Create release branch #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Create release branch" | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release_version: | |
| required: true | |
| type: string | |
| default: '0.0' | |
| source_branch: | |
| required: false | |
| type: string | |
| default: 'main' | |
| branch_prefix: | |
| required: false | |
| type: string | |
| default: 'release-' | |
| update: | |
| type: boolean | |
| default: false | |
| dry_run: | |
| type: boolean | |
| default: false | |
| defaults: | |
| run: | |
| shell: bash | |
| permissions: | |
| contents: read | |
| jobs: | |
| create: | |
| name: Create release branch | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| steps: | |
| - name: Checkout NIC repo | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| ref: ${{ inputs.source_branch }} | |
| - name: Azure login | |
| uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0 | |
| with: | |
| client-id: ${{ secrets.AZURE_COMMON_VAULT_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_COMMON_VAULT_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_COMMON_VAULT_SUBSCRIPTION_ID }} | |
| - name: Setup secrets | |
| id: secrets | |
| run: | | |
| echo "Setting secrets for job" | |
| NGINX_PAT=$(az keyvault secret show --name nginx-bot-pat --vault-name ${{ secrets.COMMON_KEYVAULT_NAME }} --query value -o tsv) | |
| echo "::add-mask::$NGINX_PAT" | |
| echo "NGINX_PAT=$NGINX_PAT" >> $GITHUB_OUTPUT | |
| - name: Create new release branch | |
| run: | | |
| branch="${{ inputs.branch_prefix }}${{ inputs.release_version }}" | |
| if git rev-parse --verify remotes/origin/${branch}; then | |
| git checkout ${branch} | |
| git pull | |
| if ${{ inputs.update }}; then | |
| echo "Updating from ${{ inputs.source_branch }}." | |
| git merge -Xtheirs ${{ inputs.source_branch }} -m "chore: Merge branch ${{ inputs.source_branch }} into ${branch}" | |
| else | |
| echo "UPDATE not requested. Not making any changes" | |
| fi | |
| else | |
| git checkout -b ${branch} | |
| fi | |
| echo "Pushing to branch $branch" | |
| if ! ${{ inputs.dry_run }}; then | |
| git push origin "${branch}" | |
| else | |
| echo "DRY RUN not making any changes" | |
| git push --dry-run origin "${branch}" | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ steps.secrets.outputs.NGINX_PAT }} |