Skip to content

Commit 78db054

Browse files
LulalabyLulalaby
committed
Add branch protection rename and restore steps
Introduces jobs to temporarily rename branch protection rules before release and restore them afterward. Updates workflow dependencies to ensure correct execution order and maintain branch protection integrity during the release process.
1 parent 8a7a41a commit 78db054

File tree

1 file changed

+74
-8
lines changed

1 file changed

+74
-8
lines changed

.github/workflows/release.yml

Lines changed: 74 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -64,8 +64,43 @@ jobs:
6464
echo "is_rc=false" >> $GITHUB_OUTPUT
6565
fi
6666
67+
branch_protection_rename:
68+
needs: [safety_check]
69+
runs-on: ubuntu-latest
70+
environment: release
71+
env:
72+
GH_TOKEN: ${{ secrets.ADMIN_GITHUB_TOKEN }}
73+
outputs:
74+
master_rule_id: ${{ steps.get_rule_ids.outputs.master_rule_id }}
75+
master_pattern: ${{ steps.get_rule_ids.outputs.master_pattern }}
76+
v_rule_id: ${{ steps.get_rule_ids.outputs.v_rule_id }}
77+
v_pattern: ${{ steps.get_rule_ids.outputs.v_pattern }}
78+
steps:
79+
- name: Get branch protection rule IDs
80+
id: get_rule_ids
81+
run: |
82+
gh api repos/${{ github.repository }}/branch-protection-rules > rules.json
83+
MASTER_ID=$(jq -r '.[] | select(.pattern == "master") | .id' rules.json)
84+
MASTER_PATTERN=$(jq -r '.[] | select(.pattern == "master") | .pattern' rules.json)
85+
V_ID=$(jq -r '.[] | select(.pattern | test("^v[0-9]+\\.[0-9]+\\.x$")) | .id' rules.json)
86+
V_PATTERN=$(jq -r '.[] | select(.pattern | test("^v[0-9]+\\.[0-9]+\\.x$")) | .pattern' rules.json)
87+
echo "master_rule_id=$MASTER_ID" >> $GITHUB_OUTPUT
88+
echo "master_pattern=$MASTER_PATTERN" >> $GITHUB_OUTPUT
89+
echo "v_rule_id=$V_ID" >> $GITHUB_OUTPUT
90+
echo "v_pattern=$V_PATTERN" >> $GITHUB_OUTPUT
91+
- name: Rename master protection to temp-master
92+
if: ${{ steps.get_rule_ids.outputs.master_rule_id != '' }}
93+
run: |
94+
gh api repos/${{ github.repository }}/branch-protection-rules/${{ steps.get_rule_ids.outputs.master_rule_id }} \
95+
-X PATCH -F pattern="temp-master"
96+
- name: Rename v*.* protection to temp-v
97+
if: ${{ steps.get_rule_ids.outputs.v_rule_id != '' }}
98+
run: |
99+
gh api repos/${{ github.repository }}/branch-protection-rules/${{ steps.get_rule_ids.outputs.v_rule_id }} \
100+
-X PATCH -F pattern="temp-v"
101+
67102
lib_release:
68-
needs: [safety_check,pre_config]
103+
needs: [safety_check, pre_config, branch_protection_rename]
69104
runs-on: ubuntu-latest
70105
environment: release
71106
env:
@@ -193,14 +228,15 @@ jobs:
193228
attestations: false
194229
verify-metadata: false
195230

196-
197231
- name: "Echo release url"
198232
run: echo "${{ steps.gh-release.outputs.url }}"
199233

200234
docs_release:
201235
runs-on: ubuntu-latest
202-
needs: [lib_release,pre_config]
203-
if: ${{ needs.pre_config.outputs.is_rc == 'false' || (needs.pre_config.outputs.is_rc == 'true' && endsWith(needs.pre_config.outputs.version, '0rc1')) }}
236+
needs: [lib_release, pre_config, branch_protection_rename, safety_check]
237+
if:
238+
${{ needs.pre_config.outputs.is_rc == 'false' || (needs.pre_config.outputs.is_rc
239+
== 'true' && endsWith(needs.pre_config.outputs.version, '0rc1')) }}
204240
environment: release
205241
steps:
206242
- name: "Sync Versions on Read the Docs"
@@ -228,7 +264,8 @@ jobs:
228264
229265
inform_discord:
230266
runs-on: ubuntu-latest
231-
needs: [lib_release,docs_release,pre_config]
267+
needs:
268+
[lib_release, docs_release, pre_config, branch_protection_rename, safety_check]
232269
environment: release
233270
steps:
234271
- name: "Notify Discord"
@@ -264,7 +301,7 @@ jobs:
264301
265302
determine_milestone_id:
266303
runs-on: ubuntu-latest
267-
needs: [lib_release,pre_config]
304+
needs: [lib_release, pre_config, branch_protection_rename, safety_check]
268305
if: ${{ !contains(needs.pre_config.outputs.version, '-') }}
269306
outputs:
270307
old_milestone_version: ${{ steps.extract_version.outputs.old_milestone_version }}
@@ -286,8 +323,10 @@ jobs:
286323
287324
close_milestone:
288325
runs-on: ubuntu-latest
289-
needs: [determine_milestone_id,pre_config]
290-
if: ${{ !contains(needs.pre_config.outputs.version, 'rc') && endsWith(needs.pre_config.outputs.version, '.0') }}
326+
needs: [determine_milestone_id, pre_config, branch_protection_rename, safety_check]
327+
if:
328+
${{ !contains(needs.pre_config.outputs.version, 'rc') &&
329+
endsWith(needs.pre_config.outputs.version, '.0') }}
291330
environment: release
292331
env:
293332
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -308,3 +347,30 @@ jobs:
308347
run: |
309348
gh extension install valeriobelli/gh-milestone
310349
gh milestone create "${{ needs.determine_milestone_id.outputs.new_milestone_version }}"
350+
351+
branch_protection_restore:
352+
runs-on: ubuntu-latest
353+
needs:
354+
[
355+
branch_protection_rename,
356+
lib_release,
357+
docs_release,
358+
inform_discord,
359+
determine_milestone_id,
360+
close_milestone,
361+
]
362+
environment: release
363+
if: always()
364+
env:
365+
GH_TOKEN: ${{ secrets.ADMIN_GITHUB_TOKEN }}
366+
steps:
367+
- name: Restore master protection pattern
368+
if: ${{ needs.branch_protection_rename.outputs.master_rule_id != '' }}
369+
run: |
370+
gh api repos/${{ github.repository }}/branch-protection-rules/${{ needs.branch_protection_rename.outputs.master_rule_id }} \
371+
-X PATCH -F pattern="${{ needs.branch_protection_rename.outputs.master_pattern }}"
372+
- name: Restore v*.* protection pattern
373+
if: ${{ needs.branch_protection_rename.outputs.v_rule_id != '' }}
374+
run: |
375+
gh api repos/${{ github.repository }}/branch-protection-rules/${{ needs.branch_protection_rename.outputs.v_rule_id }} \
376+
-X PATCH -F pattern="${{ needs.branch_protection_rename.outputs.v_pattern }}"

0 commit comments

Comments
 (0)