Tag a new release #37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tag a new release | |
| on: | |
| schedule: | |
| # 25.10 releases | |
| - cron: "0 10 * * 1" | |
| # Latest releases | |
| - cron: "0 10 * * 2" | |
| workflow_dispatch: | |
| inputs: | |
| branch: | |
| description: The branch we want to trigger a tag for. | |
| required: false | |
| default: "main" | |
| type: string | |
| tag-prefix: | |
| description: The tag prefix we are looking for. | |
| required: false | |
| default: "v25.10*" | |
| type: string | |
| dry-run: | |
| description: Dry-run the change by doing everything except pushing the tag | |
| required: false | |
| default: true | |
| type: boolean | |
| jobs: | |
| find-last-good: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| actions: read | |
| outputs: | |
| sha: ${{ steps.get-commit.outputs.sha }} | |
| branch: ${{ steps.detect-branch.outputs.branch || 'main' }} | |
| prefix: ${{ steps.detect-prefix.outputs.prefix || 'v*' }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: 25.10 run | |
| if: github.event_name == 'schedule' && github.event.schedule=='0 10 * * 1' | |
| run: | | |
| echo "BRANCH=release/25.10-lts" >> $GITHUB_ENV | |
| echo "TAG_PREFIX=v25.10*" >> $GITHUB_ENV | |
| shell: bash | |
| - name: main run | |
| if: github.event_name == 'schedule' && github.event.schedule=='0 10 * * 2' | |
| run: | | |
| echo "BRANCH=main" >> $GITHUB_ENV | |
| echo "TAG_PREFIX=v*" >> $GITHUB_ENV | |
| shell: bash | |
| - name: Manual run | |
| if: github.event_name == 'workflow_dispatch' | |
| run: | | |
| echo "BRANCH=${{ github.event.inputs.branch }}" >> $GITHUB_ENV | |
| echo "TAG_PREFIX=${{ github.event.inputs.tag-prefix }}" >> $GITHUB_ENV | |
| shell: bash | |
| - name: Figure out branch we are running for | |
| id: detect-branch | |
| run: | | |
| echo "branch=$BRANCH" | |
| echo "branch=$BRANCH" >> $GITHUB_OUTPUT | |
| shell: bash | |
| - name: Figure out branch we are running for | |
| id: detect-prefix | |
| run: | | |
| echo "prefix=$TAG_PREFIX" | |
| echo "prefix=$TAG_PREFIX" >> $GITHUB_OUTPUT | |
| shell: bash | |
| - name: Find matching workflow | |
| run: ./scripts/get-last-good-run.sh | |
| id: get-commit | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| BRANCH: ${{ steps.detect-branch.outputs.branch }} | |
| WORKFLOW: "Build and test" | |
| JOB: "All tests complete" | |
| - name: Debug | |
| run: | | |
| echo "SHA: ${{ steps.get-commit.outputs.sha }}" | |
| echo "Run ID: ${{ steps.get-commit.outputs.run-id }}" | |
| echo "Run URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ steps.get-commit.outputs.run-id }}" | |
| shell: bash | |
| create-tag: | |
| name: Create tag for ${{ needs.find-last-good.outputs.branch }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - find-last-good | |
| permissions: | |
| contents: write | |
| id-token: write | |
| outputs: | |
| tag_name: ${{ steps.tag_name.outputs.tag_name }} | |
| steps: | |
| - name: Authenticate with GCP | |
| uses: google-github-actions/auth@v3 | |
| with: | |
| workload_identity_provider: "projects/841522437311/locations/global/workloadIdentityPools/github-actions/providers/github-actions" | |
| service_account: "terraform-infra@infrastructure-464010.iam.gserviceaccount.com" | |
| - id: get-secrets | |
| name: Get secrets from GCP Secret Manager | |
| # This step retrieves secrets from GCP Secret Manager and sets them as outputs | |
| # The secrets can then be accessed in subsequent steps using ${{ steps.get-secrets.outputs.<secret_name> }} | |
| uses: "google-github-actions/get-secretmanager-secrets@v3" | |
| with: | |
| secrets: |- | |
| github-pat:projects/626836145334/secrets/GITHUB_CI_PAT | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ needs.find-last-good.outputs.sha }} | |
| # The tag must be pushed using a PAT to ensure workflows then run. | |
| token: ${{ steps.get-secrets.outputs.github-pat }} | |
| # We need tags present to check for them | |
| fetch-tags: true | |
| # Need full history | |
| fetch-depth: 0 | |
| - name: Tag name | |
| id: tag_name | |
| run: | | |
| if [[ "$BRANCH" != 'main' ]]; then | |
| echo "Creating next tag name in sequence" | |
| # Get last tag for glob | |
| LAST_TAG=$(git tag -n 1 "${{ needs.find-last-good.outputs.prefix }}" --format='%(refname:strip=2)' --sort='-version:refname' | head -n 1) | |
| echo "Found last tag=$LAST_TAG" | |
| VNUM1=$(echo "$LAST_TAG" | cut -d"." -f1) | |
| VNUM2=$(echo "$LAST_TAG" | cut -d"." -f2) | |
| VNUM3=$(echo "$LAST_TAG" | cut -d"." -f3) | |
| VNUM3=$((VNUM3+1)) | |
| NEW_TAG="$VNUM1.$VNUM2.$VNUM3" | |
| echo "tag_name=$NEW_TAG" | |
| echo "tag_name=$NEW_TAG" >> $GITHUB_OUTPUT | |
| else | |
| echo "Create a tag name based on the current date" | |
| # Format: vYY.M.W | |
| YEAR=$(date +%y) | |
| MONTH=$(date +%-m) | |
| WEEK=$((($(date +%-d)-1)/7+1)) | |
| echo "tag_name=v${YEAR}.${MONTH}.${WEEK}" | |
| echo "tag_name=v${YEAR}.${MONTH}.${WEEK}" >> $GITHUB_OUTPUT | |
| fi | |
| shell: bash | |
| env: | |
| BRANCH: ${{ needs.find-last-good.outputs.branch }} | |
| - name: Check if tag already exists | |
| run: | | |
| # Check if the tag already exists on the remote | |
| if git ls-remote --exit-code --tags origin "$TAG_NAME" >/dev/null; then | |
| echo "Tag $TAG_NAME already exists. Exiting." | |
| git ls-remote --tags | |
| exit 1 | |
| fi | |
| shell: bash | |
| env: | |
| TAG_NAME: ${{ steps.tag_name.outputs.tag_name }} | |
| # The tag must be pushed using a PAT to ensure workflows then run. | |
| - name: Create tag | |
| run: | | |
| git tag ${{ steps.tag_name.outputs.tag_name }} | |
| shell: bash | |
| - name: Push tag | |
| if: ${{ github.event_name != 'workflow_dispatch' || !github.event.inputs.dry-run }} | |
| run: | | |
| git push origin ${{ steps.tag_name.outputs.tag_name }} | |
| shell: bash |