name: Kernel-Auto-Release on: workflow_dispatch: inputs: commit_id: description: 'Commit ID' required: true default: 'HEAD' version_number: description: 'Version Number (Ex. 10.4.4)' required: true default: '10.4.4' main_br_version: description: "Version String for task.h on main branch (leave empty to leave as-is)." required: false default: '' github_token: description: 'GitHub token for creating releases and pushing changes' required: true jobs: release-packager: permissions: contents: write pull-requests: write id-token: write name: Release Packager runs-on: ubuntu-latest steps: # Install python 3 - name: Tool Setup uses: actions/setup-python@v2 with: architecture: x64 env: GITHUB_TOKEN: ${{ github.event.inputs.github_token }} - name: Install GitHub CLI run: | command -v gh >/dev/null 2>&1 || { curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null sudo apt update sudo apt install gh } # Currently FreeRTOS/.github/scripts houses the release script. Download it for upcoming usage - name: Checkout FreeRTOS Release Tools uses: actions/checkout@v4.1.1 with: repository: FreeRTOS/FreeRTOS path: tools # Simpler git auth if we use checkout action and forward the repo to release script - name: Checkout FreeRTOS Kernel uses: actions/checkout@v4.1.1 with: path: local_kernel fetch-depth: 0 - name: Configure git identity env: ACTOR: ${{ github.actor }} run: | git config --global user.name "$ACTOR" git config --global user.email "$ACTOR"@users.noreply.github.com - name: Create version branch env: VERSION_NUMBER: ${{ github.event.inputs.version_number }} COMMIT_ID: ${{ github.event.inputs.commit_id }} working-directory: ./local_kernel run: | git checkout -b "$VERSION_NUMBER" "$COMMIT_ID" git push -u origin "$VERSION_NUMBER" echo "COMMIT_SHA_1=$(git rev-parse HEAD)" >> $GITHUB_ENV - name: Create release preparation branch env: VERSION_NUMBER: ${{ github.event.inputs.version_number }} working-directory: ./local_kernel run: | git checkout -b "release-prep-$VERSION_NUMBER" - name: Update source files with version info env: VERSION_NUMBER: ${{ github.event.inputs.version_number }} MAIN_BR_VERSION_NUMBER: ${{ github.event.inputs.main_br_version }} COMMIT_SHA_1: ${{ env.COMMIT_SHA_1 }} GITHUB_TOKEN: ${{ github.event.inputs.github_token }} run: | # Install deps and run pip install -r ./tools/.github/scripts/release-requirements.txt ./tools/.github/scripts/update_src_version.py FreeRTOS --kernel-repo-path=local_kernel --kernel-commit="$COMMIT_SHA_1" --new-kernel-version="$VERSION_NUMBER" --new-kernel-main-br-version="$MAIN_BR_VERSION_NUMBER" exit $? - name: Update version number in manifest.yml env: VERSION_NUMBER: ${{ github.event.inputs.version_number }} working-directory: ./local_kernel run: | ./.github/scripts/manifest_updater.py -v "$VERSION_NUMBER" exit $? - name: Commit and push release preparation branch env: VERSION_NUMBER: ${{ github.event.inputs.version_number }} working-directory: ./local_kernel run: | # The update_src_version.py script detaches HEAD by checking out a SHA. # Re-attach HEAD to the release prep branch, keeping all commits. git branch -f "release-prep-$VERSION_NUMBER" HEAD git checkout "release-prep-$VERSION_NUMBER" git add . if git diff --cached --quiet; then echo "No new changes to commit — source files and manifest already up to date." else git commit -m '[AUTO][RELEASE]: Update version number in manifest.yml and source files' fi git push -u origin "release-prep-$VERSION_NUMBER" - name: Create pull request env: VERSION_NUMBER: ${{ github.event.inputs.version_number }} GH_TOKEN: ${{ github.event.inputs.github_token }} REPO_FULL_NAME: ${{ github.repository }} working-directory: ./local_kernel run: | PR_URL=$(gh pr create \ --repo "$REPO_FULL_NAME" \ --base "$VERSION_NUMBER" \ --head "release-prep-$VERSION_NUMBER" \ --title "[AUTO][RELEASE]: Release $VERSION_NUMBER" \ --body "Automated release preparation for $VERSION_NUMBER. Updates version numbers in source files and manifest.yml.") echo "PR_URL=$PR_URL" >> $GITHUB_ENV - name: Wait for PR to be merged env: GH_TOKEN: ${{ github.event.inputs.github_token }} REPO_FULL_NAME: ${{ github.repository }} working-directory: ./local_kernel run: | PR_NUMBER=$(echo "$PR_URL" | grep -oE '[0-9]+$') while true; do STATE=$(gh pr view "$PR_NUMBER" --repo "$REPO_FULL_NAME" --json state --jq .state) if [ "$STATE" = "MERGED" ]; then echo "PR merged successfully" break elif [ "$STATE" = "CLOSED" ]; then echo "Error: PR was closed without merging" exit 1 fi echo "Waiting for PR to be merged... (current state: $STATE)" sleep 30 done - name: Re-checkout after merge uses: actions/checkout@v4.1.1 with: path: local_kernel ref: ${{ github.event.inputs.version_number }} fetch-depth: 0 - name: Generate SBOM uses: FreeRTOS/CI-CD-Github-Actions/sbom-generator@main with: directory: ./local_kernel distribution-type: repository creator: Amazon Web Services, Inc. download-location: git+https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}.git@${{ github.event.inputs.version_number }} homepage: https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }} namespace-prefix: https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}/releases/download/${{ github.event.inputs.version_number }}/ include-file-hashes: true - name: Commit SBOM file env: VERSION_NUMBER: ${{ github.event.inputs.version_number }} GITHUB_TOKEN: ${{ github.event.inputs.github_token }} working-directory: ./local_kernel run: | git add . git commit -m '[AUTO][RELEASE]: Update SBOM' git push -u origin "$VERSION_NUMBER" echo "COMMIT_SHA_2=$(git rev-parse HEAD)" >> $GITHUB_ENV - name: Release env: VERSION_NUMBER: ${{ github.event.inputs.version_number }} MAIN_BR_VERSION_NUMBER: ${{ github.event.inputs.main_br_version }} COMMIT_SHA_2: ${{ env.COMMIT_SHA_2 }} REPO_OWNER: ${{ github.repository_owner }} GITHUB_TOKEN: ${{ github.event.inputs.github_token }} run: | # Install deps and run pip install -r ./tools/.github/scripts/release-requirements.txt ./tools/.github/scripts/release.py "$REPO_OWNER" --kernel-repo-path=local_kernel --kernel-commit="$COMMIT_SHA_2" --new-kernel-version="$VERSION_NUMBER" --new-kernel-main-br-version="$MAIN_BR_VERSION_NUMBER" exit $? - name: Backup Release Asset uses: FreeRTOS/CI-CD-Github-Actions/artifact-backup@main with: # This is dependent on the release script putting this zip file # in this exact location. artifact_path: ./FreeRTOS-KernelV${{ github.event.inputs.version_number }}.zip release_tag: ${{ github.event.inputs.version_number }} - name: Delete release preparation branch if: always() env: VERSION_NUMBER: ${{ github.event.inputs.version_number }} GH_TOKEN: ${{ github.event.inputs.github_token }} working-directory: ./local_kernel run: | # Only delete release-prep branch if the PR was already merged PR_STATE=$(gh pr list --repo "${{ github.repository }}" --head "release-prep-$VERSION_NUMBER" --json state --jq '.[0].state' 2>/dev/null || echo "") if [ "$PR_STATE" = "MERGED" ] || [ -z "$PR_STATE" ]; then git push origin --delete "release-prep-$VERSION_NUMBER" || true else echo "Skipping release-prep branch deletion — PR is still open (state: $PR_STATE)" fi