Publish Release #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Release | |
| run-name: Publish Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release: | |
| description: 'Release version (e.g. 1.2.3)' | |
| required: true | |
| prerelease: | |
| description: 'Pre-release version (e.g. RC1, beta, etc...)' | |
| required: false | |
| permissions: | |
| contents: write | |
| env: | |
| TAG: ${{ github.event.inputs.release }} | |
| PRETAG: ${{ github.event.inputs.prerelease }} | |
| BRANCH: temp-release-${{ github.event.inputs.release }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Prepare vars | |
| id: vars | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const full_tag = [ | |
| process.env.TAG, | |
| process.env.PRETAG | |
| ].filter(Boolean).join('-'); | |
| const branch = `temp-release-${full_tag}`; | |
| const is_prerelease = !!process.env.PRETAG; | |
| core.setOutput('full_tag', full_tag ); | |
| core.setOutput('branch', branch ); | |
| core.setOutput('is_prerelease', is_prerelease ); | |
| # 'ref' and 'repository' are required, otherwise repo could appear in detached head state | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.head_ref }} | |
| repository: ${{ github.repository }} | |
| - name: Parse Changelog Entries | |
| uses: actions/github-script@v7 | |
| id: changelog | |
| with: | |
| script: | | |
| const { open } = require('fs/promises'); | |
| const version = process.env.TAG; | |
| const delimiter = '#### '; | |
| const file = await open('./changes.md'); | |
| let description = []; | |
| let found = false; | |
| for await (let line of file.readLines()) { | |
| line = line.trim(); | |
| if ( line.startsWith(`${delimiter}${version}`) ) { | |
| found = true; | |
| continue; | |
| } | |
| if (!found) continue; | |
| if ( line.startsWith(delimiter) ) break; | |
| description.push(line); | |
| } | |
| if ( !description.length ) core.setFailed(`Release ${version} not found in the changelog!`); | |
| core.setOutput('description', description.join('\n') ); | |
| # cleanup files that are not needed for the release | |
| # but keep the .git folder, because we need it for the next step | |
| - name: Cleanup files | |
| run: | | |
| rm -f composer.lock || true | |
| rm -rf vendor/composer/installers || true | |
| find ./ -name '.git*' -not -path './.git' -type f -delete || true | |
| find ./ -name '.git*' -not -path './.git' -type d -exec rm -rf {} \; || true | |
| find ./vendor -name .svn -exec rm -rf {} \; || true | |
| # cleanup files, specific to Google API PHP library | |
| - name: Cleanup files for Google API library | |
| run: | | |
| rm -f lib/Google/phpstan.neon.dist || true | |
| rm -f lib/Google/vendor/paragonie/random_compat/build-phar.sh || true | |
| find ./lib/Google/ -name '.repo-metadata.json' -type f -delete || true | |
| find ./lib/Google/vendor -name .svn -exec rm -rf '{}' \; || true | |
| # commit changes to temporary release branch and create a new tag | |
| - name: Commit changes | |
| uses: EndBug/add-and-commit@v9 | |
| with: | |
| message: Cleanup files for release | |
| new_branch: ${{ steps.vars.outputs.branch }} | |
| tag: ${{ steps.vars.outputs.full_tag }} | |
| # generate SBOM that will be attached to a release as an artifact | |
| - name: Create SBOM | |
| id: sbom | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| path: . | |
| output-file: sbom.spdx.json | |
| format: spdx-json | |
| # create a draft release with the version changelog as a description | |
| - name: Create Draft Release | |
| id: draft_release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| name: "Release ${{ steps.vars.outputs.full_tag }}" | |
| body: "${{ steps.changelog.outputs.description }}" | |
| tag_name: ${{ steps.vars.outputs.full_tag }} | |
| draft: true | |
| prerelease: ${{ steps.vars.outputs.is_prerelease }} | |
| # attach SBOM to release | |
| - name: Upload SBOM to release | |
| uses: actions/upload-release-asset@v1.0.1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ steps.draft_release.outputs.upload_url }} | |
| asset_path: ./sbom.spdx.json | |
| asset_name: sbom.spdx.json | |
| asset_content_type: application/json | |
| # publish release using an ID from the 'draft_release' step | |
| - name: Publish Release | |
| uses: eregon/publish-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| release_id: ${{ steps.draft_release.outputs.id }} | |
| # delete temporary release branch | |
| - name: Delete temporary release branch | |
| run: | | |
| git push origin --delete ${{ steps.vars.outputs.branch }} |