release #37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
on: | |
workflow_dispatch: | |
inputs: | |
versionNumber: | |
description: 'Release version number (v#.#.#)' | |
type: string | |
required: true | |
permissions: | |
contents: read # Changelog commit operations use service account PAT | |
env: | |
CI_COMMIT_AUTHOR: hc-github-team-tf-provider-devex | |
CI_COMMIT_EMAIL: [email protected] | |
jobs: | |
changelog-version: | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.changelog-version.outputs.version }} | |
steps: | |
- id: changelog-version | |
run: echo "version=$(echo "${{ inputs.versionNumber }}" | cut -c 2-)" >> "$GITHUB_OUTPUT" | |
changelog: | |
needs: [ changelog-version, meta-version ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
# Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job, | |
# to ensure we get the latest commit we use the ref for checkout: 'refs/heads/<branch_name>' | |
ref: ${{ github.ref }} | |
# Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations | |
# More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials | |
persist-credentials: false | |
- name: Batch changes | |
uses: miniscruff/changie-action@6dcc2533cac0495148ed4046c438487e4dceaa23 # v2.0.0 | |
with: | |
version: latest | |
args: batch ${{ needs.changelog-version.outputs.version }} | |
- name: Merge changes | |
uses: miniscruff/changie-action@6dcc2533cac0495148ed4046c438487e4dceaa23 # v2.0.0 | |
with: | |
version: latest | |
args: merge | |
- name: Git push changelog | |
run: | | |
git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}" | |
git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}" | |
git add . | |
git commit -a -m "Update changelog" | |
git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" | |
meta-version: | |
needs: changelog-version | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
# Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job, | |
# to ensure we get the latest commit we use the ref for checkout: 'refs/heads/<branch_name>' | |
ref: ${{ github.ref }} | |
# Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations | |
# More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials | |
persist-credentials: false | |
- name: Update meta package SDKVersion | |
run: sed -i "s/var SDKVersion =.*/var SDKVersion = \"${{ needs.changelog-version.outputs.version }}\"/" meta/meta.go | |
- name: Git push meta | |
run: | | |
git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}" | |
git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}" | |
git add meta/meta.go | |
git commit -m "Update meta package SDKVersion" | |
git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" | |
release-tag: | |
needs: changelog | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
# Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job, | |
# to ensure we get the latest commit we use the ref for checkout: 'refs/heads/<branch_name>' | |
ref: ${{ github.ref }} | |
# Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations | |
# More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials | |
persist-credentials: false | |
- name: Git push release tag | |
run: | | |
git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}" | |
git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}" | |
git tag "${{ inputs.versionNumber }}" | |
git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" "${{ inputs.versionNumber }}" | |
goreleaser: | |
needs: [ changelog-version, changelog, release-tag ] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write # Needed for goreleaser to create GitHub release | |
issues: write # Needed for goreleaser to close associated milestone | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
ref: ${{ inputs.versionNumber }} | |
fetch-depth: 0 | |
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version-file: 'go.mod' | |
- name: Generate Release Notes | |
run: | | |
cd .changes | |
sed -e "1{/# /d;}" -e "2{/^$/d;}" ${{ needs.changelog-version.outputs.version }}.md > /tmp/release-notes.txt | |
- uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
args: release --release-notes /tmp/release-notes.txt --clean |