Skip to content

Commit 49bc996

Browse files
gildesmaraisgildesmarais
committed
ci: harden release workflows
1 parent 71065bc commit 49bc996

3 files changed

Lines changed: 57 additions & 12 deletions

File tree

.github/workflows/release.yml

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,7 @@ on:
77
workflow_dispatch:
88

99
permissions:
10-
contents: write
11-
pull-requests: write
10+
contents: read
1211

1312
concurrency:
1413
group: release-${{ github.ref }}
@@ -17,6 +16,9 @@ concurrency:
1716
jobs:
1817
release:
1918
runs-on: ubuntu-latest
19+
permissions:
20+
contents: write
21+
pull-requests: write
2022
outputs:
2123
release_created: ${{ steps.release.outputs.release_created }}
2224
tag_name: ${{ steps.release.outputs.tag_name }}
@@ -90,7 +92,9 @@ jobs:
9092
uses: docker/setup-buildx-action@v4
9193

9294
- name: Get Git commit timestamp
93-
run: echo "TIMESTAMP=$(git log -1 --format=%cI)" >> "$GITHUB_ENV"
95+
run: |
96+
echo "TIMESTAMP_EPOCH=$(git log -1 --format=%ct)" >> "$GITHUB_ENV"
97+
echo "TIMESTAMP_ISO=$(git log -1 --format=%cI)" >> "$GITHUB_ENV"
9498
9599
- name: Compute Docker tags
96100
id: tags
@@ -124,7 +128,7 @@ jobs:
124128
- name: Build and push Docker image
125129
uses: docker/build-push-action@v7
126130
env:
127-
SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}
131+
SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP_EPOCH }}
128132
with:
129133
context: .
130134
push: true
@@ -138,7 +142,7 @@ jobs:
138142
provenance: true
139143
sbom: true
140144
labels: |
141-
org.opencontainers.image.created=${{ env.TIMESTAMP }}
145+
org.opencontainers.image.created=${{ env.TIMESTAMP_ISO }}
142146
org.opencontainers.image.description=Generates RSS feeds of any website & serves to the web!
143147
org.opencontainers.image.ref.name=${{ env.RELEASE_TAG }}
144148
org.opencontainers.image.revision=${{ github.sha }}

.github/workflows/release_artifacts.yml

Lines changed: 47 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,27 @@
11
name: refresh release artifacts
22

33
on:
4-
pull_request_target:
4+
pull_request:
55
types:
66
- opened
77
- reopened
88
- synchronize
99
branches:
1010
- main
11+
push:
12+
branches:
13+
- release-please--branches--main
1114

1215
permissions:
13-
contents: write
14-
pull-requests: write
16+
contents: read
1517

1618
concurrency:
17-
group: release-artifacts-${{ github.event.pull_request.number }}
19+
group: release-artifacts-${{ github.event.pull_request.number || github.ref }}
1820
cancel-in-progress: true
1921

2022
jobs:
21-
refresh-generated-artifacts:
22-
if: github.event.pull_request.head.repo.full_name == github.repository && startsWith(github.event.pull_request.head.ref, 'release-please--branches--')
23+
verify-generated-artifacts:
24+
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && startsWith(github.event.pull_request.head.ref, 'release-please--branches--')
2325
runs-on: ubuntu-latest
2426

2527
steps:
@@ -52,6 +54,45 @@ jobs:
5254
make openapi
5355
make openapi-client
5456
57+
- name: Assert generated artifacts are current
58+
run: git diff --exit-code -- public/openapi.yaml frontend/src/api/generated
59+
60+
refresh-generated-artifacts:
61+
if: github.event_name == 'push' && github.repository == 'html2rss/html2rss-web' && github.ref == 'refs/heads/release-please--branches--main'
62+
runs-on: ubuntu-latest
63+
permissions:
64+
contents: write
65+
66+
steps:
67+
- uses: actions/checkout@v6
68+
with:
69+
ref: ${{ github.ref_name }}
70+
fetch-depth: 0
71+
72+
- uses: ruby/setup-ruby@v1
73+
with:
74+
bundler-cache: true
75+
76+
- name: Setup pnpm
77+
uses: pnpm/action-setup@v6
78+
with:
79+
cache: true
80+
cache_dependency_path: frontend/pnpm-lock.yaml
81+
package_json_file: frontend/package.json
82+
83+
- uses: actions/setup-node@v6
84+
with:
85+
node-version-file: ".tool-versions"
86+
87+
- name: Install frontend dependencies
88+
run: pnpm install --frozen-lockfile
89+
working-directory: frontend
90+
91+
- name: Refresh OpenAPI artifacts
92+
run: |
93+
make openapi
94+
make openapi-client
95+
5596
- name: Commit generated artifacts
5697
run: |
5798
if git diff --quiet -- public/openapi.yaml frontend/src/api/generated; then

spec/html2rss/web_spec.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
RSpec.describe Html2rss::Web do
88
describe 'VERSION' do
99
it 'defines the canonical application release version' do
10-
expect(described_class::VERSION).to eq('1.0.0')
10+
expect(described_class::VERSION).to match(/\A\d+\.\d+\.\d+(?:-[0-9A-Za-z.-]+)?(?:\+[0-9A-Za-z.-]+)?\z/)
1111
end
1212
end
1313
end

0 commit comments

Comments
 (0)