Skip to content
Release

chore(ci): codeowners architecture-only during code freeze (#1662) #526

Sign in to view logs

chore(ci): codeowners architecture-only during code freeze (#1662)

chore(ci): codeowners architecture-only during code freeze (#1662) #526

Workflow file for this run

.github/workflows/release.yaml at 645a521
# Generate release PRs, and follow up with update PRs
name: Release
on:
push:
branches:
- main
jobs:
release-please:
runs-on: ubuntu-latest
outputs:
paths_released: ${{ steps.release-please.outputs.paths_released }}
releases_created: ${{ steps.release-please.outputs.releases_created }}
to_update: ${{ steps.todo.outputs.TO_UPDATE }}
steps:
- name: Generate a token
id: generate_token
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
with:
app-id: "${{ secrets.APP_ID }}"
private-key: "${{ secrets.AUTOMATION_KEY }}"
- uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f
id: release-please
with:
token: "${{ steps.generate_token.outputs.token }}"
config-file: release-please.json
manifest-file: .release-please-manifest.json
- id: todo
if: fromJson(steps.release-please.outputs.releases_created)
run: |
for x in ${{join(fromJson(steps.release-please.outputs.paths_released), ' ')}}; do
case "$x" in
lib/ocrypto)
echo "TO_UPDATE=['examples','sdk','service']">>"$GITHUB_OUTPUT"
;;
lib/flattening)
# currently nothing downstream
# TODO: uncomment when services updates
# echo "TO_UPDATE=['service']">>"$GITHUB_OUTPUT"
;;
lib/fixtures)
echo "TO_UPDATE=['sdk','service']">>"$GITHUB_OUTPUT"
;;
protocol/go)
echo "TO_UPDATE=['examples', 'sdk','service']">>"$GITHUB_OUTPUT"
;;
sdk)
echo "TO_UPDATE=['examples','service']">>"$GITHUB_OUTPUT"
;;
services)
# examples does not import service, but assumes it is running separately
;;
examples)
# nothing downstream
;;
*)
echo "[WARN] unrecognized module path: [${x}]"
;;
esac
done
update-go-mods:
runs-on: ubuntu-latest
needs:
- release-please
if: fromJSON(needs.release-please.outputs.releases_created) && fromJSON(needs.release-please.outputs.to_update)
strategy:
matrix:
path: ${{ fromJSON(needs.release-please.outputs.to_update) }}
permissions:
contents: write
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
fetch-depth: 0
- run: |
git checkout -b update-go-mods-for-${{matrix.path}}
git push -f -u origin update-go-mods-for-${{matrix.path}}
cd ${{matrix.path}}
for x in ${{join(fromJson(needs.release-please.outputs.paths_released), ' ')}}; do
export pkg=github.com/opentdf/platform/${x}
if go mod edit --json | jq -e '.Replace[] | select(.Old.Path == env.pkg)'; then
go mod edit --dropreplace=$pkg
fi
echo "Should we update [${pkg}] in [${{ matrix.path }}]?"
if go mod edit --json | jq -e '.Require[] | select(.Path == env.pkg)'; then
ver=$(jq -r .\[\"${x}\"\] < "${GITHUB_WORKSPACE}/.release-please-manifest.json")
echo "go get ${pkg}@v${ver}"
go get "${pkg}@v${ver}"
fi
echo "go mod tidy of"
cat<go.mod
echo "-----"
go mod tidy
cat<go.mod
done
git diff
env:
GONOSUMDB: github.com/opentdf/platform/${{join(fromJson(needs.release-please.outputs.paths_released), ',github.com/opentdf/platform/')}}
- uses: planetscale/ghcommit-action@c7915d6c18d5ce4eb42b0eff3f10a29fe0766e4c
with:
commit_message: "fix(core): Autobump ${{ matrix.path }}"
repo: ${{ github.repository }}
branch: update-go-mods-for-${{ matrix.path }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Generate a token
id: generate_token
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
with:
app-id: "${{ secrets.APP_ID }}"
private-key: "${{ secrets.AUTOMATION_KEY }}"
- name: create pull request
run: |
git restore .
git pull origin update-go-mods-for-${{ matrix.path }}
gh pr create -B main -H update-go-mods-for-${{ matrix.path }} --fill
gh pr merge --auto --squash
env:
GITHUB_TOKEN: "${{ steps.generate_token.outputs.token }}"