-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy pathconventional-commit-release.yaml
More file actions
380 lines (346 loc) · 16.3 KB
/
Copy pathconventional-commit-release.yaml
File metadata and controls
380 lines (346 loc) · 16.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
# Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
name: Conventional Commit & Release Please
on:
workflow_call:
inputs:
release_type:
description: |
The type of project to release.
See [release-please](https://github.com/google-github-actions/release-please-action#release-types-supported)
for a full list of supported release types
type: string
required: true
changelog_types:
description: "Additional changelog types to include. Should be a JSON-encoded array of objects."
type: string
required: false
default: "[]"
allowed_scopes:
description: "Comma-separated list of scopes which are allowed in commit message"
type: string
required: false
default: ""
allowed_subject_cases:
description: "Comma-separated list of subject cases which are allowed in commit message"
type: string
required: false
default: "lower-case,upper-case,camel-case,kebab-case,pascal-case,sentence-case,snake-case,start-case"
additional_unqualified_tags:
description: "Additional tags produced for major.minor and major"
type: boolean
required: false
default: true
include_v_in_tag:
description: "Whether or not include 'v' in tags and releases. Default true"
type: boolean
required: false
default: true
pull_request_title_template:
description: "Template for the release-please managed pull request title"
type: string
required: false
default: "chore${scope}: release${component} ${version} (auto-release)"
extra_files:
description: "Additional files to update using release please generic updater"
type: string
required: false
lint_commits:
description: "Whether or not commits should be linted in addition to pull request title"
type: boolean
required: false
default: true
extra_tags:
description: "Comma-separated list of additional tags to create on the release commit"
type: string
required: false
default: ""
outputs:
release_created:
description: "Whether or not a release has been created in this workflow instance"
value: ${{ jobs.release.outputs.release_created }}
release_tag:
description: "Main release tag associated with a created release"
value: ${{ jobs.release.outputs.release_tag }}
additional_tags:
description: "Additional release tags associated with a created release, when additional_unqualified_tags is set"
value: ${{ jobs.release.outputs.additional_tags }}
major_minor_tag:
description: "Major Minor tag associated with a created release, when additional_unqualified_tags is set"
value: ${{ jobs.release.outputs.major_minor_tag }}
major_tag:
description: "Major tag associated with a created release, when additional_unqualified_tags is set"
value: ${{ jobs.release.outputs.major_tag }}
secrets:
RELEASE_TOKEN:
description: Github PAT used for executing the release-please action. Only required on push events to the default branch.
required: false
RELEASE_ACTOR_GPG_PRIVATE_KEY:
description: GPG Private key associated with the release actor. Used to ensure that commits are signed. Only required on push events to the default branch.
required: false
RELEASE_ACTOR_GPG_PASSPHRASE:
description: Passphrase to unlock the use the GPG Key passed in `RELEASE_ACTOR_GPG_PRIVATE_KEY`. Used to ensure that commits are signed. Only required on push events to the default branch.
required: false
RELEASE_ACTOR_GPG_KEY_FINGERPRINT:
description: Fingerprint of the GPG Key associated with the release actor. Used to ensure that when using OpenPGP Subkeys for signing, we don't encounter https://github.com/crazy-max/ghaction-import-gpg/issues/146
required: false
permissions:
contents: write
pull-requests: write
jobs:
commit-lint:
name: PR Title and Commits Lint
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- name: Harden the runner
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
with:
egress-policy: block
policy: global-allowed-endpoints-policy
- name: Calculate Fetch Depth
if: inputs.lint_commits
id: fetch-depth
run: echo "depth=$(( ${{ github.event.pull_request.commits }} + 1 ))" >> "$GITHUB_OUTPUT"
- name: Checkout repo
if: steps.fetch-depth.conclusion == 'success'
id: checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
fetch-depth: ${{ steps.fetch-depth.outputs.depth }}
- name: Fetch base ref
if: steps.checkout.conclusion == 'success'
run: git fetch origin ${{ github.base_ref }}:refs/remotes/origin/${{ github.base_ref }}
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 20.x
- name: Install commitlint
run: |
npm install -g @commitlint/{cli,config-conventional}@^18.6.0
- name: Configure commitlint
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
env:
ALLOWED_SCOPES: ${{ inputs.allowed_scopes }}
ALLOWED_SUBJECT_CASES: ${{ inputs.allowed_subject_cases }}
with:
script: |-
const fs = require('fs');
const allowedScopes = process.env.ALLOWED_SCOPES.trim().split(",").filter(n => n).map(n => { return n.trim(); });
const allowedSubjectCases = process.env.ALLOWED_SUBJECT_CASES.trim().split(",").filter(n => n).map(n => { return n.trim(); });
const config = {
extends: ["@commitlint/config-conventional"],
rules: {
'scope-enum': [2, "always", allowedScopes],
'subject-case': [2, "always", allowedSubjectCases],
}
};
try {
fs.writeFileSync("commitlint.config.js", `module.exports = ${JSON.stringify(config)};`);
} catch (err) {
core.error(`Failed to write commitlint config: ${err}`);
core.setFailed(err);
}
- name: Run commitlint on commits
if: inputs.lint_commits
id: commit-lint
run: |
commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }}
- name: Run commitlint on pull request title
id: commit-lint-pr-title
env:
PR_TITLE: ${{ github.event.pull_request.title }}
run: |
echo "${PR_TITLE}" | commitlint
- name: Comment on Pull Request on Error
if: always()
uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
with:
header: Converntional Commits Error
delete: ${{ steps.commit-lint.conclusion != 'failure' && steps.commit-lint-pr-title.conclusion != 'failure' }}
message: |
This repository uses conventional commits for versioning. Please ensure commits and PR title follow the specification.
Refer to:
[Conventional Commits Summary](https://www.conventionalcommits.org/en/v1.0.0/#summary)
release:
if: github.event_name == 'push' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
name: Release Please
runs-on: ubuntu-latest
outputs:
release_created: ${{ steps.release.outputs.release_created }}
release_tag: ${{ steps.release.outputs.tag_name }}
additional_tags: ${{ steps.additional_tags.outputs.tags }}
major_minor_tag: ${{ steps.additional_tags.outputs.major_minor_tag }}
major_tag: ${{ steps.additional_tags.outputs.major_tag }}
permissions:
id-token: write
steps:
- name: Harden the runner
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
with:
egress-policy: block
policy: global-allowed-endpoints-policy
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Merge default and user input changelog types
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
id: merge-changelog-types
env:
CHANGELOG_TYPES: ${{ inputs.changelog_types }}
with:
script: |-
const changelogTypes = [
{type: "feat", section: "Features"},
{type: "fix", section: "Bug Fixes"},
{type: "perf", section: "Performance Improvements"},
{type: "deps", section: "Dependencies"},
{type: "revert", section: "Reverts"},
{type: "docs", section: "Documentation"},
{type: "style", section: "Styles"},
{type: "chore", section: "Miscellaneous Chores"},
{type: "refactor", section: "Code Refactoring"},
{type: "test", section: "Tests"},
{type: "ci", section: "Continuous Integration"},
];
try {
const userTypes = JSON.parse(process.env.CHANGELOG_TYPES.trim());
if (Array.isArray(userTypes)) {
changelogTypes.push(...userTypes);
}
} catch (err) {
core.warning(`Failed to parse "changelog_types" as JSON: ${err}`);
}
core.setOutput("changelog-types-json", JSON.stringify(changelogTypes));
# Build the JSON object passed to OSS v6 as `config-overrides-json`. The
# OSS fork dropped the v3-era inline action inputs (changelog-types,
# include-v-in-tag, pull-request-title-pattern, extra-files, package-name)
# and accepts them as a single JSON string instead. `release-type` + this
# JSON makes release-please run in inline-config mode
# (Manifest.fromConfig), preserving the v3 behavior without requiring
# callers to commit a release-please-config.json file.
- name: Build release-please config-overrides JSON
id: build-config-overrides
env:
PKG_NAME: ${{ github.event.repository.name }}
CHANGELOG_SECTIONS: ${{ steps.merge-changelog-types.outputs.changelog-types-json }}
INCLUDE_V_IN_TAG: ${{ inputs.include_v_in_tag }}
PR_TITLE_PATTERN: ${{ inputs.pull_request_title_template }}
EXTRA_FILES: ${{ inputs.extra_files }}
run: |
# v3 accepted extra-files as a newline- or comma-separated string;
# OSS v6 expects a JSON array. Split on either delimiter, trim
# per-entry whitespace so "a, b, c" -> ["a","b","c"], drop blanks.
if [ -n "${EXTRA_FILES:-}" ]; then
extra_files_json=$(printf '%s\n' "$EXTRA_FILES" | tr ',' '\n' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | sed '/^$/d' | jq -R . | jq -s -c .)
else
extra_files_json='[]'
fi
overrides=$(jq -n -c \
--arg pkg "$PKG_NAME" \
--argjson sections "$CHANGELOG_SECTIONS" \
--argjson v_in_tag "$INCLUDE_V_IN_TAG" \
--arg pr_title "$PR_TITLE_PATTERN" \
--argjson extra_files "$extra_files_json" \
'{
"package-name": $pkg,
"changelog-sections": $sections,
"include-v-in-tag": $v_in_tag,
"pull-request-title-pattern": $pr_title,
"extra-files": $extra_files
}')
echo "json=$overrides" >> "$GITHUB_OUTPUT"
- uses: step-security/release-please-action-oss@af33b76a7bcd035c1d8837e0190cbf85f719e158 # v6.0.2
id: release
with:
token: ${{ secrets.RELEASE_TOKEN }}
target-branch: ${{ github.event.repository.default_branch }}
release-type: ${{ inputs.release_type }}
config-overrides-json: ${{ steps.build-config-overrides.outputs.json }}
- name: Checkout Release Branch
if: ${{ steps.release.outputs.pr != '' }}
id: checkout-release-branch
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
ref: ${{ fromJson(steps.release.outputs.pr).headBranchName }}
token: ${{ secrets.RELEASE_TOKEN }}
fetch-depth: 0
- name: Import GPG key
id: key-import
if: ${{ steps.checkout-release-branch.conclusion == 'success' }}
uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0
with:
gpg_private_key: ${{ secrets.RELEASE_ACTOR_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.RELEASE_ACTOR_GPG_PASSPHRASE }}
fingerprint: ${{ secrets.RELEASE_ACTOR_GPG_KEY_FINGERPRINT }}
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
- name: Amend the PR commit to sign it
if: ${{ steps.key-import.conclusion == 'success' }}
run: |-
git config --global user.name "${{ steps.key-import.outputs.name }}"
git config --global user.email "${{ steps.key-import.outputs.email }}"
git commit --amend --no-edit -S
git push --force
- name: Create additional tags
if: steps.release.outputs.release_created
id: additional_tags
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
env:
MAJOR: ${{ steps.release.outputs.major }}
MINOR: ${{ steps.release.outputs.minor }}
CREATE_UNQUALIFIED: ${{ inputs.additional_unqualified_tags }}
TAG_PREFIX: ${{ inputs.include_v_in_tag && 'v' || '' }}
EXTRA_TAGS: ${{ inputs.extra_tags }}
with:
script: |-
const tagPrefix = process.env.TAG_PREFIX;
const majorMinorTag = `${tagPrefix}${process.env.MAJOR}.${process.env.MINOR}`;
const majorTag = `${tagPrefix}${process.env.MAJOR}`;
const createUnqualified = process.env.CREATE_UNQUALIFIED == 'true';
const unqalifiedTags = createUnqualified ? [majorMinorTag, majorTag] : []
const extraTags = process.env.EXTRA_TAGS.split(",").filter(n => n).map(n => { return n.trim(); });
const additionalTags = Array.from(new Set([...unqalifiedTags, ...extraTags]));
const opts = {
owner: context.repo.owner,
repo: context.repo.repo,
sha: context.sha,
};
for (const tag of additionalTags) {
core.info(`Creating/updating tag ${tag}`);
try {
try {
// Try to create the tag first
await github.rest.git.createRef({...opts, ref: `refs/tags/${tag}`});
} catch (err) {
if (err.response?.data?.message !== 'Reference already exists') {
throw (err);
}
// Try to update the ref if it already exists
await github.rest.git.updateRef({...opts, ref: `tags/${tag}`, force: true});
}
core.info(`Tag ${tag} created/updated pointing to ${opts.sha}`)
} catch (err) {
core.error(`Failed to create or update tag ${tag}: ${err} (opts: ${JSON.stringify(opts)})`);
core.setFailed(err);
process.exit();
}
}
core.setOutput("tags", JSON.stringify(additionalTags));
if (createUnqualified) {
core.setOutput("major_minor_tag", majorMinorTag);
core.setOutput("major_tag", majorTag);
}