|
| 1 | +# This internal workflow creates a semver git tag. |
| 2 | +name: .release |
| 3 | + |
| 4 | +# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions |
| 5 | +permissions: |
| 6 | + contents: read |
| 7 | + |
| 8 | +concurrency: |
| 9 | + group: ${{ github.workflow }}-${{ github.ref }} |
| 10 | + cancel-in-progress: true |
| 11 | + |
| 12 | +on: |
| 13 | + workflow_dispatch: |
| 14 | + inputs: |
| 15 | + version: |
| 16 | + description: "Semver version (e.g. v1.2.3)" |
| 17 | + required: true |
| 18 | + type: string |
| 19 | + ref: |
| 20 | + description: "Optional Git ref to tag (defaults to main HEAD)" |
| 21 | + required: false |
| 22 | + type: string |
| 23 | + default: refs/heads/main |
| 24 | + |
| 25 | +jobs: |
| 26 | + prepare: |
| 27 | + runs-on: ubuntu-latest |
| 28 | + steps: |
| 29 | + - |
| 30 | + name: Show inputs |
| 31 | + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 |
| 32 | + env: |
| 33 | + INPUT_VERSION: ${{ inputs.version }} |
| 34 | + INPUT_REF: ${{ inputs.ref }} |
| 35 | + with: |
| 36 | + script: | |
| 37 | + core.info(`version: ${core.getInput('version')}`); |
| 38 | + core.info(`ref: ${core.getInput('ref')}`); |
| 39 | +
|
| 40 | + release: |
| 41 | + runs-on: ubuntu-latest |
| 42 | + environment: release-prod |
| 43 | + needs: |
| 44 | + - prepare |
| 45 | + permissions: |
| 46 | + contents: write # required to push the tag |
| 47 | + steps: |
| 48 | + - |
| 49 | + name: Install npm deps |
| 50 | + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 |
| 51 | + with: |
| 52 | + script: | |
| 53 | + await core.group(`Install npm deps`, async () => { |
| 54 | + await exec.exec('npm', ['install', 'semver']); |
| 55 | + }); |
| 56 | + - |
| 57 | + name: Check version |
| 58 | + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 |
| 59 | + env: |
| 60 | + INPUT_VERSION: ${{ inputs.version }} |
| 61 | + with: |
| 62 | + script: | |
| 63 | + const semver = require('semver'); |
| 64 | + const version = core.getInput('version'); |
| 65 | + if (!semver.valid(version)) { |
| 66 | + core.setFailed(`Invalid version: ${version}`); |
| 67 | + } |
| 68 | + - |
| 69 | + name: GitHub auth token from GitHub App |
| 70 | + id: write-app |
| 71 | + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 |
| 72 | + with: |
| 73 | + app-id: ${{ secrets.DOCKER_GITHUB_BUILDER_REPO_WRITE_APP_ID }} |
| 74 | + private-key: ${{ secrets.DOCKER_GITHUB_BUILDER_REPO_WRITE_APP_PRIVATE_KEY }} |
| 75 | + owner: docker |
| 76 | + repositories: github-builder |
| 77 | + - |
| 78 | + name: Checkout |
| 79 | + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
| 80 | + with: |
| 81 | + ref: ${{ inputs.ref }} |
| 82 | + fetch-depth: 0 |
| 83 | + token: ${{ steps.write-app.outputs.token }} |
| 84 | + - |
| 85 | + name: Configure Git |
| 86 | + run: | |
| 87 | + set -x |
| 88 | + git config user.name "${GITHUB_ACTOR}" |
| 89 | + git config user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com" |
| 90 | + - |
| 91 | + name: Ensure tag does not exist |
| 92 | + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 |
| 93 | + env: |
| 94 | + INPUT_VERSION: ${{ inputs.version }} |
| 95 | + with: |
| 96 | + script: | |
| 97 | + const version = core.getInput('version'); |
| 98 | + await exec.exec('git', ['rev-parse', '-q', '--verify', `refs/tags/${version}`], { |
| 99 | + ignoreReturnCode: true |
| 100 | + }).then(res => { |
| 101 | + if (res.exitCode === 0) { |
| 102 | + throw new Error(`Tag ${version} already exists at ${res.stdout.trim()}`); |
| 103 | + } |
| 104 | + }); |
| 105 | + - |
| 106 | + name: Create and push tag |
| 107 | + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 |
| 108 | + env: |
| 109 | + INPUT_VERSION: ${{ inputs.version }} |
| 110 | + with: |
| 111 | + script: | |
| 112 | + const version = core.getInput('version'); |
| 113 | + await exec.exec('git', ['tag', '-a', version, '-m', version]); |
| 114 | + await exec.exec('git', ['push', 'origin', `refs/tags/${version}`]); |
0 commit comments