[Main] Create New Release #29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # Copyright (C) 2025 Hedera Hashgraph, LLC | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| ## | |
| name: "[Main] Create New Release" | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| build_number: | |
| description: "Build Number (ex: 43 = build_00043)" | |
| type: string | |
| required: true | |
| dry-run-enabled: | |
| description: "Perform Dry Run" | |
| type: boolean | |
| required: false | |
| default: false | |
| defaults: | |
| run: | |
| shell: bash | |
| permissions: | |
| id-token: write | |
| contents: read | |
| actions: read | |
| jobs: | |
| create-new-release: | |
| name: Create New Release | |
| runs-on: network-node-linux-medium | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: audit | |
| - name: Process, Validate, and Pad Build Input | |
| id: validate | |
| run: | | |
| echo "The input is ${{ inputs.build_number }}" | |
| if ! [[ "${{ inputs.build_number }}" =~ ^[0-9]+$ ]]; then | |
| echo "Input is not a valid integer" | |
| exit 1 | |
| fi | |
| echo "Input is a valid integer: $(( ${{ inputs.build_number }} ))" | |
| # 5-digit padding | |
| padded_number=$(printf "%05d" ${{ inputs.build_number }}) | |
| echo "Padded number is: $padded_number" | |
| # Add "build_" prefix to the padded number | |
| build_tag="build-$padded_number" | |
| echo "Prefixed number is: $build_tag" | |
| # Export to Github output | |
| echo "BUILD_TAG=$build_tag" >> $GITHUB_OUTPUT | |
| - name: Checkout Code | |
| id: checkout_code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: "0" | |
| ref: ${{ steps.validate.outputs.BUILD_TAG }} | |
| token: ${{ secrets.GH_ACCESS_TOKEN }} | |
| # TODO: Remove this step before mainline merge | |
| - name: Checkout Code - Private Repo Temporarily | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| path: "private" | |
| ref: "14967-clean-semantic-release-workflow" | |
| # TODO: Remove this step before mainline merge | |
| - name: Copy Private .releaserc file to Github Workspace | |
| run: | | |
| echo "Copying the .releaserc file" | |
| cp -f private/.releaserc .releaserc | |
| echo "Removing private directory" | |
| rm -rf private | |
| - name: Display Current Branch or Tag | |
| run: | | |
| # Check if it's a tag | |
| if git describe --exact-match --tags >/dev/null 2>&1; then | |
| echo "Checked out tag: $(git describe --exact-match --tags)" | |
| else | |
| echo "Checked out branch: $(git symbolic-ref --short HEAD)" | |
| fi | |
| - name: Import GPG Key | |
| uses: step-security/ghaction-import-gpg@6c8fe4d0126a59d57c21f87c9ae5dd3451fa3cca # v6.1.0 | |
| with: | |
| git_commit_gpgsign: true | |
| git_tag_gpgsign: true | |
| git_user_signingkey: true | |
| gpg_private_key: ${{ secrets.SVCS_GPG_KEY_CONTENTS }} | |
| passphrase: ${{ secrets.SVCS_GPG_KEY_PASSPHRASE }} | |
| - name: Setup Node | |
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
| with: | |
| node-version: 20 | |
| - name: Install Dependencies | |
| run: | | |
| echo "Installing semantic-release" | |
| npm install -g [email protected] @semantic-release/[email protected] @semantic-release/[email protected] \ | |
| @semantic-release/[email protected] [email protected] \ | |
| [email protected] \ | |
| @commitlint/[email protected] @commitlint/[email protected] \ | |
| [email protected] [email protected] [email protected] | |
| - name: Calculate Temporary Semantic Release Branch Name | |
| id: branch_name | |
| run: | | |
| echo "BRANCH_NAME=temp/${{ steps.validate.outputs.BUILD_TAG }}" >> $GITHUB_OUTPUT | |
| echo "The temp branch name is: ${BRANCH_NAME}" | |
| - name: Create a Temporary Semantic Release Branch | |
| run: | | |
| echo "Going to run the following command:" | |
| echo "git checkout -b ${{ steps.branch_name.outputs.BRANCH_NAME }}" | |
| git checkout -b ${{ steps.branch_name.outputs.BRANCH_NAME }} | |
| - name: Echo Current Branch Name | |
| run: | | |
| current_branch=$(git symbolic-ref --short HEAD) | |
| echo "Currently on branch: $current_branch" | |
| - name: Push Temporary Branch to Origin | |
| run: | | |
| echo "Pushing branch to origin:" | |
| git push --set-upstream origin ${{ steps.branch_name.outputs.BRANCH_NAME }} | |
| - name: Prune Tags | |
| run: | | |
| echo "Prune Tags from Local" | |
| git fetch --prune-tags | |
| - name: Git Merged Tags | |
| run: | | |
| set +x | |
| echo "Git Merged Tags" | |
| git fetch | |
| git branch -la | grep semantic | |
| BRANCH_HEAD_COMMIT = git rev-parse 14967-clean-semantic-release-workflow | |
| git tag --merged ${BRANCH_HEAD_COMMIT} | |
| - name: Publish Semantic Release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }} | |
| GIT_AUTHOR_NAME: ${{ secrets.GIT_USER_NAME }} | |
| GIT_AUTHOR_EMAIL: ${{ secrets.GIT_USER_EMAIL }} | |
| GIT_COMMITTER_NAME: ${{ secrets.GIT_USER_NAME }} | |
| GIT_COMMITTER_EMAIL: ${{ secrets.GIT_USER_EMAIL }} | |
| run: | | |
| ARGS="" | |
| if [[ "${{ github.event.inputs.dry-run-enabled }}" == true ]]; then | |
| ARGS="--dry-run" | |
| fi | |
| echo "Running semantic release command:" | |
| echo "npx semantic-release ${ARGS} --branch ${{ steps.branch_name.outputs.BRANCH_NAME }}" | |
| npx semantic-release ${ARGS} --branch ${{ steps.branch_name.outputs.BRANCH_NAME }} | |
| # - name: Generate Changelog | |
| # run: | | |
| # echo "Generating changelog" | |
| # changelog=$(npx semantic-release --dry-run --no-ci --generate-notes) | |
| # echo "Changelog generated:" | |
| # echo "$changelog" | |
| - name: Ensure Branch Not in Use and Delete Worktree | |
| if: always() | |
| run: | | |
| # Switch to main | |
| git checkout main | |
| # Check if the branch is associated with a worktree and remove the worktree if it exists | |
| worktree_path=$(git worktree list | grep ${{ steps.branch_name.outputs.BRANCH_NAME }} || true) | |
| if [ -n "$worktree_path" ]; then | |
| echo "Removing worktree at $worktree_path" | |
| git worktree remove "$worktree_path" | |
| else | |
| echo "No worktree found for branch ${{ steps.branch_name.outputs.BRANCH_NAME }}" | |
| fi | |
| - name: Delete the Temporary Semantic Release Branch | |
| if: always() | |
| run: | | |
| echo "Deleting the temporary semantic release branch" | |
| echo "Deleting local branch now:" | |
| git branch -d ${{ steps.branch_name.outputs.BRANCH_NAME }} | |
| echo "Deleting remote branch now:" | |
| git push -d origin ${{ steps.branch_name.outputs.BRANCH_NAME }} |