Merge pull request #2007 from github/update-v2.22.8-192ad9bd5 #69
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow runs after a release of the action. It: | |
| # 1. Merges any changes from the release back into the main branch. Typically, this is just a single | |
| # commit that updates the changelog. | |
| # 2. Tags the merge commit on the release branch that represents the new release with an `v2.x.y` | |
| # tag | |
| # 3. Updates the `v2` tag to refer to this merge commit. | |
| name: Tag release and merge back | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| baseBranch: | |
| description: 'The base branch to merge into' | |
| default: main | |
| required: false | |
| push: | |
| branches: | |
| - releases/v2 | |
| jobs: | |
| merge-back: | |
| runs-on: ubuntu-latest | |
| if: github.repository == 'github/codeql-action' | |
| env: | |
| BASE_BRANCH: "${{ github.event.inputs.baseBranch || 'main' }}" | |
| HEAD_BRANCH: "${{ github.head_ref || github.ref }}" | |
| steps: | |
| - name: Dump environment | |
| run: env | |
| - name: Dump GitHub context | |
| env: | |
| GITHUB_CONTEXT: '${{ toJson(github) }}' | |
| run: echo "${GITHUB_CONTEXT}" | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| - name: Update git config | |
| run: | | |
| git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git config --global user.name "github-actions[bot]" | |
| - name: Get version and new branch | |
| id: getVersion | |
| run: | | |
| VERSION="v$(jq '.version' -r 'package.json')" | |
| echo "version=${VERSION}" >> $GITHUB_OUTPUT | |
| short_sha="${GITHUB_SHA:0:8}" | |
| NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${short_sha}" | |
| echo "newBranch=${NEW_BRANCH}" >> $GITHUB_OUTPUT | |
| - name: Dump branches | |
| env: | |
| NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}" | |
| run: | | |
| echo "BASE_BRANCH ${BASE_BRANCH}" | |
| echo "HEAD_BRANCH ${HEAD_BRANCH}" | |
| echo "NEW_BRANCH ${NEW_BRANCH}" | |
| - name: Create mergeback branch | |
| env: | |
| NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}" | |
| run: | | |
| git checkout -b "${NEW_BRANCH}" | |
| - name: Check for tag | |
| id: check | |
| env: | |
| VERSION: "${{ steps.getVersion.outputs.version }}" | |
| run: | | |
| set +e # don't fail on an errored command | |
| git ls-remote --tags origin | grep "${VERSION}" | |
| exists="$?" | |
| if [ "${exists}" -eq 0 ]; then | |
| echo "Tag ${VERSION} exists. Not going to re-release." | |
| echo "exists=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "Tag ${VERSION} does not exist yet." | |
| fi | |
| # we didn't tag the release during the update-release-branch workflow because the | |
| # commit that actually makes it to the release branch is a merge commit, | |
| # and not yet known during the first workflow. We tag now because we know the correct commit. | |
| - name: Tag release | |
| if: steps.check.outputs.exists != 'true' | |
| env: | |
| VERSION: ${{ steps.getVersion.outputs.version }} | |
| run: | | |
| # Unshallow the repo in order to allow pushes | |
| git fetch --unshallow | |
| # Create the `vx.y.z` tag | |
| git tag --annotate "${VERSION}" --message "${VERSION}" | |
| # Update the `vx` tag | |
| major_version_tag=$(cut -d '.' -f1 <<< "${VERSION}") | |
| # Use `--force` to overwrite the major version tag | |
| git tag --annotate "${major_version_tag}" --message "${major_version_tag}" --force | |
| # Push the tags, using: | |
| # - `--atomic` to make sure we either update both tags or neither (an intermediate state, | |
| # e.g. where we update the v2.x.y tag on the remote but not the v2 tag, could result in | |
| # unwanted Dependabot updates, e.g. from v2 to v2.x.y) | |
| # - `--force` since we're overwriting the `vx` tag | |
| git push origin --atomic --force refs/tags/"${VERSION}" refs/tags/"${major_version_tag}" | |
| - name: Create mergeback branch | |
| if: steps.check.outputs.exists != 'true' | |
| env: | |
| VERSION: "${{ steps.getVersion.outputs.version }}" | |
| NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}" | |
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| run: | | |
| set -exu | |
| pr_title="Mergeback ${VERSION} ${HEAD_BRANCH} into ${BASE_BRANCH}" | |
| pr_body=$(cat << EOF | |
| This PR bumps the version number and updates the changelog after the ${VERSION} release. | |
| Please do the following: | |
| - [ ] Remove and re-add the "Update dependencies" label to the PR to trigger just this workflow. | |
| - [ ] Wait for the "Update dependencies" workflow to push a commit updating the dependencies. | |
| - [ ] Mark the PR as ready for review to trigger the full set of PR checks. | |
| - [ ] Approve and merge the PR. When merging the PR, make sure "Create a merge commit" is | |
| selected rather than "Squash and merge" or "Rebase and merge". | |
| EOF | |
| ) | |
| # Update the version number ready for the next release | |
| npm version patch --no-git-tag-version | |
| # Update the changelog | |
| perl -i -pe 's/^/## \[UNRELEASED\]\n\nNo user facing changes.\n\n/ if($.==5)' CHANGELOG.md | |
| git add . | |
| git commit -m "Update changelog and version after ${VERSION}" | |
| git push origin "${NEW_BRANCH}" | |
| # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft | |
| # so that a maintainer can take the PR out of draft, thereby triggering the PR checks. | |
| gh pr create \ | |
| --head "${NEW_BRANCH}" \ | |
| --base "${BASE_BRANCH}" \ | |
| --title "${pr_title}" \ | |
| --label "Update dependencies" \ | |
| --body "${pr_body}" \ | |
| --assignee "${GITHUB_ACTOR}" \ | |
| --draft |