feat(generated): Add user management operations and models (+1 more) … #67
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Please | |
| on: | |
| push: | |
| branches: | |
| - main | |
| concurrency: | |
| group: release-please | |
| cancel-in-progress: false | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| # release-please owns tag + GitHub Release creation (no | |
| # skip-github-release). Because it tags every release inside its own run | |
| # — before it computes the next release PR — it always knows the previous | |
| # release boundary, so it never regenerates the changelog from the start | |
| # of history or proposes a spurious major bump. Creating the release with | |
| # the app token also fires the `release: published` event that release.yml | |
| # uses to publish to RubyGems. This job is kept minimal so nothing | |
| # downstream (changelog enrichment, release notes) can fail it. | |
| release-please: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| pr: ${{ steps.release.outputs.pr }} | |
| release_created: ${{ steps.release.outputs.release_created }} | |
| tag_name: ${{ steps.release.outputs.tag_name }} | |
| steps: | |
| - name: Generate token | |
| id: generate-token | |
| uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # 3.2.0 | |
| with: | |
| app-id: ${{ vars.SDK_BOT_APP_ID }} | |
| private-key: ${{ secrets.SDK_BOT_PRIVATE_KEY }} | |
| - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0 | |
| id: release | |
| with: | |
| token: ${{ steps.generate-token.outputs.token }} | |
| # While the release PR is open, enrich it before it merges. Runs as its | |
| # own job (gated on the PR existing) so a failure here can never block the | |
| # release or any publish that depends on release-please. | |
| enrich-release-pr: | |
| needs: release-please | |
| if: needs.release-please.outputs.pr | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Generate token | |
| id: generate-token | |
| uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # 3.2.0 | |
| with: | |
| app-id: ${{ vars.SDK_BOT_APP_ID }} | |
| private-key: ${{ secrets.SDK_BOT_PRIVATE_KEY }} | |
| - name: Checkout release PR branch | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # 6.0.3 | |
| with: | |
| ref: ${{ fromJSON(needs.release-please.outputs.pr).headBranchName }} | |
| token: ${{ steps.generate-token.outputs.token }} | |
| # Inline pending changelog fragments under the version heading | |
| # release-please just wrote in CHANGELOG.md. For PRs that have a | |
| # fragment (the autogen flow always writes one), drop the line | |
| # release-please rendered and use the fragment instead. For PRs | |
| # without a fragment (typical for human-authored PRs), keep what | |
| # release-please wrote. Fragments are deleted in the same commit. | |
| # Idempotent: if no fragments exist, skip silently. | |
| - name: Inline rich changelog fragments | |
| env: | |
| PR_JSON: ${{ needs.release-please.outputs.pr }} | |
| run: | | |
| set -euo pipefail | |
| shopt -s nullglob | |
| fragments=(.changelog-pending/*.md) | |
| if [ ${#fragments[@]} -eq 0 ]; then | |
| echo "No .changelog-pending fragments; leaving release-please CHANGELOG.md as-is." | |
| exit 0 | |
| fi | |
| VERSION=$(echo "$PR_JSON" | jq -r '.title' | grep -oE '[0-9]+\.[0-9]+\.[0-9]+') | |
| export VERSION | |
| python3 - <<'PY' | |
| import os, re, pathlib, glob | |
| version = os.environ["VERSION"] | |
| # Load fragments + extract the PR number each one covers from | |
| # its top-line "* [#NN](url) ...". | |
| fragments = [] | |
| covered = set() | |
| for path in sorted(glob.glob(".changelog-pending/*.md")): | |
| body = pathlib.Path(path).read_text().rstrip() | |
| m = re.search(r'\[#(\d+)\]', body) | |
| if m: | |
| covered.add(m.group(1)) | |
| fragments.append(body) | |
| changelog = pathlib.Path("CHANGELOG.md") | |
| text = changelog.read_text() | |
| section_re = re.compile( | |
| r'(^## \[' + re.escape(version) + r'\][^\n]*\n)(.*?)(?=^## |\Z)', | |
| re.MULTILINE | re.DOTALL, | |
| ) | |
| match = section_re.search(text) | |
| if not match: | |
| raise SystemExit(f"Could not find '## [{version}]' heading in CHANGELOG.md") | |
| heading, body = match.group(1), match.group(2) | |
| # Drop any release-please line that references a PR we have a | |
| # fragment for. | |
| kept = [] | |
| for line in body.split("\n"): | |
| if any(pr in covered for pr in re.findall(r'\[#(\d+)\]', line)): | |
| continue | |
| kept.append(line) | |
| filtered = "\n".join(kept) | |
| # Collapse "### Heading\n(blank lines)\n" with nothing under | |
| # it. Run repeatedly until stable in case of stacked empties. | |
| empty_section = re.compile( | |
| r'^### [^\n]*\n(?:\s*\n)*(?=^### |\Z)', | |
| re.MULTILINE, | |
| ) | |
| while True: | |
| new = empty_section.sub('', filtered) | |
| if new == filtered: | |
| break | |
| filtered = new | |
| filtered = filtered.strip() | |
| parts = [] | |
| if filtered: | |
| parts.append(filtered) | |
| parts.extend(fragments) | |
| new_body = "\n\n".join(parts) | |
| new_text = text[:match.start()] + heading + "\n" + new_body + "\n\n" + text[match.end():] | |
| changelog.write_text(new_text) | |
| PY | |
| git config user.name "workos-sdk-automation[bot]" | |
| git config user.email "255426317+workos-sdk-automation[bot]@users.noreply.github.com" | |
| git rm .changelog-pending/*.md | |
| git add CHANGELOG.md | |
| git commit -m "chore: inline release notes from .changelog-pending" | |
| git push | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@12fd324f1d0b43274fdc8130f6980590a667c455 # 1.312.0 | |
| with: | |
| ruby-version: ruby | |
| - name: Bundle install and commit | |
| run: | | |
| bundle install | |
| if git diff --quiet Gemfile.lock; then | |
| echo "Gemfile.lock is up to date" | |
| else | |
| git config user.name "workos-sdk-automation[bot]" | |
| git config user.email "255426317+workos-sdk-automation[bot]@users.noreply.github.com" | |
| git add Gemfile.lock | |
| git commit -m "chore: update Gemfile.lock" | |
| git push | |
| fi | |
| # After release-please tags the release and creates the GitHub Release, | |
| # replace its body with the rich section from CHANGELOG.md (release-please | |
| # writes only its terse default rendering). Cosmetic-only: never fails the | |
| # release if the section can't be found. | |
| update-release-notes: | |
| needs: release-please | |
| if: needs.release-please.outputs.release_created == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Generate token | |
| id: generate-token | |
| uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # 3.2.0 | |
| with: | |
| app-id: ${{ vars.SDK_BOT_APP_ID }} | |
| private-key: ${{ secrets.SDK_BOT_PRIVATE_KEY }} | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # 6.0.3 | |
| with: | |
| token: ${{ steps.generate-token.outputs.token }} | |
| - name: Set rich release notes from CHANGELOG.md | |
| env: | |
| GH_TOKEN: ${{ steps.generate-token.outputs.token }} | |
| TAG: ${{ needs.release-please.outputs.tag_name }} | |
| run: | | |
| set -euo pipefail | |
| VERSION="${TAG#v}" | |
| awk -v v="$VERSION" ' | |
| $0 ~ ("^## \\[" v "\\]") { found=1; next } | |
| found && /^## \[/ { exit } | |
| found | |
| ' CHANGELOG.md > /tmp/release-notes.md | |
| if [ -s /tmp/release-notes.md ]; then | |
| gh release edit "$TAG" --notes-file /tmp/release-notes.md | |
| else | |
| echo "No CHANGELOG.md body for $TAG; keeping release-please default notes." | |
| fi |