-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: Make flank release more automatically #1352
Merged
piotradamczyk5
merged 8 commits into
master
from
#1346-make-flank-release-more-automatically
Nov 27, 2020
Merged
Changes from 4 commits
Commits
Show all changes
8 commits
Select commit
Hold shift + click to select a range
b10bb79
Create blank.yml
piotradamczyk5 14dff73
Rename blank.yml to create_new_release.yml
piotradamczyk5 51191d9
run release job at first day of the month
piotradamczyk5 1b474da
update documentation
piotradamczyk5 175b64d
Merge branch 'master' into #1346-make-flank-release-more-automatically
piotradamczyk5 f2eb674
Add additional condition for making release
piotradamczyk5 edd8b5f
Update create_new_release.yml
piotradamczyk5 a8f7188
Merge branch 'master' into #1346-make-flank-release-more-automatically
piotradamczyk5 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| name: Create new release | ||
|
|
||
| on: | ||
| pull_request: | ||
| types: [ closed ] | ||
|
|
||
| jobs: | ||
| create_release: | ||
| runs-on: ubuntu-latest | ||
| if: github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'release') | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - uses: tibdex/github-app-token@v1 | ||
| id: generate-token | ||
| with: | ||
| app_id: ${{ secrets.FLANK_RELEASE_APP_ID }} | ||
| private_key: ${{ secrets.FLANK_RELEASE_PRIVATE_KEY }} | ||
|
|
||
| - name: Gradle Build flankScripts and add it to PATH | ||
| run: | | ||
| ./flank-scripts/bash/buildFlankScripts.sh | ||
| echo "./flank-scripts/bash" >> $GITHUB_PATH | ||
| - name: Set next release tag variable | ||
| run: | | ||
| TAG=$(flankScripts ci nextReleaseTag --token=${{ secrets.GITHUB_TOKEN }}) | ||
| echo "NEXT_RELEASE_TAG=$(echo $TAG)" >> $GITHUB_ENV | ||
|
|
||
| - name: Push tag | ||
| id: tag_version | ||
| uses: mathieudutour/github-tag-action@v5 | ||
| with: | ||
| github_token: ${{ steps.generate-token.outputs.token }} | ||
| custom_tag: ${{ env.NEXT_RELEASE_TAG }} | ||
| tag_prefix: '' | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This job can be triggered by any merged PR with a specific label (which can be added manually). (I can create PR compromised PR, add release label and merge it. If I understand the job description correctly -- it will start release)
If I am not wrong, release notes PR is created by a bot, I think we should consider adding an additional condition which verifies who is the creator or merged PR.
It's the first that came to my mind, if there is a better way to make it more secure I think it would be worth to implement it.
Of course, let me know, I might be wrong and this implementation is already secure 💪
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, you are 100% right that if someone uses
releaselabel it will generate new release,I think that we could make additional check if issue is created by bot and/or check if title starts with
chore: release notes for