diff --git a/.github/workflows/build-on-minimum-supported-platform.yaml b/.github/workflows/build-on-minimum-supported-platform.yaml index f8fcfb0..6b5e4d8 100644 --- a/.github/workflows/build-on-minimum-supported-platform.yaml +++ b/.github/workflows/build-on-minimum-supported-platform.yaml @@ -2,6 +2,11 @@ name: Build on minimum supported platforms on: workflow_dispatch: + workflow_call: + inputs: + identifier: + required: true + type: string pull_request: branches: - main @@ -9,7 +14,7 @@ on: permissions: {} concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + group: ${{ inputs.identifier || github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..6435426 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,109 @@ +name: Release + +on: + push: + branches: + - release + +permissions: + id-token: write + contents: write + pull-requests: write + +jobs: + extract-release-version: + name: Extract release version + runs-on: ubuntu-latest + outputs: + version: ${{ steps.extract-release-version.outputs.result }} + steps: + - name: Extract release version + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + id: extract-release-version + with: + result-encoding: string + script: | + const matches = `${{ github.event.head_commit.message }}`.match(/[0-9]+\.[0-9]+\.[0-9]+/) ?? [] + return matches.length > 0 ? matches[0] : "" + + validate-version-format: + name: Validate Version Format + needs: + - extract-release-version + if: ${{ needs.extract-release-version.outputs.version != '' }} + runs-on: ubuntu-latest + steps: + - name: Validated + run: echo "Releasing new version ${{ needs.extract-release-version.outputs.version }}" + + unit-test: + name: Unit Tests + needs: + - validate-version-format + uses: ./.github/workflows/unit-test.yaml + with: + identifier: workflow-call-unit-test + + build-on-minimum-supported-platforms: + name: Build on minimum supported platforms + needs: + - validate-version-format + uses: ./.github/workflows/build-on-minimum-supported-platform.yaml + with: + identifier: workflow-call-build-on-minimum-platforms + + release: + name: Release new version + needs: + - extract-release-version + - unit-test + - build-on-minimum-supported-platforms + runs-on: ubuntu-latest + env: + RELEASE_VERSION: ${{ needs.extract-release-version.outputs.version }} + steps: + - name: Checkout Code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: release + fetch-depth: 0 + persist-credentials: false + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + role-session-name: ${{ format('{0}.integ-test', github.run_id) }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: Setup Github Token + id: setup-pat + env: + DEPLOY_SECRET_ARN: ${{ secrets.DEPLOY_SECRET_ARN }} + run: | + PAT=$(aws secretsmanager get-secret-value \ + --secret-id "${DEPLOY_SECRET_ARN}" \ + | jq -r ".SecretString") + echo "token=$PAT" >> $GITHUB_OUTPUT + + - name: Create new version tag ${{ needs.extract-release-version.outputs.version }} + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + script: | + github.rest.git.createRef({ + owner: context.repo.owner, + repo: context.repo.repo, + ref: `refs/tags/${process.env.RELEASE_VERSION}`, + sha: context.sha, + force: true + }) + + - name: Sync Back to Main + env: + PAT: ${{ steps.setup-pat.outputs.token }} + GITHUB_USER: aws-amplify-ops + GITHUB_EMAIL: aws-amplify-ops@amazon.com + run: | + git config user.name $GITHUB_USER + git config user.email $GITHUB_EMAIL + git push "https://${PAT}@github.com/${{ github.repository }}" HEAD:main diff --git a/.github/workflows/unit-test.yaml b/.github/workflows/unit-test.yaml index d86a9bf..63393d7 100644 --- a/.github/workflows/unit-test.yaml +++ b/.github/workflows/unit-test.yaml @@ -2,6 +2,11 @@ name: Unit Test on: workflow_dispatch: + workflow_call: + inputs: + identifier: + required: true + type: string pull_request: branches: - main @@ -9,7 +14,7 @@ on: permissions: {} concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + group: ${{ inputs.identifier || github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: