ci: fix packages write permissions (#812) #21
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: create_release_pull_request | |
on: | |
push: | |
tags: | |
- 'v[0-9]+.[0-9]+.0' # run this workflow when a new minor version is published | |
workflow_dispatch: | |
inputs: | |
release_version: | |
description: 'Which version are we creating a release pull request for?' | |
required: true | |
permissions: | |
contents: write | |
pull-requests: write | |
jobs: | |
create-release-pull-request: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0 | |
with: | |
egress-policy: audit | |
- name: Set up Go 1.20 | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
with: | |
go-version: "1.20" | |
- name: Set release version and target branch for vNext | |
if: github.event_name == 'push' | |
run: | | |
TAG="$(echo "${{ github.ref }}" | tr -d 'refs/tags/v')" | |
MAJOR_VERSION="$(echo "${TAG}" | cut -d '.' -f1)" | |
echo "MAJOR_VERSION=${MAJOR_VERSION}" >> ${GITHUB_ENV} | |
MINOR_VERSION="$(echo "${TAG}" | cut -d '.' -f2)" | |
echo "MINOR_VERSION=${MINOR_VERSION}" >> ${GITHUB_ENV} | |
# increment the minor version by 1 for vNext | |
echo "NEWVERSION=v${MAJOR_VERSION}.$((MINOR_VERSION+1)).0-beta.0" >> ${GITHUB_ENV} | |
# pre-release is always being merged to the main branch | |
echo "TARGET_BRANCH=main" >> ${GITHUB_ENV} | |
- name: Set release version and target branch from input | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
NEWVERSION="${{ github.event.inputs.release_version }}" | |
echo "${NEWVERSION}" | grep -E '^v[0-9]+\.[0-9]+\.[0-9](-(beta|rc)\.[0-9]+)?$' || (echo "release_version should be in the format vX.Y.Z, vX.Y.Z-beta.A, or vX.Y.Z-rc.B" && exit 1) | |
echo "NEWVERSION=${NEWVERSION}" >> ${GITHUB_ENV} | |
MAJOR_VERSION="$(echo "${NEWVERSION}" | cut -d '.' -f1 | tr -d 'v')" | |
MINOR_VERSION="$(echo "${NEWVERSION}" | cut -d '.' -f2)" | |
# non-beta releases should always be merged to release branches | |
echo "TARGET_BRANCH=release-${MAJOR_VERSION}.${MINOR_VERSION}" >> ${GITHUB_ENV} | |
# beta releases should always be merged to main | |
if [[ "${NEWVERSION}" =~ "beta" ]]; then | |
echo "TARGET_BRANCH=main" >> ${GITHUB_ENV} | |
fi | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | |
with: | |
fetch-depth: 0 | |
- name: Create release branch if needed | |
run: | | |
git checkout "${TARGET_BRANCH}" && exit 0 | |
# Create and push release branch if it doesn't exist | |
git checkout -b "${TARGET_BRANCH}" | |
git push --set-upstream origin "${TARGET_BRANCH}" | |
- run: make release-manifest promote-staging-manifest version-docs | |
- name: Create release pull request | |
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 | |
with: | |
commit-message: "chore: Prepare ${{ env.NEWVERSION }} release" | |
title: "chore: Prepare ${{ env.NEWVERSION }} release" | |
branch: "release-${{ env.NEWVERSION }}" | |
base: "${{ env.TARGET_BRANCH }}" |