diff --git a/.github/workflows/check-changelog.yml b/.github/workflows/check-changelog.yml index 04446c3..ca89f84 100644 --- a/.github/workflows/check-changelog.yml +++ b/.github/workflows/check-changelog.yml @@ -6,12 +6,18 @@ on: # Edited such that we can detect changes to the description types: [opened, synchronize, reopened, edited] +permissions: + pull-requests: read + jobs: check: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: + # We need to fetch the parents of the HEAD commit (which is a merge), + # because we need to compare the PR against the base branch + # to check whether it added a changelog fetch-depth: 2 - name: check changelog diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 32abadb..adc4cc6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -27,6 +27,11 @@ jobs: # This is needed so we can determine the commits (and therefore PRs) # where the changelogs have been added fetch-depth: 0 + # By default, the github.token is used and stored in the Git config, + # This would override any authentication provided in the URL, + # which we do later to push to a fork. + # So we need to prevent that from being stored. + persist-credentials: false - uses: cachix/install-nix-action@v26 @@ -34,26 +39,34 @@ jobs: run: | nix-build -A autoVersion version=$(result/bin/auto-version . ${{ github.event.pull_request.number || '' }}) - git config user.name ${{ github.actor }} - git config user.email ${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com - git commit --all --message "Version $version + echo "version=$version" >> "$GITHUB_ENV" - Automated release" + if [[ -n "$version" ]]; then + git config user.name ${{ github.actor }} + git config user.email ${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com + git add --all + git commit --message "Version $version - echo "version=$version" >> "$GITHUB_ENV" + Automated release" + fi env: GH_TOKEN: ${{ github.token }} - name: Outputting draft release notes + # If we have a new version at all (it's not an empty string) + # And it's not a push event (so it's a PR), if: ${{ env.version && github.event_name != 'push' }} + # we just output the draft changelog into the step summary run: cat changes/released/${{ env.version }}.md > "$GITHUB_STEP_SUMMARY" - name: Update release branch - #if: ${{ env.version && github.event_name == 'push' }} + # But if this is a push te the main branch, + if: ${{ env.version && github.event_name == 'push' }} + # we push to the release branch. # This continuously updates the release branch to contain the latest release notes, # so that one can just merge the release branch into main to do a release. # A PR to do that is opened regularly with another workflow - run: git push origin HEAD:refs/heads/release -f + run: git push https://${{ secrets.MACHINE_USER_PAT }}@github.com/infinixbot/nixpkgs-check-by-name.git HEAD:refs/heads/release -f test-update: diff --git a/.github/workflows/regular-release.yml b/.github/workflows/regular-release.yml index cf68973..819eb4b 100644 --- a/.github/workflows/regular-release.yml +++ b/.github/workflows/regular-release.yml @@ -8,12 +8,20 @@ jobs: version: runs-on: ubuntu-latest steps: + - uses: actions/checkout@v4 + with: + repository: infinixbot/nixpkgs-check-by-name + ref: release + - name: Create Pull Request run: | gh pr create \ --repo ${{ github.repository }} \ - --fill \ - --head release + --title "$(git log -1 --format=%s HEAD)" \ + --body "Automated release PR. + + - [x] This change is user-facing + " env: # Needed so that CI triggers GH_TOKEN: ${{ secrets.MACHINE_USER_PAT }}