-
Notifications
You must be signed in to change notification settings - Fork 0
189 lines (163 loc) · 6.56 KB
/
wp-gh-release-ops.yml
File metadata and controls
189 lines (163 loc) · 6.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
name: Publish WP Plugin Release on GitHub
run-name: Publish WP Plugin Release on GitHub
on:
workflow_call:
inputs:
tag:
description: 'GitHub: Release tag (e.g. 1.2.3a)'
required: true
default: '1.2.3'
type: string
version:
description: 'WordPress: Release version (e.g. 1.2.3), default: latest'
required: false
type: string
prerelease:
description: 'GitHub: Pre-release version (e.g. RC1, beta, etc...)'
required: false
type: string
permissions:
contents: write
env:
TAG: ${{ inputs.tag }}
VERSION: ${{ inputs.version }}
PRETAG: ${{ inputs.prerelease }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0
# Prepare variables
- name: Prepare vars
id: vars
uses: actions/github-script@v8
with:
script: |
const fs = require('fs');
let version = process.env.VERSION;
// If VERSION is empty, read from readme.txt
if (!version) {
const readmeContent = fs.readFileSync('./readme.txt', 'utf8');
const stableTagMatch = readmeContent.match(/^Stable tag:\s*(.+)$/m);
if (stableTagMatch) {
version = stableTagMatch[1].trim();
console.log(`Version extracted from readme.txt: ${version}`);
} else {
core.setFailed('VERSION is empty and could not extract version from readme.txt');
}
}
const full_tag = [
process.env.TAG,
process.env.PRETAG
].filter(Boolean).join('-');
const branch = `temp-release-${full_tag}`;
const is_prerelease = !!process.env.PRETAG;
const versionPattern = /^[A-Za-z0-9._-]+$/;
if (!versionPattern.test(version)) {
core.setFailed(`Invalid version: ${version}`);
return;
}
if (!versionPattern.test(full_tag)) {
core.setFailed(`Invalid release tag: ${full_tag}`);
return;
}
if (!/^[A-Za-z0-9._/-]+$/.test(branch)) {
core.setFailed(`Invalid branch name: ${branch}`);
return;
}
core.setOutput('full_tag', full_tag );
core.setOutput('branch', branch );
core.setOutput('version', version );
core.setOutput('is_prerelease', is_prerelease );
- name: Parse Changelog Entries
uses: actions/github-script@v8
id: changelog
env:
VERSION_INPUT: ${{ steps.vars.outputs.version }}
with:
script: |
const { open } = require('fs/promises');
const version = process.env.VERSION_INPUT;
const delimiter = '#### ';
const file = await open('./changes.md');
let description = [];
let found = false;
for await (let line of file.readLines()) {
line = line.trim();
if ( line.startsWith(`${delimiter}${version}`) ) {
found = true;
continue;
}
if (!found) continue;
if ( line.startsWith(delimiter) ) break;
description.push(line);
}
if ( !description.length ) core.setFailed(`Release ${version} not found in the changelog!`);
core.setOutput('description', description.join('\n') );
# cleanup files that are not needed for the release
# but keep the .git folder, because we need it for the next step
- name: Cleanup files
run: |
rm -f composer.lock || true
rm -f changes.md || true
rm -rf tests || true
rm -rf vendor/bin || true
rm -rf vendor/composer/installers || true
find ./ -name '.git*' -not -path './.git' -type f -delete || true
find ./ -name '.git*' -not -path './.git' -type d -prune -exec rm -rf {} \; || true
find ./vendor -name .svn -type d -prune -exec rm -rf {} \; || true
# cleanup files, specific to Google API PHP library
- name: Cleanup files for Google API library
run: |
rm -f lib/Google/phpstan.neon.dist || true
rm -f lib/Google/vendor/paragonie/random_compat/build-phar.sh || true
find ./lib/Google/ -name '.repo-metadata.json' -type f -delete || true
find ./lib/Google/vendor -name .svn -type d -prune -exec rm -rf '{}' \; || true
# commit changes to temporary release branch and create a new tag
- name: Commit changes
uses: EndBug/add-and-commit@v10
with:
message: Cleanup files for release
new_branch: ${{ steps.vars.outputs.branch }}
tag: ${{ steps.vars.outputs.full_tag }}
# generate SBOM that will be attached to a release as an artifact
- name: Create SBOM
id: sbom
uses: anchore/sbom-action@v0
with:
path: .
output-file: sbom.spdx.json
format: spdx-json
# create and publish release
# using version changelog as release notes
# attach SBOM as artifact
- name: Create and Publish Release
uses: softprops/action-gh-release@v3
with:
name: "Release ${{ steps.vars.outputs.version }}"
body: "${{ steps.changelog.outputs.description }}"
tag_name: ${{ steps.vars.outputs.full_tag }}
prerelease: ${{ steps.vars.outputs.is_prerelease }}
files: sbom.spdx.json
# delete tag if there was an error
- name: Delete tag on failure
if: failure()
env:
FULL_TAG: ${{ steps.vars.outputs.full_tag }}
run: |
set -euo pipefail
[[ "${FULL_TAG}" =~ ^[A-Za-z0-9._-]+$ ]] || { echo "::error::Invalid tag name: ${FULL_TAG}"; exit 1; }
git push origin --delete "refs/tags/${FULL_TAG}" || true
# delete temporary release branch
- name: Delete temporary release branch
if: always()
env:
RELEASE_BRANCH_NAME: ${{ steps.vars.outputs.branch }}
run: |
set -euo pipefail
[[ "${RELEASE_BRANCH_NAME}" =~ ^[A-Za-z0-9._/-]+$ ]] || { echo "::error::Invalid branch name: ${RELEASE_BRANCH_NAME}"; exit 1; }
git check-ref-format --branch "${RELEASE_BRANCH_NAME}" >/dev/null 2>&1 || { echo "::error::Invalid git branch name: ${RELEASE_BRANCH_NAME}"; exit 1; }
git push origin --delete "${RELEASE_BRANCH_NAME}" || true