Merge pull request #131 from woocommerce/fix/avoid-actions-malicious-… #34
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: GitHub Actions - Prepare New Release | |
on: | |
push: | |
branches: | |
- release/actions | |
jobs: | |
CheckCreatedBranch: | |
name: Check Created Branch | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check created release branch | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
if ( ! context.payload.created ) { | |
await github.rest.actions.cancelWorkflowRun( { | |
...context.repo, | |
run_id: context.runId, | |
} ); | |
} | |
PrepareRelease: | |
name: Prepare Release | |
runs-on: ubuntu-latest | |
needs: CheckCreatedBranch | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Prepare node | |
uses: ./packages/github-actions/actions/prepare-node | |
with: | |
node-version: 14 | |
cache-dependency-path: ./packages/github-actions/package-lock.json | |
install-deps: "no" | |
# The checkout revision of this repo itself doesn't have the built actions, | |
# so it needs to build them before using it locally. | |
- name: Build actions | |
run: | | |
cd ./packages/github-actions | |
npm ci --ignore-scripts | |
npm run build | |
cd - | |
- name: Get release notes | |
id: get-notes | |
uses: ./packages/github-actions/actions/get-release-notes | |
with: | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
package-dir: packages/github-actions | |
config-path: packages/github-actions/release-notes-config.yml | |
tag-template: "actions-v{version}" | |
minor-keywords: feature, update, enhancement | |
- name: Prepare release commits | |
# Use the github-actions bot account to commit. | |
# https://api.github.com/users/github-actions%5Bbot%5D | |
run: | | |
cd ./packages/github-actions | |
TODAY=$(date '+%Y-%m-%d') | |
NEXT_VER="${{ steps.get-notes.outputs.next-version }}" | |
CHANGELOG='${{ steps.get-notes.outputs.release-changelog-shell }}' | |
CHANGELOG=$(echo "$CHANGELOG" | sed -E 's/\.? by @[^ ]+ in (https:\/\/github\.com\/.+)/. (\1)/') | |
sed -i "/# Changelog/r"<( | |
printf "\n## ${TODAY} (${NEXT_VER})\n${CHANGELOG}\n" | |
) CHANGELOG.md | |
jq ".version=\"${NEXT_VER}\"" package.json > package.json.tmp | |
mv package.json.tmp package.json | |
jq ".version=\"${NEXT_VER}\"" package-lock.json > package-lock.json.tmp | |
mv package-lock.json.tmp package-lock.json | |
git config user.name github-actions[bot] | |
git config user.email 41898282+github-actions[bot]@users.noreply.github.com | |
git add CHANGELOG.md | |
git add package.json | |
git add package-lock.json | |
cd - | |
git commit -q -m "Update changelog and package version for the ${{ steps.get-notes.outputs.next-tag }} release of GitHub actions." | |
git push | |
- name: Create a pull request for release | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
const workspace = '${{ github.workspace }}'; | |
const { default: script } = await import( `${ workspace }/.github/scripts/github-actions-create-pr-for-release.mjs` ); | |
await script( { | |
github, | |
context, | |
refName: '${{ github.ref_name }}', | |
version: '${{ steps.get-notes.outputs.next-version }}', | |
} ); |