Skip to content

Merge pull request #2267 from newrelic/sunny/netlify-migration #774

Merge pull request #2267 from newrelic/sunny/netlify-migration

Merge pull request #2267 from newrelic/sunny/netlify-migration #774

Workflow file for this run

name: Release
on:
push:
branches:
- develop
env:
BOT_NAME: nr-opensource-bot
BOT_EMAIL: [email protected]
jobs:
generate-third-party-notices:
runs-on: ubuntu-latest
steps:
# Checkout fetch-depth: 2 because there's a check to see if package.json
# was updated, and need at least 2 commits for the check to function properly
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: 18
cache: 'yarn'
- name: Install Dependencies
run: yarn install --frozen-lockfile
- name: Install OSS CLI
run: |
yarn global add @newrelic/newrelic-oss-cli
- name: Generate Third Party Notices
id: generate-notices
run: |
if [ ! -f "third_party_manifest.json" ]; then
echo "::error::third_party_manifest.json is missing. Must generate using the newrelic-oss-cli."
exit 1
fi
# latest commit
LATEST_COMMIT=$(git rev-parse HEAD)
# latest commit where package.json was changed
LAST_CHANGED_COMMIT=$(git log -1 --format=format:%H --full-diff package.json)
if [ $LAST_CHANGED_COMMIT = $LATEST_COMMIT ]; then
git config user.email "${{ env.BOT_EMAIL }}"
git config user.name "${{ env.BOT_NAME }}"
oss third-party manifest
oss third-party notices
git add third_party_manifest.json
git add THIRD_PARTY_NOTICES.md
git commit -m 'chore: update third-party manifest and notices [skip-cd]'
echo "commit=true" >> $GITHUB_OUTPUT
else
echo "No change in package.json, not regenerating third-party notices"
fi
- name: Temporarily disable "required_pull_request_reviews" branch protection
id: disable-branch-protection
if: always()
uses: actions/github-script@v6
with:
github-token: ${{ secrets.DEVEX_OPENSOURCE_BOT_TOKEN }}
previews: luke-cage-preview
script: |
const result = await github.rest.repos.updateBranchProtection({
owner: context.repo.owner,
repo: context.repo.repo,
branch: 'develop',
required_status_checks: null,
restrictions: null,
enforce_admins: null,
required_pull_request_reviews: null
})
console.log("Result:", result)
- name: Push Commit
if: steps.generate-notices.outputs.commit == 'true'
uses: ad-m/[email protected]
with:
github_token: ${{ secrets.DEVEX_OPENSOURCE_BOT_TOKEN }}
branch: develop
- name: Re-enable "required_pull_request_reviews" branch protection
id: enable-branch-protection
if: always()
uses: actions/github-script@v6
with:
github-token: ${{ secrets.DEVEX_OPENSOURCE_BOT_TOKEN }}
previews: luke-cage-preview
script: |
const result = await github.rest.repos.updateBranchProtection({
owner: context.repo.owner,
repo: context.repo.repo,
branch: 'develop',
required_status_checks: null,
restrictions: null,
enforce_admins: true,
required_pull_request_reviews: {
dismiss_stale_reviews: true,
required_approving_review_count: 1
}
})
console.log("Result:", result)
generate-changelog:
runs-on: ubuntu-latest
needs: [generate-third-party-notices]
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
# semantic-release requires >= 14
node-version: 18
# deletes node_modules, install dependencies, does NOT update lockfile
- name: Install Dependencies
run: yarn install --frozen-lockfile
- name: Temporarily disable "required_pull_request_reviews" branch protection
id: disable-branch-protection
if: always()
uses: actions/github-script@v6
with:
github-token: ${{ secrets.DEVEX_OPENSOURCE_BOT_TOKEN }}
previews: luke-cage-preview
script: |
const result = await github.rest.repos.updateBranchProtection({
owner: context.repo.owner,
repo: context.repo.repo,
branch: 'develop',
required_status_checks: null,
restrictions: null,
enforce_admins: null,
required_pull_request_reviews: null
})
console.log("Result:", result)
- name: Semantic Release
env:
# Use nr-opensource-bot for authoring commits done by
# semantic-release (rather than using @semantic-release-bot)
GIT_AUTHOR_NAME: ${{ env.BOT_NAME }}
GIT_AUTHOR_EMAIL: ${{ env.BOT_EMAIL }}
GIT_COMMITTER_NAME: ${{ env.BOT_NAME }}
GIT_COMMITTER_EMAIL: ${{ env.BOT_EMAIL }}
GITHUB_TOKEN: ${{ secrets.DEVEX_OPENSOURCE_BOT_TOKEN }}
run: npx semantic-release@^18.0.0
- name: Re-enable "required_pull_request_reviews" branch protection
id: enable-branch-protection
if: always()
uses: actions/github-script@v6
with:
github-token: ${{ secrets.DEVEX_OPENSOURCE_BOT_TOKEN }}
previews: luke-cage-preview
script: |
const result = await github.rest.repos.updateBranchProtection({
owner: context.repo.owner,
repo: context.repo.repo,
branch: 'develop',
required_status_checks: null,
restrictions: null,
enforce_admins: true,
required_pull_request_reviews: {
dismiss_stale_reviews: true,
required_approving_review_count: 1
}
})
console.log("Result:", result)