feat(NODE-6157): add signature to github releases #160
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release_notes | |
on: | |
workflow_dispatch: | |
inputs: | |
releasePr: | |
description: 'Enter release PR number' | |
required: true | |
type: number | |
issue_comment: | |
types: [created] | |
permissions: | |
contents: write | |
pull-requests: write | |
jobs: | |
release_notes: | |
runs-on: ubuntu-latest | |
# Run only if dispatched or comment on a pull request | |
if: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'issue_comment' && github.event.issue.pull_request && github.event.comment.body == 'run release_notes') }} | |
steps: | |
# Determine if the triggering_actor is allowed to run this action | |
# We only permit maintainers | |
# Not only is 'triggering_actor' common between the trigger events it will also change if someone re-runs an old job | |
- name: check if triggering_actor is allowed to generate notes | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
COMMENTER: ${{ github.triggering_actor && github.triggering_actor || 'empty_triggering_actor' }} | |
API_ENDPOINT: /repos/${{ github.repository }}/collaborators?permission=maintain | |
shell: bash | |
run: | | |
if [ $COMMENTER = "empty_triggering_actor" ]; then exit 1; fi | |
set -o pipefail | |
if gh api "$API_ENDPOINT" --paginate --jq ".[].login" | grep -q "^$COMMENTER\$"; then | |
echo "$COMMENTER permitted to trigger notes!" && exit 0 | |
else | |
echo "$COMMENTER not permitted to trigger notes" && exit 1 | |
fi | |
# checkout the HEAD ref from prNumber | |
- uses: actions/checkout@v4 | |
with: | |
ref: refs/pull/${{ github.event_name == 'issue_comment' && github.event.issue.number || inputs.releasePr }}/head | |
# Setup Node.js and npm install | |
- name: actions/setup | |
uses: ./.github/actions/setup | |
# See: https://github.com/googleapis/release-please/issues/1274 | |
# Get the PRs that are in this release | |
# Outputs a list of comma seperated PR numbers, parsed from HISTORY.md | |
- id: pr_list | |
run: node .github/scripts/pr_list.mjs | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
# From the list of PRs, gather the highlight sections of the PR body | |
# output JSON with "highlights" key (to preserve newlines) | |
- id: highlights | |
run: node .github/scripts/highlights.mjs | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
PR_LIST: ${{ steps.pr_list.outputs.pr_list }} | |
REPOSITORY: ${{ github.repository }} | |
# The combined output is available | |
- id: release_notes | |
run: node .github/scripts/release_notes.mjs | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
HIGHLIGHTS: ${{ steps.highlights.outputs.highlights }} | |
# Update the release PR body | |
- run: gh pr edit ${{ github.event_name == 'issue_comment' && github.event.issue.number || inputs.releasePr }} --body-file ${{ steps.release_notes.outputs.release_notes_path }} | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ github.token }} |