diff --git a/.github/workflows/promote.yaml b/.github/workflows/promote.yaml index 2c95080..21ca168 100644 --- a/.github/workflows/promote.yaml +++ b/.github/workflows/promote.yaml @@ -8,23 +8,6 @@ on: jobs: create-release: - runs-on: ubuntu-24.04 - steps: - - name: Checkout - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - with: - # NOTE: We explicitly set the refs otherwise the tag - # annotations content is not fetched - # See: https://github.com/actions/checkout/issues/882 - ref: ${{ github.ref }} - - uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 - with: - name: Go-errors ${{ github.ref_name }} - tag_name: ${{ github.ref_name }} - generate_release_notes: true - # We consider pre-releases if the tag contains a hyphen - # e.g. v1.2.3-alpha.0 - prerelease: ${{ contains(github.ref_name, '-') }} - draft: false - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + uses: scality/workflows/.github/workflows/promote.yaml@7d91dc4ebbe136b54518aa42a1ad6014f8f91526 # v2.9.1 + permissions: + contents: write diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3cddb39..8cad8d8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -23,61 +23,31 @@ on: - "minor" - "major" +# The GITHUB_TOKEN only needs to read the repository; the tag is pushed by the +# reusable workflow with the GitHub App token. +permissions: + contents: read + jobs: - prepare-version: + quality-gate: + # Releases are cut from `main` without re-running pre-merge, and for a Go + # library the tag is the artifact: this is the only verification point. runs-on: ubuntu-24.04 if: github.ref_name == 'main' steps: - - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 - id: app-token - # NOTE: This is needed otherwise it's the same user that create the tag - # than the one triggering the workflow on push tag which does not work - with: - app-id: ${{ vars.ACTIONS_APP_ID }} - private-key: ${{ secrets.ACTIONS_APP_PRIVATE_KEY }} - - name: Checkout - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + - name: Setup Go + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: - fetch-depth: 0 - token: ${{ steps.app-token.outputs.token }} - - name: Install semver tool - run: | - curl --fail -LO https://raw.githubusercontent.com/fsaintjacques/semver-tool/3.4.0/src/semver - chmod +x ./semver - - name: Compose release tag - run: | - last_ga_tag=$(git tag --sort=taggerdate --list "v*" | grep -v '\-' | tail -n 1) - if [[ -z "$last_ga_tag" ]]; then - last_ga_tag="0.0.0" - fi - - new_version=$(./semver bump ${{ inputs.version-scope }} "$last_ga_tag") - - if [[ "${{ inputs.version-type }}" == "alpha" ]] || [[ "${{ inputs.version-type }}" == "beta" ]]; then - last_pre_tag=$(git tag --sort=taggerdate --list "v$new_version-${{ inputs.version-type }}.*" | tail -n 1) - if [[ -z "$last_pre_tag" ]]; then - new_version=$new_version-${{ inputs.version-type }}.1 - else - new_version=$(./semver bump prerel "$last_pre_tag") - fi - fi - - if [[ "${new_version:0:1}" != "v" ]]; then - new_version="v$new_version" - fi - - echo "New version: $new_version" - echo "RELEASE_TAG=$new_version" >> $GITHUB_ENV - - name: Validate ${{ env.RELEASE_TAG }} tag - run: ./semver validate ${{ env.RELEASE_TAG }} - - - name: Create and push `${{ env.RELEASE_TAG }}` tag - run: | - git fsck - git gc - - git config --global user.email ${{ github.actor }}@scality.com - git config --global user.name ${{ github.actor }} - - git tag -a "${{ env.RELEASE_TAG }}" -m "Go-errors ${{ env.RELEASE_TAG }}" - git push origin "${{ env.RELEASE_TAG }}" \ No newline at end of file + go-version-file: go.mod + - name: Run tests + run: go test -v -race ./... + + release: + needs: quality-gate + uses: scality/workflows/.github/workflows/release.yaml@7d91dc4ebbe136b54518aa42a1ad6014f8f91526 # v2.9.1 + with: + version-type: ${{ inputs.version-type }} + version-scope: ${{ inputs.version-scope }} + actions-app-id: ${{ vars.ACTIONS_APP_ID }} + secrets: inherit