-
Notifications
You must be signed in to change notification settings - Fork 12.8k
113 lines (94 loc) · 3.88 KB
/
draft-release.yml
File metadata and controls
113 lines (94 loc) · 3.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
name: Draft release
run-name: Draft release ${{ inputs.next_version }}
on:
workflow_dispatch:
inputs:
next_version:
required: true
type: string
description: 'Version name'
permissions:
contents: write
jobs:
draft_release:
runs-on: ubuntu-latest
steps:
- name: Generate GitHub App token
id: generate-token
uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94
with:
app-id: ${{ secrets.CI_CAL_APP_ID }}
private-key: ${{ secrets.CI_CAL_APP_PRIVATE_KEY }}
repositories: 'cal.com'
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: 'main'
token: ${{ steps.generate-token.outputs.token }}
- name: Configure git
run: |
# Define authorized users and their emails using organization secret
# Expected format: JSON object with username -> email mapping
# Example: {"zomars": "zomars@cal.com", "peer": "peer@cal.com", "username3": "email3@cal.com"}
USER_EMAILS='${{ secrets.RELEASE_USER_EMAILS }}'
# Extract email for the triggering user
USER_EMAIL=$(echo "$USER_EMAILS" | jq -r --arg user "${{ github.actor }}" '.[$user] // empty')
# Fail if user is not authorized or not in mapping
if [ -z "$USER_EMAIL" ] || [ "$USER_EMAIL" = "null" ]; then
echo "Error: User '${{ github.actor }}' is not authorized to run the release workflow."
echo "Only authorized team members can trigger releases."
echo "Contact your administrator to be added to the authorized users list."
exit 1
fi
git config --local user.email "$USER_EMAIL"
git config --local user.name "${{ github.actor }}"
- uses: ./.github/actions/yarn-install
# 1. Generate Prisma Client
# This is required so Trigger.dev can find the database types during bundling
- name: Generate Prisma Client
run: yarn prisma generate
# 2. Deploy Trigger.dev tasks
# We use --skip-promotion to get a version without making it live yet
- name: Deploy Trigger.dev
id: deploy-trigger
env:
TRIGGER_ACCESS_TOKEN: ${{ secrets.TRIGGER_ACCESS_TOKEN }}
TRIGGER_DEV_PROJECT_REF: ${{ secrets.TRIGGER_DEV_PROJECT_REF }}
run: |
# The CLI outputs the version; id allows us to access outputs.deploymentVersion
cd packages/features
yarn deploy:trigger:ci
- name: Bump version
env:
VERSION: ${{ inputs.next_version }}
run: |
cd apps/web
yarn version "$VERSION"
# 3. Update .env.production files
# We inject the Trigger version into the apps so they stay in sync
- name: Update Env Files
run: |
VERSION="${{ steps.deploy-trigger.outputs.deploymentVersion }}"
# Create the TypeScript content
CONTENT="export const TRIGGER_VERSION = '$VERSION';"
# Write to the specific paths
echo "$CONTENT" > apps/web/trigger.version.ts
echo "$CONTENT" > apps/api/v2/trigger.version.ts
# Force add to git since these are likely in .gitignore
git add -f apps/web/trigger.version.ts apps/api/v2/trigger.version.ts
# 4. Commit everything together
- name: Commit changes
env:
VERSION: ${{ inputs.next_version }}
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
run: |
gh auth setup-git
git add .
git commit -m "chore: release v$VERSION"
git push
- name: Draft release
run: gh release create v$VERSION --generate-notes --draft
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
VERSION: ${{ inputs.next_version }}