From 5eae9520b2ee8a0f4924c979171f9e83125f6509 Mon Sep 17 00:00:00 2001 From: Marius Vinaschi Date: Tue, 10 Feb 2026 22:02:56 +0100 Subject: [PATCH] refactor: GitHub Actions release workflow to improve versioning and permissions handling. Update to use personal access token for Git operations, streamline release candidate and stable release processes, and enhance output summaries. Adjust input options for release type and clean up comments for clarity. --- .github/workflows/release.yml | 94 +++++++++++++++-------------------- 1 file changed, 40 insertions(+), 54 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2a0b572..7474b57 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,23 +1,17 @@ name: Release on: - # Automatic RC bump on push to main push: branches: [main] - - # Manual trigger for stable release + workflow_dispatch: inputs: release_type: - description: 'Release type' + description: "Release type" required: true type: choice - options: - - patch # 1.2.3 → 1.2.4 - - minor # 1.2.3 → 1.3.0 - - major # 1.2.3 → 2.0.0 + options: [patch, minor, major] -# Prevent concurrent releases concurrency: group: release cancel-in-progress: false @@ -26,108 +20,100 @@ jobs: release: name: Release runs-on: ubuntu-latest - # Skip version bump commits to prevent infinite loop if: "!startsWith(github.event.head_commit.message, 'chore(release):')" - + permissions: contents: write - + outputs: version: ${{ steps.release.outputs.version }} tag: ${{ steps.release.outputs.tag }} - + steps: - - uses: actions/checkout@v6 + # 🔑 Checkout avec TON PAT (pas GITHUB_TOKEN) + - uses: actions/checkout@v4 with: fetch-depth: 0 - token: ${{ secrets.GITHUB_TOKEN }} - + token: ${{ secrets.CI_CD_TOKEN }} + - name: Install uv uses: astral-sh/setup-uv@v7 with: version: "latest" - + - name: Set up Python run: uv python install - + - name: Install python-semantic-release run: uv tool install python-semantic-release - + - name: Configure Git run: | - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - + git config user.name "${{ github.actor }}" + git config user.email "${{ github.actor }}@users.noreply.github.com" + + # 🔑 Assure que les push utilisent le PAT + - name: Set remote with PAT + run: | + git remote set-url origin https://x-access-token:${{ secrets.CI_CD_TOKEN }}@github.com/${{ github.repository }}.git + - name: Get current version id: current run: | CURRENT_VERSION=$(grep -Po '(?<=^version = ")[^"]*' pyproject.toml) echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT echo "📌 Current version: $CURRENT_VERSION" - + - name: Run Semantic Release id: release env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.CI_CD_TOKEN }} run: | EVENT="${{ github.event_name }}" RELEASE_TYPE="${{ inputs.release_type }}" - + if [ "$EVENT" == "workflow_dispatch" ]; then - # =========================================== - # Manual release: create stable version - # =========================================== echo "🚀 Creating stable $RELEASE_TYPE release..." - - # Run version bump with specified type (removes RC and bumps) + semantic-release version --$RELEASE_TYPE --no-push - - # Get the new version + NEW_VERSION=$(grep -Po '(?<=^version = ")[^"]*' pyproject.toml) echo "version=$NEW_VERSION" >> $GITHUB_OUTPUT echo "tag=v$NEW_VERSION" >> $GITHUB_OUTPUT echo "is_stable=true" >> $GITHUB_OUTPUT - - # Push changes and tag + git push git push --tags - + echo "✅ Released version: $NEW_VERSION" else - # =========================================== - # Push to main: increment RC only - # =========================================== echo "🔄 Creating release candidate..." - - # Create RC version + semantic-release version --prerelease --no-push - - # Get the new version + NEW_VERSION=$(grep -Po '(?<=^version = ")[^"]*' pyproject.toml) echo "version=$NEW_VERSION" >> $GITHUB_OUTPUT echo "is_stable=false" >> $GITHUB_OUTPUT - - # Push changes (no tag for RC) + git push - + echo "✅ Created RC: $NEW_VERSION" fi - + - name: Create GitHub Release (stable only) if: steps.release.outputs.is_stable == 'true' env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.CI_CD_TOKEN }} run: | TAG="${{ steps.release.outputs.tag }}" VERSION="${{ steps.release.outputs.version }}" - - # Create GitHub Release with auto-generated notes + gh release create "$TAG" \ --title "Release $VERSION" \ --generate-notes - + echo "✅ Created GitHub Release: $TAG" - + - name: Summary run: | echo "## 📦 Release Summary" >> $GITHUB_STEP_SUMMARY @@ -136,12 +122,12 @@ jobs: echo "|----------|-------|" >> $GITHUB_STEP_SUMMARY echo "| Previous | \`${{ steps.current.outputs.version }}\` |" >> $GITHUB_STEP_SUMMARY echo "| New | \`${{ steps.release.outputs.version }}\` |" >> $GITHUB_STEP_SUMMARY - + if [ "${{ steps.release.outputs.is_stable }}" == "true" ]; then echo "| Type | 🚀 Stable Release |" >> $GITHUB_STEP_SUMMARY echo "| Tag | \`${{ steps.release.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY - echo "🔗 [View Release](https://github.com/${{ github.repository }}/releases/tag/${{ steps.release.outputs.tag }})" >> $GITHUB_STEP_SUMMARY + echo "🔗 https://github.com/${{ github.repository }}/releases/tag/${{ steps.release.outputs.tag }}" >> $GITHUB_STEP_SUMMARY else echo "| Type | 🔄 Release Candidate |" >> $GITHUB_STEP_SUMMARY - fi + fi \ No newline at end of file