Skip to content

Build(deps): Bump docker/build-push-action from 4 to 5 #98

Build(deps): Bump docker/build-push-action from 4 to 5

Build(deps): Bump docker/build-push-action from 4 to 5 #98

Workflow file for this run

name: "release"
on:
pull_request:
types: [closed]
workflow_dispatch:
inputs:
release:
description: "Use 'major' for incompatible changes, 'minor' for new features, and 'patch' for fixes."
type: choice
options:
- "major"
- "minor"
- "patch"
required: true
default: "patch"
# This job first determines the target branch of the closed pull request. If the target branch is "main",
# then the latest release tag is used. If no release tag exists, it is set to 0.1.0. If it is a release
# branch (e.g. v22), then the latest tag within that major version is used.
#
# For a patch release, the latest tag is enhanced with 0.0.1, leaving the major and minor versions as
# they are.
#
# For a minor release, the latest tag is enhanced with 0.1.0, and the patch version is set to 0.
#
# For a major release, a branch is created for the latest major release found by tag, and the version
# is enhanced with $latest_tag + 1.0.0, increasing the major version by 1 and setting the minor and
# patch versions to 0.
#
# Major version releases are only valid on the "main" branch.
#
# Once the version is found and enhanced, each CMakeLists file is updated to the new
# version, and a commit is created in the found branch.
jobs:
calculate_version:
runs-on: "ubuntu-latest"
if: |
github.event_name == 'workflow_dispatch' ||
(
github.event.pull_request.merged == true &&
contains(github.event.pull_request.labels.*.name, 'major_release') ||
contains(github.event.pull_request.labels.*.name, 'minor_release') ||
contains(github.event.pull_request.labels.*.name, 'patch_release')
)
outputs:
new_version: ${{ steps.version.outputs.new_version }}
latest_version: ${{ steps.version.outputs.latest_version }}
release_kind: ${{ steps.version.outputs.release_kind }}
release_ref: ${{ steps.version.outputs.release_ref }}
project: ${{ steps.version.outputs.project}}
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GREENBONE_BOT_TOKEN }}
fetch-depth: '0'
- name: set RELEASE_KIND = ${{ github.event.inputs.release }}
if: ${{ github.event_name == 'workflow_dispatch' }}
run: |
echo "RELEASE_KIND=${{ github.event.inputs.release }}" >> $GITHUB_ENV
- name: set RELEASE_KIND = major
if: ${{ (contains(github.event.pull_request.labels.*.name, 'major_release')) }}
run: |
echo "RELEASE_KIND=major" >> $GITHUB_ENV
- name: set RELEASE_KIND = minor
if: ${{ (contains(github.event.pull_request.labels.*.name, 'minor_release')) }}
run: |
echo "RELEASE_KIND=minor" >> $GITHUB_ENV
- name: set RELEASE_KIND = patch
if: ${{ (contains(github.event.pull_request.labels.*.name, 'patch_release')) }}
run: |
echo "RELEASE_KIND=patch" >> $GITHUB_ENV
- name: set RELEASE_REF
run: |
if [[ "${{ github.event_name }}" = "workflow_dispatch" ]]; then
echo "RELEASE_REF=${{ github.ref_name }}" >> $GITHUB_ENV
else
echo "RELEASE_REF=${{ github.base_ref }}" >> $GITHUB_ENV
fi
- name: "LATEST_VERSION"
run: |
if [[ "${{ env.RELEASE_REF }}" = "main" ]]; then
echo "LATEST_VERSION=$(git tag | grep "^v" | sed 's/^v//' | sort --version-sort | tail -n 1)" >> $GITHUB_ENV
else
echo "LATEST_VERSION=$(git tag | grep "^v${{ env.RELEASE_REF }}" | sed 's/^v//' | sort --version-sort | tail -n 1)" >> $GITHUB_ENV
fi
- name: "default LATEST_VERSION"
run: |
# default to 0.1.0 when there is no previous tag and on main branch
if ([[ -z "${{ env.LATEST_VERSION }}" ]] && [[ "${{ env.RELEASE_REF }}" = "main" ]]); then
echo "LATEST_VERSION=0.1.0" >> $GITHUB_ENV
fi
# safeguard
- name: RELEASE_REF != NULL
run: ([ -n "${{ env.RELEASE_REF }}" ])
- name: LATEST_VERSION != NULL
run: ([ -n "${{ env.LATEST_VERSION }}" ])
- name: RELEASE_KIND != NULL
run: ([ -n "${{ env.RELEASE_KIND }}" ])
- name: "NEW_VERSION"
run: |
echo "NEW_VERSION=$(sh .github/enhance_version.sh ${{ env.LATEST_VERSION }} ${{ env.RELEASE_KIND }})" >> $GITHUB_ENV
- name: NEW_VERSION != NULL
run: ([ -n "${{ env.NEW_VERSION }}" ])
- name: set output
id: version
run: |
echo "latest_version=$LATEST_VERSION" >> "$GITHUB_OUTPUT"
echo "new_version=$NEW_VERSION" >> "$GITHUB_OUTPUT"
echo "release_kind=$RELEASE_KIND" >> "$GITHUB_OUTPUT"
echo "release_ref=$RELEASE_REF" >> "$GITHUB_OUTPUT"
echo "project=$(echo "${{ github.repository }}" | sed 's/.*\///' )" >> "$GITHUB_OUTPUT"
build-binaries:
needs: calculate_version
uses: ./.github/workflows/build-rust.yml
release:
name: release
needs:
- build-binaries
- calculate_version
runs-on: "ubuntu-latest"
env:
RELEASE_KIND: ${{needs.calculate_version.outputs.release_kind}}
RELEASE_REF: ${{needs.calculate_version.outputs.release_ref}}
LATEST_VERSION: ${{needs.calculate_version.outputs.latest_version}}
NEW_VERSION: ${{needs.calculate_version.outputs.new_version}}
PROJECT: ${{needs.calculate_version.outputs.project}}
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GREENBONE_BOT_TOKEN }}
fetch-depth: '0'
- name: set git credentials
run: |
git config --global user.email "${{ secrets.GREENBONE_BOT_MAIL }}"
git config --global user.name "${{ secrets.GREENBONE_BOT }}"
- name: "create working branch for previous major release (${{ env.LATEST_VERSION }})"
if: ( env.RELEASE_KIND == 'major' )
run: |
# save a branch so that we can easily create PR for that version when we want to fix something
git checkout "v${{ env.LATEST_VERSION }}"
export BRANCH_NAME=$(echo "${{ env.LATEST_VERSION }}" | sed 's/^\([0-9]*\).*/v\1/')
git checkout -b "$BRANCH_NAME"
git push origin "$BRANCH_NAME"
# create branch of version
- name: prepare project version ${{ env.RELEASE_REF }} ${{ env.LATEST_VERSION }} -> ${{ env.NEW_VERSION }}
run: |
# jump back for the case that we switched to a tag
git checkout "${{ env.RELEASE_REF }}"
# change version
python3 -m pip install pontos
# ignore failure on setting version
pontos-version update ${{ env.NEW_VERSION }} || true
# as soon as pontos-version release is available and it supports cargo do
# cd rust
# pontos-version update ${{ env.NEW_VERSION }}
# but since we don't upload cargo modules to registry the version doesn't matter as of now.
if git diff --exit-code --quiet; then
echo "There are no modified files, skipping."
else
git add CMakeLists.txt
git commit -m "Automated commit: change version from ${{ env.LATEST_VERSION }} -> ${{ env.NEW_VERSION }}"
git push origin ${{ env.RELEASE_REF }}
fi
- uses: actions/download-artifact@v3
with:
name: rs-binaries
path: assets
- uses: greenbone/actions/setup-pontos@v3
- name: release ${{ env.PROJECT }} ${{ env.LATEST_VERSION }} -> ${{ env.NEW_VERSION }}
run: |
pontos-changelog \
--current-version ${{ env.LATEST_VERSION }} \
--next-version ${{ env.NEW_VERSION }} \
--config changelog.toml \
--project $PROJECT \
--versioning-scheme semver \
-o /tmp/changelog.md || true
# we would rather have empty release notes than no release
if [ ! -f "/tmp/changelog.md" ]; then
touch /tmp/changelog.md
fi
echo "${{ secrets.GREENBONE_BOT_TOKEN }}" | gh auth login --with-token
# lets see how smart it is
export nrn="v${{ env.NEW_VERSION }}"
gh release create "$nrn" -F /tmp/changelog.md
- name: "sign ${{ env.PROJECT }}"
run: |
mkdir -p assets
ls -las assets/
export nrn="v${{ env.NEW_VERSION }}"
export filename="$PROJECT-$nrn"
curl -sfSL --retry 3 --retry-connrefused --retry-delay 2 -o assets/$filename.zip https://github.com/${{ github.repository }}/archive/refs/tags/$nrn.zip
curl -sfSL --retry 3 --retry-connrefused --retry-delay 2 -o assets/$filename.tar.gz https://github.com/${{ github.repository }}/archive/refs/tags/$nrn.tar.gz
echo -e "${{ secrets.GPG_KEY }}" > private.pgp
echo ${{ secrets.GPG_PASSPHRASE }} | bash .github/sign-assets.sh private.pgp
rm assets/$filename.zip
rm assets/$filename.tar.gz
gh release upload $nrn assets/*