len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2026-05-12 11:42:57 -04:00
Code Issues Projects Releases Packages Wiki Activity

Create a release branch which can be deleted. Update SBOM workflow params. No more secrets.

Browse source
This commit is contained in:
Kody Stribrny 2026-03-30 13:16:21 -07:00
parent 90137a03cd
commit bf431d4495
1 changed files with 35 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

52
.github/workflows/auto-release.yml vendored
View file

@ -15,6 +15,9 @@ on:
description: "Version String for task.h on main branch (leave empty to leave as-is)." description: "Version String for task.h on main branch (leave empty to leave as-is)."
required: false required: false
default: '' default: ''
github_token:
description: 'GitHub token for creating releases and pushing changes'
required: true
jobs: jobs:
release-packager: release-packager:
@ -31,7 +34,7 @@ jobs:
with: with:
architecture: x64 architecture: x64
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ github.event.inputs.github_token }}
- name: Install GitHub CLI - name: Install GitHub CLI
run: | run: |
@ -64,21 +67,29 @@ jobs:
git config --global user.name "$ACTOR" git config --global user.name "$ACTOR"
git config --global user.email "$ACTOR"@users.noreply.github.com git config --global user.email "$ACTOR"@users.noreply.github.com
- name: Create release preparation branch - name: Create version branch
env: env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }} VERSION_NUMBER: ${{ github.event.inputs.version_number }}
COMMIT_ID: ${{ github.event.inputs.commit_id }} COMMIT_ID: ${{ github.event.inputs.commit_id }}
working-directory: ./local_kernel working-directory: ./local_kernel
run: | run: |
git checkout -b "release-prep-$VERSION_NUMBER" "$COMMIT_ID" git checkout -b "$VERSION_NUMBER" "$COMMIT_ID"
git push -u origin "$VERSION_NUMBER"
echo "COMMIT_SHA_1=$(git rev-parse HEAD)" >> $GITHUB_ENV echo "COMMIT_SHA_1=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Create release preparation branch
env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
working-directory: ./local_kernel
run: |
git checkout -b "release-prep-$VERSION_NUMBER"
- name: Update source files with version info - name: Update source files with version info
env: env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }} VERSION_NUMBER: ${{ github.event.inputs.version_number }}
MAIN_BR_VERSION_NUMBER: ${{ github.event.inputs.main_br_version }} MAIN_BR_VERSION_NUMBER: ${{ github.event.inputs.main_br_version }}
COMMIT_SHA_1: ${{ env.COMMIT_SHA_1 }} COMMIT_SHA_1: ${{ env.COMMIT_SHA_1 }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ github.event.inputs.github_token }}
run: | run: |
# Install deps and run # Install deps and run
pip install -r ./tools/.github/scripts/release-requirements.txt pip install -r ./tools/.github/scripts/release-requirements.txt
@ -114,11 +125,13 @@ jobs:
- name: Create pull request - name: Create pull request
env: env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }} VERSION_NUMBER: ${{ github.event.inputs.version_number }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ github.event.inputs.github_token }}
REPO_FULL_NAME: ${{ github.repository }}
working-directory: ./local_kernel working-directory: ./local_kernel
run: | run: |
PR_URL=$(gh pr create \ PR_URL=$(gh pr create \
--base main \ --repo "$REPO_FULL_NAME" \
--base "$VERSION_NUMBER" \
--head "release-prep-$VERSION_NUMBER" \ --head "release-prep-$VERSION_NUMBER" \
--title "[AUTO][RELEASE]: Release $VERSION_NUMBER" \ --title "[AUTO][RELEASE]: Release $VERSION_NUMBER" \
--body "Automated release preparation for $VERSION_NUMBER. Updates version numbers in source files and manifest.yml.") --body "Automated release preparation for $VERSION_NUMBER. Updates version numbers in source files and manifest.yml.")
@ -126,12 +139,13 @@ jobs:
- name: Wait for PR to be merged - name: Wait for PR to be merged
env: env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ github.event.inputs.github_token }}
REPO_FULL_NAME: ${{ github.repository }}
working-directory: ./local_kernel working-directory: ./local_kernel
run: | run: |
PR_NUMBER=$(echo "$PR_URL" | grep -oE '[0-9]+$') PR_NUMBER=$(echo "$PR_URL" | grep -oE '[0-9]+$')
while true; do while true; do
STATE=$(gh pr view "$PR_NUMBER" --json state --jq .state) STATE=$(gh pr view "$PR_NUMBER" --repo "$REPO_FULL_NAME" --json state --jq .state)
if [ "$STATE" = "MERGED" ]; then if [ "$STATE" = "MERGED" ]; then
echo "PR merged successfully" echo "PR merged successfully"
break break
@ -147,24 +161,29 @@ jobs:
uses: actions/checkout@v4.1.1 uses: actions/checkout@v4.1.1
with: with:
path: local_kernel path: local_kernel
ref: main ref: ${{ github.event.inputs.version_number }}
fetch-depth: 0 fetch-depth: 0
- name: Generate SBOM - name: Generate SBOM
uses: FreeRTOS/CI-CD-Github-Actions/sbom-generator@main uses: FreeRTOS/CI-CD-Github-Actions/sbom-generator@main
with: with:
repo_path: ./local_kernel directory: ./local_kernel
source_path: ./ distribution-type: repository
creator: Amazon Web Services, Inc.
download-location: git+https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}.git@${{ github.event.inputs.version_number }}
homepage: https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}
namespace-prefix: https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}/releases/download/${{ github.event.inputs.version_number }}/
include-file-hashes: true
- name: Commit SBOM file - name: Commit SBOM file
env: env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }} VERSION_NUMBER: ${{ github.event.inputs.version_number }}
GITHUB_TOKEN: ${{ github.event.inputs.github_token }}
working-directory: ./local_kernel working-directory: ./local_kernel
run: | run: |
git checkout -b "release-$VERSION_NUMBER"
git add . git add .
git commit -m '[AUTO][RELEASE]: Update SBOM' git commit -m '[AUTO][RELEASE]: Update SBOM'
git push -u origin "release-$VERSION_NUMBER" git push -u origin "$VERSION_NUMBER"
echo "COMMIT_SHA_2=$(git rev-parse HEAD)" >> $GITHUB_ENV echo "COMMIT_SHA_2=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Release - name: Release
@ -173,7 +192,7 @@ jobs:
MAIN_BR_VERSION_NUMBER: ${{ github.event.inputs.main_br_version }} MAIN_BR_VERSION_NUMBER: ${{ github.event.inputs.main_br_version }}
COMMIT_SHA_2: ${{ env.COMMIT_SHA_2 }} COMMIT_SHA_2: ${{ env.COMMIT_SHA_2 }}
REPO_OWNER: ${{ github.repository_owner }} REPO_OWNER: ${{ github.repository_owner }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ github.event.inputs.github_token }}
run: | run: |
# Install deps and run # Install deps and run
pip install -r ./tools/.github/scripts/release-requirements.txt pip install -r ./tools/.github/scripts/release-requirements.txt
@ -192,14 +211,13 @@ jobs:
if: always() if: always()
env: env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }} VERSION_NUMBER: ${{ github.event.inputs.version_number }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ github.event.inputs.github_token }}
working-directory: ./local_kernel working-directory: ./local_kernel
run: | run: |
# Only delete release-prep branch if the PR was already merged # Only delete release-prep branch if the PR was already merged
PR_STATE=$(gh pr list --head "release-prep-$VERSION_NUMBER" --json state --jq '.[0].state' 2>/dev/null || echo "") PR_STATE=$(gh pr list --repo "${{ github.repository }}" --head "release-prep-$VERSION_NUMBER" --json state --jq '.[0].state' 2>/dev/null || echo "")
if [ "$PR_STATE" = "MERGED" ] || [ -z "$PR_STATE" ]; then if [ "$PR_STATE" = "MERGED" ] || [ -z "$PR_STATE" ]; then
git push origin --delete "release-prep-$VERSION_NUMBER" || true git push origin --delete "release-prep-$VERSION_NUMBER" || true
else else
echo "Skipping release-prep branch deletion — PR is still open (state: $PR_STATE)" echo "Skipping release-prep branch deletion — PR is still open (state: $PR_STATE)"
fi fi
git push origin --delete "release-$VERSION_NUMBER" || true