create-release-branch #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: create-release-branch | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| # When the workflow is executed manually, the user can select whether the branch should correspond to a major, | |
| # minor, or patch release. | |
| release-type: | |
| type: choice | |
| description: what kind of release? | |
| options: | |
| - major | |
| - minor | |
| - patch | |
| required: true | |
| jobs: | |
| create-release-branch: | |
| runs-on: macos-latest | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| permissions: | |
| contents: write | |
| outputs: | |
| branch-name: ${{ steps.create-branch.outputs.branch_name }} | |
| steps: | |
| # Checkout `dev` | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: 'dev' | |
| # We need to set up Node and install our Node dependencies. | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 'lts/*' # Always use Node LTS for building dependencies. | |
| - run: yarn | |
| # Increment the version as desired locally, without actually commiting anything. | |
| - name: Locally increment version | |
| run: | | |
| # A workflow dispatch event lets the user specify what release type they want. | |
| if [[ "${{ github.event_name }}" = "workflow_dispatch" ]]; then | |
| RELEASE_TYPE=${{ github.event.inputs.release-type }} | |
| # The regularly scheduled releases are always minor. | |
| else | |
| RELEASE_TYPE=minor | |
| fi | |
| # Increment the version as needed. | |
| npm --no-git-tag-version version $RELEASE_TYPE | |
| # The branch protection rule for `release-x.y.z` branches prevents pushing commits directly. To work around this, | |
| # we create an interim branch that we _can_ push commits to, and we'll do our version bookkeeping in that branch | |
| # instead. | |
| - id: create-interim-branch | |
| name: Create interim branch | |
| run: | | |
| NEW_VERSION=$(jq -r ".version" package.json) | |
| INTERIM_BRANCH_NAME=${NEW_VERSION}-interim | |
| # Create and check out the interim branch. | |
| git checkout -b $INTERIM_BRANCH_NAME | |
| # Immediately push the interim branch with no changes, so GraphQL can push to it later. | |
| git push --set-upstream origin $INTERIM_BRANCH_NAME | |
| # Update dependencies. | |
| - run: | | |
| yarn upgrade | |
| node tools/UpdateRetireJsVulns.js | |
| # Use the GraphQL API to create a signed commit with the various changes. | |
| - name: Commit to interim branch | |
| run: | | |
| # GraphQL needs to know what branch to push to. | |
| BRANCH=$(git rev-parse --abbrev-ref HEAD) | |
| # GraphQL needs a message for the commit. | |
| NEW_VERSION=$(jq -r ".version" package.json) | |
| MESSAGE="Preparing for v$NEW_VERSION release." | |
| # GraphQL needs the latest versions of the files we changed, as Base64 encoded strings. | |
| NEW_PACKAGE="$(cat package.json | base64)" | |
| NEW_YARN_LOCK="$(cat yarn.lock | base64)" | |
| NEW_RETIREJS_VULNS="$(cat retire-js/RetireJsVulns.json | base64)" | |
| gh api graphql -F message="$MESSAGE" -F oldOid=`git rev-parse HEAD` -F branch="$BRANCH" \ | |
| -F newPackage="$NEW_PACKAGE" -F newYarnLock="$NEW_YARN_LOCK" -F newRetireJsVulns="$NEW_RETIREJS_VULNS" \ | |
| -f query=' | |
| mutation ($message: String!, $oldOid: GitObjectID!, $branch: String!, $newPackage: Base64String!, $newYarnLock: Base64String!, $newRetireJsVulns: Base64String!) { | |
| createCommitOnBranch(input: { | |
| branch: { | |
| repositoryNameWithOwner: "forcedotcom/sfdx-scanner", | |
| branchName: $branch | |
| }, | |
| message: { | |
| headline: $message | |
| }, | |
| fileChanges: { | |
| additions: [ | |
| { | |
| path: "package.json", | |
| contents: $newPackage | |
| }, { | |
| path: "yarn.lock", | |
| contents: $newYarnLock | |
| }, { | |
| path: "retire-js/RetireJsVulns.json", | |
| contents: $newRetireJsVulns | |
| } | |
| ] | |
| }, | |
| expectedHeadOid: $oldOid | |
| }) { | |
| commit { | |
| id | |
| } | |
| } | |
| }' | |
| # Now that we've done our bookkeeping commits on the interim branch, use it as the base for the real release branch. | |
| - name: Create release branch | |
| id: create-branch | |
| run: | | |
| # The commit happened on the remote end, not ours, so we need to clean the directory and pull. | |
| git checkout -- . | |
| git pull | |
| # Now we can create the actual release branch. | |
| NEW_VERSION=$(jq -r ".version" package.json) | |
| git checkout -b release-$NEW_VERSION | |
| git push --set-upstream origin release-$NEW_VERSION | |
| # Now that we're done with the interim branch, delete it. | |
| git push -d origin ${NEW_VERSION}-interim | |
| # Output the release branch name so we can use it in later jobs. | |
| echo "branch_name=release-$NEW_VERSION" >> "$GITHUB_OUTPUT" | |
| # Run all the various tests against the newly created branch. | |
| test-release-branch: | |
| needs: create-release-branch | |
| uses: ./.github/workflows/run-tests.yml | |
| with: | |
| node-matrix: "[{version: 'lts/*', artifact: 'lts'}, {version: 'latest', artifact: 'latest'}]" | |
| java-matrix: "['11', '17']" | |
| target-branch: ${{ needs.create-release-branch.outputs.branch-name }} |