Skip to content

Commit

Permalink
Support hotfixes (#56)
Browse files Browse the repository at this point in the history 
* replace version/release tasks to support hotfixes
* remove codesign step
* update condition for create_release
* set LATEST_TAG and update IS_HOTFIX detection
* add new starter.yml called workflow
* update SDK_SYNC_PAT to input:secret.token
* detect empty tags list
* Reformat manifest properties summary
* use `` not $()
  • Loading branch information
@fiddlermikey
fiddlermikey authored Oct 29, 2023
1 parent 2b982d8 commit 85ceea5
Show file tree
Hide file tree
Showing 4 changed files with 222 additions and 83 deletions.
11 changes: 6 additions & 5 deletions .github/workflows/assign-env-from-json.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,10 +92,11 @@ jobs:
- name: Write variables to Summary
id: adding-final-markdown
run: |
echo "### ${{ steps.read-name.outputs.output-property }} : ${{ steps.read-name.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
echo "### ${{ steps.read-type.outputs.output-property }} : ${{ steps.read-type.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
echo "### ${{ steps.read-update_catalog.outputs.output-property }} : ${{ steps.read-update_catalog.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
echo "### ${{ steps.read-UOFramework.outputs.output-property }} : ${{ steps.read-UOFramework.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
echo "### ${{ steps.read-release_dir.outputs.output-property }} : ${{ steps.read-release_dir.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
echo "### Integration Manifest Properties:" >> $GITHUB_STEP_SUMMARY
echo "* ${{ steps.read-name.outputs.output-property }} : ${{ steps.read-name.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
echo "* ${{ steps.read-type.outputs.output-property }} : ${{ steps.read-type.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
echo "* ${{ steps.read-update_catalog.outputs.output-property }} : ${{ steps.read-update_catalog.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
echo "* ${{ steps.read-UOFramework.outputs.output-property }} : ${{ steps.read-UOFramework.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
echo "* ${{ steps.read-release_dir.outputs.output-property }} : ${{ steps.read-release_dir.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY
6 changes: 5 additions & 1 deletion .github/workflows/dotnet-build-and-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
dotnet-build-and-release:
runs-on: windows-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3

- name: Setup dotnet
uses: actions/setup-dotnet@v3
Expand Down Expand Up @@ -54,6 +54,10 @@ jobs:
echo "Flagged to create release: ${creatingRelease}"
echo "CREATE_RELEASE=${creatingRelease}" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append
$isPreRelease = "${{ github.base_ref }}".StartsWith("release-") -and [System.Convert]::ToBoolean("${{ github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'synchronize') }}")
echo "Pre-release flagged: $($isPreRelease)"
echo "IS_PRE_RELEASE=$($isPreRelease)" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append
dotnet nuget add source https://nuget.pkg.github.com/Keyfactor/index.json -n github -u ${{ github.actor }} -p ${{ secrets.token }} --store-password-in-clear-text
nuget restore $slnPath -Project2ProjectTimeout 240
Expand Down
206 changes: 129 additions & 77 deletions .github/workflows/github-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,110 +8,162 @@ on:
release_url:
description: The upload URL for build artifacts for this release
value: ${{ jobs.create-github-release.outputs.release_url }}
pull_request:
types: [opened, closed, synchronize]
push:

jobs:
call-create-github-release-workflow:
uses: keyfactor/cpr-release-checks/.github/workflows/check-files.yml@main

create-github-release:
runs-on: windows-latest
get-versions:
runs-on: ubuntu-latest
outputs:
release_version: ${{ steps.create_release.outputs.current_tag }}
release_url: ${{ steps.create_release.outputs.upload_url }}
steps:
# determines values of repo name and major.minor release version from branch, and if build should be Releasor Pre-Release
# full release is run on on Push to a release- branch, and requires that branch protection prevent regular pushes from triggering a release
# there is no clear way to capture the 'pull_request' action closing with a merge when the calling workflow has a check for 'push' - the push of the merge is captured and not the pull_request closing
- name: Get release values from workflow state
run: |
$repoName = "${{ github.repository }}".Split("/")
echo "Repo Name: $($repoName[-1])"
echo "REPO_NAME=$($repoName[-1])" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append
PR_BASE_REF: ${{ steps.set-outputs.outputs.PR_BASE_REF }}
PR_COMMIT_SHA: ${{ steps.set-outputs.outputs.PR_COMMIT_SHA }}
GITHUB_SHA: ${{ steps.set-outputs.outputs.GITHUB_SHA }}
PR_BASE_TAG: ${{ steps.set-outputs.outputs.PR_BASE_TAG }}
IS_FULL_RELEASE: ${{ steps.set-outputs.outputs.IS_FULL_RELEASE }}
IS_PRE_RELEASE: ${{ steps.set-outputs.outputs.IS_PRE_RELEASE }}
INC_LEVEL: ${{ steps.set-outputs.outputs.INC_LEVEL }}
IS_RELEASE_BRANCH: ${{ steps.set-outputs.outputs.IS_RELEASE_BRANCH }}
IS_HOTFIX: ${{ steps.set-outputs.outputs.IS_HOTFIX }}
LATEST_TAG: ${{ steps.set-outputs.outputs.LATEST_TAG }}


$relVersion = "${{ github.base_ref }}".Split("-")
echo "Release Version: $($relVersion[-1])"
echo "RELEASE_VERSION=$($relVersion[-1])" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append
steps:
- name: Check out the code
uses: actions/checkout@v3

$isPreRelease = "${{ github.base_ref }}".StartsWith("release-") -and [System.Convert]::ToBoolean("${{ github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'synchronize') }}")
echo "Pre-release flagged: $($isPreRelease)"
echo "IS_PRE_RELEASE=$($isPreRelease)" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append
- name: Display base.ref from Pull Request
if: github.event_name == 'pull_request'
id: display-from-pr
run: |
echo "Event: ${{ github.event_name }}" | tee -a $GITHUB_STEP_SUMMARY
echo "Event Action: ${{ github.event.action }}" | tee -a $GITHUB_STEP_SUMMARY
echo "PR_BASE_REF=${{ github.event.pull_request.base.ref }}" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
echo "PR_STATE=${{ github.event.pull_request.state }}" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
echo "PR_MERGED=${{ github.event.pull_request.merged }}" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
echo "PR_COMMIT_SHA=${{ github.event.pull_request.merge_commit_sha }}" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
echo "GITHUB_SHA=${{ github.sha }}" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
baseref="${{ github.event.pull_request.base.ref }}"
basetag="${baseref#release-}"
echo "PR_BASE_TAG=$basetag" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
# checks if pre-release patch version can be determined from existing release tags or if we start at 0
- name: GitHub Script checks for existing version tags
id: existing_version
uses: actions/github-script@v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VERSION_NUMBER: ${{ env.RELEASE_VERSION }}
if: env.IS_PRE_RELEASE == 'True'
with:
script: |
// check for existing tags on this major.minor version
const tagsList = await github.rest.git.listMatchingRefs({
owner: context.repo.owner,
repo: context.repo.repo,
ref: 'tags'
});
const { VERSION_NUMBER } = process.env;
const tags = tagsList.data.reverse();
// assume linear release pattern - i.e. always working on latest major.minor version
// if there are no tags, or latest tag does not start with VERSION_NUMBER, set a manual version for release
if (tags.length < 1
|| !tags.shift().ref.startsWith(`refs/tags/${VERSION_NUMBER}`)) {
core.exportVariable('MANUAL_VERSION', `${VERSION_NUMBER}.0-rc.0`);
}
# if not a pre release, check if there is a pull request that has closed + merged with the commit SHA of this push
- name: GitHub Script checks for merged pull request
id: merged_pull_request
uses: actions/github-script@v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Display base_ref from Push Event
if: github.event_name == 'push'
with:
script: |
// get all pull requests for this repo
const pulls = await github.rest.pulls.list({
owner: context.repo.owner,
repo: context.repo.repo,
state: 'closed'
});
id: display-from-push
run: |
echo "Branch Ref: ${{ github.ref }}" | tee -a $GITHUB_STEP_SUMMARY
echo "Event: ${{ github.event_name }}" | tee -a $GITHUB_STEP_SUMMARY
echo "github.sha: ${{ github.sha }}" | tee -a $GITHUB_STEP_SUMMARY
// get the state of the latest pull request for this repo
const state = pulls.data[0].state;
const mergeSHA = pulls.data[0].merge_commit_sha;
const targetBranchName = pulls.data[0].base.ref;
const IS_RELEASE = (state == 'closed') && (mergeSHA == context.sha) && (targetBranchName.startsWith('release-'));
- name: Find Latest Tag
if: github.event_name == 'pull_request'
id: find-latest-tag
run: |
prbasetag="${{env.PR_BASE_TAG}}"
git fetch --tags
if [[ -n `git tag` ]]; then
echo "Setting vars"
allBranchTags=`git tag --sort=-v:refname | grep "$prbasetag" || echo ""`
allRepoTags=`git tag --sort=-v:refname`
branchTagBase=`git tag --sort=-v:refname | grep "$prbasetag" | grep -o '^[0-9.]*' | head -n 1 || echo ""`
latestTagBase=`git tag --sort=-v:refname | grep -o '^[0-9.]*' | head -n 1`
latestBranchTag=`git tag --sort=-v:refname | grep "$prbasetag" | grep "^$branchTagBase" | head -n 1 || echo ""`
latestReleasedTag=`git tag --sort=-v:refname | grep "$prbasetag" | grep "^$branchTagBase$" | head -n 1 || echo ""`
console.log(`State: ${state}`);
console.log(`mergeSHA: ${mergeSHA}`);
console.log(`pushSHA: ${context.sha}`);
console.log(`IS_RELEASE: ${IS_RELEASE}`);
# If the *TagBase values are not found in the list of tags, it means no final release was produced, and the latest*Tag vars will be empty
if [[ -z "$latestReleasedTag" ]]; then
latestTag="$latestBranchTag"
else
latestTag="$latestReleasedTag"
fi
echo "LATEST_TAG=${latestTag}" | tee -a "$GITHUB_ENV"
core.exportVariable('IS_RELEASE', `${IS_RELEASE}`);
if [[ "$latestTagBase" == *"$branchTagBase" ]]; then
hf="False"
else
hf="True"
fi
# Create a new release to auto-increment (or use manual version number)
# The intention is to use this to set the make_latest:false property when
# dispatching the create-release action, but it is not *yet* a configurable option
echo "IS_HOTFIX=$hf" | tee -a "$GITHUB_ENV"
else
echo "No tags exist in this repo"
echo "LATEST_TAG=" | tee -a "$GITHUB_ENV"
fi
- name: Set Outputs
if: github.event_name == 'pull_request'
id: set-outputs
run: |
echo "PR_BASE_REF=${{ env.PR_BASE_REF }}" | tee -a "$GITHUB_OUTPUT"
echo "PR_STATE=${{ env.PR_STATE }}"
echo "PR_MERGED=${{ env.PR_MERGED }}"
if [[ "${{ env.PR_STATE }}" == "closed" && "${{ env.PR_MERGED }}" == "true" && "${{ env.PR_COMMIT_SHA }}" == "${{ env.GITHUB_SHA }}" ]]; then
echo "IS_FULL_RELEASE=True" | tee -a "$GITHUB_OUTPUT"
echo "INC_LEVEL=patch" | tee -a "$GITHUB_OUTPUT"
fi
if [[ "${{ env.PR_STATE }}" == "open" ]]; then
echo "IS_PRE_RELEASE=True" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_ENV"
echo "INC_LEVEL=prerelease" | tee -a "$GITHUB_OUTPUT"
fi
if [[ "${{ env.PR_BASE_REF }}" == "release-"* ]]; then
echo "IS_RELEASE_BRANCH=True" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_ENV"
fi
echo "PR_COMMIT_SHA=${{ env.PR_COMMIT_SHA }}" | tee -a "$GITHUB_OUTPUT"
echo "GITHUB_SHA=${{ env.GITHUB_SHA }}" | tee -a "$GITHUB_OUTPUT"
echo "PR_BASE_TAG=${{ env.PR_BASE_TAG }}" | tee -a "$GITHUB_OUTPUT"
echo "IS_HOTFIX=${{ env.IS_HOTFIX }}" | tee -a "$GITHUB_OUTPUT"
echo "LATEST_TAG=${{ env.LATEST_TAG }}" | tee -a "$GITHUB_OUTPUT"
create-github-release:
needs: get-versions
if: github.event_name == 'pull_request' && needs.get-versions.outputs.IS_RELEASE_BRANCH == 'True'
outputs:
release_version: ${{ steps.create_release.outputs.current_tag }}
release_url: ${{ steps.create_release.outputs.upload_url }}
runs-on: ubuntu-latest
steps:
- run: |
echo "INC_LEVEL=${{ needs.get-versions.outputs.INC_LEVEL}}"
- name: Check if initial release
if: needs.get-versions.outputs.LATEST_TAG == ''
run: |
echo "INITIAL_VERSION=${{needs.get-versions.outputs.PR_BASE_TAG}}.0-rc.0" | tee -a "$GITHUB_STEP_SUMMARY" | tee -a "$GITHUB_ENV"
echo "MANUAL_VERSION=${{needs.get-versions.outputs.PR_BASE_TAG}}.0-rc.0" | tee -a "$GITHUB_ENV"
- name: Set semver info
id: set-semver-info
if: needs.get-versions.outputs.LATEST_TAG != ''
uses: fiddlermikey/action-bump-semver@main
with:
current_version: ${{ needs.get-versions.outputs.LATEST_TAG}}
level: ${{ needs.get-versions.outputs.INC_LEVEL}}
preID: rc
- name: Show next sem-version
if: needs.get-versions.outputs.LATEST_TAG != ''
run: |
echo "MANUAL_VERSION=${{ steps.set-semver-info.outputs.new_version }}" > "$GITHUB_ENV"
- run: |
echo "Next version: ${{ env.MANUAL_VERSION }}" | tee -a "$GITHUB_STEP_SUMMARY"
- name: Create new release
id: create_release
# uses: keyfactor/action-create-release@upd-deprecated
uses: keyfactor/action-create-release@v3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MANUAL_VERSION: ${{ env.MANUAL_VERSION }}
if: env.IS_PRE_RELEASE == 'True' || env.IS_RELEASE == 'true'
if: github.event_name == 'pull_request' && needs.get-versions.outputs.IS_RELEASE_BRANCH == 'True'
with:
release_name: ${{ env.RELEASE_VERSION }}
release_name: ${{ env.MANUAL_VERSION }}
body: |
[Changelog](/./CHANGELOG.md)
[Readme](/./README.md)
For the latest README.md updates visit the [Main Page](/../main) for this repository
draft: false
prerelease: ${{ env.IS_PRE_RELEASE == 'True' }}
prerelease: ${{ needs.get-versions.outputs.IS_PRE_RELEASE == 'True'}}
prerelease_suffix: rc
tag_name: ${{ env.MANUAL_VERSION }}
auto_increment_type: ${{ (env.IS_PRE_RELEASE == 'True') && 'prerelease' || 'patch' }}
auto_increment_type: ${{ (needs.get-versions.outputs.IS_PRE_RELEASE == 'True') && 'prerelease' || 'patch' }}
tag_schema: semantic
commitish: ${{ github.sha }}
82 changes: 82 additions & 0 deletions .github/workflows/starter.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
name: Bootstrap Starter Workflow
on:
workflow_call:
#inputs:
# buildtype:
# description: 'Platform to build'
# required: true
# type: string
# release_dir:
# description: 'release_dir property from integration-manifest.json'
# required: true
# type: string
# update_catalog:
# description: 'update_catalog property from integration-manifest.json'
# required: true
# type: string
secrets:
token:
description: 'GitHub token'
required: true

jobs:
call-assign-from-json-workflow:
uses: Keyfactor/actions/.github/workflows/assign-env-from-json.yml@main

call-get-primary-language:
outputs:
primary_language: ${{ steps.read.outputs.primary_language }}
runs-on: ubuntu-latest
name: Detect Primary Language
steps:
- name: Checkout
uses: actions/checkout@v3
with:
token: ${{ secrets.token }}
- name: Read primary language
id: read
uses: fiddlermikey/[email protected]
with:
token: ${{ secrets.token }}
- name: Display type
id: display
run: |
echo "primary_language=${{ steps.read.outputs.primary_language}}" | tee -a "$GITHUB_OUTPUT" | tee -a $GITHUB_STEP_SUMMARY
call-create-github-release-workflow:
uses: Keyfactor/actions/.github/workflows/github-release.yml@support-hotfixes

call-dotnet-build-and-release-workflow:
needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow]
if: needs.call-get-primary-language.outputs.primary_language == 'C#'
uses: keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@support-hotfixes
with:
release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }}
release_dir: ${{ needs.call-assign-from-json-workflow.outputs.release_dir }}

secrets:
token: ${{ secrets.token }}

call-go-build-and-tag-workflow:
needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow]
if: needs.call-get-primary-language.outputs.primary_language == 'Go'
uses: fiddlermikey/actions/.github/workflows/go-build-and-tag.yml@dev
with:
release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}


secrets:
token: ${{ secrets.token }}

#call-generate-readme-workflow:
# if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
# uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main
# secrets:
# token: ${{ secrets.APPROVE_README_PUSH }}

#call-update-catalog-workflow:
# if: inputs.update_catalog == 'True' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
# uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main
# secrets:
# token: ${{ secrets.SDK_SYNC_PAT }}

0 comments on commit 85ceea5

Please sign in to comment.