Automated scheduled releases with changelogs [WIP] #138
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v26 | |
- name: build | |
run: nix-build -A ci | |
# Creates a release commit and combines the changelog files into a single one | |
# For PRs it shows the resulting changelog in the step summary | |
# For pushes to the main branch it updates the release branch | |
# The release branch is regularly | |
version-changelog: | |
runs-on: ubuntu-latest | |
permissions: | |
# This job only needs this token to read commit objects to figure out what PR they're associated with. | |
# A separate fixed token is used to update the release branch after push events. | |
contents: read | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# This fetches the entire Git history. | |
# This is needed so we can determine the commits (and therefore PRs) | |
# where the changelogs have been added | |
fetch-depth: 0 | |
# By default, the github.token is used and stored in the Git config, | |
# This would override any authentication provided in the URL, | |
# which we do later to push to a fork. | |
# So we need to prevent that from being stored. | |
persist-credentials: false | |
- uses: cachix/install-nix-action@v26 | |
- name: Increment version and assemble changelog | |
run: | | |
nix-build -A autoVersion | |
# If we're running for a PR, the second argument tells the script to pretend that commits | |
# from this PR are merged already, such that the generated changelog includes it | |
version=$(result/bin/auto-version . ${{ github.event.pull_request.number || '' }}) | |
echo "version=$version" >> "$GITHUB_ENV" | |
# version is the empty string if there were no user-facing changes for a version bump | |
if [[ -n "$version" ]]; then | |
# While we commit here, it's only pushed conditionally based on it being a push event later | |
git config user.name ${{ github.actor }} | |
git config user.email ${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com | |
git add --all | |
git commit --message "Version $version | |
Automated release" | |
fi | |
env: | |
GH_TOKEN: ${{ github.token }} | |
- name: Outputting draft release notes | |
# If we have a new version at all (it's not an empty string) | |
# And it's not a push event (so it's a PR), | |
if: ${{ env.version && github.event_name != 'push' }} | |
# we just output the draft changelog into the step summary | |
run: cat changes/released/${{ env.version }}.md > "$GITHUB_STEP_SUMMARY" | |
- name: Update release branch | |
# But if this is a push to the main branch, | |
if: ${{ env.version && github.event_name == 'push' }} | |
# we push to the release branch. | |
# This continuously updates the release branch to contain the latest release notes, | |
# so that one can just merge the release branch into main to do a release. | |
# A PR to do that is opened regularly with another workflow | |
run: git push https://${{ secrets.MACHINE_USER_PAT }}@github.com/infinixbot/nixpkgs-check-by-name.git HEAD:refs/heads/release -f | |
test-update: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v26 | |
- name: test update script | |
run: | | |
nix-build -A autoPrUpdate | |
{ | |
result/bin/auto-pr-update . | |
echo "" | |
echo '```diff' | |
git diff | |
echo '```' | |
} > $GITHUB_STEP_SUMMARY | |
env: | |
GH_TOKEN: ${{ github.token }} |