Dependency updates auto-release #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency updates auto-release | |
| on: | |
| schedule: | |
| - cron: '0 4 * * 0' | |
| workflow_dispatch: | |
| inputs: | |
| force_create: | |
| description: 'Create release regardless of mixed feature and dependency updates' | |
| type: boolean | |
| required: true | |
| default: false | |
| jobs: | |
| release: | |
| name: Create release with auto-updates | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Create access token | |
| uses: actions/create-github-app-token@v2 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.GH_APP_ID }} | |
| private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
| owner: "kereis" | |
| repositories: | | |
| traefik-certs-dumper | |
| - name: Authenticate GitHub CLI | |
| run: echo "${{ steps.app-token.outputs.token }}" | gh auth login --with-token | |
| - name: Make sure diff contains dependency updates only | |
| id: deps_only_check | |
| run: | | |
| last_release=$(gh release list --json tagName,isLatest --jq '.[] | select(.isLatest) | .tagName') | |
| last_release_tag=$(git tag -l | grep -F $last_release) | |
| if git diff --quiet $last_release_tag...HEAD; then | |
| echo "::warning title=No changes detected::There are no changed files between current state and last release '$last_release'. Won't create release!" | |
| exit 1 | |
| fi | |
| count_of_non_updates_commits=$(git log --pretty=format:"%an" HEAD...$last_release_tag | uniq | grep -v '^dependabot\[bot\]$' | wc -l) | |
| if [[ "${{ inputs.force_create }}" != 'true' ]] && (( $count_of_non_updates_commits > 0 )); then | |
| echo "::error title=Non-update commits detected::git-log contains more than one commit that is not authored by dependabot[bot]. Please create release manually!" | |
| exit 1 | |
| fi | |
| if [[ "${{ inputs.force_create }}" != 'true' ]] && (( $(git diff --name-only $last_release_tag HEAD | grep -v '.github' | wc -l) == 0 )); then | |
| echo "::warning title=Changes in .github only::The diff contains changes that are only related to GitHub Actions. Won't create release!" | |
| exit 1 | |
| fi | |
| echo "LAST_RELEASE=$last_release" >> "$GITHUB_OUTPUT" | |
| - name: Bump patch version | |
| id: new_version_tag | |
| env: | |
| LAST_RELEASE: ${{ steps.deps_only_check.outputs.LAST_RELEASE }} | |
| run: | | |
| major=$(echo "$LAST_RELEASE" | cut -d '.' -f 1) | |
| minor=$(echo "$LAST_RELEASE" | cut -d '.' -f 2) | |
| patch=$(echo "$LAST_RELEASE" | cut -d '.' -f 3) | |
| echo "Version split - major: $major, minor: $minor, patch: $patch" | |
| new_patch_version=$(echo "$patch + 1" | bc) | |
| echo "New patch version: $new_patch_version" | |
| new_version=$(echo "$major.$minor.$new_patch_version") | |
| echo "::notice::Bumped version: $new_version" | |
| echo "NEW_VERSION=$new_version" >> "$GITHUB_OUTPUT" | |
| - name: Create release branch | |
| id: create_release_branch | |
| env: | |
| NEW_VERSION: ${{ steps.new_version_tag.outputs.NEW_VERSION }} | |
| run: | | |
| release_branch=release/$(echo "$NEW_VERSION" | cut -d 'v' -f 2) | |
| git checkout -b $release_branch && git push origin HEAD | |
| echo "::notice::Release branch: $release_branch" | |
| echo "RELEASE_BRANCH=$release_branch" >> "$GITHUB_OUTPUT" | |
| - name: Create new release | |
| env: | |
| NEW_VERSION: ${{ steps.new_version_tag.outputs.NEW_VERSION }} | |
| RELEASE_BRANCH: ${{ steps.create_release_branch.outputs.RELEASE_BRANCH }} | |
| run: | | |
| gh release create "$NEW_VERSION" \ | |
| --title "$NEW_VERSION (auto-release)" \ | |
| --generate-notes \ | |
| --target "$RELEASE_BRANCH" \ | |
| --discussion-category "General" \ | |
| --latest |