bump-version #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: bump-version | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "Version of semgrep to use" | |
| required: true | |
| type: string | |
| jobs: | |
| bump-version: | |
| runs-on: ubuntu-20.04 | |
| permissions: | |
| id-token: write | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Update version | |
| env: | |
| SEMGREP_STATIC_VERSION: "release-${{ inputs.version }}" | |
| run: | | |
| if ! curl -L --silent --fail --output /dev/null --head "https://static.semgrep.dev/static/turbo/${SEMGREP_STATIC_VERSION}/engine/dist/index.mjs"; then | |
| echo "Invalid or unpublished version: ${SEMGREP_STATIC_VERSION}" | |
| exit 1 | |
| fi | |
| echo "${SEMGREP_STATIC_VERSION}" > semgrep-version | |
| - name: Commit and push | |
| id: commit | |
| env: | |
| NEW_SEMGREP_VERSION: "${{ github.event.inputs.version }}" | |
| GITHUB_ACTOR: "${{ github.actor }}" | |
| GITHUB_RUN_ID: "${{ github.run_id }}" | |
| GITHUB_RUN_ATTEMPT: "${{ github.run_attempt }}" | |
| run: | | |
| git config user.name "${GITHUB_ACTOR}" | |
| git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
| BRANCH="gha/bump-version-${NEW_SEMGREP_VERSION}-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}" | |
| SUBJECT="Bump semgrep to ${NEW_SEMGREP_VERSION}" | |
| git checkout -b "${BRANCH}" | |
| git add . | |
| git commit -m "${SUBJECT}" | |
| git push --set-upstream origin "${BRANCH}" | |
| echo "branch=${BRANCH}" >> "${GITHUB_OUTPUT}" | |
| echo "subject=${SUBJECT}" >> "${GITHUB_OUTPUT}" | |
| - name: Create PR | |
| id: open-pr | |
| env: | |
| SOURCE: "${{ steps.commit.outputs.branch }}" | |
| TARGET: "${{ github.event.repository.default_branch }}" | |
| TITLE: "chore: Release Version ${{ inputs.version }}" | |
| VERSION: "${{ inputs.version }}" | |
| GH_TOKEN: "${{ github.token }}" | |
| run: | | |
| # check if the branch already has a pull request open | |
| if gh pr list --head "${SOURCE}" | grep -vq "no pull requests"; then | |
| # pull request already open | |
| echo "pull request from SOURCE ${SOURCE} to TARGET ${TARGET} is already open"; | |
| echo "cancelling release" | |
| exit 1 | |
| fi | |
| # open new pull request with the body of from the local template. | |
| gh pr create --title "${TITLE}" --body "Bump Semgrep Version to ${VERSION}" --base "${TARGET}" --head "${SOURCE}" |