Merge back release branch to main

.github/workflows/build.yaml

@@ -10,7 +10,9 @@ on:
 
   # Only run for pull requests if relevant files were changed
   pull_request:
-    branches: [main]
+    branches:
+      - main
+      - 'release/**'
     paths:
       - Dockerfile
       - docker-bake.hcl
@@ -31,10 +33,37 @@ env:
   DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
 
 jobs:
+  compute-version:
+    name: Compute version using git describe
+    runs-on: ubuntu-24.04
+    outputs:
+      describe: ${{ steps.git.outputs.describe }}
+      timestamp: ${{ steps.git.outputs.timestamp }}
+    steps:
+      - name: Checkout the code
+        uses: actions/[email protected]
+        with:
+          # Need a full clone so that `git describe` reports the right version
+          fetch-depth: 0
+
+      - name: Compute version and timestamp out of git history
+        id: git
+        run: |
+          echo "describe=$(git describe --tags --match 'v*.*.*' --always)" >> $GITHUB_OUTPUT
+          echo "timestamp=$(git log -1 --format=%ct)" >> $GITHUB_OUTPUT
+
+
   build-binaries:
     name: Build binaries
     runs-on: ubuntu-22.04
 
+    needs:
+      - compute-version
+
+    env:
+      VERGEN_GIT_DESCRIBE: ${{ needs.compute-version.outputs.describe }}
+      SOURCE_DATE_EPOCH: ${{ needs.compute-version.outputs.timestamp }}
+
     permissions:
       contents: read
 
@@ -136,6 +165,13 @@ jobs:
       packages: write
       id-token: write
 
+    needs:
+      - compute-version
+
+    env:
+      VERGEN_GIT_DESCRIBE: ${{ needs.compute-version.outputs.describe }}
+      SOURCE_DATE_EPOCH: ${{ needs.compute-version.outputs.timestamp }}
+
     steps:
       - name: Docker meta
         id: meta

.github/workflows/merge-back.yaml

@@ -0,0 +1,72 @@
+name: Merge back a reference to main
+on:
+  workflow_call:
+    inputs:
+      sha:
+        required: true
+        type: string
+    secrets:
+      BOT_GITHUB_TOKEN:
+        required: true
+
+jobs:
+  merge-back:
+    name: Merge back the reference to main
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Push branch and open a PR
+        uses: actions/[email protected]
+        env:
+          SHA: ${{ inputs.sha }}
+        with:
+          github-token: ${{ secrets.BOT_GITHUB_TOKEN }}
+          script: |
+            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');
+            const sha = process.env.SHA;
+            const branch = `ref-merge/${sha}`;
+            const ref = `heads/${branch}`;
+
+            await github.rest.git.createRef({
+              owner,
+              repo,
+              ref,
+              sha,
+            });
+            console.log(`Created branch ${branch} to ${sha}`);
+
+            // Create a PR to merge the branch back to main
+            const pr = await github.rest.pulls.create({
+              owner,
+              repo,
+              head: branch,
+              base: 'main',
+              title: `Automatic merge back to main`,
+              body: `This pull request was automatically created by the release workflow. It merges the release branch back to main.`,
+              maintainer_can_modify: true,
+            });
+            console.log(`Created pull request #${pr.data.number} to merge the release branch back to main`);
+            console.log(`PR URL: ${pr.data.html_url}`);
+
+            // Add the `T-Task` label to the PR
+            await github.rest.issues.addLabels({
+              owner,
+              repo,
+              issue_number: pr.data.number,
+              labels: ['T-Task'],
+            });
+
+            // Enable auto-merge on the PR
+            await github.graphql(
+              `
+                mutation AutoMerge($id: ID!) {
+                  enablePullRequestAutoMerge(input: {
+                    pullRequestId: $id,
+                    mergeMethod: MERGE,
+                  }) {
+                    clientMutationId
+                  }
+                }
+              `,
+              { id: pr.data.node_id },
+            );

.github/workflows/release-branch.yaml

@@ -73,6 +73,14 @@ jobs:
     secrets:
       BOT_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
 
+  merge-back:
+    uses: ./.github/workflows/merge-back.yaml
+    needs: [tag]
+    with:
+      sha: ${{ needs.tag.outputs.sha }}
+    secrets:
+      BOT_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
+
   branch:
     name: Create a new release branch
     runs-on: ubuntu-22.04
@@ -103,20 +111,3 @@ jobs:
               sha,
             });
             console.log(`Created branch ${branch} from ${sha}`);
-
-      - name: Checkout the code
-        uses: actions/[email protected]
-        with:
-          ref: "release/v${{ needs.compute-version.outputs.short }}"
-
-      - name: Open a pull request to merge the branch into main
-        env:
-          VERSION: ${{ needs.compute-version.outputs.short }}
-          GH_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
-        run: |
-          gh pr create \
-            --title "Release branch $VERSION" \
-            --body "This pull request was automatically created by the release workflow. It merges the release branch back to main." \
-            --base main \
-            --head "release/v$VERSION" \
-            --label "T-Task"

.github/workflows/release-bump.yaml

@@ -42,7 +42,7 @@ jobs:
       - name: Compute the new minor RC
         id: next
         env:
-          BUMP: ${{ github.event.inputs.rc && 'prerelease' || 'patch' }}
+          BUMP: ${{ inputs.rc && 'prerelease' || 'patch' }}
           VERSION: ${{ steps.current.outputs.version }}
         run: echo "version=$(npx --yes [email protected] -i "$BUMP" --preid rc "$VERSION")" >> "$GITHUB_OUTPUT"
 
@@ -54,6 +54,15 @@ jobs:
     secrets:
       BOT_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
 
+  merge-back:
+    uses: ./.github/workflows/merge-back.yaml
+    needs: [tag]
+    if: inputs.merge-back
+    with:
+      sha: ${{ needs.tag.outputs.sha }}
+    secrets:
+      BOT_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
+
   update-branch:
     name: Update the release branch
     runs-on: ubuntu-22.04
@@ -83,21 +92,3 @@ jobs:
               sha,
             });
             console.log(`Updated branch ${branch} to ${sha}`);
-
-      - name: Checkout the code
-        uses: actions/[email protected]
-        with:
-          ref: "${{ github.ref_name }}"
-
-      - name: Open a pull request to merge the release branch back to main
-        if: github.event.inputs.merge-back
-        env:
-          VERSION: ${{ needs.compute-version.outputs.version }}
-          GH_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
-        run: |
-          gh pr create \
-            --title "Release branch $VERSION" \
-            --body "This pull request was automatically created by the release workflow. It merges the release branch back to main." \
-            --base main \
-            --head "$GITHUB_REF_NAME" \
-            --label "T-Task"