actions/setup-terraform
1
0
Fork 0
mirror of https://github.com/hashicorp/setup-terraform.git synced 2025-12-15 16:12:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update release workflow to work with new branch protections (#313)

Browse source 
* Update release workflow to work with new branch protections

* removed issue permission
This commit is contained in:
Austin Valle 2023-03-02 16:59:59 -05:00 committed by GitHub
parent aa7ea2f4b9
commit 6b752b326b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

44
.github/workflows/release.yml vendored
View file

@ -8,16 +8,13 @@ on:
type: string
required: true
permissions:
contents: read # Changelog commit operations use service account PAT
env:
CI_COMMIT_AUTHOR: hc-github-team-tf-provider-devex
CI_COMMIT_EMAIL: github-team-tf-provider-devex@hashicorp.com
permissions:
# Allow creating GitHub release
contents: write
# Allow closing associated milestone
issues: write
jobs:
major-version:
runs-on: ubuntu-latest
@ -26,6 +23,7 @@ jobs:
steps:
- id: major-version
run: echo "version=$(echo "${{ inputs.versionNumber }}" | cut -d. -f1)" >> "$GITHUB_OUTPUT"
changelog-version:
runs-on: ubuntu-latest
outputs:
@ -33,6 +31,7 @@ jobs:
steps:
- id: changelog-version
run: echo "version=$(echo "${{ inputs.versionNumber }}" | cut -c 2-)" >> "$GITHUB_OUTPUT"
changelog:
needs: changelog-version
runs-on: ubuntu-latest
@ -41,27 +40,27 @@ jobs:
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
fetch-depth: 0
# Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations
# More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials
persist-credentials: false
- name: Batch changes
uses: miniscruff/changie-action@b6d52c80deb236a5b548f8774cd5a18b87da9e9a # v1.0.1
with:
version: latest
args: batch ${{ needs.changelog-version.outputs.version }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Merge changes
uses: miniscruff/changie-action@b6d52c80deb236a5b548f8774cd5a18b87da9e9a # v1.0.1
with:
version: latest
args: merge
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Git push changelog
run: |
git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
git config --global user.email "${{ env.CI_COMMIT_EMAIL }}"
git add .
git commit -a -m "Update changelog"
git push
git push "https://${{ env.CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
update-package-version:
needs: changelog
runs-on: ubuntu-latest
@ -73,6 +72,10 @@ jobs:
# Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job,
# to ensure we get the latest commit we use the ref for checkout: 'refs/heads/<branch_name>'
ref: ${{ github.ref }}
# Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations
# More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials
persist-credentials: false
- name: Set up Node.js
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
@ -85,7 +88,8 @@ jobs:
git config --global user.email "${{ env.CI_COMMIT_EMAIL }}"
git add .
git commit -a -m "Update package version"
git push
git push "https://${{ env.CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
release-tag:
needs: [ update-package-version, major-version ]
runs-on: ubuntu-latest
@ -97,26 +101,36 @@ jobs:
# Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job,
# to ensure we get the latest commit we use the ref for checkout: 'refs/heads/<branch_name>'
ref: ${{ github.ref }}
# Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations
# More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials
persist-credentials: false
- name: Git push release tag
run: |
git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
git config --global user.email "${{ env.CI_COMMIT_EMAIL }}"
git tag "${{ inputs.versionNumber }}"
git tag -f "${{ needs.major-version.outputs.version }}"
git push origin "${{ inputs.versionNumber }}"
git push origin -f "${{ needs.major-version.outputs.version }}"
git push "https://${{ env.CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" "${{ inputs.versionNumber }}"
git push "https://${{ env.CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" -f "${{ needs.major-version.outputs.version }}"
release:
needs: [ changelog-version, release-tag ]
runs-on: "ubuntu-latest"
runs-on: ubuntu-latest
permissions:
contents: write # Needed to create GitHub release
steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ inputs.versionNumber }}
fetch-depth: 0
- name: Generate Release Notes
run: |
cd .changes
sed -e "1{/# /d;}" -e "2{/^$/d;}" ${{ needs.changelog-version.outputs.version }}.md > /tmp/release-notes.txt
- name: GH Release
run: |
gh release create "${{ inputs.versionNumber }}" --notes-file /tmp/release-notes.txt --title "${{ inputs.versionNumber }}"