From 09ab3d478d8e99904e74c162ba088b759f37ec6c Mon Sep 17 00:00:00 2001 From: justinsb Date: Sat, 26 Apr 2025 06:57:38 -0400 Subject: [PATCH] chore: Add automatic tag and branch creation, triggered by version/TAG_VERSION Doing this makes permissions easier (no need for admin access) and also ensures that tag operations go through PR review (which is nice from a compliance perspective). Inspired by similar work done by the kOps maintainers. --- .github/workflows/tag-release.yaml | 23 +++++++++++++ dev/bots/projectbots/tag-release | 52 ++++++++++++++++++++++++++++++ version/README.md | 3 ++ version/TAG_VERSION | 1 + 4 files changed, 79 insertions(+) create mode 100644 .github/workflows/tag-release.yaml create mode 100755 dev/bots/projectbots/tag-release create mode 100644 version/README.md create mode 100644 version/TAG_VERSION diff --git a/.github/workflows/tag-release.yaml b/.github/workflows/tag-release.yaml new file mode 100644 index 00000000..052cf2c6 --- /dev/null +++ b/.github/workflows/tag-release.yaml @@ -0,0 +1,23 @@ +name: 'Tag Release' + +on: + push: + branches: + - master + - 'release-*' + paths: + - version/* + +jobs: + tag-release: + if: ${{ github.repository == 'kubernetes-sigs/kubebuilder-declarative-pattern' }} + runs-on: ubuntu-24.04 + + permissions: + contents: write + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - run: /usr/bin/git config --global user.email actions@github.com + - run: /usr/bin/git config --global user.name 'GitHub Actions Release Tagger' + - run: dev/bots/projectbots/tag-release diff --git a/dev/bots/projectbots/tag-release b/dev/bots/projectbots/tag-release new file mode 100755 index 00000000..ca40b266 --- /dev/null +++ b/dev/bots/projectbots/tag-release @@ -0,0 +1,52 @@ +#!/bin/bash + +# Copyright 2025 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# Helper script to tag a release when the version/TAG_VERSION file is updated. + +set -o errexit +set -o nounset +set -o pipefail + +VERSION=$(cat version/TAG_VERSION) + +if [[ ! "${VERSION}" =~ ^([0-9]+[.][0-9]+)[.]([0-9]+)(-(alpha|beta)[.]([0-9]+))?$ ]]; then + echo "Version ${VERSION} must be 'X.Y.Z', 'X.Y.Z-alpha.N', or 'X.Y.Z-beta.N'" + exit 1 +fi + +# Store the minor version for use in the branch creation. +# We want to capture this value now before we do another regex match. +MINOR=${BASH_REMATCH[1]} +RELEASE_BRANCH="release-${MINOR}" + +if [ "$(git tag -l "v${VERSION}")" ]; then + echo "Tag v${VERSION} already exists" + exit 0 +fi + +echo "Tagging Release ${VERSION}" +git tag -a -m "Release ${VERSION}" "v${VERSION}" +git push origin "v${VERSION}" + +# Create the release branch automatically on the first beta release. +if [[ ! "${VERSION}" =~ .0-beta.1$ ]]; then + exit 0 +fi + +echo "Creating Release Branch ${RELEASE_BRANCH}" +git branch "${RELEASE_BRANCH}" +git push origin "${RELEASE_BRANCH}" diff --git a/version/README.md b/version/README.md new file mode 100644 index 00000000..34a63c1b --- /dev/null +++ b/version/README.md @@ -0,0 +1,3 @@ +The files in this directory allow for github repo tagging to be controlled by Pull Request (and go through approval). + +These files are watched by the github actions defined in [tag-release.yaml](/.github/workflows/tag-release.yaml). \ No newline at end of file diff --git a/version/TAG_VERSION b/version/TAG_VERSION new file mode 100644 index 00000000..11dae0c0 --- /dev/null +++ b/version/TAG_VERSION @@ -0,0 +1 @@ +0.15.0-beta.2 \ No newline at end of file