Skip to content

Commit ec8aadf

Browse files
tmeckeltmeckel
committed
ci(linked-release): 🏗️ add workflow to create tags from upstream repo
Runs every 6 hours or manually to fetch latest matching release tag from UPSTREAM_REPO, validate format, ensure 'v' prefix, and push if new. Uses GitHub App token for permissions.
1 parent 0a0c06c commit ec8aadf

1 file changed

Lines changed: 102 additions & 0 deletions

File tree

.github/workflows/create-linked-release.yml

Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,102 @@
1+
name: Create Linked Tag from Upstream Repo
2+
3+
on:
4+
schedule:
5+
# Runs 4 times a day (every 6 hours)
6+
- cron: '0 */6 * * *'
7+
8+
# A simple manual trigger for testing.
9+
workflow_dispatch:
10+
11+
permissions:
12+
# 'contents: write' is required to push tags to the repository.
13+
contents: write
14+
15+
jobs:
16+
sync-tag:
17+
runs-on: ubuntu-latest
18+
19+
steps:
20+
- name: Get latest stable release from public upstream repo
21+
id: get_release_b
22+
uses: ophiosdev/github-action-latest-release@master
23+
with:
24+
# Reads the UPSTREAM_REPO variable from your repository settings.
25+
# This variable is REQUIRED for the workflow to function.
26+
repository: ${{ vars.UPSTREAM_REPO }}
27+
includes: ${{ vars.VERSION_REGEX || '^v?[0-9]+\.[0-9]+\.[0-9]+$' }}
28+
token: ${{ secrets.GITHUB_TOKEN }}
29+
30+
- name: Validate Release Tag Format
31+
id: validate_tag
32+
env:
33+
VERSION_REGEX: ${{ vars.VERSION_REGEX || '^v?[0-9]+\.[0-9]+\.[0-9]+$' }}
34+
run: |
35+
TAG_NAME="${{ steps.get_release_b.outputs.release }}"
36+
37+
echo "Validating release tag format for latest release from upstream repository: $TAG_NAME"
38+
if [[ -z "$TAG_NAME" ]]; then
39+
echo "No valid release found from upstream repository. Exiting."
40+
echo "is_valid=false" >> "$GITHUB_OUTPUT"
41+
exit 0
42+
fi
43+
44+
if [[ "$TAG_NAME" =~ $VERSION_REGEX ]]; then
45+
echo "Tag '$TAG_NAME' matches the required format."
46+
echo "is_valid=true" >> "$GITHUB_OUTPUT"
47+
# Extract matched portion (Bash stores full match in BASH_REMATCH[0])
48+
new_version="${BASH_REMATCH[0]}"
49+
echo "Extracted version: $new_version"
50+
echo "new_version=$new_version" >> "$GITHUB_OUTPUT"
51+
else
52+
echo "Tag '$TAG_NAME' does not match the required format. Ignoring."
53+
echo "is_valid=false" >> "$GITHUB_OUTPUT"
54+
fi
55+
56+
- name: Generate GitHub App token
57+
id: app_token
58+
uses: actions/create-github-app-token@v2
59+
with:
60+
app-id: ${{ secrets.WORKFLOW_APP_ID }}
61+
private-key: ${{ secrets.WORKFLOW_APP_PRIVATE_KEY }}
62+
63+
- name: Checkout repository code
64+
# We need to check out the code to be able to check for existing tags and push new ones.
65+
if: steps.validate_tag.outputs.is_valid == 'true'
66+
uses: actions/checkout@v5
67+
with:
68+
fetch-depth: 0
69+
fetch-tags: true
70+
token: ${{ steps.app_token.outputs.token }}
71+
72+
- name: Check if tag already exists locally
73+
id: check_tag
74+
if: steps.validate_tag.outputs.is_valid == 'true'
75+
env:
76+
RELEASE_TAG: ${{ steps.validate_tag.outputs.new_version }}
77+
run: |
78+
RELEASE_TAG="v${RELEASE_TAG#v}" # Ensure the tag starts with 'v'
79+
if git tag --list | grep -q "^${RELEASE_TAG}$"; then
80+
echo "Tag '$RELEASE_TAG' already exists. No action needed."
81+
echo "create_tag=false" >> "$GITHUB_OUTPUT"
82+
else
83+
echo "New valid tag '$RELEASE_TAG' detected!"
84+
echo "create_tag=true" >> "$GITHUB_OUTPUT"
85+
fi
86+
87+
- name: Create and push new tag
88+
id: create_and_push
89+
# This step only runs if the tag is valid AND new.
90+
if: steps.check_tag.outputs.create_tag == 'true'
91+
env:
92+
RELEASE_TAG: ${{ steps.validate_tag.outputs.new_version }}
93+
run: |
94+
RELEASE_TAG="v${RELEASE_TAG#v}" # Ensure the tag starts with 'v'
95+
96+
echo "Creating tag: $RELEASE_TAG"
97+
git tag "$RELEASE_TAG"
98+
99+
echo "Pushing tag to remote..."
100+
git push origin "$RELEASE_TAG"
101+
102+
echo "Successfully created and pushed tag '$RELEASE_TAG'."

0 commit comments

Comments
 (0)