nocobase/.github/workflows/manual-release.yml
YANG QIA ce3d6ac233
fix(release): decrypt token error occasionally (#5143)
* fix(release): decrypt token error occasionally

* chore: update
2024-08-27 19:50:01 +08:00

132 lines
4.7 KiB
YAML

name: manual-release
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
inputs:
is_feat:
description: 'is feat'
type: boolean
jobs:
app-token:
uses: nocobase/nocobase/.github/workflows/get-nocobase-app-token.yml@main
secrets: inherit
pre-merge-main-into-next:
runs-on: ubuntu-latest
needs: app-token
strategy:
matrix:
repo:
- 'nocobase'
- 'pro-plugins'
- ${{ fromJSON(vars.PRO_PLUGIN_REPOS) }}
steps:
- name: Decrypt app token
id: app-token
shell: bash
run: |
ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }};
APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}");
echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@v4
with:
# ref: 'main'
repository: nocobase/${{ matrix.repo }}
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}
- name: main -> next (nocobase/${{ matrix.repo }})
run: |
git config --global user.name '${{ needs.app-token.outputs.app-slug }}[bot]'
git config --global user.email '${{ needs.app-token.outputs.user-id }}+${{ needs.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
git checkout main
git pull origin main
git checkout next
git merge main
git push origin next --tags --atomic
update-version:
needs:
- app-token
- pre-merge-main-into-next
runs-on: ubuntu-latest
steps:
- name: Decrypt app token
id: app-token
shell: bash
run: |
ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }};
APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}");
echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@v4
with:
repository: nocobase/nocobase
token: ${{ steps.app-token.outputs.token }}
persist-credentials: true
fetch-depth: 0
- name: Checkout pro-plugins
uses: actions/checkout@v4
with:
repository: nocobase/pro-plugins
path: packages/pro-plugins
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}
persist-credentials: true
- name: Clone pro repos
shell: bash
run: |
for repo in ${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ' ') }}
do
git clone -b main https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/nocobase/$repo.git packages/pro-plugins/@nocobase/$repo
done
- name: Set Node.js 18
uses: actions/setup-node@v3
with:
node-version: 18
- name: Install Lerna
run: npm install -g lerna@4 auto-changelog@2
- name: Run release.sh
shell: bash
run: |
cd ./packages/pro-plugins
git checkout main
for repo in ${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ' ') }}
do
echo "@nocobase/$repo" >> .git/info/exclude
done
echo "$(<.git/info/exclude )"
cd ./../..
git checkout main
git config --global user.name '${{ needs.app-token.outputs.app-slug }}[bot]'
git config --global user.email '${{ needs.app-token.outputs.user-id }}+${{ needs.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
echo "packages/pro-plugins" >> .git/info/exclude
bash release.sh $IS_FEAT
env:
IS_FEAT: ${{ inputs.is_feat && '--is-feat' || '' }}
PRO_PLUGIN_REPOS: ${{ vars.PRO_PLUGIN_REPOS }}
- name: Push and merge into next
run: |
for repo in ${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ' ') }}
do
cd ./packages/pro-plugins/@nocobase/$repo
git push origin main --atomic --tags
git checkout next
git merge -X ours main --no-edit
git push origin next --tags --atomic
cd ../../../../
done
cd ./packages/pro-plugins
git push origin main --atomic --tags
git checkout next
git merge -X ours main --no-edit
git push origin next --tags --atomic
cd ../../
git push origin main --atomic --tags
git checkout next
git merge -X ours main --no-edit
git push origin next --tags --atomic