This workflow automatically bumps references to netcracker/qubership-test-pipelines in all .github/workflows/*.yaml workflow files to the latest release commit SHA, and updates pipeline_branch to the same SHA value.
It is useful to keep downstream workflow definitions aligned with the latest test-pipeline version and avoid manual PR churn.
on: workflow_dispatch(manual run)
In jobs.bump.permissions:
contents: writepull-requests: write
The run also requires a PAT in repository secrets with:
GH_ACCESS_TOKENcontainingcontents: writeandworkflows: write.
Runs on:
ubuntu-latest
-
Get latest release tag SHA
curllatest release from:https://api.github.com/repos/netcracker/qubership-test-pipelines/releases/latest
- resolves tag name and tag object SHA into:
latest_release_taglatest_release_tag_sha
- stores in
GITHUB_ENV
-
Checkout
uses: actions/checkout@v6ref: mainpersist-credentials: truetoken: ${{ secrets.GH_ACCESS_TOKEN }}
-
Update version
- env
GH_TOKEN: ${{ github.token }} - config Git user:
github-actions[bot]@qubership.comGit Hub Actions [Bot]
- For each workflow file under
./.github/workflowscontaininguses: netcracker/qubership-test-pipelines:- update
uses: ... @<sha>plus comment# <tag> - update
pipeline_branch: '<sha>'
- update
- If
git statusshows changes:- branch
feature/bump-test-pipelines-version-<timestamp> - commit message:
chore: bump netcracker/qubership-test-pipelines version to '<sha>' [<tag>]
- push branch
- create PR:
- via
gh pr create --base main --head <branch> --title ... --body ...
- via
- branch
- Else:
- prints
No changes.
- prints
- env
- The workflow uses the release tag's Git object SHA, not the tag name, as version pin.
- It ensures both
uses: ...andpipeline_branch:are updated in sync. - Requires
ghCLI auth context in runner.