From b2000134da1c5f8882cb3ecda853c8d96e85e39b Mon Sep 17 00:00:00 2001 From: Matti Schneider Date: Wed, 10 Jul 2024 15:46:51 +0200 Subject: [PATCH 01/14] Clean changelog --- CHANGELOG.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d76a6e9..1793f0b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,10 +11,6 @@ All changes that impact users of this module are documented in this file, in the - Use [@OpenTermsArchive/changelog-action](https://github.com/OpenTermsArchive/changelog-action/) in CI/CD - Decrease package size to half -## Unreleased [no-release] - -_Modifications made in this changeset do not add, remove or alter any behavior, dependency, API or functionality of the software. They only change non-functional parts of the repository, such as the README file or CI workflows._ - ## 1.1.0 - 2023-10-25 ### Added From 4b34612ecc59cdbba170454ecd9bbef01b8b621a Mon Sep 17 00:00:00 2001 From: Matti Schneider Date: Wed, 10 Jul 2024 16:14:51 +0200 Subject: [PATCH 02/14] Import branch protection bypass from engine --- .github/workflows/release.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 983423b..c1b2297 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -38,6 +38,13 @@ jobs: git tag v${{ steps.update-changelog.outputs.version }} git push origin --tags + - name: Run status checks for release commit on temporary branch # Use temporary branch to enable pushing commits to this branch protected by required status checks + uses: CasperWA/push-protected@v2 + with: + token: ${{ secrets.RELEASE_BOT_GITHUB_TOKEN }} + branch: main + unprotect_reviews: true + - name: Publish to NPM public repository if: needs.changelog.outputs.release-type != 'no-release' uses: JS-DevTools/npm-publish@v3 From 028b46c03cfd6983e4995b23a81b5785137536e4 Mon Sep 17 00:00:00 2001 From: Matti Schneider Date: Wed, 10 Jul 2024 16:16:30 +0200 Subject: [PATCH 03/14] Use action option to publish git tags --- .github/workflows/release.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c1b2297..7594ff2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -31,12 +31,7 @@ jobs: git config user.email "release-bot@opentermsarchive.org" git commit --message="Update changelog" CHANGELOG.md package.json package-lock.json git push origin - - - name: Tag commit - if: needs.changelog.outputs.release-type != 'no-release' - run: | - git tag v${{ steps.update-changelog.outputs.version }} - git push origin --tags + git rev-parse v${{ steps.update-changelog.outputs.version }} || git tag v${{ steps.update-changelog.outputs.version }} - name: Run status checks for release commit on temporary branch # Use temporary branch to enable pushing commits to this branch protected by required status checks uses: CasperWA/push-protected@v2 @@ -44,6 +39,7 @@ jobs: token: ${{ secrets.RELEASE_BOT_GITHUB_TOKEN }} branch: main unprotect_reviews: true + tags: true - name: Publish to NPM public repository if: needs.changelog.outputs.release-type != 'no-release' From d1f334f3d7f454c44c1ea056e336cb5c709d6df4 Mon Sep 17 00:00:00 2001 From: Matti Schneider Date: Wed, 10 Jul 2024 16:25:20 +0200 Subject: [PATCH 04/14] Rely on action to push to target branch --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7594ff2..f37678e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,7 +30,6 @@ jobs: git config user.name "Open Terms Archive Release Bot" git config user.email "release-bot@opentermsarchive.org" git commit --message="Update changelog" CHANGELOG.md package.json package-lock.json - git push origin git rev-parse v${{ steps.update-changelog.outputs.version }} || git tag v${{ steps.update-changelog.outputs.version }} - name: Run status checks for release commit on temporary branch # Use temporary branch to enable pushing commits to this branch protected by required status checks From bb985c2ea45b48c07eb67ff1cd0fadc2fb9b54ae Mon Sep 17 00:00:00 2001 From: Matti Schneider Date: Wed, 10 Jul 2024 16:25:49 +0200 Subject: [PATCH 05/14] Optimise action performance --- .github/workflows/release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f37678e..ed08c48 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,6 +39,9 @@ jobs: branch: main unprotect_reviews: true tags: true + interval: 10 # seconds between checks + pre_sleep: 15 + fail_fast: true - name: Publish to NPM public repository if: needs.changelog.outputs.release-type != 'no-release' From a540240211f4c056c5fd2a3bfdb359840c39e79b Mon Sep 17 00:00:00 2001 From: Matti Schneider Date: Wed, 10 Jul 2024 16:34:10 +0200 Subject: [PATCH 06/14] Prevent double test runs --- .github/workflows/test.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9529d62..b7d1142 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -3,10 +3,8 @@ name: Validate document types on: push: branches-ignore: [ main ] # will be called from workflow call - pull_request: - types: [ opened, reopened ] workflow_call: - + jobs: validate: runs-on: ubuntu-latest From f38c07cbaf0bd17f5750c0844c7725281687094e Mon Sep 17 00:00:00 2001 From: Matti Schneider Date: Wed, 10 Jul 2024 16:57:12 +0200 Subject: [PATCH 07/14] Prevent workflow run on automatic commits --- .github/workflows/release.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ed08c48..9bb15a4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,8 +1,9 @@ name: Release on: - push: - branches: [ main ] + pull_request_target: + branches: [ main, test-main ] + types: [ closed ] jobs: changelog: @@ -12,6 +13,7 @@ jobs: uses: ./.github/workflows/test.yml release: + if: github.event.pull_request.merged == true needs: [ changelog, test ] runs-on: ubuntu-latest steps: From 7c8c64874e72cbc6ef612a2f0516e614ffcce92e Mon Sep 17 00:00:00 2001 From: Matti Schneider Date: Wed, 10 Jul 2024 16:58:08 +0200 Subject: [PATCH 08/14] Ease testing --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b7d1142..f409d9a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,7 +2,7 @@ name: Validate document types on: push: - branches-ignore: [ main ] # will be called from workflow call + branches-ignore: [ main, test-main ] # will be called from workflow call workflow_call: jobs: From 995af321051d4bdaa6218a9d6da4ac27ddba1f0f Mon Sep 17 00:00:00 2001 From: Matti Schneider Date: Wed, 10 Jul 2024 17:01:50 +0200 Subject: [PATCH 09/14] Rely on protection settings to ignore reviews See https://github.com/CasperWA/push-protected/issues/130 --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9bb15a4..b2f2581 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,7 +39,6 @@ jobs: with: token: ${{ secrets.RELEASE_BOT_GITHUB_TOKEN }} branch: main - unprotect_reviews: true tags: true interval: 10 # seconds between checks pre_sleep: 15 From 36b7dfb7cfafca1fc5e166ca01d4ff94979d97f7 Mon Sep 17 00:00:00 2001 From: Matti Schneider Date: Wed, 10 Jul 2024 17:21:55 +0200 Subject: [PATCH 10/14] Stop requiring release bot to be admin Combined with https://github.com/CasperWA/push-protected/issues/130 --- .github/workflows/changelog.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 85e356a..88fa6e7 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -2,6 +2,8 @@ name: Changelog on: pull_request: + push: + branches: [ 'push-action/**' ] # enable testing required checks, see https://github.com/CasperWA/push-protected?tab=readme-ov-file#update-your-workflow workflow_call: outputs: release-type: From f12eecce6d986048e06e0e99084930dacdbbc256 Mon Sep 17 00:00:00 2001 From: Matti Schneider Date: Wed, 10 Jul 2024 17:29:26 +0200 Subject: [PATCH 11/14] Revert "Use action option to publish git tags" 028b46c03cfd6983e4995b23a81b5785137536e4 We would otherwise need to fetch all tags to ensure we don't create an already existing one, which is more costly and less explicit --- .github/workflows/release.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b2f2581..5f8e70d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,10 @@ jobs: git config user.name "Open Terms Archive Release Bot" git config user.email "release-bot@opentermsarchive.org" git commit --message="Update changelog" CHANGELOG.md package.json package-lock.json - git rev-parse v${{ steps.update-changelog.outputs.version }} || git tag v${{ steps.update-changelog.outputs.version }} + + - name: Tag commit + if: needs.changelog.outputs.release-type != 'no-release' + run: git tag v${{ steps.update-changelog.outputs.version }} - name: Run status checks for release commit on temporary branch # Use temporary branch to enable pushing commits to this branch protected by required status checks uses: CasperWA/push-protected@v2 From 9ced530d0228c38a494c0f17a64eea8cbee31aa3 Mon Sep 17 00:00:00 2001 From: Matti Schneider Date: Wed, 10 Jul 2024 17:32:53 +0200 Subject: [PATCH 12/14] Refactor tagging step --- .github/workflows/release.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5f8e70d..4366036 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,10 +32,7 @@ jobs: git config user.name "Open Terms Archive Release Bot" git config user.email "release-bot@opentermsarchive.org" git commit --message="Update changelog" CHANGELOG.md package.json package-lock.json - - - name: Tag commit - if: needs.changelog.outputs.release-type != 'no-release' - run: git tag v${{ steps.update-changelog.outputs.version }} + [ ${{ needs.changelog.outputs.release-type }} != 'no-release' ] && git tag v${{ steps.update-changelog.outputs.version }} - name: Run status checks for release commit on temporary branch # Use temporary branch to enable pushing commits to this branch protected by required status checks uses: CasperWA/push-protected@v2 From 4eccec299846dc6b4710627bb185a39b2edc58b0 Mon Sep 17 00:00:00 2001 From: Matti Schneider Date: Thu, 11 Jul 2024 06:37:52 +0200 Subject: [PATCH 13/14] Validate changelog only in PRs targeting main Prevent validate-changelog workflow from failing on main Avoid unnecessary checks on intermediary branches --- .github/workflows/changelog.yml | 1 + .github/workflows/release.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 88fa6e7..821fb6f 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -12,6 +12,7 @@ on: jobs: validate-changelog: + if: github.base_ref == 'main' || github.base_ref == 'test-main' # check that changelog has valid unreleased changes only in PRs that could trigger a release runs-on: [ ubuntu-latest ] outputs: release-type: ${{ steps.validate-changelog.outputs.release-type }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4366036..dd715fb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,6 +39,7 @@ jobs: with: token: ${{ secrets.RELEASE_BOT_GITHUB_TOKEN }} branch: main + acceptable_conclusions: 'success,skipped' # changelog checks are skipped when not in a PR towards main branch tags: true interval: 10 # seconds between checks pre_sleep: 15 From 48af6bcc7a97a3b88db255413c9901add7553e03 Mon Sep 17 00:00:00 2001 From: Matti Schneider Date: Thu, 11 Jul 2024 07:35:05 +0200 Subject: [PATCH 14/14] [TOREMOVE] Test CI --- .github/workflows/release.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dd715fb..0958cb8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,13 +32,13 @@ jobs: git config user.name "Open Terms Archive Release Bot" git config user.email "release-bot@opentermsarchive.org" git commit --message="Update changelog" CHANGELOG.md package.json package-lock.json - [ ${{ needs.changelog.outputs.release-type }} != 'no-release' ] && git tag v${{ steps.update-changelog.outputs.version }} + [ ${{ needs.changelog.outputs.release-type }} != 'no-release' ] && git tag v${{ steps.update-changelog.outputs.version }}-changelog-action-test - name: Run status checks for release commit on temporary branch # Use temporary branch to enable pushing commits to this branch protected by required status checks uses: CasperWA/push-protected@v2 with: token: ${{ secrets.RELEASE_BOT_GITHUB_TOKEN }} - branch: main + branch: test-main acceptable_conclusions: 'success,skipped' # changelog checks are skipped when not in a PR towards main branch tags: true interval: 10 # seconds between checks @@ -50,11 +50,13 @@ jobs: uses: JS-DevTools/npm-publish@v3 with: token: ${{ secrets.NPMJS_ACCESS_TOKEN }} + tag: changelog-action-test + dry-run: true - name: Create GitHub release if: needs.changelog.outputs.release-type != 'no-release' uses: softprops/action-gh-release@v2 with: - tag_name: v${{ steps.update-changelog.outputs.version }} + tag_name: v${{ steps.update-changelog.outputs.version }}-changelog-action-test body: ${{ steps.update-changelog.outputs.content }} token: ${{ secrets.GITHUB_TOKEN }}