minor}.${patch}"
if ! echo "$next_tag" | grep -Eq "$semver_pattern"; then
echo "::error::Computed tag ${next_tag} is not a strict semver tag."
exit 1
fi
if git rev-parse --verify --quiet "refs/tags/${next_tag}" >/dev/null; then
echo "::error::Tag ${next_tag} already exists locally."
exit 1
fi
if git ls-remote --exit-code --tags origin "refs/tags/${next_tag}" >/dev/null 2>&1; then
echo "::error::Tag ${next_tag} already exists on origin."
exit 1
fi
echo "tag=${next_tag}" >> "$GITHUB_OUTPUT"
echo "Computed next release tag: ${next_tag}"
- name: Create and push tag
env:
TAG_NAME: ${{ steps.next-tag.outputs.tag }}
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git tag -a "$TAG_NAME" -m "Release $TAG_NAME"
git push origin "$TAG_NAME"
- name: Write summary
env:
TAG_NAME: ${{ steps.next-tag.outputs.tag }}
run: |
{
echo "## Release tag created"
echo
echo "- Tag: \`${TAG_NAME}\`"
echo "- Bump: \`${{ inputs.bump }}\`"
echo
echo "The existing tag-triggered release workflow will publish the prerelease from this pushed tag. Tags are pushed with \`RELEASE_TAG_TOKEN\` so the release workflow is eligible to run."
} >> "$GITHUB_STEP_SUMMARY"