diff --git a/.github/workflows/release-bump-version.yml b/.github/workflows/release-bump-version.yml new file mode 100644 index 0000000000..38495ff9b6 --- /dev/null +++ b/.github/workflows/release-bump-version.yml @@ -0,0 +1,161 @@ +--- +name: Release - Bump version + +on: + workflow_dispatch: + inputs: + version: + description: Version + required: true + type: string + release_reason: + description: Release reason + required: true + type: choice + options: + - bugfix + - feature + - security + - other + - prerelease + +jobs: + check-inputs: + name: Check inputs validity + runs-on: ubuntu-latest + steps: + - id: check + run: | + echo "${{ inputs.version }}" | grep -E "^[0-9]{4}\.[0-9]{1,2}\.[0-9]+(-rc[0-9]+)?$" + echo "major_version=${{ inputs.version }}" | grep -oE "^major_version=[0-9]{4}\.[0-9]{1,2}" >> "$GITHUB_OUTPUT" + outputs: + major_version: "${{ steps.check.outputs.major_version }}" + bump-authentik: + name: Bump authentik version + needs: + - check-inputs + runs-on: ubuntu-latest + steps: + - id: app-token + name: Generate app token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + - id: get-user-id + name: Get GitHub app user ID + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: "${{ steps.app-token.outputs.token }}" + - uses: actions/checkout@v5 + with: + ref: "version-${{ needs.check-inputs.outputs.major_version }}" + token: "${{ steps.app-token.outputs.token }}" + - name: Setup authentik env + uses: ./.github/actions/setup + - name: Bump version + run: "make bump version=${{ inputs.version }}" + - name: Commit and push + run: | + # ID from https://api.github.com/users/authentik-automation[bot] + git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]' + git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com' + git commit -a -m "release: ${{ inputs.version }}" --allow-empty + git tag "version/${{ inputs.version }}" HEAD -m "version/${{ inputs.version }}" + git push --follow-tags + bump-helm: + name: Bump Helm version + if: ${{ inputs.release_reason != 'prerelease' }} + needs: + - bump-authentik + runs-on: ubuntu-latest + steps: + - id: app-token + name: Generate app token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + repositories: helm + - id: get-user-id + name: Get GitHub app user ID + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: "${{ steps.app-token.outputs.token }}" + - uses: actions/checkout@v5 + with: + repository: "${{ github.repository_owner }}/helm" + token: "${{ steps.app-token.outputs.token }}" + - name: Bump version + run: | + sed -i 's/^version: .*/version: ${{ inputs.version }}/' charts/authentik/Chart.yaml + sed -i 's/^appVersion: .*/appVersion: ${{ inputs.version }}/' charts/authentik/Chart.yaml + sed -i 's/upgrade to authentik .*/upgrade to authentik ${{ inputs.version }}/' charts/authentik/Chart.yaml + sed -E -i 's/[0-9]{4}\.[0-9]{1,2}\.[0-9]+$/${{ inputs.version }}/' charts/authentik/Chart.yaml + ./scripts/helm-docs.sh + - name: Create pull request + uses: peter-evans/create-pull-request@v7 + with: + token: "${{ steps.app-token.outputs.token }}" + branch: bump-${{ inputs.version }} + commit-message: "charts/authentik: bump to ${{ inputs.version }}" + title: "charts/authentik: bump to ${{ inputs.version }}" + body: "charts/authentik: bump to ${{ inputs.version }}" + delete-branch: true + signoff: true + author: "${{ steps.app-token.outputs.app-slug }}[bot] ${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com" + bump-version: + name: Bump version repository + if: ${{ inputs.release_reason != 'prerelease' }} + needs: + - check-inputs + - bump-authentik + runs-on: ubuntu-latest + steps: + - id: app-token + name: Generate app token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + repositories: version + - id: get-user-id + name: Get GitHub app user ID + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: "${{ steps.app-token.outputs.token }}" + - uses: actions/checkout@v5 + with: + repository: "${{ github.repository_owner }}/version" + token: "${{ steps.app-token.outputs.token }}" + - name: Bump feature version + if: "${{ inputs.release_reason == 'feature' }}" + run: | + changelog_url="https://docs.goauthentik.io/docs/releases/${{ needs.check-inputs.outputs.major_version }}" + jq \ + --arg version "${{ inputs.version }}" \ + --arg changelog "See ${changelog_url}" \ + --arg changelog_url "${changelog_url}" \ + '.stable.version = $version | .stable.changelog = $changelog | .stable.changelog_url = $changelog_url' version.json > version.new.json + mv version.new.json version.json + - name: Bump feature version + if: "${{ inputs.release_reason != 'feature' }}" + run: | + changelog_url="https://docs.goauthentik.io/docs/releases/${{ needs.check-inputs.outputs.major_version }}#fixed-in-$(echo -n ${{ inputs.version}} | sed 's/\.//g')" + jq \ + --arg version "${{ inputs.version }}" \ + --arg changelog "See ${changelog_url}" \ + --arg changelog_url "${changelog_url}" \ + '.stable.version = $version | .stable.changelog = $changelog | .stable.changelog_url = $changelog_url' version.json > version.new.json + mv version.new.json version.json + - name: Create pull request + uses: peter-evans/create-pull-request@v7 + with: + token: "${{ steps.app-token.outputs.token }}" + branch: bump-${{ inputs.version }} + commit-message: "version: bump to ${{ inputs.version }}" + title: "version: bump to ${{ inputs.version }}" + body: "version: bump to ${{ inputs.version }}" + delete-branch: true + signoff: true + author: "${{ steps.app-token.outputs.app-slug }}[bot] <${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>"