From 412d7ce22d98b96dae4373acaf51add9a98395a0 Mon Sep 17 00:00:00 2001 From: Aleksandr Misonizhnik Date: Fri, 20 Mar 2026 13:44:26 +0300 Subject: [PATCH 1/4] fix(ci): Add shared concurrency group and force-update tags across release workflows Prevent concurrent release workflows from failing due to stale floating tags by using a shared concurrency group and git fetch --tags --force. --- .github/workflows/release-cli.yaml | 5 ++++- .github/workflows/release-github.yaml | 5 ++++- .github/workflows/release-gitlab.yaml | 5 ++++- .github/workflows/release-rules.yaml | 5 ++++- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release-cli.yaml b/.github/workflows/release-cli.yaml index 2a06ea598..01a8be666 100644 --- a/.github/workflows/release-cli.yaml +++ b/.github/workflows/release-cli.yaml @@ -16,7 +16,7 @@ on: concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: release-${{ github.ref }} cancel-in-progress: false env: @@ -73,6 +73,9 @@ jobs: git config user.email "41898282+github-actions[bot]@users.noreply.github.com" git tag "v${{ steps.manual_release.outputs.new-version }}" git push origin "v${{ steps.manual_release.outputs.new-version }}" + - + name: Force-update tags + run: git fetch --tags --force - name: 'Release (auto)' if: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.release_type == 'auto' }} diff --git a/.github/workflows/release-github.yaml b/.github/workflows/release-github.yaml index 2bd44e470..51689bfd6 100644 --- a/.github/workflows/release-github.yaml +++ b/.github/workflows/release-github.yaml @@ -16,7 +16,7 @@ on: concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: release-${{ github.ref }} cancel-in-progress: false permissions: @@ -78,6 +78,9 @@ jobs: --generate-notes \ --latest=false + - name: Force-update tags + run: git fetch --tags --force + - name: Release (auto) if: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.release_type == 'auto' }} uses: cycjimmy/semantic-release-action@v4 diff --git a/.github/workflows/release-gitlab.yaml b/.github/workflows/release-gitlab.yaml index 28980b15e..627a1b426 100644 --- a/.github/workflows/release-gitlab.yaml +++ b/.github/workflows/release-gitlab.yaml @@ -16,7 +16,7 @@ on: concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: release-${{ github.ref }} cancel-in-progress: false permissions: @@ -80,6 +80,9 @@ jobs: echo "v${{ steps.manual_release.outputs.new-version }}" > gitlab/release_version.txt + - name: Force-update tags + run: git fetch --tags --force + - name: Release (auto) if: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.release_type == 'auto' }} uses: cycjimmy/semantic-release-action@v4 diff --git a/.github/workflows/release-rules.yaml b/.github/workflows/release-rules.yaml index 69b36e1d5..83d611d60 100644 --- a/.github/workflows/release-rules.yaml +++ b/.github/workflows/release-rules.yaml @@ -16,7 +16,7 @@ on: concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: release-${{ github.ref }} cancel-in-progress: false jobs: @@ -85,6 +85,9 @@ jobs: echo "v${{ steps.manual_release.outputs.new-version }}" > rules/release_version.txt + - name: Force-update tags + run: git fetch --tags --force + - name: Release (auto) if: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.release_type == 'auto' }} uses: cycjimmy/semantic-release-action@v4 From 5ba7c64847163f50236fe881bdbbcd46f1afec96 Mon Sep 17 00:00:00 2001 From: Aleksandr Misonizhnik Date: Fri, 20 Mar 2026 14:19:41 +0300 Subject: [PATCH 2/4] fix(ci): Create releases as drafts and publish as non-latest via API semantic-release's @semantic-release/github plugin unconditionally marks releases as latest when releasing from main. Use draftRelease to create draft releases, then publish them via gh api with make_latest=false. --- .github/workflows/release-github.yaml | 7 +++++-- .github/workflows/release-gitlab.yaml | 7 +++++-- .github/workflows/release-rules.yaml | 7 +++++-- github/.releaserc.cjs | 1 + gitlab/.releaserc.cjs | 1 + rules/.releaserc.cjs | 1 + 6 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release-github.yaml b/.github/workflows/release-github.yaml index 51689bfd6..7db1b5cbd 100644 --- a/.github/workflows/release-github.yaml +++ b/.github/workflows/release-github.yaml @@ -95,14 +95,17 @@ jobs: @semantic-release/exec@6.0.3 conventional-changelog-conventionalcommits@7.0.2 - - name: Unmark release as latest + - name: Publish release as non-latest if: ${{ steps.manual_release.outputs.new-version != '' || steps.version.outputs.new_release_published == 'true' }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | RELEASE_VERSION="${{ steps.manual_release.outputs.new-version || steps.version.outputs.new_release_version }}" RELEASE_TAG="github/v$(echo "$RELEASE_VERSION" | sed 's/^v//')" - gh release edit "$RELEASE_TAG" --latest=false + RELEASE_ID=$(gh api "repos/$GITHUB_REPOSITORY/releases/tags/$RELEASE_TAG" -q '.id') + gh api -X PATCH "repos/$GITHUB_REPOSITORY/releases/$RELEASE_ID" \ + -F draft=false \ + -f make_latest=false - name: Push floating version tags if: ${{ steps.manual_release.outputs.new-version != '' || steps.version.outputs.new_release_published == 'true' }} diff --git a/.github/workflows/release-gitlab.yaml b/.github/workflows/release-gitlab.yaml index 627a1b426..0035c34e9 100644 --- a/.github/workflows/release-gitlab.yaml +++ b/.github/workflows/release-gitlab.yaml @@ -109,7 +109,7 @@ jobs: fi rm -f release_version.txt - - name: Unmark release as latest + - name: Publish release as non-latest if: ${{ steps.manual_release.outputs.new-version != '' || steps.release_version.outputs.status == 'succeeded' }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -119,7 +119,10 @@ jobs: RELEASE_VERSION="${{ steps.release_version.outputs.RELEASE_VERSION }}" fi RELEASE_TAG="gitlab/v$(echo "$RELEASE_VERSION" | sed 's/^v//')" - gh release edit "$RELEASE_TAG" --latest=false + RELEASE_ID=$(gh api "repos/$GITHUB_REPOSITORY/releases/tags/$RELEASE_TAG" -q '.id') + gh api -X PATCH "repos/$GITHUB_REPOSITORY/releases/$RELEASE_ID" \ + -F draft=false \ + -f make_latest=false - name: Update floating latest tag if: ${{ steps.manual_release.outputs.new-version != '' || steps.release_version.outputs.status == 'succeeded' }} diff --git a/.github/workflows/release-rules.yaml b/.github/workflows/release-rules.yaml index 83d611d60..df7ba536b 100644 --- a/.github/workflows/release-rules.yaml +++ b/.github/workflows/release-rules.yaml @@ -114,7 +114,7 @@ jobs: fi rm -f release_version.txt - - name: Unmark release as latest + - name: Publish release as non-latest if: ${{ steps.manual_release.outputs.new-version != '' || steps.release_version.outputs.status == 'succeeded' }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -124,7 +124,10 @@ jobs: RELEASE_VERSION="${{ steps.release_version.outputs.RELEASE_VERSION }}" fi RELEASE_TAG="rules/v$(echo "$RELEASE_VERSION" | sed 's/^v//')" - gh release edit "$RELEASE_TAG" --latest=false + RELEASE_ID=$(gh api "repos/$GITHUB_REPOSITORY/releases/tags/$RELEASE_TAG" -q '.id') + gh api -X PATCH "repos/$GITHUB_REPOSITORY/releases/$RELEASE_ID" \ + -F draft=false \ + -f make_latest=false - name: Update floating latest tag if: ${{ steps.manual_release.outputs.new-version != '' || steps.release_version.outputs.status == 'succeeded' }} diff --git a/github/.releaserc.cjs b/github/.releaserc.cjs index d4bcf83b0..744690472 100644 --- a/github/.releaserc.cjs +++ b/github/.releaserc.cjs @@ -44,6 +44,7 @@ module.exports = { failTitle: false, labels: false, releasedLabels: false, + draftRelease: true, assets: [], }, ], diff --git a/gitlab/.releaserc.cjs b/gitlab/.releaserc.cjs index f51d39e17..4d9070c3b 100644 --- a/gitlab/.releaserc.cjs +++ b/gitlab/.releaserc.cjs @@ -44,6 +44,7 @@ module.exports = { failTitle: false, labels: false, releasedLabels: false, + draftRelease: true, assets: [], }, ], diff --git a/rules/.releaserc.cjs b/rules/.releaserc.cjs index 0ce48e31b..17a634c44 100644 --- a/rules/.releaserc.cjs +++ b/rules/.releaserc.cjs @@ -44,6 +44,7 @@ module.exports = { failTitle: false, labels: false, releasedLabels: false, + draftRelease: true, assets: [ { path: '../opentaint-rules.tar.gz', From bb4d19ee9867baeebd36cd93ec1dad56a776a167 Mon Sep 17 00:00:00 2001 From: Aleksandr Misonizhnik Date: Fri, 20 Mar 2026 14:22:04 +0300 Subject: [PATCH 3/4] feat(ci): Add floating major version tags to gitlab, rules, and CLI releases Push major version tags (e.g. gitlab/v0, rules/v0, v0) alongside the existing latest and minor floating tags. The github workflow already had this. Also deduplicate git config calls in minor tag steps. --- .github/workflows/release-cli.yaml | 6 +++++- .github/workflows/release-gitlab.yaml | 23 ++++++++++++----------- .github/workflows/release-rules.yaml | 23 ++++++++++++----------- 3 files changed, 29 insertions(+), 23 deletions(-) diff --git a/.github/workflows/release-cli.yaml b/.github/workflows/release-cli.yaml index 01a8be666..1a0a91b2e 100644 --- a/.github/workflows/release-cli.yaml +++ b/.github/workflows/release-cli.yaml @@ -278,15 +278,19 @@ jobs: OPENTAINT_OWNER=${{ github.repository_owner }} SEQRA_BUILD_FLAGS=-s -w -X github.com/${{ github.repository_owner }}/opentaint/internal/version.Version=${{ steps.release_version.outputs.RELEASE_VERSION }} - - name: Update floating latest tag + name: Update floating version tags if: ${{ steps.release_version.outputs.status == 'succeeded' }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | RELEASE_TAG="v${{ steps.release_version.outputs.RELEASE_VERSION }}" + MAJOR="$(echo "${{ steps.release_version.outputs.RELEASE_VERSION }}" | cut -d. -f1)" git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + + git tag -f "v${MAJOR}" + git push origin "v${MAJOR}" --force git tag -f "latest" git push origin "latest" --force diff --git a/.github/workflows/release-gitlab.yaml b/.github/workflows/release-gitlab.yaml index 0035c34e9..cde49f9d2 100644 --- a/.github/workflows/release-gitlab.yaml +++ b/.github/workflows/release-gitlab.yaml @@ -124,27 +124,30 @@ jobs: -F draft=false \ -f make_latest=false - - name: Update floating latest tag + - name: Update floating version tags if: ${{ steps.manual_release.outputs.new-version != '' || steps.release_version.outputs.status == 'succeeded' }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | + RELEASE_VERSION="${{ steps.manual_release.outputs.new-version }}" + if [ -z "$RELEASE_VERSION" ]; then + RELEASE_VERSION="${{ steps.release_version.outputs.RELEASE_VERSION }}" + fi + RELEASE_VERSION="$(echo "$RELEASE_VERSION" | sed 's/^v//')" + MAJOR="$(echo "$RELEASE_VERSION" | cut -d. -f1)" + git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + + git tag -f "gitlab/v${MAJOR}" + git push origin "gitlab/v${MAJOR}" --force git tag -f "gitlab/latest" git push origin "gitlab/latest" --force - LATEST_VERSION="${{ steps.manual_release.outputs.new-version }}" - if [ -n "$LATEST_VERSION" ]; then - LATEST_VERSION="v${LATEST_VERSION}" - else - LATEST_VERSION="${{ steps.release_version.outputs.RELEASE_VERSION }}" - fi - gh release delete "gitlab/latest" --yes || true gh release create "gitlab/latest" \ --title "gitlab/latest" \ - --notes "Floating release tracking the latest GitLab CI template version (${LATEST_VERSION})" \ + --notes "Floating release tracking the latest GitLab CI template version (gitlab/v${RELEASE_VERSION})" \ --latest=false \ --prerelease @@ -160,8 +163,6 @@ jobs: RELEASE_VERSION="$(echo "$RELEASE_VERSION" | sed 's/^v//')" MINOR_TAG="gitlab/v$(echo "$RELEASE_VERSION" | cut -d. -f1-2)" - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" git tag -f "$MINOR_TAG" git push origin "$MINOR_TAG" --force diff --git a/.github/workflows/release-rules.yaml b/.github/workflows/release-rules.yaml index df7ba536b..4de1bb7ff 100644 --- a/.github/workflows/release-rules.yaml +++ b/.github/workflows/release-rules.yaml @@ -129,27 +129,30 @@ jobs: -F draft=false \ -f make_latest=false - - name: Update floating latest tag + - name: Update floating version tags if: ${{ steps.manual_release.outputs.new-version != '' || steps.release_version.outputs.status == 'succeeded' }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | + RELEASE_VERSION="${{ steps.manual_release.outputs.new-version }}" + if [ -z "$RELEASE_VERSION" ]; then + RELEASE_VERSION="${{ steps.release_version.outputs.RELEASE_VERSION }}" + fi + RELEASE_VERSION="$(echo "$RELEASE_VERSION" | sed 's/^v//')" + MAJOR="$(echo "$RELEASE_VERSION" | cut -d. -f1)" + git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + + git tag -f "rules/v${MAJOR}" + git push origin "rules/v${MAJOR}" --force git tag -f "rules/latest" git push origin "rules/latest" --force - LATEST_VERSION="${{ steps.manual_release.outputs.new-version }}" - if [ -n "$LATEST_VERSION" ]; then - LATEST_VERSION="v${LATEST_VERSION}" - else - LATEST_VERSION="${{ steps.release_version.outputs.RELEASE_VERSION }}" - fi - gh release delete "rules/latest" --yes || true gh release create "rules/latest" \ --title "rules/latest" \ - --notes "Floating release tracking the latest rules version (${LATEST_VERSION})" \ + --notes "Floating release tracking the latest rules version (rules/v${RELEASE_VERSION})" \ --latest=false \ --prerelease \ opentaint-rules.tar.gz @@ -166,8 +169,6 @@ jobs: RELEASE_VERSION="$(echo "$RELEASE_VERSION" | sed 's/^v//')" MINOR_TAG="rules/v$(echo "$RELEASE_VERSION" | cut -d. -f1-2)" - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" git tag -f "$MINOR_TAG" git push origin "$MINOR_TAG" --force From 164d12eae72cadd2d3af90fa6245e8896a18b3b7 Mon Sep 17 00:00:00 2001 From: Aleksandr Misonizhnik Date: Fri, 20 Mar 2026 14:29:06 +0300 Subject: [PATCH 4/4] refactor(ci): Extract floating tag logic into reusable composite action Create update-floating-tags composite action to replace duplicated floating tag management across all 4 release workflows. Supports release-assets and copy-assets-from inputs for asset handling. --- .../actions/update-floating-tags/action.yml | 81 +++++++++++++++++++ .github/workflows/release-cli.yaml | 60 ++------------ .github/workflows/release-github.yaml | 34 ++------ .github/workflows/release-gitlab.yaml | 49 ++--------- .github/workflows/release-rules.yaml | 52 ++---------- 5 files changed, 104 insertions(+), 172 deletions(-) create mode 100644 .github/actions/update-floating-tags/action.yml diff --git a/.github/actions/update-floating-tags/action.yml b/.github/actions/update-floating-tags/action.yml new file mode 100644 index 000000000..21ad9229d --- /dev/null +++ b/.github/actions/update-floating-tags/action.yml @@ -0,0 +1,81 @@ +name: 'Update floating tags' +description: 'Push floating major/minor/latest git tags and recreate corresponding GitHub releases' + +inputs: + release-version: + description: 'Release version without v prefix (e.g. 1.2.3)' + required: true + tag-prefix: + description: 'Git tag prefix (e.g. "gitlab/", "github/", "rules/", or empty for CLI)' + required: true + default: '' + component-name: + description: 'Human-readable component name for release notes (e.g. "GitLab CI template")' + required: true + release-assets: + description: 'Files to attach to floating releases (space-separated paths)' + required: false + default: '' + copy-assets-from: + description: 'Tag to copy assets from (e.g. v0.1.2). Mutually exclusive with release-assets.' + required: false + default: '' + +runs: + using: 'composite' + steps: + - name: Update floating tags + shell: bash + run: | + set -euo pipefail + + VERSION="$(echo "${{ inputs.release-version }}" | sed 's/^v//')" + PREFIX="${{ inputs.tag-prefix }}" + COMPONENT="${{ inputs.component-name }}" + MAJOR="$(echo "$VERSION" | cut -d. -f1)" + MAJOR_TAG="${PREFIX}v${MAJOR}" + MINOR_TAG="${PREFIX}v$(echo "$VERSION" | cut -d. -f1-2)" + LATEST_TAG="${PREFIX}latest" + + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + + git tag -f "$MAJOR_TAG" + git push origin "$MAJOR_TAG" --force + git tag -f "$MINOR_TAG" + git push origin "$MINOR_TAG" --force + git tag -f "$LATEST_TAG" + git push origin "$LATEST_TAG" --force + + ASSET_ARGS=() + ASSETS_DIR="" + if [ -n "${{ inputs.copy-assets-from }}" ]; then + ASSETS_DIR=$(mktemp -d) + gh release download "${{ inputs.copy-assets-from }}" --dir "$ASSETS_DIR" + for f in "$ASSETS_DIR"/*; do + [ -f "$f" ] || continue + ASSET_ARGS+=("$f") + done + elif [ -n "${{ inputs.release-assets }}" ]; then + read -ra ASSET_ARGS <<< "${{ inputs.release-assets }}" + fi + + gh release delete "$LATEST_TAG" --yes || true + gh release create "$LATEST_TAG" \ + --title "$LATEST_TAG" \ + --notes "Floating release tracking the latest ${COMPONENT} version (${PREFIX}v${VERSION})" \ + --latest=false \ + --prerelease \ + "${ASSET_ARGS[@]+"${ASSET_ARGS[@]}"}" + + gh release delete "$MINOR_TAG" --yes || true + gh release create "$MINOR_TAG" \ + --title "$MINOR_TAG" \ + --notes "Floating release tracking the latest ${COMPONENT} ${MINOR_TAG#${PREFIX}}.x version (${PREFIX}v${VERSION})" \ + --latest=false \ + --prerelease \ + "${ASSET_ARGS[@]+"${ASSET_ARGS[@]}"}" + + if [ -n "$ASSETS_DIR" ]; then + rm -rf "$ASSETS_DIR" + fi diff --git a/.github/workflows/release-cli.yaml b/.github/workflows/release-cli.yaml index 1a0a91b2e..628ebfbe7 100644 --- a/.github/workflows/release-cli.yaml +++ b/.github/workflows/release-cli.yaml @@ -280,62 +280,14 @@ jobs: - name: Update floating version tags if: ${{ steps.release_version.outputs.status == 'succeeded' }} + uses: ./.github/actions/update-floating-tags env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - RELEASE_TAG="v${{ steps.release_version.outputs.RELEASE_VERSION }}" - MAJOR="$(echo "${{ steps.release_version.outputs.RELEASE_VERSION }}" | cut -d. -f1)" - - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - - git tag -f "v${MAJOR}" - git push origin "v${MAJOR}" --force - git tag -f "latest" - git push origin "latest" --force - - gh release delete "latest" --yes || true - gh release create "latest" \ - --title "latest" \ - --notes "Floating release tracking the latest CLI version (${RELEASE_TAG})" \ - --latest=false \ - --prerelease - - ASSETS_DIR=$(mktemp -d) - gh release download "$RELEASE_TAG" --dir "$ASSETS_DIR" - for f in "$ASSETS_DIR"/*; do - [ -f "$f" ] || continue - gh release upload "latest" "$f" --clobber - done - rm -rf "$ASSETS_DIR" - - - name: Update floating minor version tag - if: ${{ steps.release_version.outputs.status == 'succeeded' }} - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - RELEASE_TAG="v${{ steps.release_version.outputs.RELEASE_VERSION }}" - MINOR_TAG="v$(echo "${{ steps.release_version.outputs.RELEASE_VERSION }}" | cut -d. -f1-2)" - - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git tag -f "$MINOR_TAG" - git push origin "$MINOR_TAG" --force - - gh release delete "$MINOR_TAG" --yes || true - gh release create "$MINOR_TAG" \ - --title "$MINOR_TAG" \ - --notes "Floating release tracking the latest CLI ${MINOR_TAG}.x version (${RELEASE_TAG})" \ - --latest=false \ - --prerelease - - ASSETS_DIR=$(mktemp -d) - gh release download "$RELEASE_TAG" --dir "$ASSETS_DIR" - for f in "$ASSETS_DIR"/*; do - [ -f "$f" ] || continue - gh release upload "$MINOR_TAG" "$f" --clobber - done - rm -rf "$ASSETS_DIR" + with: + release-version: ${{ steps.release_version.outputs.RELEASE_VERSION }} + tag-prefix: '' + component-name: 'CLI' + copy-assets-from: v${{ steps.release_version.outputs.RELEASE_VERSION }} outputs: release_version: ${{ steps.release_version.outputs.RELEASE_VERSION }} diff --git a/.github/workflows/release-github.yaml b/.github/workflows/release-github.yaml index 7db1b5cbd..951450159 100644 --- a/.github/workflows/release-github.yaml +++ b/.github/workflows/release-github.yaml @@ -107,37 +107,15 @@ jobs: -F draft=false \ -f make_latest=false - - name: Push floating version tags + - name: Update floating version tags if: ${{ steps.manual_release.outputs.new-version != '' || steps.version.outputs.new_release_published == 'true' }} + uses: ./.github/actions/update-floating-tags env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - RELEASE_VERSION="${{ steps.manual_release.outputs.new-version || steps.version.outputs.new_release_version }}" - MAJOR="${{ steps.manual_release.outputs.major-version || steps.version.outputs.new_release_major_version }}" - MINOR_TAG="github/v$(echo "$RELEASE_VERSION" | cut -d. -f1-2)" - - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git tag -f "github/v${MAJOR}" - git push origin "github/v${MAJOR}" --force - git tag -f "$MINOR_TAG" - git push origin "$MINOR_TAG" --force - git tag -f "github/latest" - git push origin "github/latest" --force - - gh release delete "$MINOR_TAG" --yes || true - gh release create "$MINOR_TAG" \ - --title "$MINOR_TAG" \ - --notes "Floating release tracking the latest GitHub Action ${MINOR_TAG#github/}.x version (github/v${RELEASE_VERSION})" \ - --latest=false \ - --prerelease - - gh release delete "github/latest" --yes || true - gh release create "github/latest" \ - --title "github/latest" \ - --notes "Floating release tracking the latest GitHub Action version (v${RELEASE_VERSION})" \ - --latest=false \ - --prerelease + with: + release-version: ${{ steps.manual_release.outputs.new-version || steps.version.outputs.new_release_version }} + tag-prefix: 'github/' + component-name: 'GitHub Action' outputs: release_version: ${{ steps.manual_release.outputs.new-version || steps.version.outputs.new_release_version }} diff --git a/.github/workflows/release-gitlab.yaml b/.github/workflows/release-gitlab.yaml index cde49f9d2..c3da0b74c 100644 --- a/.github/workflows/release-gitlab.yaml +++ b/.github/workflows/release-gitlab.yaml @@ -126,52 +126,13 @@ jobs: - name: Update floating version tags if: ${{ steps.manual_release.outputs.new-version != '' || steps.release_version.outputs.status == 'succeeded' }} + uses: ./.github/actions/update-floating-tags env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - RELEASE_VERSION="${{ steps.manual_release.outputs.new-version }}" - if [ -z "$RELEASE_VERSION" ]; then - RELEASE_VERSION="${{ steps.release_version.outputs.RELEASE_VERSION }}" - fi - RELEASE_VERSION="$(echo "$RELEASE_VERSION" | sed 's/^v//')" - MAJOR="$(echo "$RELEASE_VERSION" | cut -d. -f1)" - - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - - git tag -f "gitlab/v${MAJOR}" - git push origin "gitlab/v${MAJOR}" --force - git tag -f "gitlab/latest" - git push origin "gitlab/latest" --force - - gh release delete "gitlab/latest" --yes || true - gh release create "gitlab/latest" \ - --title "gitlab/latest" \ - --notes "Floating release tracking the latest GitLab CI template version (gitlab/v${RELEASE_VERSION})" \ - --latest=false \ - --prerelease - - - name: Update floating minor version tag - if: ${{ steps.manual_release.outputs.new-version != '' || steps.release_version.outputs.status == 'succeeded' }} - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - RELEASE_VERSION="${{ steps.manual_release.outputs.new-version }}" - if [ -z "$RELEASE_VERSION" ]; then - RELEASE_VERSION="${{ steps.release_version.outputs.RELEASE_VERSION }}" - fi - RELEASE_VERSION="$(echo "$RELEASE_VERSION" | sed 's/^v//')" - MINOR_TAG="gitlab/v$(echo "$RELEASE_VERSION" | cut -d. -f1-2)" - - git tag -f "$MINOR_TAG" - git push origin "$MINOR_TAG" --force - - gh release delete "$MINOR_TAG" --yes || true - gh release create "$MINOR_TAG" \ - --title "$MINOR_TAG" \ - --notes "Floating release tracking the latest GitLab CI template ${MINOR_TAG#gitlab/}.x version (gitlab/v${RELEASE_VERSION})" \ - --latest=false \ - --prerelease + with: + release-version: ${{ steps.manual_release.outputs.new-version || steps.release_version.outputs.RELEASE_VERSION }} + tag-prefix: 'gitlab/' + component-name: 'GitLab CI template' outputs: release_version: ${{ steps.manual_release.outputs.new-version || steps.release_version.outputs.RELEASE_VERSION }} diff --git a/.github/workflows/release-rules.yaml b/.github/workflows/release-rules.yaml index 4de1bb7ff..4664cbdb4 100644 --- a/.github/workflows/release-rules.yaml +++ b/.github/workflows/release-rules.yaml @@ -131,54 +131,14 @@ jobs: - name: Update floating version tags if: ${{ steps.manual_release.outputs.new-version != '' || steps.release_version.outputs.status == 'succeeded' }} + uses: ./.github/actions/update-floating-tags env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - RELEASE_VERSION="${{ steps.manual_release.outputs.new-version }}" - if [ -z "$RELEASE_VERSION" ]; then - RELEASE_VERSION="${{ steps.release_version.outputs.RELEASE_VERSION }}" - fi - RELEASE_VERSION="$(echo "$RELEASE_VERSION" | sed 's/^v//')" - MAJOR="$(echo "$RELEASE_VERSION" | cut -d. -f1)" - - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - - git tag -f "rules/v${MAJOR}" - git push origin "rules/v${MAJOR}" --force - git tag -f "rules/latest" - git push origin "rules/latest" --force - - gh release delete "rules/latest" --yes || true - gh release create "rules/latest" \ - --title "rules/latest" \ - --notes "Floating release tracking the latest rules version (rules/v${RELEASE_VERSION})" \ - --latest=false \ - --prerelease \ - opentaint-rules.tar.gz - - - name: Update floating minor version tag - if: ${{ steps.manual_release.outputs.new-version != '' || steps.release_version.outputs.status == 'succeeded' }} - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - RELEASE_VERSION="${{ steps.manual_release.outputs.new-version }}" - if [ -z "$RELEASE_VERSION" ]; then - RELEASE_VERSION="${{ steps.release_version.outputs.RELEASE_VERSION }}" - fi - RELEASE_VERSION="$(echo "$RELEASE_VERSION" | sed 's/^v//')" - MINOR_TAG="rules/v$(echo "$RELEASE_VERSION" | cut -d. -f1-2)" - - git tag -f "$MINOR_TAG" - git push origin "$MINOR_TAG" --force - - gh release delete "$MINOR_TAG" --yes || true - gh release create "$MINOR_TAG" \ - --title "$MINOR_TAG" \ - --notes "Floating release tracking the latest rules ${MINOR_TAG#rules/}.x version (rules/v${RELEASE_VERSION})" \ - --latest=false \ - --prerelease \ - opentaint-rules.tar.gz + with: + release-version: ${{ steps.manual_release.outputs.new-version || steps.release_version.outputs.RELEASE_VERSION }} + tag-prefix: 'rules/' + component-name: 'rules' + release-assets: opentaint-rules.tar.gz outputs: release_version: ${{ steps.manual_release.outputs.new-version || steps.release_version.outputs.RELEASE_VERSION }}