-
Notifications
You must be signed in to change notification settings - Fork 0
108 lines (100 loc) · 3.87 KB
/
Copy pathrelease-please.yml
File metadata and controls
108 lines (100 loc) · 3.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
name: Release
# Drives the full release pipeline:
# - Push to `production` → stable release (no -beta suffix, npm `latest` tag).
# - Push to `dev` → beta release (e.g. 5.1.0-beta.0, npm `beta` tag, GitHub
# "pre-release" badge).
# In both cases release-please opens/updates a Release PR; merging that PR
# creates the tag + GitHub Release whose body is the freshly-rendered changelog
# section, and the same workflow run chains into npm publish + binary uploads.
# (Chained as jobs because GITHUB_TOKEN-created releases don't trigger
# workflows listening on `release: published`.)
on:
push:
branches: [production, dev]
workflow_dispatch:
permissions:
contents: write
pull-requests: write
jobs:
release-please-prod:
if: github.ref_name == 'production'
runs-on: ubuntu-latest
# Empty until the automation GitHub App secrets are configured (the same App
# powers the CLA workflow). We use an App token (not GITHUB_TOKEN) so the
# Release PR triggers CI / PR-title / CLA
# checks — PRs opened by GITHUB_TOKEN do not, which would deadlock branch
# protection. Falls back to GITHUB_TOKEN (today's behaviour) until the App
# is set up, so this is safe to merge before then.
env:
BOT_APP_ID: ${{ secrets.BOT_APP_ID }}
outputs:
release_created: ${{ steps.release.outputs.release_created }}
tag_name: ${{ steps.release.outputs.tag_name }}
version: ${{ steps.release.outputs.version }}
steps:
- uses: actions/create-github-app-token@v3
id: app-token
if: env.BOT_APP_ID != ''
with:
app-id: ${{ secrets.BOT_APP_ID }}
private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
- uses: googleapis/release-please-action@v5
id: release
with:
token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
target-branch: production
config-file: release-please-config.json
manifest-file: .release-please-manifest.json
release-please-beta:
if: github.ref_name == 'dev'
runs-on: ubuntu-latest
# See release-please-prod above for why this uses an App token with a
# GITHUB_TOKEN fallback.
env:
BOT_APP_ID: ${{ secrets.BOT_APP_ID }}
outputs:
release_created: ${{ steps.release.outputs.release_created }}
tag_name: ${{ steps.release.outputs.tag_name }}
version: ${{ steps.release.outputs.version }}
steps:
- uses: actions/create-github-app-token@v3
id: app-token
if: env.BOT_APP_ID != ''
with:
app-id: ${{ secrets.BOT_APP_ID }}
private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
- uses: googleapis/release-please-action@v5
id: release
with:
token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
target-branch: dev
config-file: release-please-config-beta.json
manifest-file: .release-please-manifest-beta.json
publish-npm-prod:
needs: release-please-prod
if: needs.release-please-prod.outputs.release_created == 'true'
uses: ./.github/workflows/npm-publish.yml
with:
release_type: prod
secrets: inherit
publish-binaries-prod:
needs: release-please-prod
if: needs.release-please-prod.outputs.release_created == 'true'
uses: ./.github/workflows/release-binaries.yml
with:
tag_name: ${{ needs.release-please-prod.outputs.tag_name }}
secrets: inherit
publish-npm-beta:
needs: release-please-beta
if: needs.release-please-beta.outputs.release_created == 'true'
uses: ./.github/workflows/npm-publish.yml
with:
release_type: beta
secrets: inherit
publish-binaries-beta:
needs: release-please-beta
if: needs.release-please-beta.outputs.release_created == 'true'
uses: ./.github/workflows/release-binaries.yml
with:
tag_name: ${{ needs.release-please-beta.outputs.tag_name }}
secrets: inherit