From 55821c175dab3a866e04e2e58d106347965e694a Mon Sep 17 00:00:00 2001
From: Nicholas Felt <nicholas.felt@tektronix.com>
Date: Mon, 9 Sep 2024 09:19:28 -0700
Subject: [PATCH] Update package-release workflow to prevent marking the
 workflow as failed if the deployment is rejected (#84)

---
 .../workflows/_reusable-package-release.yml   | 27 +++++++++++++------
 CHANGELOG.md                                  |  1 +
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/_reusable-package-release.yml b/.github/workflows/_reusable-package-release.yml
index 19dcb159..abe650ed 100644
--- a/.github/workflows/_reusable-package-release.yml
+++ b/.github/workflows/_reusable-package-release.yml
@@ -123,6 +123,7 @@ jobs:
     if: github.repository == inputs.repo-name && github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest
     environment: package-release-gate
+    continue-on-error: true
     permissions:
       id-token: write
       contents: write
@@ -153,14 +154,20 @@ jobs:
           git_committer_name: ${{ inputs.commit-user-name }}
           ssh_public_signing_key: ${{ secrets.ssh-signing-key-public }}
           ssh_private_signing_key: ${{ secrets.ssh-signing-key-private }}
+      - name: Mark the release as approved
+        id: set-approved
+        if: ${{ steps.release.conclusion == 'success' }}
+        run: echo "approved=true" >> "$GITHUB_OUTPUT"
     outputs:
       built-version: ${{ steps.release.outputs.version }}
+      approved: ${{ steps.set-approved.outputs.approved }}
   # Build the newly updated package
   pypi-build:
     name: Build package
     needs: [print-inputs, bump-version]
     if: inputs.build-and-publish-python-package && github.repository == inputs.repo-name
-      && github.ref == 'refs/heads/main'
+      && github.ref == 'refs/heads/main' && needs.bump-version.outputs.approved ==
+      'true'
     runs-on: ubuntu-latest
     permissions:
       id-token: write
@@ -177,9 +184,10 @@ jobs:
   # Upload the official package version to TestPyPI
   upload-testpypi:
     name: Upload package to TestPyPI
-    needs: [print-inputs, pypi-build]
+    needs: [print-inputs, bump-version, pypi-build]
     if: inputs.build-and-publish-python-package && github.repository == inputs.repo-name
-      && github.ref == 'refs/heads/main'
+      && github.ref == 'refs/heads/main' && needs.bump-version.outputs.approved ==
+      'true'
     runs-on: ubuntu-latest
     environment: package-testpypi
     permissions:
@@ -198,9 +206,10 @@ jobs:
   # Upload the official package version to PyPI
   upload-pypi:
     name: Upload package to PyPI
-    needs: [print-inputs, upload-testpypi]
+    needs: [print-inputs, bump-version, upload-testpypi]
     if: inputs.build-and-publish-python-package && github.repository == inputs.repo-name
-      && github.ref == 'refs/heads/main'
+      && github.ref == 'refs/heads/main' && needs.bump-version.outputs.approved ==
+      'true'
     runs-on: ubuntu-latest
     environment: package-release
     permissions:
@@ -218,9 +227,10 @@ jobs:
   # Upload the official package binaries to the GitHub Release
   upload-github:
     name: Upload package to GitHub Release
-    needs: [print-inputs, upload-pypi]
+    needs: [print-inputs, bump-version, upload-pypi]
     if: inputs.build-and-publish-python-package && github.repository == inputs.repo-name
-      && github.ref == 'refs/heads/main'
+      && github.ref == 'refs/heads/main' && needs.bump-version.outputs.approved ==
+      'true'
     runs-on: ubuntu-latest
     permissions:
       id-token: write
@@ -251,7 +261,8 @@ jobs:
       - upload-pypi
       - upload-github
     if: inputs.build-and-publish-python-package && github.repository == inputs.repo-name
-      && github.ref == 'refs/heads/main'
+      && github.ref == 'refs/heads/main' && needs.bump-version.outputs.approved ==
+      'true'
     runs-on: ${{ matrix.os-name }}-latest
     permissions: {}
     strategy:
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3d15e951..b5a73e18 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,7 @@ Things to be included in the next release go here.
 - Bumped dependency versions.
 - Changed the `_reusable-update-python-and-pre-commit-dependencies.yml` workflow to no longer only work on PRs from Dependabot, users will now need to apply any conditional login in the calling workflow.
 - Updated the `_reusable-update-python-and-pre-commit-dependencies.yml` workflow to allow using [`renovate`](https://docs.renovatebot.com/) instead of Dependabot to update dependencies.
+- Updated the `_reusable-package-release.yml` workflow to not show as failed if the `bump-release` deployment is rejected by a reviewer.
 
 ---