22name : Release Build
33
44on :
5- push :
6- # This workflow should only run on tags, it will trigger when release-please
7- # kicks-off the release process.
8- tags : ["v*.*.*"]
5+ release :
6+ types : [published]
97 workflow_dispatch :
108
119concurrency :
4038 integration-test-file : test/${{ matrix.flavor }}/integration-tests.bats
4139 acceptance-test-path : ${{ matrix.flavor == 'cpp' && 'test/cpp/features' || '' }}
4240 test-devcontainer-file : ${{ matrix.flavor == 'cpp' && '.devcontainer/cpp-test/devcontainer.json' || '' }}
41+
4342 apply-release-notes-template :
4443 name : 📝 Apply Release Template
4544 runs-on : ubuntu-latest
6665env :
6766 GH_TOKEN : ${{ github.token }}
6867 REF_NAME : ${{ github.ref_name }}
68+
6969 update-release-notes :
7070 name : Update Release Notes (🍨 ${{ matrix.flavor }})
7171 strategy :
@@ -117,11 +117,37 @@ jobs:
117117 DIGEST : ${{ steps.inspect-manifest.outputs.digest }}
118118 GH_REPO : ${{ github.repository }}
119119 GH_TOKEN : ${{ github.token }}
120+
121+ publish-devcontainer-templates :
122+ name : 📝 Publish templates
123+ runs-on : ubuntu-latest
124+ permissions :
125+ packages : write # is needed by devcontainers/action to write templates as OCI artifacts
126+ steps :
127+ - uses : step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
128+ with :
129+ disable-sudo : true
130+ egress-policy : audit
131+ - uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
132+ with :
133+ persist-credentials : false
134+ - uses : docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
135+ with :
136+ registry : ghcr.io
137+ username : ${{ github.actor }}
138+ password : ${{ github.token }}
139+ - uses : devcontainers/action@1082abd5d2bf3a11abccba70eef98df068277772 # v1.4.3
140+ with :
141+ disable-repo-tagging : true
142+ publish-templates : true
143+ base-path-to-templates : .devcontainer
144+
120145 generate-documents :
121146 name : 📄 Documentation
122147 uses : ./.github/workflows/wc-document-generation.yml
123148 permissions :
124149 contents : read
150+
125151 upload-documents :
126152 name : 📄 Upload Documents
127153 runs-on : ubuntu-latest
@@ -131,6 +157,10 @@ jobs:
131157 contents : write # is needed to modify a release
132158 needs : [generate-documents]
133159 steps :
160+ - uses : step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
161+ with :
162+ disable-sudo : true
163+ egress-policy : audit
134164 - uses : actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
135165 with :
136166 pattern : documents
@@ -142,3 +172,17 @@ jobs:
142172 GH_REPO : ${{ github.repository }}
143173 GH_TOKEN : ${{ github.token }}
144174 REF_NAME : ${{ github.ref_name }}
175+
176+ comment-released-prs :
177+ name : Comment on released PRs
178+ runs-on : ubuntu-latest
179+ permissions :
180+ pull-requests : write # is needed by rdlf0/comment-released-prs-action to post comments on PRs
181+ steps :
182+ - uses : step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
183+ with :
184+ disable-sudo-and-containers : true
185+ egress-policy : audit
186+ - uses : rdlf0/comment-released-prs-action@a81897eaea04a5faa8779d28607826ddb033321a # v3.1.0
187+ with :
188+ repo-token : ${{ secrets.GITHUB_TOKEN }}
0 commit comments