Skip to content
[Release] Step 2: Tag next release (Autorun)

🌱 Bump gradle/gradle-build-action from 2.11.1 to 3.3.1 #139

Sign in to view logs

🌱 Bump gradle/gradle-build-action from 2.11.1 to 3.3.1

🌱 Bump gradle/gradle-build-action from 2.11.1 to 3.3.1 #139

Workflow file for this run

.github/workflows/tag_next_release.yml at 59f8b7a
name: "[Release] Step 2: Tag next release (Autorun)"
on:
workflow_dispatch:
pull_request:
types: [ closed ]
# TODO: update workflow permissions to least privilege after auditing all the APIs used
# permissions: # limit the permissions of the GITHIUB_TOKEN to reading repository contents
# contents: read
jobs:
create_release:
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'release') && contains(github.event.pull_request.user.login, 'google-flank-bot[bot]') && contains(github.event.pull_request.title, 'release notes for')
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
# TODO: change to 'egress-policy: block' after auditing a number of runs and updating the allowed-endpoints option accordingly
- uses: actions/checkout@v4
- uses: tibdex/github-app-token@v2
id: generate-token
with:
app_id: ${{ secrets.FLANK_RELEASE_APP_ID }}
private_key: ${{ secrets.FLANK_RELEASE_PRIVATE_KEY }}
- name: Download flankScripts and add it to PATH.
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
./gradlew :flank-scripts:download
echo "./flank-scripts/bash" >> $GITHUB_PATH
- name: Set next release tag variable
run: |
TAG=$(flankScripts release next_tag --token=${{ secrets.GITHUB_TOKEN }})
echo "NEXT_RELEASE_TAG=$(echo $TAG)" >> $GITHUB_ENV
- name: Push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5
with:
github_token: ${{ steps.generate-token.outputs.token }}
custom_tag: ${{ env.NEXT_RELEASE_TAG }}
tag_prefix: ''