Automated scheduled releases with changelogs [WIP] #147
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
# This makes sure to only run one instance of this workflow per individual PR and pushes. | |
# We need this especially for the release step, because it has side effects. | |
# But it's also good in general, there's no need to finish action runs for commits | |
# when you push another one right after. | |
# Assumption: We push less frequently than it takes for this workflow to finish | |
concurrency: | |
# For a push to the main branch, github.ref is refs/heads/<branch_name> | |
# For a pull request, github.ref is refs/pull/<pr_number>/merge | |
group: ${{ github.ref }} | |
# We don't want to cancel in progress workflows for pushes to the main branch, | |
# because it could be in the process of doing a release. | |
# Better wait until it's done | |
cancel-in-progress: ${{ github.event_name != 'pull' }} | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v26 | |
- name: build | |
run: nix-build -A ci | |
- name: release | |
if: ${{ github.event_name == 'push' }} | |
run: scripts/release.sh | |
env: | |
GH_TOKEN: ${{ github.token }} | |
# Creates a release commit and combines the changelog files into a single one | |
# For PRs it shows the resulting changelog in the step summary | |
# For pushes to the main branch it updates the release branch | |
# The release branch is regularly | |
version-changelog: | |
runs-on: ubuntu-latest | |
permissions: | |
# This job only needs this token to read commit objects to figure out what PR they're associated with. | |
# A separate fixed token is used to update the release branch after push events. | |
contents: read | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# This fetches the entire Git history. | |
# This is needed so we can determine the commits (and therefore PRs) | |
# where the changelogs have been added | |
fetch-depth: 0 | |
# By default, the github.token is used and stored in the Git config, | |
# This would override any authentication provided in the URL, | |
# which we do later to push to a fork. | |
# So we need to prevent that from being stored. | |
persist-credentials: false | |
- uses: cachix/install-nix-action@v26 | |
- name: Increment version and assemble changelog | |
run: | | |
nix-build -A autoVersion | |
# If we're running for a PR, the second argument tells the script to pretend that commits | |
# from this PR are merged already, such that the generated changelog includes it | |
version=$(result/bin/auto-version . ${{ github.event.pull_request.number || '' }}) | |
echo "version=$version" >> "$GITHUB_ENV" | |
# version is the empty string if there were no user-facing changes for a version bump | |
if [[ -n "$version" ]]; then | |
# While we commit here, it's only pushed conditionally based on it being a push event later | |
git config user.name ${{ github.actor }} | |
git config user.email ${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com | |
git add --all | |
git commit --message "Version $version | |
Automated release" | |
fi | |
env: | |
GH_TOKEN: ${{ github.token }} | |
- name: Outputting draft release notes | |
# If we have a new version at all (it's not an empty string) | |
# And it's not a push event (so it's a PR), | |
if: ${{ env.version && github.event_name != 'push' }} | |
# we just output the draft changelog into the step summary | |
run: cat changes/released/${{ env.version }}.md > "$GITHUB_STEP_SUMMARY" | |
- name: Update release branch | |
# But if this is a push to the main branch, | |
if: ${{ env.version && github.event_name == 'push' }} | |
# we push to the release branch. | |
# This continuously updates the release branch to contain the latest release notes, | |
# so that one can just merge the release branch into main to do a release. | |
# A PR to do that is opened regularly with another workflow | |
run: git push https://${{ secrets.MACHINE_USER_PAT }}@github.com/infinixbot/nixpkgs-check-by-name.git HEAD:refs/heads/release -f | |
# Make sure that all links in Markdown documents are valid | |
xrefcheck: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
# While this has a Nix build available, it needs to evaluate and build so much | |
# that I don't think it's worth adding it to the nix-build. | |
- uses: serokell/xrefcheck-action@v1 | |
test-update: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v26 | |
- name: test update script | |
run: | | |
nix-build -A autoPrUpdate | |
{ | |
result/bin/auto-pr-update . | |
echo "" | |
echo '```diff' | |
git diff | |
echo '```' | |
} > $GITHUB_STEP_SUMMARY | |
env: | |
GH_TOKEN: ${{ github.token }} |