Bump 4.14.1 (Support_new_version_4.14.1_from_4.14.0) #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Repository bumper | |
| run-name: Bump ${{ github.ref_name }} (${{ inputs.id }}) | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'Target version (e.g. 1.2.3)' | |
| default: '' | |
| required: false | |
| type: string | |
| stage: | |
| description: 'Version stage (e.g. alpha0)' | |
| default: '' | |
| required: false | |
| type: string | |
| tag: | |
| description: 'Change branches references to tag-like references (e.g. v4.12.0-alpha7)' | |
| default: false | |
| required: false | |
| type: boolean | |
| issue-link: | |
| description: 'Issue link in format https://github.com/wazuh/<REPO>/issues/<ISSUE-NUMBER>' | |
| required: true | |
| type: string | |
| id: | |
| description: 'Optional identifier for the run' | |
| required: false | |
| type: string | |
| jobs: | |
| bump: | |
| name: Repository bumper | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| env: | |
| CI_COMMIT_AUTHOR: wazuhci | |
| CI_COMMIT_EMAIL: [email protected] | |
| CI_GPG_PRIVATE_KEY: ${{ secrets.CI_WAZUHCI_GPG_PRIVATE }} | |
| GH_TOKEN: ${{ secrets.CI_WAZUHCI_BUMPER_TOKEN }} | |
| BUMP_SCRIPT_PATH: tools/repository_bumper.sh | |
| BUMP_LOG_PATH: tools | |
| steps: | |
| - name: Dump event payload | |
| run: | | |
| cat $GITHUB_EVENT_PATH | jq '.inputs' | |
| - name: Set up GPG key | |
| id: signing_setup | |
| run: | | |
| echo "${{ env.CI_GPG_PRIVATE_KEY }}" | gpg --batch --import | |
| KEY_ID=$(gpg --list-secret-keys --with-colons | awk -F: '/^sec/ {print $5; exit}') | |
| echo "gpg_key_id=$KEY_ID" >> $GITHUB_OUTPUT | |
| - name: Set up git | |
| run: | | |
| git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}" | |
| git config --global user.email "${{ env.CI_COMMIT_EMAIL }}" | |
| git config --global commit.gpgsign true | |
| git config --global user.signingkey "${{ steps.signing_setup.outputs.gpg_key_id }}" | |
| echo "use-agent" >> ~/.gnupg/gpg.conf | |
| echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf | |
| echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf | |
| echo RELOADAGENT | gpg-connect-agent | |
| export DEBIAN_FRONTEND=noninteractive | |
| export GPG_TTY=$(tty) | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| # Using workflow-specific GITHUB_TOKEN because currently CI_WAZUHCI_BUMPER_TOKEN | |
| # doesn't have all the necessary permissions | |
| token: ${{ env.GH_TOKEN }} | |
| - name: Determine branch name | |
| id: vars | |
| env: | |
| VERSION: ${{ inputs.version }} | |
| STAGE: ${{ inputs.stage }} | |
| TAG: ${{ inputs.tag }} | |
| run: | | |
| script_params="" | |
| version=${{ env.VERSION }} | |
| stage=${{ env.STAGE }} | |
| tag=${{ env.TAG }} | |
| # Both version and stage provided | |
| if [[ -n "$version" && -n "$stage" && "$tag" != "true" ]]; then | |
| script_params="--version ${version} --stage ${stage}" | |
| elif [[ -n "$version" && -n "$stage" && "$tag" == "true" ]]; then | |
| script_params="--version ${version} --stage ${stage} --tag ${tag}" | |
| fi | |
| issue_number=$(echo "${{ inputs.issue-link }}" | awk -F'/' '{print $NF}') | |
| BRANCH_NAME="enhancement/wqa${issue_number}-bump-${{ github.ref_name }}" | |
| echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT | |
| echo "script_params=${script_params}" >> $GITHUB_OUTPUT | |
| - name: Create and switch to bump branch | |
| run: | | |
| git checkout -b ${{ steps.vars.outputs.branch_name }} | |
| - name: Make version bump changes | |
| run: | | |
| echo "Running bump script" | |
| bash ${{ env.BUMP_SCRIPT_PATH }} ${{ steps.vars.outputs.script_params }} | |
| - name: Commit and push changes | |
| run: | | |
| git add . | |
| git commit -m "feat: bump ${{ github.ref_name }}" | |
| git push origin ${{ steps.vars.outputs.branch_name }} | |
| - name: Create pull request | |
| id: create_pr | |
| run: | | |
| gh auth setup-git | |
| PR_URL=$(gh pr create \ | |
| --title "Bump ${{ github.ref_name }} branch" \ | |
| --body "Issue: ${{ inputs.issue-link }}" \ | |
| --base ${{ github.ref_name }} \ | |
| --head ${{ steps.vars.outputs.branch_name }}) | |
| echo "Pull request created: ${PR_URL}" | |
| echo "pull_request_url=${PR_URL}" >> $GITHUB_OUTPUT | |
| - name: Merge pull request | |
| run: | | |
| # Any checks for the PR are bypassed since the branch is expected to be functional (i.e. the bump process does not introduce any bugs) | |
| gh pr merge "${{ steps.create_pr.outputs.pull_request_url }}" --merge --admin | |
| - name: Show logs | |
| run: | | |
| echo "Bump complete." | |
| echo "Branch: ${{ steps.vars.outputs.branch_name }}" | |
| echo "PR: ${{ steps.create_pr.outputs.pull_request_url }}" | |
| echo "Bumper scripts logs:" | |
| cat ${BUMP_LOG_PATH}/repository_bumper*log |