-
Notifications
You must be signed in to change notification settings - Fork 459
132 lines (129 loc) · 5.82 KB
/
release-checks.yaml
File metadata and controls
132 lines (129 loc) · 5.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Release Checks
on:
pull_request:
types: [opened, synchronize, reopened, edited]
branches: ['main']
permissions:
contents: read
jobs:
# More info at https://github.com/Roave/BackwardCompatibilityCheck.
backwards-compatibility-check:
name: Breaking Change Detector
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: "Install PHP"
uses: shivammathur/setup-php@v2
with:
php-version: "8.1"
- name: "Ensure that branch is up to date with main branch"
if: github.event.pull_request.user.login != 'release-please[bot]'
run: |
if ! git merge-base --is-ancestor origin/main ${{ github.event.pull_request.head.sha }}; then
echo "PR branch is out of date with main. Please merge or rebase main into your branch to avoid false BC break detections."
exit 1
fi
- name: "Install dependencies"
run: composer global require "roave/backward-compatibility-check:^8.2"
- name: "Check for BC breaks"
if: github.event.pull_request.user.login != 'release-please[bot]'
# Ensure the build still passes by adding BREAKING_CHANGE_REASON=[reason] to the PR description.
continue-on-error: ${{ contains(github.event.pull_request.body, 'BREAKING_CHANGE_REASON=') }}
run: |
~/.composer/vendor/bin/roave-backward-compatibility-check --from=origin/main --format=github-actions
- name: "Check for BC label"
# Ensure the build still passes by adding BREAKING_CHANGE_REASON=[reason] to the PR description.
continue-on-error: ${{ contains(github.event.pull_request.body, 'BREAKING_CHANGE_REASON=') }}
run: |
if [[ "true" == "${{ contains(github.event.pull_request.title, '!:') }}" ]]; then
echo "Breaking change label found in PR title"
exit 1
fi
- name: Get Latest Release
if: github.event.pull_request.user.login == 'release-please[bot]'
id: latest-release
uses: pozetroninc/github-action-get-latest-release@master
with:
repository: ${{ github.repository }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: "Check for BC breaks (Next Release)"
if: github.event.pull_request.user.login == 'release-please[bot]'
# We've already approved and justified the breaking changes. Run the check but continue on error
continue-on-error: true
run: |
~/.composer/vendor/bin/roave-backward-compatibility-check \
--from=${{ steps.latest-release.outputs.release }} \
--to=origin/main --format=github-actions
# Ensure the release PR does not contain an unexpected (e.g. 2.0.0) major version release
# Add "MAJOR_VERSION_ALLOWED=component1,component2" to the PR description to allow major version
# releases for those components
unexpected-major-version-check:
name: Unexpected Major Version Check
runs-on: ubuntu-latest
if: github.event.pull_request.user.login == 'release-please[bot]'
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Parse allowed major versions
uses: actions-ecosystem/action-regex-match@v2
id: allowed-major-versions
with:
text: ${{ github.event.pull_request.body }}
regex: '^MAJOR_VERSION_ALLOWED=(.*)$'
flags: gm
- name: "Check for unexpected major version"
run: |
# parse allowed major versions into an array
IFS=', ' read -r -a ALLOWED_MAJOR_VERSIONS <<< "${{ steps.allowed-major-versions.outputs.group1 }}"
# get all changed components
COMPONENTS=$(git diff origin/main --name-only | grep VERSION | xargs dirname)
FAIL=""
for COMPONENT in ${COMPONENTS}; do {
if [[ "$(cat $COMPONENT/VERSION)" == [123456789].0.0 ]]; then
# A new version is being released - make sure it's allowed
if [[ ${ALLOWED_MAJOR_VERSIONS[@]} =~ $COMPONENT ]]; then
echo "Major version release allowed: $COMPONENT"
else
echo "Unexpected major version release found: $COMPONENT"
FAIL="true"
fi
fi
}; done
if [[ "$FAIL" == "true" ]]; then
echo "⚠️ IMPORTANT ⚠️ This check is meant to prevent the accidental release of new major versions. New "
echo "major versions should only be released intentionally. If you are not explicitly trying to release a "
echo "new major version and you don't have explicit approval from the Language Lead, "
echo "⚠️ DO NOT BYPASS THIS CHECK ⚠️"
echo -e "\nAdd \"MAJOR_VERSION_ALLOWED=component1,component2\" to the PR description to allow "
echo "major version releases for those components"
exit 1
fi
next-release-label-check:
name: Check for "next release" label
uses: GoogleCloudPlatform/php-tools/.github/workflows/release-checks.yml@main
if: github.event.pull_request.user.login == 'release-please[bot]'
with:
next-release-label-check: true
# Ensure all repos are in compliance
repo-compliance-check:
name: Repo Compliance Check
runs-on: ubuntu-latest
if: github.event.pull_request.user.login == 'release-please[bot]'
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: "Install PHP"
uses: shivammathur/setup-php@v2
with:
php-version: "8.1"
- name: "Install dependencies"
run: composer install -d dev
- name: "Check repo compliance"
env:
GH_TOKEN: ${{ secrets.SPLIT_TOKEN }}
PG_TOKEN: ${{ secrets.PACKAGIST_SAFE_TOKEN }}
run: ./dev/google-cloud repo:compliance --format=ci -t $GH_TOKEN -p $PG_TOKEN