Skip to content

ci: split release-please into independent release and PR creation steps #107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
keelerm84 wants to merge 2 commits into from
Closed

ci: split release-please into independent release and PR creation steps #107

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6393072
ci: split release-please into independent release and PR creation steps
keelerm84 Apr 6, 2026
407a6be
ci: use release_created consistently in single-package repo
keelerm84 Apr 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 52 additions & 15 deletions .github/workflows/release-please.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,69 +6,106 @@ on:
- main

jobs:
release-package:
release-please:
runs-on: ubuntu-latest

permissions:
id-token: write # Needed if using OIDC to get release secrets.
contents: write # Contents and pull-requests are for release-please to make releases.
pull-requests: write
attestations: write

outputs:
release_created: ${{ steps.release.outputs.release_created }}

steps:
- uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4
# Create any releases first, then create tags, and then optionally create any new PRs.
- uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0
id: release
with:
skip-github-pull-request: true

# Need the repository content to be able to create and push a tag.
- uses: actions/checkout@v4
if: ${{ steps.release.outputs.release_created == 'true' }}

- name: Create release tag
if: ${{ steps.release.outputs.release_created == 'true' }}
env:
TAG_NAME: ${{ steps.release.outputs.tag_name }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if gh api "repos/${{ github.repository }}/git/ref/tags/${TAG_NAME}" >/dev/null 2>&1; then
echo "Tag ${TAG_NAME} already exists, skipping creation."
else
echo "Creating tag ${TAG_NAME}."
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git tag "${TAG_NAME}"
git push origin "${TAG_NAME}"
fi

- uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0
if: ${{ steps.release.outputs.release_created != 'true' }}
id: release-prs
with:
fetch-depth: 0 # Full history is required for proper changelog generation
skip-github-release: true

# Checkout is needed for the update-cabal step below.
- uses: actions/checkout@v4
if: ${{ steps.release-prs.outputs.pr != '' }}

#
# This step runs and updates an existing PR
#
- uses: ./.github/actions/update-cabal
if: ${{ steps.release.outputs.pr != '' }}
if: ${{ steps.release-prs.outputs.pr != '' }}
with:
branch: ${{ fromJSON(steps.release.outputs.pr).headBranchName }}
branch: ${{ fromJSON(steps.release-prs.outputs.pr).headBranchName }}

release-package:
needs: release-please
if: ${{ needs.release-please.outputs.release_created == 'true' }}
runs-on: ubuntu-latest

permissions:
id-token: write # Needed if using OIDC to get release secrets.
contents: write # Contents and pull-requests are for release-please to make releases.
attestations: write

steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history is required for proper changelog generation

- uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
name: "Get Hackage token"
if: ${{ steps.release.outputs.releases_created == 'true' }}
with:
aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
ssm_parameter_pairs: "/production/common/releasing/hackage/password = HACKAGE_TOKEN"

- name: Install PCRE development libraries
if: ${{ steps.release.outputs.releases_created == 'true' }}
run: sudo apt-get update && sudo apt-get install -y libpcre3-dev

- uses: ./.github/actions/setup-cache
if: ${{ steps.release.outputs.releases_created == 'true' }}

- uses: ./.github/actions/ci
id: ci
if: ${{ steps.release.outputs.releases_created == 'true' }}
with:
token: ${{secrets.GITHUB_TOKEN}}

- uses: ./.github/actions/build-docs
if: ${{ steps.release.outputs.releases_created == 'true' }}

- uses: ./.github/actions/publish
if: ${{ steps.release.outputs.releases_created == 'true' }}
with:
token: ${{ env.HACKAGE_TOKEN }}
dry_run: "false"

- uses: ./.github/actions/publish-docs
if: ${{ steps.release.outputs.releases_created == 'true' }}
with:
# If publishing somewhere else, then get the token from SSM. If you need both github,
# and another token, then add more tokens to the composite action.
token: ${{secrets.GITHUB_TOKEN}}

- name: Attest build provenance
if: ${{ steps.release.outputs.releases_created == 'true' }}
uses: actions/attest@v4
with:
subject-path: '${{ steps.ci.outputs.dist-dir }}/*tar.gz'
Loading