diff --git a/.github/workflows/do-release.yml b/.github/workflows/do-release.yml index e31cfd88..788c938a 100644 --- a/.github/workflows/do-release.yml +++ b/.github/workflows/do-release.yml @@ -18,6 +18,7 @@ jobs: permissions: contents: read id-token: write + pull-requests: write steps: - id: get-secrets @@ -35,6 +36,7 @@ jobs: app-id: ${{ fromJSON(steps.get-secrets.outputs.secrets).GITHUB_APP_ID }} private-key: ${{ fromJSON(steps.get-secrets.outputs.secrets).GITHUB_APP_PRIVATE_KEY }} permission-contents: write + permission-pull-requests: write - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -46,14 +48,35 @@ jobs: git config user.name 'grafana-plugins-platform-bot[bot]' git config user.email '144369747+grafana-plugins-platform-bot[bot]@users.noreply.github.com' - - name: bump version - run: npm version ${INPUT_VERSION} + - name: Bump version + id: bump env: INPUT_VERSION: ${{ github.event.inputs.version }} - GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} + run: | + NEW_VERSION=$(npm version "$INPUT_VERSION" --no-git-tag-version) + echo "version=$NEW_VERSION" >> "$GITHUB_OUTPUT" + echo "branch=release/bump-$NEW_VERSION" >> "$GITHUB_OUTPUT" + + - name: Commit and push branch + env: + NEW_VERSION: ${{ steps.bump.outputs.version }} + BRANCH: ${{ steps.bump.outputs.branch }} + run: | + git switch -c "$BRANCH" + git add package.json package-lock.json + git commit -m "chore: release $NEW_VERSION" + git push origin "$BRANCH" - - name: Push latest version - run: git push origin main + - name: Open PR + env: + GH_TOKEN: ${{ steps.generate_token.outputs.token }} + NEW_VERSION: ${{ steps.bump.outputs.version }} + BRANCH: ${{ steps.bump.outputs.branch }} + run: | + gh pr create \ + --base main \ + --head "$BRANCH" \ + --title "chore: release $NEW_VERSION" \ + --body "Automated version bump to \`$NEW_VERSION\`. - - name: Push tags - run: git push origin --tags + Once this PR is merged, the **Tag on version bump** workflow will create the \`$NEW_VERSION\` tag, which triggers the release pipeline (GitHub Release, npm, Docker)." diff --git a/.github/workflows/tag-on-version-bump.yml b/.github/workflows/tag-on-version-bump.yml new file mode 100644 index 00000000..b59b35d8 --- /dev/null +++ b/.github/workflows/tag-on-version-bump.yml @@ -0,0 +1,64 @@ +name: Tag on version bump + +on: + push: + branches: + - main + paths: + - package.json + +jobs: + tag: + runs-on: ubuntu-arm64-small + permissions: + contents: read + id-token: write + + steps: + - id: get-secrets + uses: grafana/shared-workflows/actions/get-vault-secrets@a37de51f3d713a30a9e4b21bcdfbd38170020593 # v1.3.0 + with: + repo_secrets: | + GITHUB_APP_ID=plugins-platform-bot-app:app_id + GITHUB_APP_PRIVATE_KEY=plugins-platform-bot-app:app_pem + export_env: false + + - name: Generate token + id: generate_token + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + with: + app-id: ${{ fromJSON(steps.get-secrets.outputs.secrets).GITHUB_APP_ID }} + private-key: ${{ fromJSON(steps.get-secrets.outputs.secrets).GITHUB_APP_PRIVATE_KEY }} + permission-contents: write + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: 2 + token: ${{ steps.generate_token.outputs.token }} + persist-credentials: true + + - name: Setup Git + run: | + git config user.name 'grafana-plugins-platform-bot[bot]' + git config user.email '144369747+grafana-plugins-platform-bot[bot]@users.noreply.github.com' + + - name: Tag if version changed + run: | + NEW_VERSION=$(jq -r .version package.json) + if git rev-parse HEAD~1 >/dev/null 2>&1; then + PREV_VERSION=$(git show HEAD~1:package.json 2>/dev/null | jq -r .version) + else + PREV_VERSION="" + fi + if [ "$NEW_VERSION" = "$PREV_VERSION" ]; then + echo "Version unchanged ($NEW_VERSION). Nothing to do." + exit 0 + fi + TAG="v$NEW_VERSION" + if git ls-remote --exit-code --tags origin "$TAG" >/dev/null 2>&1; then + echo "Tag $TAG already exists. Skipping." + exit 0 + fi + echo "Creating and pushing tag $TAG" + git tag "$TAG" + git push origin "$TAG" diff --git a/HOW_TO_RELEASE.md b/HOW_TO_RELEASE.md index cadaed34..0e092ac5 100644 --- a/HOW_TO_RELEASE.md +++ b/HOW_TO_RELEASE.md @@ -19,7 +19,9 @@ Use the ["Bump Version and release"](https://github.com/grafana/plugin-validator ### What happens after the workflow runs? -The workflow bumps the version in `package.json`, commits to `main`, and pushes a `v*` tag. The tag push automatically triggers the ["Create release and publish"](https://github.com/grafana/plugin-validator/actions/workflows/release.yml) workflow, which: +The workflow bumps the version in `package.json` on a new branch and opens a pull request titled `chore: release vX.Y.Z`. **Review and squash-merge the PR** to continue the release. + +When the PR merges, the ["Tag on version bump"](https://github.com/grafana/plugin-validator/actions/workflows/tag-on-version-bump.yml) workflow detects the version change and pushes a `v*` tag. The tag push automatically triggers the ["Create release and publish"](https://github.com/grafana/plugin-validator/actions/workflows/release.yml) workflow, which: 1. Builds binaries via GoReleaser (Linux, Windows, Darwin) and creates a **GitHub Release** 2. Publishes to **npm** (`@grafana/plugin-validator`)