name: Prepare new release on: workflow_dispatch: inputs: serverBump: description: 'Bump server version' required: true default: 'false' type: choice options: - 'false' - major - minor - patch mobileBump: description: 'Bump mobile build number' required: false type: boolean skipTranslations: description: 'Skip translations' required: false type: boolean concurrency: group: ${{ github.workflow }}-${{ github.ref }}-root cancel-in-progress: true permissions: {} jobs: merge_translations: uses: ./.github/workflows/merge-translations.yml with: skip: ${{ inputs.skipTranslations }} permissions: pull-requests: write secrets: PUSH_O_MATIC_APP_ID: ${{ secrets.PUSH_O_MATIC_APP_ID }} PUSH_O_MATIC_APP_KEY: ${{ secrets.PUSH_O_MATIC_APP_KEY }} WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }} bump_version: runs-on: ubuntu-latest needs: [merge_translations] outputs: ref: ${{ steps.push-tag.outputs.commit_long_sha }} permissions: {} # No job-level permissions are needed because it uses the app-token steps: - name: Generate a token id: generate-token uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 with: app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }} private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }} - name: Checkout uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: token: ${{ steps.generate-token.outputs.token }} persist-credentials: true ref: main - name: Install uv uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2 - name: Setup pnpm uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - name: Setup Node uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version-file: './server/.nvmrc' cache: 'pnpm' cache-dependency-path: '**/pnpm-lock.yaml' - name: Bump version env: SERVER_BUMP: ${{ inputs.serverBump }} MOBILE_BUMP: ${{ inputs.mobileBump }} run: misc/release/pump-version.sh -s "${SERVER_BUMP}" -m "${MOBILE_BUMP}" - name: Commit and tag id: push-tag uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4 with: default_author: github_actions message: 'chore: version ${{ env.IMMICH_VERSION }}' tag: ${{ env.IMMICH_VERSION }} push: true build_mobile: uses: ./.github/workflows/build-mobile.yml needs: bump_version permissions: contents: read secrets: KEY_JKS: ${{ secrets.KEY_JKS }} ALIAS: ${{ secrets.ALIAS }} ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }} ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }} with: ref: ${{ needs.bump_version.outputs.ref }} prepare_release: runs-on: ubuntu-latest needs: build_mobile permissions: actions: read # To download the app artifact # No content permissions are needed because it uses the app-token steps: - name: Generate a token id: generate-token uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 with: app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }} private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }} - name: Checkout uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: token: ${{ steps.generate-token.outputs.token }} persist-credentials: false - name: Download APK uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: release-apk-signed - name: Create draft release uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3 with: draft: true tag_name: ${{ env.IMMICH_VERSION }} token: ${{ steps.generate-token.outputs.token }} generate_release_notes: true body_path: misc/release/notes.tmpl files: | docker/docker-compose.yml docker/example.env docker/hwaccel.ml.yml docker/hwaccel.transcoding.yml docker/prometheus.yml *.apk