create_release_pull_request #65
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: create_release_pull_request | |
on: | |
push: | |
tags: | |
- 'v[0-9]+.[0-9]+.0' # run this workflow when a new minor version is published | |
workflow_dispatch: | |
inputs: | |
release_version: | |
description: 'Which version are we creating a release pull request for?' | |
required: true | |
permissions: | |
contents: write | |
pull-requests: write | |
jobs: | |
create-release-pull-request: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
with: | |
egress-policy: audit | |
- name: Set up Go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version: "1.23" | |
check-latest: true | |
- name: Set release version and target branch for vNext | |
if: github.event_name == 'push' | |
run: | | |
TAG="$(echo "${{ github.ref }}" | tr -d 'refs/tags/v')" | |
MAJOR_VERSION="$(echo "${TAG}" | cut -d '.' -f1)" | |
echo "MAJOR_VERSION=${MAJOR_VERSION}" >> ${GITHUB_ENV} | |
MINOR_VERSION="$(echo "${TAG}" | cut -d '.' -f2)" | |
echo "MINOR_VERSION=${MINOR_VERSION}" >> ${GITHUB_ENV} | |
# increment the minor version by 1 for vNext | |
echo "NEWVERSION=v${MAJOR_VERSION}.$((MINOR_VERSION+1)).0-beta.0" >> ${GITHUB_ENV} | |
# pre-release is always being merged to the master branch | |
echo "TARGET_BRANCH=master" >> ${GITHUB_ENV} | |
echo "TAG=${TAG}" >> ${GITHUB_ENV} | |
- name: Set release version and target branch from input | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
NEWVERSION="${{ github.event.inputs.release_version }}" | |
echo "${NEWVERSION}" | grep -E '^v[0-9]+\.[0-9]+\.[0-9](-(beta|rc)\.[0-9]+)?$' || (echo "release_version should be in the format vX.Y.Z, vX.Y.Z-beta.A, or vX.Y.Z-rc.B" && exit 1) | |
echo "NEWVERSION=${NEWVERSION}" >> ${GITHUB_ENV} | |
echo "TAG=${NEWVERSION}" >> ${GITHUB_ENV} | |
MAJOR_VERSION="$(echo "${NEWVERSION}" | cut -d '.' -f1 | tr -d 'v')" | |
MINOR_VERSION="$(echo "${NEWVERSION}" | cut -d '.' -f2)" | |
# non-beta releases should always be merged to release branches | |
echo "TARGET_BRANCH=release-${MAJOR_VERSION}.${MINOR_VERSION}" >> ${GITHUB_ENV} | |
# beta releases should always be merged to master | |
if [[ "${NEWVERSION}" =~ "beta" ]]; then | |
echo "TARGET_BRANCH=master" >> ${GITHUB_ENV} | |
fi | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
fetch-depth: 0 | |
- name: Create release branch if needed | |
run: | | |
git checkout "${TARGET_BRANCH}" && exit 0 | |
# Create and push release branch if it doesn't exist | |
git checkout -b "${TARGET_BRANCH}" | |
git push --set-upstream origin "${TARGET_BRANCH}" | |
- run: make release-manifest promote-staging-manifest | |
- if: github.event_name == 'push' | |
run: | | |
tags=$(git tag -l --sort=-v:refname) | |
versions='' | |
for tag in $tags; do | |
if echo "$tag" | grep -Eq '^v[0-9]+\.[0-9]+\.[0-9]+$'; then | |
opa=$(curl https://raw.githubusercontent.com/open-policy-agent/gatekeeper/$tag/go.mod | grep /opa | awk '{print $2}') | |
if [ $opa ]; then | |
versions+="| \`$tag\` | \`$opa\` |\n" | |
fi | |
fi | |
done | |
make version-docs NEWVERSION=v${MAJOR_VERSION}.${MINOR_VERSION}.x TAG=v${TAG} OPA_VERSIONS="${versions}" | |
- name: Create release pull request | |
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 | |
with: | |
commit-message: "chore: Prepare ${{ env.NEWVERSION }} release" | |
title: "chore: Prepare ${{ env.NEWVERSION }} release" | |
branch: "release-${{ env.NEWVERSION }}" | |
base: "${{ env.TARGET_BRANCH }}" | |
signoff: true | |
labels: | | |
release-pr | |
${{ github.event.inputs.release_version }} |