-
Notifications
You must be signed in to change notification settings - Fork 50
51 lines (45 loc) · 1.54 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
name: Release new action version
on:
workflow_dispatch:
inputs:
TAG_NAME:
description: 'Tag name that the major tag will point to'
required: true
env:
TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }}
defaults:
run:
shell: pwsh
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
update_tag:
name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} changes
# Remember to configure the releaseNewActionVersion environment with required approvers in the repository settings
environment:
name: releaseNewActionVersion
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
with:
egress-policy: audit
allowed-endpoints:
api.github.com:443
github.com:443
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Update the rc tag
uses: step-security/publish-action@b438f840875fdcb7d1de4fc3d1d30e86cf6acb5d
with:
source-tag: ${{ env.TAG_NAME }}
rc: true
- name: Canary test
uses: docker://ghcr.io/step-security/integration-test/int:latest
env:
PAT: ${{ secrets.PAT }}
canary: true
- name: Update the ${{ env.TAG_NAME }} tag
uses: step-security/publish-action@b438f840875fdcb7d1de4fc3d1d30e86cf6acb5d
with:
source-tag: ${{ env.TAG_NAME }}