alks-cli/.github/workflows/trigger-release.yml at 3577d494f55e9fc342a3ac7316ed0f42cfad81ec · Cox-Automotive/alks-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: Trigger Release
on:
  push:
    branches:
      - master
jobs:
  get_pull_request:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v2
        with:
          token: ${{ secrets._GITHUB_TOKEN }}

      - name: Get the PR that this merge came from
        uses: actions-ecosystem/action-get-merged-pull-request@136e2f3a66a0d28e8d85094e1042ddbe5abea267
        id: get-merged-pull-request
        with:
          github_token: ${{ secrets._GITHUB_TOKEN }}
    outputs:
      pull_request_labels: ${{ steps.get-merged-pull-request.outputs.labels }}
      pull_request_title: ${{ steps.get-merged-pull-request.outputs.title }}
      pull_request_body: ${{ steps.get-merged-pull-request.outputs.body }}

  bump_version:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
    needs:
      - get_pull_request
    if: ${{ contains(needs.get_pull_request.outputs.pull_request_labels, 'release/patch') || contains(needs.get_pull_request.outputs.pull_request_labels, 'release/minor') || contains(needs.get_pull_request.outputs.pull_request_labels, 'release/major') }}
    steps:
      - name: Check out repository code
        uses: actions/checkout@v2
        with:
          token: ${{ secrets._GITHUB_TOKEN }}

      - uses: actions/setup-node@v2
        with:
          node-version: 24

      - name: Set up Artifactory Auth with OIDC
        uses: jfrog/setup-jfrog-cli@v4
        env:
          JF_URL: https://artifactory.coxautoinc.com
        with:
          oidc-provider-name: gh-public

      - name: Configure npm to use Artifactory
        run: |
          jf npm-config --repo-resolve cai-npm --server-id-resolve setup-jfrog-cli-server

      - name: Set github user
        run: |
          git config --global user.name 'github-actions[bot]'
          git config --global user.email 'github-actions[bot]@users.noreply.github.com'

      - name: install dependencies
        run: jf npm ci

      - name: Get the release level (major/minor/patch) from the labels
        uses: actions-ecosystem/action-release-label@955bf130fba6be3d99d2c14457d0dc7f176bc563
        id: release-label
        if: ${{ needs.get_pull_request.outputs.pull_request_title != null }}
        with:
          labels: ${{ needs.get_pull_request.outputs.pull_request_labels }}

      - name: skip non-merge pushes
        if: ${{ needs.get_pull_request.outputs.pull_request_title == null }}
        run: echo "skipping build since this is not a merge of a pull request" && exit 1

      - name: skip merges without a release label
        if: ${{ steps.release-label.outputs.level == null }}
        run: echo "skipping build since there is no release label on the merged PR" && exit 1

      - name: update the date in changelog.txt (if needed)
        run: |
          echo "★ Release Notes: $(date +%Y-%m-%d) ★" > changelog.temp.txt
          tail -n +2 changelog.txt >> changelog.temp.txt
          if [[ ! $(cmp --silent changelog.txt changelog.temp.txt ) ]]; then
            mv changelog.temp.txt changelog.txt
            git add changelog.txt
            git commit -m 'updates changelog.txt' --allow-empty
          fi

      - name: Bump both git-tag and package.json version
        run: npm version "${{ steps.release-label.outputs.level }}" -m "${{ needs.get_pull_request.outputs.pull_request_title }}"

      # Temporarily disable and reenable enforce administrators
      - name: Temporarily disable "include administrators" branch protection
        uses: benjefferies/branch-protection-bot@1.0.9
        if: always()
        with:
          access_token: ${{ secrets._GITHUB_TOKEN }}
          owner: Cox-Automotive
          repo: alks-cli
          enforce_admins: false

      - name: Commit & Push changes
        uses: ad-m/github-push-action@8407731efefc0d8f72af254c74276b7a90be36e1
        with:
          github_token: ${{ secrets._GITHUB_TOKEN }}
          branch: ${{ github.ref }}
          force: true # have to do this since there's a branch protection on master
          tags: true

      - name: Enable "include administrators" branch protection
        uses: benjefferies/branch-protection-bot@1.0.9
        if: always()  # Force to always run this step to ensure "include administrators" is always turned back on
        with:
          access_token: ${{ secrets._GITHUB_TOKEN }}
          owner: Cox-Automotive
          repo: alks-cli
          enforce_admins: true

      - name: Get the latest tag
        id: previoustag
        uses: WyriHaximus/github-action-get-previous-tag@8656db79964f6757c940965c172d371ceedc8a7f
        with:
          fallback: 0.0.1 # Optional fallback tag to use when no tag can be found

      - uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets._GITHUB_TOKEN }}
        with:
          tag_name: ${{ steps.previoustag.outputs.tag }}
          release_name: ${{ steps.previoustag.outputs.tag }}
          body: ${{ needs.get_pull_request.outputs.pull_request_body }}

      - name: Build the project
        run: npm run build

      - name: Configure npm for npmjs publishing
        run: |
          echo "registry=https://registry.npmjs.org/" > .npmrc

      - name: Publish to npm with OIDC provenance
        run: |
          unset NODE_AUTH_TOKEN
          npm publish --provenance --access public