From ce5514c60cac90ce0e9657dbf9db03b92f4b585b Mon Sep 17 00:00:00 2001 From: Elliot Jackson <13633636+ElliotMJackson@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:50:33 -0400 Subject: [PATCH 01/11] Create entrypoint.sh --- .../actions/github-tag-action/entrypoint.sh | 231 ++++++++++++++++++ 1 file changed, 231 insertions(+) create mode 100644 .github/actions/github-tag-action/entrypoint.sh diff --git a/.github/actions/github-tag-action/entrypoint.sh b/.github/actions/github-tag-action/entrypoint.sh new file mode 100644 index 000000000..bb184452a --- /dev/null +++ b/.github/actions/github-tag-action/entrypoint.sh @@ -0,0 +1,231 @@ +#!/bin/bash + +set -o pipefail + +# config +default_semvar_bump=${DEFAULT_BUMP:-minor} +with_v=${WITH_V:-false} +release_branches=${RELEASE_BRANCHES:-} +custom_tag=${CUSTOM_TAG:-} +source=${SOURCE:-.} +dryrun=${DRY_RUN:-false} +initial_version=${INITIAL_VERSION:-0.0.0} +tag_context=${TAG_CONTEXT:-repo} +prerelease=${PRERELEASE:-false} +suffix=${PRERELEASE_SUFFIX:-beta} +verbose=${VERBOSE:-false} +major_string_token=${MAJOR_STRING_TOKEN:-#major} +minor_string_token=${MINOR_STRING_TOKEN:-#minor} +patch_string_token=${PATCH_STRING_TOKEN:-#patch} +none_string_token=${NONE_STRING_TOKEN:-#none} +# since https://github.blog/2022-04-12-git-security-vulnerability-announced/ runner uses? +git config --global --add safe.directory /github/workspace + +cd "${GITHUB_WORKSPACE}/${source}" || exit 1 + +echo "*** CONFIGURATION ***" +echo -e "\tDEFAULT_BUMP: ${default_semvar_bump}" +echo -e "\tWITH_V: ${with_v}" +echo -e "\tRELEASE_BRANCHES: ${release_branches}" +echo -e "\tCUSTOM_TAG: ${custom_tag}" +echo -e "\tSOURCE: ${source}" +echo -e "\tDRY_RUN: ${dryrun}" +echo -e "\tINITIAL_VERSION: ${initial_version}" +echo -e "\tTAG_CONTEXT: ${tag_context}" +echo -e "\tPRERELEASE: ${prerelease}" +echo -e "\tPRERELEASE_SUFFIX: ${suffix}" +echo -e "\tVERBOSE: ${verbose}" +echo -e "\tMAJOR_STRING_TOKEN: ${major_string_token}" +echo -e "\tMINOR_STRING_TOKEN: ${minor_string_token}" +echo -e "\tPATCH_STRING_TOKEN: ${patch_string_token}" +echo -e "\tNONE_STRING_TOKEN: ${none_string_token}" + +# verbose, show everything +if $verbose +then + set -x +fi + +setOutput() { +echo "${1}=${2}" >> "${GITHUB_OUTPUT}" +} + +current_branch=$(git rev-parse --abbrev-ref HEAD) + +pre_release="$prerelease" +IFS=',' read -ra branch <<< "$release_branches" +for b in "${branch[@]}"; do + # check if ${current_branch} is in ${release_branches} | exact branch match + if [[ "$current_branch" == "$b" ]] + then + pre_release="false" + fi + # verify non specific branch names like .* release/* if wildcard filter then =~ + if [ "$b" != "${b//[\[\]|.? +*]/}" ] && [[ "$current_branch" =~ $b ]] + then + pre_release="false" + fi +done +echo "pre_release = $pre_release" + +# fetch tags +git fetch --tags + +tagFmt="^v?[0-9]+\.[0-9]+\.[0-9]+$" +preTagFmt="^v?[0-9]+\.[0-9]+\.[0-9]+(-$suffix\.[0-9]+)$" + +# get latest tag that looks like a semver (with or without v) +case "$tag_context" in + *repo*) + tag="$(git for-each-ref --sort=-v:refname --format '%(refname:lstrip=2)' | grep -E "$tagFmt" | head -n 1)" + pre_tag="$(git for-each-ref --sort=-v:refname --format '%(refname:lstrip=2)' | grep -E "$preTagFmt" | head -n 1)" + ;; + *branch*) + tag="$(git tag --list --merged HEAD --sort=-v:refname | grep -E "$tagFmt" | head -n 1)" + pre_tag="$(git tag --list --merged HEAD --sort=-v:refname | grep -E "$preTagFmt" | head -n 1)" + ;; + * ) echo "Unrecognised context" + exit 1;; +esac + +# if there are none, start tags at INITIAL_VERSION +if [ -z "$tag" ] +then + if $with_v + then + tag="v$initial_version" + else + tag="$initial_version" + fi + if [ -z "$pre_tag" ] && $pre_release + then + if $with_v + then + pre_tag="v$initial_version" + else + pre_tag="$initial_version" + fi + fi +fi + +# get current commit hash for tag +tag_commit=$(git rev-list -n 1 "$tag") + +# get current commit hash +commit=$(git rev-parse HEAD) + +if [ "$tag_commit" == "$commit" ] +then + echo "No new commits since previous tag. Skipping..." + setOutput "new_tag" "$tag" + setOutput "tag" "$tag" + exit 0 +fi + +# get the merge commit message looking for #bumps +log=$(git show -s --format=%s) +echo "Last commit message: $log" + +case "$log" in + *$major_string_token* ) new=$(semver -i major "$tag"); part="major";; + *$minor_string_token* ) new=$(semver -i minor "$tag"); part="minor";; + *$patch_string_token* ) new=$(semver -i patch "$tag"); part="patch";; + *$none_string_token* ) + echo "Default bump was set to none. Skipping..." + setOutput "new_tag" "$tag" + setOutput "tag" "$tag" + exit 0;; + * ) + if [ "$default_semvar_bump" == "none" ] + then + echo "Default bump was set to none. Skipping..." + setOutput "new_tag" "$tag" + setOutput "tag" "$tag" + exit 0 + else + new=$(semver -i "${default_semvar_bump}" "$tag") + part=$default_semvar_bump + fi + ;; +esac + +if $pre_release +then + # already a pre-release available, bump it + if [[ "$pre_tag" =~ $new ]] && [[ "$pre_tag" =~ $suffix ]] + then + if $with_v + then + new=v$(semver -i prerelease "${pre_tag}" --preid "${suffix}") + else + new=$(semver -i prerelease "${pre_tag}" --preid "${suffix}") + fi + echo -e "Bumping ${suffix} pre-tag ${pre_tag}. New pre-tag ${new}" + else + if $with_v + then + new="v$new-$suffix.0" + else + new="$new-$suffix.0" + fi + echo -e "Setting ${suffix} pre-tag ${pre_tag} - With pre-tag ${new}" + fi + part="pre-$part" +else + if $with_v + then + new="v$new" + fi + echo -e "Bumping tag ${tag} - New tag ${new}" +fi + +# as defined in readme if CUSTOM_TAG is used any semver calculations are irrelevant. +if [ -n "$custom_tag" ] +then + new="$custom_tag" +fi + +# set outputs +setOutput "new_tag" "$new" +setOutput "part" "$part" +setOutput "tag" "$new" # this needs to go in v2 is breaking change +setOutput "old_tag" "$tag" + +# dry run exit without real changes +if $dryrun +then + exit 0 +fi + +# create local git tag +git tag "$new" + +# push new tag ref to github +dt=$(date '+%Y-%m-%dT%H:%M:%SZ') +full_name=$GITHUB_REPOSITORY +git_refs_url=$(jq .repository.git_refs_url "$GITHUB_EVENT_PATH" | tr -d '"' | sed 's/{\/sha}//g') + +echo "$dt: **pushing tag $new to repo $full_name" + +git_refs_response=$( +curl -s -X POST "$git_refs_url" \ +-H "Authorization: token $GITHUB_TOKEN" \ +-d @- << EOF + +{ + "ref": "refs/tags/$new", + "sha": "$commit" +} +EOF +) + +git_ref_posted=$( echo "${git_refs_response}" | jq .ref | tr -d '"' ) + +echo "::debug::${git_refs_response}" +if [ "${git_ref_posted}" = "refs/tags/${new}" ] +then + exit 0 +else + echo "::error::Tag was not created properly." + exit 1 +fi From 6dea94a43a64204ba21de4a1e29b8277d4c0d84b Mon Sep 17 00:00:00 2001 From: Elliot Jackson <13633636+ElliotMJackson@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:51:24 -0400 Subject: [PATCH 02/11] Create semver.yaml --- .github/workflows/semver.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/semver.yaml diff --git a/.github/workflows/semver.yaml b/.github/workflows/semver.yaml new file mode 100644 index 000000000..54341c857 --- /dev/null +++ b/.github/workflows/semver.yaml @@ -0,0 +1,31 @@ +name: Bump version +on: + push: + branches: + - main + workflow_dispatch: + inputs: + release: + type: boolean + description: Remove SNAPSHOT? + +jobs: + build: + runs-on: ubuntu-22.04 + steps: + - if: ${{ github.event.inputs.release == false }} + run: echo "PRERELEASE=true" >> $GITHUB_ENV + - uses: actions/checkout@v3 + with: + fetch-depth: "0" + - uses: actions/setup-node@v3 + with: + node-version: 16 + - run: npm install -g semver + - name: Bump version and push tag + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + WITH_V: true + DEFAULT_BUMP: "minor" + PRERELEASE_SUFFIX: "SNAPSHOT" + run: .github/actions/github-tag-action/entrypoint.sh From f9fd5aa0e2afadca10cb132b66868882f1215535 Mon Sep 17 00:00:00 2001 From: Elliot Jackson <13633636+ElliotMJackson@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:57:17 -0400 Subject: [PATCH 03/11] Update maven-deploy.yaml --- .github/workflows/maven-deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/maven-deploy.yaml b/.github/workflows/maven-deploy.yaml index 6ae697269..bec206088 100644 --- a/.github/workflows/maven-deploy.yaml +++ b/.github/workflows/maven-deploy.yaml @@ -6,7 +6,7 @@ name: Maven Deploy on: push: tags: - - 'v*.*.*' + - '[0-9]+.[0-9]+.[0-9]+' jobs: build: From 3ecd31a6dfcee2f3ebe8b340a8af1bffab00a665 Mon Sep 17 00:00:00 2001 From: Elliot Jackson <13633636+ElliotMJackson@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:58:01 -0400 Subject: [PATCH 04/11] Update goreleaser.yaml --- .github/workflows/goreleaser.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index ed76b0bcd..53ba742d7 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -3,7 +3,7 @@ name: goreleaser on: push: tags: - - 'v*.*.*' + - '[0-9]+.[0-9]+.[0-9]+' permissions: contents: write From 46b702899e1f42c6b9b8c30d88353f8eceddc44a Mon Sep 17 00:00:00 2001 From: Elliot Jackson <13633636+ElliotMJackson@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:58:15 -0400 Subject: [PATCH 05/11] Update python-package.yaml --- .github/workflows/python-package.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-package.yaml b/.github/workflows/python-package.yaml index a656015d6..297eed0ea 100644 --- a/.github/workflows/python-package.yaml +++ b/.github/workflows/python-package.yaml @@ -3,7 +3,7 @@ name: Release Python Package on: push: tags: - - 'v*.*.*' + - '[0-9]+.[0-9]+.[0-9]+' env: IMAGE_TAG: protoc-gen-validate:${{ github.sha }} From c977b6ec236ea9bed34134e65b1b1ae1c5e03d4d Mon Sep 17 00:00:00 2001 From: Elliot Jackson <13633636+ElliotMJackson@users.noreply.github.com> Date: Wed, 2 Nov 2022 10:45:53 -0400 Subject: [PATCH 06/11] Update .github/workflows/goreleaser.yaml --- .github/workflows/goreleaser.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 53ba742d7..899cde386 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -3,7 +3,7 @@ name: goreleaser on: push: tags: - - '[0-9]+.[0-9]+.[0-9]+' + - 'v[0-9]+.[0-9]+.[0-9]+' permissions: contents: write From e55cca442e882604aa09d7b638254251aa2ee85a Mon Sep 17 00:00:00 2001 From: Elliot Jackson <13633636+ElliotMJackson@users.noreply.github.com> Date: Wed, 2 Nov 2022 10:46:32 -0400 Subject: [PATCH 07/11] Apply suggestions from code review --- .github/workflows/maven-deploy.yaml | 2 +- .github/workflows/python-package.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/maven-deploy.yaml b/.github/workflows/maven-deploy.yaml index bec206088..4a688ca2b 100644 --- a/.github/workflows/maven-deploy.yaml +++ b/.github/workflows/maven-deploy.yaml @@ -6,7 +6,7 @@ name: Maven Deploy on: push: tags: - - '[0-9]+.[0-9]+.[0-9]+' + - 'v[0-9]+.[0-9]+.[0-9]+' jobs: build: diff --git a/.github/workflows/python-package.yaml b/.github/workflows/python-package.yaml index 297eed0ea..f609d54dd 100644 --- a/.github/workflows/python-package.yaml +++ b/.github/workflows/python-package.yaml @@ -3,7 +3,7 @@ name: Release Python Package on: push: tags: - - '[0-9]+.[0-9]+.[0-9]+' + - 'v[0-9]+.[0-9]+.[0-9]+' env: IMAGE_TAG: protoc-gen-validate:${{ github.sha }} From 19259a923f92f995a282796d4e7128b69176dbda Mon Sep 17 00:00:00 2001 From: Elliot Jackson <13633636+ElliotMJackson@users.noreply.github.com> Date: Wed, 2 Nov 2022 11:39:00 -0400 Subject: [PATCH 08/11] Update entrypoint.sh --- .../actions/github-tag-action/entrypoint.sh | 48 ++++++++++--------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/.github/actions/github-tag-action/entrypoint.sh b/.github/actions/github-tag-action/entrypoint.sh index bb184452a..c8335e5f1 100644 --- a/.github/actions/github-tag-action/entrypoint.sh +++ b/.github/actions/github-tag-action/entrypoint.sh @@ -4,7 +4,7 @@ set -o pipefail # config default_semvar_bump=${DEFAULT_BUMP:-minor} -with_v=${WITH_V:-false} +with_v=${WITH_V:-true} release_branches=${RELEASE_BRANCHES:-} custom_tag=${CUSTOM_TAG:-} source=${SOURCE:-.} @@ -47,7 +47,7 @@ then fi setOutput() { -echo "${1}=${2}" >> "${GITHUB_OUTPUT}" + echo "${1}=${2}" >> "${GITHUB_OUTPUT}" } current_branch=$(git rev-parse --abbrev-ref HEAD) @@ -88,6 +88,8 @@ case "$tag_context" in exit 1;; esac +echo "tag_context=$tag_context" + # if there are none, start tags at INITIAL_VERSION if [ -z "$tag" ] then @@ -110,9 +112,11 @@ fi # get current commit hash for tag tag_commit=$(git rev-list -n 1 "$tag") +echo "tag_commit=$tag_commit" # get current commit hash commit=$(git rev-parse HEAD) +echo "commit=$commit" if [ "$tag_commit" == "$commit" ] then @@ -152,33 +156,31 @@ esac if $pre_release then # already a pre-release available, bump it - if [[ "$pre_tag" =~ $new ]] && [[ "$pre_tag" =~ $suffix ]] + newPreTagFmt="$new+(-$suffix\.[0-9]+)$" + exists="$(git tag --list --merged HEAD --sort=-v:refname | grep -E "$newPreTagFmt" | head -n 1)" + if [[ $exists != "" ]] then - if $with_v - then - new=v$(semver -i prerelease "${pre_tag}" --preid "${suffix}") - else - new=$(semver -i prerelease "${pre_tag}" --preid "${suffix}") - fi - echo -e "Bumping ${suffix} pre-tag ${pre_tag}. New pre-tag ${new}" + echo -e "Found parent to ${new} pre-tag ${exists}..." + new=$(semver -i prerelease "${exists}" --preid "${suffix}") + echo -e "Bumping ${suffix} pre-tag ${exists}. New pre-tag ${new}" + elif [[ "$pre_tag" =~ $new ]] && [[ "$pre_tag" =~ $suffix ]] + then + new=$(semver -i prerelease "${pre_tag}" --preid "${suffix}") + echo -e "Bumping ${suffix} pre-tag ${pre_tag}. New pre-tag ${new}" else - if $with_v - then - new="v$new-$suffix.0" - else - new="$new-$suffix.0" - fi - echo -e "Setting ${suffix} pre-tag ${pre_tag} - With pre-tag ${new}" + new="$new-$suffix.0" + echo -e "Setting ${suffix} pre-tag ${pre_tag} - With pre-tag ${new}" fi part="pre-$part" -else - if $with_v - then - new="v$new" - fi - echo -e "Bumping tag ${tag} - New tag ${new}" fi +if $with_v +then + new="v$new" +fi + +echo -e "Bumping tag ${tag} - New tag ${new}" + # as defined in readme if CUSTOM_TAG is used any semver calculations are irrelevant. if [ -n "$custom_tag" ] then From e13c6c414cba73a8005e5da2dadeeea51fa0aa2c Mon Sep 17 00:00:00 2001 From: Elliot Jackson <13633636+ElliotMJackson@users.noreply.github.com> Date: Wed, 2 Nov 2022 12:34:28 -0400 Subject: [PATCH 09/11] Update semver.yaml --- .github/workflows/semver.yaml | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/.github/workflows/semver.yaml b/.github/workflows/semver.yaml index 54341c857..32fbf9253 100644 --- a/.github/workflows/semver.yaml +++ b/.github/workflows/semver.yaml @@ -5,16 +5,26 @@ on: - main workflow_dispatch: inputs: - release: + prerelease: type: boolean - description: Remove SNAPSHOT? + description: Pre-release? + default: true + bump: + type: choice + description: Which version? + default: 'minor' + options: + - minor + - patch + +env: + PRERELEASE: ${{github.event.inputs.prerelease}} + DEFAULT_BUMP: ${{github.event.inputs.bump}} jobs: build: runs-on: ubuntu-22.04 steps: - - if: ${{ github.event.inputs.release == false }} - run: echo "PRERELEASE=true" >> $GITHUB_ENV - uses: actions/checkout@v3 with: fetch-depth: "0" @@ -25,7 +35,4 @@ jobs: - name: Bump version and push tag env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - WITH_V: true - DEFAULT_BUMP: "minor" - PRERELEASE_SUFFIX: "SNAPSHOT" run: .github/actions/github-tag-action/entrypoint.sh From 8957e615773fd4015e4141c3aaeaba3fca2d60a8 Mon Sep 17 00:00:00 2001 From: Elliot Jackson <13633636+ElliotMJackson@users.noreply.github.com> Date: Wed, 2 Nov 2022 15:40:50 -0400 Subject: [PATCH 10/11] add auth app --- .github/workflows/semver.yaml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/semver.yaml b/.github/workflows/semver.yaml index 32fbf9253..0cc5b2e6f 100644 --- a/.github/workflows/semver.yaml +++ b/.github/workflows/semver.yaml @@ -20,11 +20,21 @@ on: env: PRERELEASE: ${{github.event.inputs.prerelease}} DEFAULT_BUMP: ${{github.event.inputs.bump}} + APP_ID: 257305 jobs: build: runs-on: ubuntu-22.04 steps: + - name: Generate token + id: generate_token + uses: tibdex/github-app-token@v1 + with: + app_id: ${{ env.APP_ID }} + private_key: ${{ secrets.TOKEN_EXCHANGE_GH_APP_PRIVATE_KEY }} + repository: ${{ github.repository }} + permissions: >- + {"contents": "write"} - uses: actions/checkout@v3 with: fetch-depth: "0" @@ -34,5 +44,5 @@ jobs: - run: npm install -g semver - name: Bump version and push tag env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} run: .github/actions/github-tag-action/entrypoint.sh From 45762bc565cc2729d3e9d635ab01cfa367c74a75 Mon Sep 17 00:00:00 2001 From: Elliot Jackson <13633636+elliotmjackson@users.noreply.github.com> Date: Wed, 2 Nov 2022 16:16:21 -0400 Subject: [PATCH 11/11] Update .github/workflows/semver.yaml --- .github/workflows/semver.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/semver.yaml b/.github/workflows/semver.yaml index 0cc5b2e6f..cfc8a5a2e 100644 --- a/.github/workflows/semver.yaml +++ b/.github/workflows/semver.yaml @@ -1,4 +1,4 @@ -name: Bump version +name: Version Bump on: push: branches: