diff --git a/.github/workflows/patch-docs.yaml b/.github/workflows/patch-docs.yaml new file mode 100644 index 000000000..8ca3003e9 --- /dev/null +++ b/.github/workflows/patch-docs.yaml @@ -0,0 +1,54 @@ +name: patch_docs +on: + push: + tags: + - 'v[0-9]+.[0-9]+.[1-9]+' # run this workflow when a new patch version is published + +permissions: + contents: write + pull-requests: write + +jobs: + patch-docs: + runs-on: ubuntu-22.04 + steps: + - name: Harden Runner + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + with: + egress-policy: audit + + - name: Set release version and target branch for vNext + if: github.event_name == 'push' + run: | + TAG="$(echo "${{ github.ref }}" | tr -d 'refs/tags/v')" + MAJOR_VERSION="$(echo "${TAG}" | cut -d '.' -f1)" + echo "MAJOR_VERSION=${MAJOR_VERSION}" >> ${GITHUB_ENV} + MINOR_VERSION="$(echo "${TAG}" | cut -d '.' -f2)" + echo "MINOR_VERSION=${MINOR_VERSION}" >> ${GITHUB_ENV} + PATCH_VERSION="$(echo "${TAG}" | cut -d '.' -f3)" + echo "PATCH_VERSION=${PATCH_VERSION}" >> ${GITHUB_ENV} + echo "TAG=${TAG}" >> ${GITHUB_ENV} + + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + fetch-depth: 0 + + - name: Create release branch if needed # patched docs are always being merged to the master branch + run: | + git checkout master + + - name: Create patch version docs + run: make patch-version-docs NEWVERSION=v${MAJOR_VERSION}.${MINOR_VERSION}.x TAG=v${TAG} OLDVERSION=v${MAJOR_VERSION}.${MINOR_VERSION}.$((PATCH_VERSION-1)) + + - name: Create release pull request + uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 + with: + commit-message: "chore: Patch docs for ${{ env.TAG }} release" + title: "chore: Patch docs for ${{ env.TAG }} release" + branch: "patch-docs-${{ env.TAG }}" + base: "master" + signoff: true + labels: | + release-pr + ${{ github.event.inputs.release_version }} + \ No newline at end of file diff --git a/.github/workflows/release-pr.yaml b/.github/workflows/release-pr.yaml index 3f6603d6a..6214cf06a 100644 --- a/.github/workflows/release-pr.yaml +++ b/.github/workflows/release-pr.yaml @@ -41,6 +41,7 @@ jobs: echo "NEWVERSION=v${MAJOR_VERSION}.$((MINOR_VERSION+1)).0-beta.0" >> ${GITHUB_ENV} # pre-release is always being merged to the master branch echo "TARGET_BRANCH=master" >> ${GITHUB_ENV} + echo "TAG=${TAG}" >> ${GITHUB_ENV} - name: Set release version and target branch from input if: github.event_name == 'workflow_dispatch' @@ -49,6 +50,7 @@ jobs: echo "${NEWVERSION}" | grep -E '^v[0-9]+\.[0-9]+\.[0-9](-(beta|rc)\.[0-9]+)?$' || (echo "release_version should be in the format vX.Y.Z, vX.Y.Z-beta.A, or vX.Y.Z-rc.B" && exit 1) echo "NEWVERSION=${NEWVERSION}" >> ${GITHUB_ENV} + echo "TAG=${NEWVERSION}" >> ${GITHUB_ENV} MAJOR_VERSION="$(echo "${NEWVERSION}" | cut -d '.' -f1 | tr -d 'v')" MINOR_VERSION="$(echo "${NEWVERSION}" | cut -d '.' -f2)" @@ -75,7 +77,7 @@ jobs: - run: make release-manifest promote-staging-manifest - if: github.event_name == 'push' - run: make version-docs NEWVERSION=v${MAJOR_VERSION}.${MINOR_VERSION}.x + run: make version-docs NEWVERSION=v${MAJOR_VERSION}.${MINOR_VERSION}.x TAG=v${TAG} - name: Create release pull request uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0 diff --git a/Makefile b/Makefile index cdb45b25f..e9b0adb44 100644 --- a/Makefile +++ b/Makefile @@ -475,7 +475,6 @@ release-manifest: @sed -i "s/tag: $(VERSION)/tag: ${NEWVERSION}/" ./cmd/build/helmify/static/values.yaml @sed -i 's/Current release version: `$(VERSION)`/Current release version: `'"${NEWVERSION}"'`/' ./cmd/build/helmify/static/README.md @sed -i -e 's/^VERSION := $(VERSION)/VERSION := ${NEWVERSION}/' ./Makefile - @sed -i 's/https:\/\/raw\.githubusercontent\.com\/open-policy-agent\/gatekeeper\/master\/deploy\/gatekeeper\.yaml.*/https:\/\/raw\.githubusercontent\.com\/open-policy-agent\/gatekeeper\/${NEWVERSION}\/deploy\/gatekeeper\.yaml/' ./website/docs/install.md export $(MAKE) manifests @@ -488,6 +487,11 @@ version-docs: -u $(shell id -u):$(shell id -g) \ node:${NODE_VERSION} \ sh -c "yarn install --frozen-lockfile && yarn run docusaurus docs:version ${NEWVERSION}" + @sed -i 's/https:\/\/raw\.githubusercontent\.com\/open-policy-agent\/gatekeeper\/master\/deploy\/gatekeeper\.yaml.*/https:\/\/raw\.githubusercontent\.com\/open-policy-agent\/gatekeeper\/${TAG}\/deploy\/gatekeeper\.yaml/' ./website/versioned_docs/version-${NEWVERSION}/install.md + +.PHONY: patch-version-docs +patch-version-docs: + @sed -i 's/https:\/\/raw\.githubusercontent\.com\/open-policy-agent\/gatekeeper\/${OLDVERSION}\/deploy\/gatekeeper\.yaml.*/https:\/\/raw\.githubusercontent\.com\/open-policy-agent\/gatekeeper\/${TAG}\/deploy\/gatekeeper\.yaml/' ./website/versioned_docs/version-${NEWVERSION}/install.md promote-staging-manifest: @rm -rf deploy