-
Notifications
You must be signed in to change notification settings - Fork 2
207 lines (180 loc) · 7.27 KB
/
Copy pathrelease-update-version.yaml
File metadata and controls
207 lines (180 loc) · 7.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
name: Update version on release
on:
push:
tags:
- v*
workflow_dispatch:
inputs:
new-tag:
description: The new tag to apply
required: true
type: string
base-branch:
description: The base branch to use for the PR
required: false
default: main
type: string
dry-run:
description: Dry-run the change by doing everything except creating the PR
required: false
default: true
type: boolean
env:
# Set once from repo variable or override here for testing
STEP_SECURITY_EGRESS_POLICY: ${{ vars.STEP_SECURITY_EGRESS_POLICY || 'audit' }}
permissions:
contents: read
jobs:
update-version:
name: Update version
permissions:
contents: read
pull-requests: write
id-token: write
runs-on: ubuntu-latest
steps:
- name: Harden the runner
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }}
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0 # Fetch all history including tags
- name: Set manual tag
if: github.event_name == 'workflow_dispatch'
env:
INPUT_TAG: ${{ github.event.inputs.new-tag }}
run: |
VERSION=${INPUT_TAG#v}
# Validate version format (basic check for x.y.z)
if [[ ! $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "ERROR: Latest tag '$INPUT_TAG' doesn't match expected format vX.Y.Z"
exit 1
fi
echo NEW_TAG="v$VERSION"
echo NEW_TAG="v$VERSION" >> $GITHUB_ENV
echo BASE_BRANCH="${{ github.event.inputs.base-branch }}"
echo BASE_BRANCH="${{ github.event.inputs.base-branch }}" >> $GITHUB_ENV
shell: bash
- name: Set LTS tag by incrementing current one
if: github.event_name != 'workflow_dispatch' && (startsWith(github.ref_name, 'v25.10') || startsWith(github.ref_name, 'v26.4'))
env:
LATEST_TAG: ${{ github.ref_name }}
run: |
# Extract version numbers (remove 'v' prefix)
VERSION=${LATEST_TAG#v}
# Validate version format (basic check for x.y.z)
if [[ ! $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "ERROR: Latest tag '$LATEST_TAG' doesn't match expected format vX.Y.Z"
exit 1
fi
# Split version into parts
IFS='.' read -ra VERSION_PARTS <<<"$VERSION"
MAJOR=${VERSION_PARTS[0]}
MINOR=${VERSION_PARTS[1]}
PATCH=${VERSION_PARTS[2]}
echo "MAJOR=$MAJOR"
echo "MINOR=$MINOR"
echo "PATCH=$PATCH"
# Increment patch version
PATCH=$((PATCH + 1))
GENERATED_VERSION="v${MAJOR}.${MINOR}.${PATCH}"
echo NEW_TAG="$GENERATED_VERSION"
echo NEW_TAG="$GENERATED_VERSION" >> $GITHUB_ENV
BASE_BRANCH="release/${MAJOR}.${MINOR}-lts"
echo "BASE_BRANCH=$BASE_BRANCH"
echo "BASE_BRANCH=$BASE_BRANCH" >> $GITHUB_ENV
shell: bash
- name: Fallback to set mainline tag based on date
run: |
if [[ -n "${NEW_TAG:-}" ]]; then
echo "Skipping as already have new tag: $NEW_TAG"
else
year=$(date +%y)
month=$(date +%-m)
week=$((($(date +%-d) - 1) / 7 + 1))
next_week=$((week + 1))
# Ignore 5 week months
if [ $next_week -gt 4 ]; then
next_week=1
month=$((month + 1))
if [ $month -gt 12 ]; then
month=1
year=$((year + 1))
fi
fi
GENERATED_VERSION="v${year}.${month}.${next_week}"
echo NEW_TAG="$GENERATED_VERSION"
echo NEW_TAG="$GENERATED_VERSION" >> $GITHUB_ENV
fi
if [[ -z "${BASE_BRANCH:-}" ]]; then
BASE_BRANCH="main"
echo "BASE_BRANCH=$BASE_BRANCH"
echo "BASE_BRANCH=$BASE_BRANCH" >> $GITHUB_ENV
fi
shell: bash
- name: Output tag
id: get-version
run: |
echo "next_tag=$NEW_TAG"
echo "next_tag=$NEW_TAG" >> $GITHUB_OUTPUT
echo "base_branch=$BASE_BRANCH"
echo "base_branch=$BASE_BRANCH" >> $GITHUB_OUTPUT
shell: bash
- name: Update version to next week
run: ./scripts/update-version.sh
shell: bash
env:
NEW_TELEMETRY_FORGE_AGENT_VERSION: ${{ steps.get-version.outputs.next_tag }}
# Support legacy version variable for backwards compatibility
NEW_FLUENTDO_AGENT_VERSION: ${{ steps.get-version.outputs.next_tag }}
- name: Debug
run: |
git status
git log -n 1
git diff
shell: bash
- name: Authenticate with GCP
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
with:
workload_identity_provider: "projects/841522437311/locations/global/workloadIdentityPools/github-actions/providers/github-actions"
service_account: "terraform-infra@infrastructure-464010.iam.gserviceaccount.com"
create_credentials_file: true
export_environment_variables: true
- id: get-secrets
name: Get secrets from GCP Secret Manager
# This step retrieves secrets from GCP Secret Manager and sets them as outputs
# The secrets can then be accessed in subsequent steps using ${{ steps.get-secrets.outputs.<secret_name> }}
uses: "google-github-actions/get-secretmanager-secrets@bc9c54b29fdffb8a47776820a7d26e77b379d262" # v3.0.0
with:
secrets: |-
github-pat:projects/626836145334/secrets/GITHUB_CI_PAT
- name: Create a PR with the update
if: ${{ github.event_name != 'workflow_dispatch' || !github.event.inputs.dry-run }}
id: cpr
uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
with:
commit-message: "ci: update to new version ${{ steps.get-version.outputs.next_tag }}"
signoff: true
branch: ci_update-version-${{ steps.get-version.outputs.next_tag }}
delete-branch: true
title: "ci: update version"
token: ${{ steps.get-secrets.outputs.github-pat }}
base: ${{ steps.get-version.outputs.base_branch }}
labels: ci,automerge
body: |
Update version
- Created by ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
- Auto-generated by create-pull-request: https://github.com/peter-evans/create-pull-request
draft: false
- name: Check outputs
if: ${{ steps.cpr.outputs.pull-request-number }}
run: |
echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
shell: bash
- name: Enable Pull Request Automerge
if: ${{ steps.cpr.outputs.pull-request-number }}
run: gh pr merge --squash --auto "${{ steps.cpr.outputs.pull-request-number }}"
env:
GH_TOKEN: ${{ steps.get-secrets.outputs.github-pat }}