-
Notifications
You must be signed in to change notification settings - Fork 11
65 lines (62 loc) · 2.89 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: Release
on:
pull_request:
types: [closed]
workflow_dispatch:
permissions:
contents: read
jobs:
release:
name: Pontos
# If the event is a workflow_dispatch or the label 'make release' is set and PR is closed because of a merge
if: (github.event_name == 'workflow_dispatch') || (contains( github.event.pull_request.labels.*.name, 'make release') && github.event.pull_request.merged == true)
runs-on: "ubuntu-latest"
steps:
- name: Setting the Reference
id: release
run: |
if [[ "${{ github.event_name }}" = "workflow_dispatch" ]]; then
echo "ref=${{ github.ref_name }}" >> $GITHUB_OUTPUT
else
echo "ref=${{ github.base_ref }}" >> $GITHUB_OUTPUT
fi
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4
with:
fetch-depth: 0
persist-credentials: false
ref: ${{ steps.release.outputs.ref }}
- name: Set git name, mail and origin
run: |
git config --global user.name "${{ secrets.GREENBONE_BOT }}"
git config --global user.email "${{ secrets.GREENBONE_BOT_MAIL }}"
git remote set-url origin https://${{ secrets.GREENBONE_BOT_TOKEN }}@github.com/${{ github.repository }}
- uses: greenbone/actions/poetry@v3
- name: Allow admin users bypassing protection on ${{ steps.release.outputs.ref }} branch
run: |
poetry run pontos-github-script pontos.github.scripts.enforce-admins ${{ github.repository }} ${{ steps.release.outputs.ref }} --allow
env:
GITHUB_USER: ${{ secrets.GREENBONE_BOT }}
GITHUB_TOKEN: ${{ secrets.GREENBONE_BOT_TOKEN }}
- name: Create release
run: |
poetry run pontos-release create --repository ${{ github.repository }} --release-type calendar
env:
GITHUB_USER: ${{ secrets.GREENBONE_BOT }}
GITHUB_TOKEN: ${{ secrets.GREENBONE_BOT_TOKEN }}
- name: Disable bypassing protection on ${{ steps.release.outputs.ref }} branch for admin users
run: |
poetry run pontos-github-script pontos.github.scripts.enforce-admins ${{ github.repository }} ${{ steps.release.outputs.ref }} --no-allow
env:
GITHUB_USER: ${{ secrets.GREENBONE_BOT }}
GITHUB_TOKEN: ${{ secrets.GREENBONE_BOT_TOKEN }}
- name: Import gpg key from secrets
run: |
echo -e "${{ secrets.GPG_KEY }}" >> tmp.file
gpg --pinentry-mode loopback --passphrase ${{ secrets.GPG_PASSPHRASE }} --import tmp.file
rm tmp.file
- name: Sign assets for released version
run: |
poetry run pontos-release sign --repository ${{ github.repository }} --signing-key ${{ secrets.GPG_FINGERPRINT }} --passphrase ${{ secrets.GPG_PASSPHRASE }}
env:
GITHUB_USER: ${{ secrets.GREENBONE_BOT }}
GITHUB_TOKEN: ${{ secrets.GREENBONE_BOT_TOKEN }}