mirror of
https://github.com/caddyserver/caddy.git
synced 2026-03-07 01:25:32 -05:00
9371ee67c6
Some checks failed
Tests / test (./cmd/caddy/caddy, ~1.26.0, ubuntu-latest, 0, 1.26, linux) (push) Failing after 2m39s
Tests / test (s390x on IBM Z) (push) Has been skipped
Tests / goreleaser-check (push) Has been skipped
Cross-Build / build (~1.26.0, 1.26, aix) (push) Successful in 1m28s
Cross-Build / build (~1.26.0, 1.26, darwin) (push) Successful in 1m24s
Cross-Build / build (~1.26.0, 1.26, dragonfly) (push) Successful in 1m22s
Cross-Build / build (~1.26.0, 1.26, freebsd) (push) Successful in 1m25s
Cross-Build / build (~1.26.0, 1.26, illumos) (push) Successful in 1m23s
Cross-Build / build (~1.26.0, 1.26, linux) (push) Successful in 1m23s
Cross-Build / build (~1.26.0, 1.26, netbsd) (push) Successful in 1m28s
Cross-Build / build (~1.26.0, 1.26, openbsd) (push) Successful in 1m24s
Cross-Build / build (~1.26.0, 1.26, solaris) (push) Successful in 1m27s
Cross-Build / build (~1.26.0, 1.26, windows) (push) Successful in 1m27s
Lint / lint (ubuntu-latest, linux) (push) Successful in 2m34s
Lint / govulncheck (push) Successful in 1m26s
Lint / dependency-review (push) Failing after 1m2s
OpenSSF Scorecard supply-chain security / Scorecard analysis (push) Failing after 5m36s
Tests / test (./cmd/caddy/caddy, ~1.26.0, macos-14, 0, 1.26, mac) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy.exe, ~1.26.0, windows-latest, True, 1.26, windows) (push) Has been cancelled
Lint / lint (macos-14, mac) (push) Has been cancelled
Lint / lint (windows-latest, windows) (push) Has been cancelled
Bumps the actions-deps group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `5.0.0` | `6.0.2` | | [github/ai-moderator](https://github.com/github/ai-moderator) | `1.1.2` | `1.1.4` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.1` | `2.15.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `6.0.0` | `6.3.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.0` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.4.0` | `7.0.0` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `8.0.0` | `9.2.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.0` | `4.8.3` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.10.0` | `4.0.0` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.20.6` | `0.23.0` | | [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `4.0.0` | `4.0.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.30.5` | `4.32.4` | Updates `actions/checkout` from 5.0.0 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](08c6903cd8...de0fac2e45) Updates `github/ai-moderator` from 1.1.2 to 1.1.4 - [Release notes](https://github.com/github/ai-moderator/releases) - [Commits](6bcdb2a79c...81159c3707) Updates `step-security/harden-runner` from 2.13.1 to 2.15.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](f4a75cfd61...a90bcbc653) Updates `actions/setup-go` from 6.0.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](4469467582...4b73464bb3) Updates `actions/upload-artifact` from 4.6.2 to 7.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](ea165f8d65...bbbca2ddaa) Updates `goreleaser/goreleaser-action` from 6.4.0 to 7.0.0 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](e435ccd777...ec59f474b9) Updates `golangci/golangci-lint-action` from 8.0.0 to 9.2.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](4afd733a84...1e7e51e771) Updates `actions/dependency-review-action` from 4.8.0 to 4.8.3 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](56339e523c...05fe457637) Updates `sigstore/cosign-installer` from 3.10.0 to 4.0.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](d7543c93d8...faadad0cce) Updates `anchore/sbom-action` from 0.20.6 to 0.23.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](f8bdd1d8ac...17ae174017) Updates `peter-evans/repository-dispatch` from 4.0.0 to 4.0.1 - [Release notes](https://github.com/peter-evans/repository-dispatch/releases) - [Commits](5fc4efd1a4...28959ce8df) Updates `github/codeql-action` from 3.30.5 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](3599b3baa1...89a39a4e59) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: github/ai-moderator dependency-version: 1.1.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: step-security/harden-runner dependency-version: 2.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/setup-go dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: goreleaser/goreleaser-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: golangci/golangci-lint-action dependency-version: 9.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/dependency-review-action dependency-version: 4.8.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: sigstore/cosign-installer dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: anchore/sbom-action dependency-version: 0.23.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: peter-evans/repository-dispatch dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
250 lines
9.7 KiB
YAML
250 lines
9.7 KiB
YAML
name: Release Proposal
|
|
|
|
# This workflow creates a release proposal as a PR that requires approval from maintainers
|
|
# Triggered manually by maintainers when ready to prepare a release
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: 'Version to release (e.g., v2.8.0)'
|
|
required: true
|
|
type: string
|
|
commit_hash:
|
|
description: 'Commit hash to release from'
|
|
required: true
|
|
type: string
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
create-proposal:
|
|
name: Create Release Proposal
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
issues: write
|
|
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
|
|
with:
|
|
egress-policy: audit
|
|
- name: Checkout code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Trim and validate inputs
|
|
id: inputs
|
|
run: |
|
|
# Trim whitespace from inputs
|
|
VERSION=$(echo "${{ inputs.version }}" | xargs)
|
|
COMMIT_HASH=$(echo "${{ inputs.commit_hash }}" | xargs)
|
|
|
|
echo "version=$VERSION" >> $GITHUB_OUTPUT
|
|
echo "commit_hash=$COMMIT_HASH" >> $GITHUB_OUTPUT
|
|
|
|
# Validate version format
|
|
if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?$ ]]; then
|
|
echo "Error: Version must follow semver format (e.g., v2.8.0 or v2.8.0-beta.1)"
|
|
exit 1
|
|
fi
|
|
|
|
# Validate commit hash format
|
|
if [[ ! "$COMMIT_HASH" =~ ^[a-f0-9]{7,40}$ ]]; then
|
|
echo "Error: Commit hash must be a valid SHA (7-40 characters)"
|
|
exit 1
|
|
fi
|
|
|
|
# Check if commit exists
|
|
if ! git cat-file -e "$COMMIT_HASH"; then
|
|
echo "Error: Commit $COMMIT_HASH does not exist"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Check if tag already exists
|
|
run: |
|
|
if git rev-parse "${{ steps.inputs.outputs.version }}" >/dev/null 2>&1; then
|
|
echo "Error: Tag ${{ steps.inputs.outputs.version }} already exists"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Check for existing proposal PR
|
|
id: check_existing
|
|
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
|
|
with:
|
|
script: |
|
|
const version = '${{ steps.inputs.outputs.version }}';
|
|
|
|
// Search for existing open PRs with release-proposal label that match this version
|
|
const openPRs = await github.rest.pulls.list({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
state: 'open',
|
|
sort: 'updated',
|
|
direction: 'desc'
|
|
});
|
|
|
|
const existingOpenPR = openPRs.data.find(pr =>
|
|
pr.title.includes(version) &&
|
|
pr.labels.some(label => label.name === 'release-proposal')
|
|
);
|
|
|
|
if (existingOpenPR) {
|
|
const hasReleased = existingOpenPR.labels.some(label => label.name === 'released');
|
|
const hasReleaseInProgress = existingOpenPR.labels.some(label => label.name === 'release-in-progress');
|
|
|
|
if (hasReleased || hasReleaseInProgress) {
|
|
core.setFailed(`A release for ${version} is already in progress or completed: ${existingOpenPR.html_url}`);
|
|
} else {
|
|
core.setFailed(`An open release proposal already exists for ${version}: ${existingOpenPR.html_url}\n\nPlease use the existing PR or close it first.`);
|
|
}
|
|
return;
|
|
}
|
|
|
|
// Check for closed PRs with this version that were cancelled
|
|
const closedPRs = await github.rest.pulls.list({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
state: 'closed',
|
|
sort: 'updated',
|
|
direction: 'desc'
|
|
});
|
|
|
|
const cancelledPR = closedPRs.data.find(pr =>
|
|
pr.title.includes(version) &&
|
|
pr.labels.some(label => label.name === 'release-proposal') &&
|
|
pr.labels.some(label => label.name === 'cancelled')
|
|
);
|
|
|
|
if (cancelledPR) {
|
|
console.log(`Found previously cancelled proposal for ${version}: ${cancelledPR.html_url}`);
|
|
console.log('Creating new proposal to replace cancelled one...');
|
|
} else {
|
|
console.log(`No existing proposal found for ${version}, proceeding...`);
|
|
}
|
|
|
|
- name: Generate changelog and create branch
|
|
id: setup
|
|
run: |
|
|
VERSION="${{ steps.inputs.outputs.version }}"
|
|
COMMIT_HASH="${{ steps.inputs.outputs.commit_hash }}"
|
|
|
|
# Create a new branch for the release proposal
|
|
BRANCH_NAME="release_proposal-$VERSION"
|
|
git checkout -b "$BRANCH_NAME"
|
|
|
|
# Calculate how many commits behind HEAD
|
|
COMMITS_BEHIND=$(git rev-list --count ${COMMIT_HASH}..HEAD)
|
|
|
|
if [ "$COMMITS_BEHIND" -eq 0 ]; then
|
|
BEHIND_INFO="This is the latest commit (HEAD)"
|
|
else
|
|
BEHIND_INFO="This commit is **${COMMITS_BEHIND} commits behind HEAD**"
|
|
fi
|
|
|
|
echo "commits_behind=$COMMITS_BEHIND" >> $GITHUB_OUTPUT
|
|
echo "behind_info=$BEHIND_INFO" >> $GITHUB_OUTPUT
|
|
|
|
# Get the last tag
|
|
LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
|
|
|
|
if [ -z "$LAST_TAG" ]; then
|
|
echo "No previous tag found, generating full changelog"
|
|
COMMITS=$(git log --pretty=format:"- %s (%h)" --reverse "$COMMIT_HASH")
|
|
else
|
|
echo "Generating changelog since $LAST_TAG"
|
|
COMMITS=$(git log --pretty=format:"- %s (%h)" --reverse "${LAST_TAG}..$COMMIT_HASH")
|
|
fi
|
|
|
|
# Store changelog for PR body
|
|
CLEANSED_COMMITS=$(echo "$COMMITS" | sed 's/`/\\`/g')
|
|
echo "changelog<<EOF" >> $GITHUB_OUTPUT
|
|
echo "$CLEANSED_COMMITS" >> $GITHUB_OUTPUT
|
|
echo "EOF" >> $GITHUB_OUTPUT
|
|
|
|
# Create empty commit for the PR
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "github-actions[bot]@users.noreply.github.com"
|
|
git commit --allow-empty -m "Release proposal for $VERSION"
|
|
|
|
# Push the branch
|
|
git push origin "$BRANCH_NAME"
|
|
|
|
echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
|
|
|
|
- name: Create release proposal PR
|
|
id: create_pr
|
|
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
|
|
with:
|
|
script: |
|
|
const changelog = `${{ steps.setup.outputs.changelog }}`;
|
|
|
|
const pr = await github.rest.pulls.create({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
title: `Release Proposal: ${{ steps.inputs.outputs.version }}`,
|
|
head: '${{ steps.setup.outputs.branch_name }}',
|
|
base: 'master',
|
|
body: `## Release Proposal: ${{ steps.inputs.outputs.version }}
|
|
|
|
**Target Commit:** \`${{ steps.inputs.outputs.commit_hash }}\`
|
|
**Requested by:** @${{ github.actor }}
|
|
**Commit Status:** ${{ steps.setup.outputs.behind_info }}
|
|
|
|
This PR proposes creating release tag \`${{ steps.inputs.outputs.version }}\` at commit \`${{ steps.inputs.outputs.commit_hash }}\`.
|
|
|
|
### Approval Process
|
|
|
|
This PR requires **approval from 2+ maintainers** before the tag can be created.
|
|
|
|
### What happens next?
|
|
|
|
1. Maintainers review this proposal
|
|
2. When 2+ maintainer approvals are received, an automated workflow will post tagging instructions
|
|
3. A maintainer manually creates and pushes the signed tag
|
|
4. The release workflow is triggered automatically by the tag push
|
|
5. Upon release completion, this PR is closed and the branch is deleted
|
|
|
|
### Changes Since Last Release
|
|
|
|
${changelog}
|
|
|
|
### Release Checklist
|
|
|
|
- [ ] All tests pass
|
|
- [ ] Security review completed
|
|
- [ ] Documentation updated
|
|
- [ ] Breaking changes documented
|
|
|
|
---
|
|
|
|
**Note:** Tag creation is manual and requires a signed tag from a maintainer.`,
|
|
draft: true
|
|
});
|
|
|
|
// Add labels
|
|
await github.rest.issues.addLabels({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: pr.data.number,
|
|
labels: ['release-proposal', 'awaiting-approval']
|
|
});
|
|
|
|
console.log(`Created PR: ${pr.data.html_url}`);
|
|
|
|
return { number: pr.data.number, url: pr.data.html_url };
|
|
result-encoding: json
|
|
|
|
- name: Post summary
|
|
run: |
|
|
echo "## Release Proposal PR Created! 🚀" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "Version: **${{ steps.inputs.outputs.version }}**" >> $GITHUB_STEP_SUMMARY
|
|
echo "Commit: **${{ steps.inputs.outputs.commit_hash }}**" >> $GITHUB_STEP_SUMMARY
|
|
echo "Status: ${{ steps.setup.outputs.behind_info }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "PR: ${{ fromJson(steps.create_pr.outputs.result).url }}" >> $GITHUB_STEP_SUMMARY
|