akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
Files
eec8c28fb3c2e8c0bc387bb3139184b8d67f1b21
Charon/.github/workflows/auto-versioning.yml
akanealw eec8c28fb3
Some checks failed
Go Benchmark / Performance Regression Check (push) Has been cancelled
Details
Cerberus Integration / Cerberus Security Stack Integration (push) Has been cancelled
Details
Upload Coverage to Codecov / Backend Codecov Upload (push) Has been cancelled
Details
Upload Coverage to Codecov / Frontend Codecov Upload (push) Has been cancelled
Details
CodeQL - Analyze / CodeQL analysis (go) (push) Has been cancelled
Details
CodeQL - Analyze / CodeQL analysis (javascript-typescript) (push) Has been cancelled
Details
CrowdSec Integration / CrowdSec Bouncer Integration (push) Has been cancelled
Details
Docker Build, Publish & Test / build-and-push (push) Has been cancelled
Details
Quality Checks / Auth Route Protection Contract (push) Has been cancelled
Details
Quality Checks / Codecov Trigger/Comment Parity Guard (push) Has been cancelled
Details
Quality Checks / Backend (Go) (push) Has been cancelled
Details
Quality Checks / Frontend (React) (push) Has been cancelled
Details
Rate Limit integration / Rate Limiting Integration (push) Has been cancelled
Details
Security Scan (PR) / Trivy Binary Scan (push) Has been cancelled
Details
Supply Chain Verification (PR) / Verify Supply Chain (push) Has been cancelled
Details
WAF integration / Coraza WAF Integration (push) Has been cancelled
Details
Docker Build, Publish & Test / Security Scan PR Image (push) Has been cancelled
Details
Repo Health Check / Repo health (push) Has been cancelled
Details
History Rewrite Dry-Run / Dry-run preview for history rewrite (push) Has been cancelled
Details
Prune Renovate Branches / prune (push) Has been cancelled
Details
Renovate / renovate (push) Has been cancelled
Details
Nightly Build & Package / sync-development-to-nightly (push) Has been cancelled
Details
Nightly Build & Package / Trigger Nightly Validation Workflows (push) Has been cancelled
Details
Nightly Build & Package / build-and-push-nightly (push) Has been cancelled
Details
Nightly Build & Package / test-nightly-image (push) Has been cancelled
Details
Nightly Build & Package / verify-nightly-supply-chain (push) Has been cancelled
Details
Update GeoLite2 Checksum / update-checksum (push) Has been cancelled
Details
Container Registry Prune / prune-ghcr (push) Has been cancelled
Details
Container Registry Prune / prune-dockerhub (push) Has been cancelled
Details
Container Registry Prune / summarize (push) Has been cancelled
Details
Supply Chain Verification / Verify SBOM (push) Has been cancelled
Details
Supply Chain Verification / Verify Release Artifacts (push) Has been cancelled
Details
Supply Chain Verification / Verify Docker Image Supply Chain (push) Has been cancelled
Details
Monitor Caddy Major Release / check-caddy-major (push) Has been cancelled
Details
Weekly Nightly to Main Promotion / Verify Nightly Branch Health (push) Has been cancelled
Details
Weekly Nightly to Main Promotion / Create Promotion PR (push) Has been cancelled
Details
Weekly Nightly to Main Promotion / Trigger Missing Required Checks (push) Has been cancelled
Details
Weekly Nightly to Main Promotion / Notify on Failure (push) Has been cancelled
Details
Weekly Nightly to Main Promotion / Workflow Summary (push) Has been cancelled
Details
changed perms
2026-04-22 18:19:14 +00:00

108 lines
4.6 KiB
YAML
Executable File
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: Auto Versioning and Release
# SEMANTIC VERSIONING RULES:
# - PATCH (0.14.1 → 0.14.2): fix:, perf:, refactor:, docs:, style:, test:, build:, ci:
# - MINOR (0.14.1 → 0.15.0): feat:, feat(...):
# - MAJOR (0.14.1 → 1.0.0): MANUAL ONLY - Create git tag manually when ready for 1.0.0
#
# ⚠️ Major version bumps are intentionally disabled in automation to prevent accidents.
on:
workflow_run:
workflows: ["Docker Build, Publish & Test"]
types: [completed]
branches: [ main ]
concurrency:
group: ${{ github.workflow }}-${{ github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: false # Don't cancel in-progress releases
permissions:
contents: write # Required for creating releases via API (removed unused pull-requests: write)
jobs:
version:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'main' }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Calculate Semantic Version
id: semver
uses: paulhatch/semantic-version@9f72830310d5ed81233b641ee59253644cd8a8fc # v6.0.2
with:
# The prefix to use to create tags
tag_prefix: "v"
# Regex pattern for major version bump - DISABLED (manual only)
# Use a pattern that will never match to prevent automated major bumps
major_pattern: "/__MANUAL_MAJOR_BUMP_ONLY__/"
# Regex pattern for minor version bump (new features)
# Matches: "feat:" prefix in commit messages (Conventional Commits)
minor_pattern: "/^feat(\\(.+\\))?:/"
# Patch bumps: All other commits (fix:, chore:, etc.) are treated as patches by default
# Pattern to determine formatting
version_format: "${major}.${minor}.${patch}"
# If no tags are found, this version is used
version_from_branch: "0.0.0"
# This helps it search through history to find the last tag
search_commit_body: true
# Important: This enables the output 'changed' which your other steps rely on
enable_prerelease_mode: false
- name: Show version
run: |
echo "Next version: ${{ steps.semver.outputs.version }}"
echo "Version changed: ${{ steps.semver.outputs.changed }}"
- name: Determine tag name
id: determine_tag
run: |
# Normalize the version: remove any leading 'v' so we don't end up with 'vvX.Y.Z'
RAW="${{ steps.semver.outputs.version }}"
VERSION_NO_V="${RAW#v}"
TAG="v${VERSION_NO_V}"
echo "Determined tag: $TAG"
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
- name: Check for existing GitHub Release
id: check_release
run: |
TAG="${{ steps.determine_tag.outputs.tag }}"
echo "Checking for release for tag: ${TAG}"
STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
-H "Authorization: token ${GITHUB_TOKEN}" \
-H "Accept: application/vnd.github+json" \
"https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/${TAG}") || true
if [ "${STATUS}" = "200" ]; then
echo "exists=true" >> "$GITHUB_OUTPUT"
echo " Release already exists for tag: ${TAG}"
else
echo "exists=false" >> "$GITHUB_OUTPUT"
echo "✅ No existing release found for tag: ${TAG}"
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create GitHub Release (creates tag via API)
if: ${{ steps.semver.outputs.changed == 'true' && steps.check_release.outputs.exists == 'false' }}
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3
with:
tag_name: ${{ steps.determine_tag.outputs.tag }}
name: Release ${{ steps.determine_tag.outputs.tag }}
generate_release_notes: true
make_latest: true
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Output release information
if: ${{ steps.semver.outputs.changed == 'true' && steps.check_release.outputs.exists == 'false' }}
run: |
echo "✅ Successfully created release: ${{ steps.determine_tag.outputs.tag }}"
echo "📦 Release URL: https://github.com/${{ github.repository }}/releases/tag/${{ steps.determine_tag.outputs.tag }}"
Reference in New Issue View Git Blame Copy Permalink