From 6d41e9f4a53f6273e8f278888d0afeec142761b9 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Mon, 2 Jun 2025 00:51:43 -0500 Subject: [PATCH 1/4] fix: add secret/token to major-version-updater (#57) - [x] add docs - [x] add link to docs from README - [x] fix tag name argument from underscore to hyphen - [x] use github token in right places (GITHUB_TOKEN or arg) Signed-off-by: jmeridth --- .github/workflows/major-version-updater.yaml | 11 ++++++++--- .github/workflows/release-discussion.yaml | 3 +-- .github/workflows/release-image.yaml | 1 + .../workflows/test-major-version-updater.yaml | 4 +++- README.md | 3 ++- docs/major-version-updater.md | 19 +++++++++++++++++++ 6 files changed, 34 insertions(+), 7 deletions(-) create mode 100644 docs/major-version-updater.md diff --git a/.github/workflows/major-version-updater.yaml b/.github/workflows/major-version-updater.yaml index a8ec77f..5e07984 100644 --- a/.github/workflows/major-version-updater.yaml +++ b/.github/workflows/major-version-updater.yaml @@ -3,9 +3,12 @@ name: "Major Version Updater" on: workflow_call: inputs: - tag_name: + tag-name: required: true type: string + secrets: + github-token: + required: true permissions: contents: read jobs: @@ -17,17 +20,19 @@ jobs: - uses: actions/checkout@v4.2.2 with: fetch-tags: true - ref: ${{ inputs.tag_name }} + ref: ${{ inputs.tag-name }} - name: version id: version env: - TAG_NAME: ${{ inputs.tag_name }} + TAG_NAME: ${{ inputs.tag-name }} run: | tag=${TAG_NAME/refs\/tags\//} version=${tag#v} major=${version%%.*} { echo "tag=${tag}"; echo "version=${version}"; echo "major=${major}"; } >> "$GITHUB_OUTPUT" - name: force update major tag + env: + GITHUB_TOKEN: ${{ secrets.github-token }} run: | git tag -f v${{ steps.version.outputs.major }} ${{ steps.version.outputs.tag }} git push -f origin v${{ steps.version.outputs.major }} diff --git a/.github/workflows/release-discussion.yaml b/.github/workflows/release-discussion.yaml index 4a2e70a..b3ed0d8 100644 --- a/.github/workflows/release-discussion.yaml +++ b/.github/workflows/release-discussion.yaml @@ -38,10 +38,9 @@ jobs: exit 1 - name: Create an Announcement Discussion for Release uses: abirismyname/create-discussion@c2b7c825241769dda523865ae444a879f6bbd0e0 - env: - GH_TOKEN: ${{ secrets.github-token }} with: title: ${{ inputs.full-tag }} body: ${{ inputs.body }} repository-id: ${{ env.DISCUSSION_REPOSITORY_ID }} category-id: ${{ env.DISCUSSION_CATEGORY_ID }} + github-token: ${{ secrets.github-token }} diff --git a/.github/workflows/release-image.yaml b/.github/workflows/release-image.yaml index 7a32629..8ed681e 100644 --- a/.github/workflows/release-image.yaml +++ b/.github/workflows/release-image.yaml @@ -69,3 +69,4 @@ jobs: subject-name: ${{ env.IMAGE_REGISTRY }}/${{ inputs.image-name}} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true + github-token: ${{ secrets.github-token }} diff --git a/.github/workflows/test-major-version-updater.yaml b/.github/workflows/test-major-version-updater.yaml index 20e00d0..62c7627 100644 --- a/.github/workflows/test-major-version-updater.yaml +++ b/.github/workflows/test-major-version-updater.yaml @@ -16,4 +16,6 @@ jobs: contents: write uses: ./.github/workflows/major-version-updater.yaml with: - tag_name: ${{ github.event.inputs.TAG_NAME || github.ref}} + tag-name: ${{ github.event.inputs.TAG_NAME || github.ref}} + secrets: + github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/README.md b/README.md index 9d5726f..dea0f8b 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,9 @@ This is a placeholder repo for multiple GitHub Actions we use in open source pro ## Reusable Workflows Available -- [Labeler](docs/labeler.md) - [Auto-Labeler](docs/auto-labeler.md) +- [Labeler](docs/labeler.md) +- [Major Version Updater](docs/major-version-updater.md) - [PR Title](docs/pr-title.md) - [Release](docs/release.md) - [Release Image](docs/release-image.md) diff --git a/docs/major-version-updater.md b/docs/major-version-updater.md new file mode 100644 index 0000000..81d77aa --- /dev/null +++ b/docs/major-version-updater.md @@ -0,0 +1,19 @@ +# Major Version Updater + +## Inputs + +```yaml +- uses: github/ospo-reusable-workflows/.github/workflows/major-version-updater.yml@main + permissions: + contents: write + with: + # Tag name that the major tag will point to (e.g. v1.2.3) + tag-name: v1.2.3 + secrets: + # The GitHub token to use + github-token: ${{ secrets.GITHUB_TOKEN }} +``` + +## Outputs + +None From ab23c8c6cb1f6f349025ec549faf83866748863f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Jun 2025 22:32:15 -0500 Subject: [PATCH 2/4] chore(deps): bump docker/setup-buildx-action in the dependencies group (#62) --- .github/workflows/release-image.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-image.yaml b/.github/workflows/release-image.yaml index 8ed681e..1ece19b 100644 --- a/.github/workflows/release-image.yaml +++ b/.github/workflows/release-image.yaml @@ -40,7 +40,7 @@ jobs: steps: - uses: actions/checkout@v4.2.2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 + uses: docker/setup-buildx-action@18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0 - name: Log in to the Container registry uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 with: From 4965fba4b2cb59ae11d4e0fab78f0933d667440d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Jul 2025 09:01:43 -0500 Subject: [PATCH 3/4] chore(deps): bump docker/setup-buildx-action in the dependencies group (#63) --- .github/workflows/release-image.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-image.yaml b/.github/workflows/release-image.yaml index 1ece19b..c8c155f 100644 --- a/.github/workflows/release-image.yaml +++ b/.github/workflows/release-image.yaml @@ -40,7 +40,7 @@ jobs: steps: - uses: actions/checkout@v4.2.2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 - name: Log in to the Container registry uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 with: From ebb4e218b75c6043139fd69a4c9bb5a465fb696b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Aug 2025 10:10:46 -0500 Subject: [PATCH 4/4] chore(deps): bump docker/login-action in the dependencies group (#64) --- .github/workflows/release-image.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-image.yaml b/.github/workflows/release-image.yaml index c8c155f..111056d 100644 --- a/.github/workflows/release-image.yaml +++ b/.github/workflows/release-image.yaml @@ -42,7 +42,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 - name: Log in to the Container registry - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 with: registry: ${{ env.IMAGE_REGISTRY }} username: ${{ env.IMAGE_REGISTRY_USERNAME }}