forked from open-policy-agent/gatekeeper
-
Notifications
You must be signed in to change notification settings - Fork 0
103 lines (88 loc) · 4 KB
/
release-pr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
name: create_release_pull_request
on:
push:
tags:
- 'v[0-9]+.[0-9]+.0' # run this workflow when a new minor version is published
workflow_dispatch:
inputs:
release_version:
description: 'Which version are we creating a release pull request for?'
required: true
permissions:
contents: write
pull-requests: write
jobs:
create-release-pull-request:
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: "1.23"
check-latest: true
- name: Set release version and target branch for vNext
if: github.event_name == 'push'
run: |
TAG="$(echo "${{ github.ref }}" | tr -d 'refs/tags/v')"
MAJOR_VERSION="$(echo "${TAG}" | cut -d '.' -f1)"
echo "MAJOR_VERSION=${MAJOR_VERSION}" >> ${GITHUB_ENV}
MINOR_VERSION="$(echo "${TAG}" | cut -d '.' -f2)"
echo "MINOR_VERSION=${MINOR_VERSION}" >> ${GITHUB_ENV}
# increment the minor version by 1 for vNext
echo "NEWVERSION=v${MAJOR_VERSION}.$((MINOR_VERSION+1)).0-beta.0" >> ${GITHUB_ENV}
# pre-release is always being merged to the master branch
echo "TARGET_BRANCH=master" >> ${GITHUB_ENV}
echo "TAG=${TAG}" >> ${GITHUB_ENV}
- name: Set release version and target branch from input
if: github.event_name == 'workflow_dispatch'
run: |
NEWVERSION="${{ github.event.inputs.release_version }}"
echo "${NEWVERSION}" | grep -E '^v[0-9]+\.[0-9]+\.[0-9](-(beta|rc)\.[0-9]+)?$' || (echo "release_version should be in the format vX.Y.Z, vX.Y.Z-beta.A, or vX.Y.Z-rc.B" && exit 1)
echo "NEWVERSION=${NEWVERSION}" >> ${GITHUB_ENV}
echo "TAG=${NEWVERSION}" >> ${GITHUB_ENV}
MAJOR_VERSION="$(echo "${NEWVERSION}" | cut -d '.' -f1 | tr -d 'v')"
MINOR_VERSION="$(echo "${NEWVERSION}" | cut -d '.' -f2)"
# non-beta releases should always be merged to release branches
echo "TARGET_BRANCH=release-${MAJOR_VERSION}.${MINOR_VERSION}" >> ${GITHUB_ENV}
# beta releases should always be merged to master
if [[ "${NEWVERSION}" =~ "beta" ]]; then
echo "TARGET_BRANCH=master" >> ${GITHUB_ENV}
fi
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
fetch-depth: 0
- name: Create release branch if needed
run: |
git checkout "${TARGET_BRANCH}" && exit 0
# Create and push release branch if it doesn't exist
git checkout -b "${TARGET_BRANCH}"
git push --set-upstream origin "${TARGET_BRANCH}"
- run: make release-manifest promote-staging-manifest
- if: github.event_name == 'push'
run: |
tags=$(git tag -l --sort=-v:refname)
versions=''
for tag in $tags; do
if echo "$tag" | grep -Eq '^v[0-9]+\.[0-9]+\.[0-9]+$'; then
opa=$(curl https://raw.githubusercontent.com/open-policy-agent/gatekeeper/$tag/go.mod | grep /opa | awk '{print $2}')
if [ $opa ]; then
versions+="| \`$tag\` | \`$opa\` |\n"
fi
fi
done
make version-docs NEWVERSION=v${MAJOR_VERSION}.${MINOR_VERSION}.x TAG=v${TAG} OPA_VERSIONS="${versions}"
- name: Create release pull request
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
with:
commit-message: "chore: Prepare ${{ env.NEWVERSION }} release"
title: "chore: Prepare ${{ env.NEWVERSION }} release"
branch: "release-${{ env.NEWVERSION }}"
base: "${{ env.TARGET_BRANCH }}"
signoff: true
labels: |
release-pr
${{ github.event.inputs.release_version }}