diff --git a/.github/workflows/promote.yaml b/.github/workflows/promote.yaml index 4b56be1..183ee9f 100644 --- a/.github/workflows/promote.yaml +++ b/.github/workflows/promote.yaml @@ -7,6 +7,8 @@ on: - "v*" jobs: + # Unchanged: builds and pushes the container image before the release is + # created, so a broken build blocks the GitHub Release. build: uses: ./.github/workflows/build.yaml secrets: inherit @@ -17,23 +19,6 @@ jobs: create-release: needs: build - runs-on: ubuntu-24.04 - steps: - - name: Checkout - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - with: - # NOTE: We explicitly set the refs otherwise the tag - # annotations content is not fetched - # See: https://github.com/actions/checkout/issues/882 - ref: ${{ github.ref }} - - uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 - with: - name: prometheus-postgres-adapter ${{ github.ref_name }} - tag_name: ${{ github.ref_name }} - generate_release_notes: true - # We consider pre-releases if the tag contains a hyphen - # e.g. v1.2.3-alpha.0 - prerelease: ${{ contains(github.ref_name, '-') }} - draft: false - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: scality/workflows/.github/workflows/promote.yaml@7d91dc4ebbe136b54518aa42a1ad6014f8f91526 # v2.9.1 + permissions: + contents: write diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4fec193..cb9fbbd 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -23,61 +23,16 @@ on: - "minor" - "major" -jobs: - prepare-version: - runs-on: ubuntu-24.04 - if: github.ref_name == 'main' - steps: - - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 - id: app-token - # NOTE: This is needed otherwise it's the same user that create the tag - # than the one triggering the workflow on push tag which does not work - with: - app-id: ${{ vars.ACTIONS_APP_ID }} - private-key: ${{ secrets.ACTIONS_APP_PRIVATE_KEY }} - - name: Checkout - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - with: - fetch-depth: 0 - token: ${{ steps.app-token.outputs.token }} - - name: Install semver tool - run: | - curl --fail -LO https://raw.githubusercontent.com/fsaintjacques/semver-tool/3.4.0/src/semver - chmod +x ./semver - - name: Compose release tag - run: | - last_ga_tag="$(git tag --sort=taggerdate --list "v*" | grep -v '\-' | tail -n 1)" - if [[ -z "$last_ga_tag" ]]; then - last_ga_tag="0.0.0" - fi - - new_version="$(./semver bump "${{ inputs.version-scope }}" "$last_ga_tag")" - - if [[ "${{ inputs.version-type }}" == "alpha" ]] || [[ "${{ inputs.version-type }}" == "beta" ]]; then - last_pre_tag="$(git tag --sort=taggerdate --list "v$new_version-${{ inputs.version-type }}.*" | tail -n 1)" - if [[ -z "$last_pre_tag" ]]; then - new_version="$new_version-${{ inputs.version-type }}.1" - else - new_version="$(./semver bump prerel "$last_pre_tag")" - fi - fi - - if [[ "${new_version:0:1}" != "v" ]]; then - new_version="v$new_version" - fi +# The GITHUB_TOKEN only needs to read the repository; the tag is pushed by the +# reusable workflow with the GitHub App token. +permissions: + contents: read - echo "New version: $new_version" - echo "RELEASE_TAG=$new_version" >> "$GITHUB_ENV" - - name: Validate ${{ env.RELEASE_TAG }} tag - run: ./semver validate ${{ env.RELEASE_TAG }} - - - name: Create and push `${{ env.RELEASE_TAG }}` tag - run: | - git fsck - git gc - - git config --global user.email ${{ github.actor }}@scality.com - git config --global user.name ${{ github.actor }} - - git tag -a "${{ env.RELEASE_TAG }}" -m "prometheus-postgres-adapter ${{ env.RELEASE_TAG }}" - git push origin "${{ env.RELEASE_TAG }}" +jobs: + release: + uses: scality/workflows/.github/workflows/release.yaml@7d91dc4ebbe136b54518aa42a1ad6014f8f91526 # v2.9.1 + with: + version-type: ${{ inputs.version-type }} + version-scope: ${{ inputs.version-scope }} + actions-app-id: ${{ vars.ACTIONS_APP_ID }} + secrets: inherit