Semantic Release #19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Semantic Release | |
| # This workflow runs after CI passes on the main branch. | |
| # It analyzes commits using Conventional Commits and automatically: | |
| # - Bumps the version | |
| # - Generates/updates CHANGELOG.md | |
| # - Creates a GitHub release | |
| on: | |
| workflow_run: | |
| # Update this to match your CI workflow name (default: "CI - Tests and Linting") | |
| workflows: ["CI - Tests and Linting"] | |
| branches: [main] | |
| types: [completed] | |
| permissions: | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| semantic-release: | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read # Required for actions/checkout | |
| id-token: write # Required for Octo STS | |
| concurrency: | |
| group: semantic-release-${{ github.ref }} | |
| cancel-in-progress: false | |
| steps: | |
| # Chainguard Octo STS authentication (configured at Liatrio org level) | |
| - uses: octo-sts/action@6177b4481c00308b3839969c3eca88c96a91775f # v1.0.0 | |
| id: octo-sts | |
| with: | |
| scope: ${{ github.repository }} | |
| identity: main-semantic-release | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| persist-credentials: false | |
| - name: Get GitHub App User ID | |
| id: get-user-id | |
| run: echo "user-id=$(gh api "/users/octo-sts[bot]" --jq .id)" >> "$GITHUB_OUTPUT" | |
| env: | |
| GH_TOKEN: ${{ steps.octo-sts.outputs.token }} | |
| - name: Configure git author | |
| run: | | |
| set -eox pipefail | |
| git config --global user.name 'octo-sts[bot]' | |
| git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+octo-sts[bot]@users.noreply.github.com' | |
| - name: Use PAT for pushes to origin | |
| run: | | |
| git remote set-url origin \ | |
| https://x-access-token:${{ steps.octo-sts.outputs.token }}@github.com/${{ github.repository }}.git | |
| # sanity check | |
| git ls-remote --heads origin >/dev/null | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Install python-semantic-release | |
| run: pip install "python-semantic-release>=10.0.0,<11.0.0" | |
| - name: Semantic Release | |
| run: semantic-release -c .releaserc.toml version | |
| env: | |
| GH_TOKEN: ${{ steps.octo-sts.outputs.token }} |