name: Release - RC tagging automation on: workflow_dispatch: inputs: version: description: Current release/rc version in format pezkuwi-stableYYMM workflow_call: inputs: version: description: Current release/rc version in format pezkuwi-stableYYMM type: string jobs: tag_rc: runs-on: ubuntu-latest strategy: matrix: channel: - name: "RelEng: Pezkuwi Release Coordination" room: '!cqAmzdIcbOFwrdrubV:pezkuwichain.io' environment: release env: PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }} PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} steps: - name: Install pgpkkms run: | # Install pgpkms that is used to sign commits pip install git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151 - name: Generate content write token for the release automation id: generate_write_token uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 with: app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }} private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }} owner: pezkuwichain - name: Checkout sources uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7 with: fetch-depth: 0 token: ${{ steps.generate_write_token.outputs.token }} - name: Import gpg keys run: | . ./.github/scripts/common/lib.sh import_gpg_keys - name: Config git run: | git config --global commit.gpgsign true git config --global gpg.program /home/runner/.local/bin/pgpkms-git git config --global user.name "ParityReleases" git config --global user.email "release-team@pezkuwichain.io" git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51" - name: Compute next rc tag # if: ${{ steps.get_rel_product.outputs.product == 'pezkuwi' }} id: compute_tag shell: bash run: | . ./.github/scripts/common/lib.sh # Get last rc tag if exists, else set it to {version}-rc1 if [[ -z "${{ inputs.version }}" ]]; then version=v$(get_pezkuwi_node_version_from_code) else version=$(validate_stable_tag ${{ inputs.version }}) fi echo "$version" echo "version=$version" >> $GITHUB_OUTPUT last_rc=$(get_latest_rc_tag $version pezkuwi) if [ -n "$last_rc" ]; then suffix=$(increment_rc_tag $last_rc) echo "new_tag=$version-rc$suffix" >> $GITHUB_OUTPUT echo "first_rc=false" >> $GITHUB_OUTPUT else echo "new_tag=$version-rc1" >> $GITHUB_OUTPUT echo "first_rc=true" >> $GITHUB_OUTPUT fi - name: Apply new tag env: GH_TOKEN: ${{ steps.generate_write_token.outputs.token }} RC_TAG: ${{ steps.compute_tag.outputs.new_tag }} run: | git tag -s $RC_TAG -m "new rc tag $RC_TAG" git push origin $RC_TAG - name: Send Matrix message to ${{ matrix.channel.name }} uses: s3krit/matrix-message-action@70ad3fb812ee0e45ff8999d6af11cafad11a6ecf # v0.0.3 # if: steps.create-issue.outputs.url != '' with: room_id: ${{ matrix.channel.room }} access_token: ${{ secrets.RELEASENOTES_MATRIX_V2_ACCESS_TOKEN }} server: m.pezkuwichain.io message: | Release process for pezkuwi ${{ steps.compute_tag.outputs.new_tag }} has been started.