Skip to content

Commit a26b7f0

Browse files
Add weekly auto-release workflow for the LocalStack RIE
Cut a new patch release once a week when there are new commits on localstack, so Go-dep/stdlib CVE fixes self-publish without a manual tag. - weekly-release.yml: Friday cron + workflow_dispatch; discovers the latest published release, patch-bumps, skips if no new commits, then calls build.yml. - build.yml: add workflow_call with an optional version input so the same test -> build -> release path publishes the computed version (no PAT needed).
1 parent 9b9acb3 commit a26b7f0

2 files changed

Lines changed: 83 additions & 2 deletions

File tree

.github/workflows/build.yml

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,14 @@ on:
66
tags: v*.*
77
pull_request:
88
branches: [ localstack ]
9+
# Callable by weekly-release.yml; publishes a release when `version` is set.
10+
workflow_call:
11+
inputs:
12+
version:
13+
description: "Release version to tag and publish (e.g. v0.2.1). When set, a release is published."
14+
type: string
15+
required: false
16+
default: ""
917

1018
jobs:
1119

@@ -25,6 +33,8 @@ jobs:
2533
build:
2634
runs-on: ubuntu-latest
2735
needs: test
36+
permissions:
37+
contents: write
2838
steps:
2939
- uses: actions/checkout@v7
3040

@@ -44,8 +54,9 @@ jobs:
4454
path: bin/*
4555
- name: Release binaries
4656
uses: softprops/action-gh-release@v3
47-
if: startsWith(github.ref, 'refs/tags/')
57+
if: startsWith(github.ref, 'refs/tags/') || inputs.version != ''
4858
with:
59+
tag_name: ${{ inputs.version || github.ref_name }}
4960
files: bin/*
5061
generate_release_notes: true
51-
prerelease: ${{ endsWith(github.ref, '-pre') }}
62+
prerelease: ${{ endsWith(github.ref, '-pre') || endsWith(inputs.version, '-pre') }}
Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
# Weekly auto-release: patch-bumps and publishes if there are new commits on localstack.
2+
name: Weekly Release
3+
4+
on:
5+
schedule:
6+
# Fridays 06:00 UTC: ahead of lambda-images' Mon 13:00 UTC rebuild so Renovate can bump downstream pins first.
7+
- cron: '0 6 * * 5'
8+
workflow_dispatch:
9+
inputs:
10+
dryRun:
11+
description: "Compute the next version but do not release."
12+
type: boolean
13+
default: false
14+
15+
permissions:
16+
contents: read
17+
18+
jobs:
19+
version:
20+
runs-on: ubuntu-latest
21+
outputs:
22+
should_release: ${{ steps.ver.outputs.should_release }}
23+
next: ${{ steps.ver.outputs.next }}
24+
steps:
25+
- uses: actions/checkout@v7
26+
with:
27+
ref: localstack
28+
fetch-depth: 0
29+
30+
- name: Determine next version
31+
id: ver
32+
env:
33+
GH_TOKEN: ${{ github.token }}
34+
run: |
35+
git fetch --tags --force
36+
# Latest published release (same source as downstream Renovate); sort -V for highest version, not newest.
37+
latest=$(gh release list --exclude-pre-releases --exclude-drafts \
38+
--json tagName -q '.[].tagName' \
39+
| grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | sort -V | tail -n1)
40+
if [ -z "$latest" ]; then
41+
echo "::error::No published vX.Y.Z release found to bump from." && exit 1
42+
fi
43+
count=$(git rev-list "${latest}..HEAD" --count)
44+
ver=${latest#v}
45+
IFS=. read -r major minor patch <<< "$ver"
46+
next="v${major}.${minor}.$((patch + 1))"
47+
should_release=true
48+
if [ "$count" = "0" ]; then
49+
should_release=false
50+
echo "No new commits since $latest; nothing to release."
51+
fi
52+
if [ "${{ inputs.dryRun }}" = "true" ]; then
53+
should_release=false
54+
echo "dryRun requested; not releasing."
55+
fi
56+
{
57+
echo "next=$next"
58+
echo "should_release=$should_release"
59+
} >> "$GITHUB_OUTPUT"
60+
echo "Latest release: $latest | new commits since: $count | next: $next | release: $should_release"
61+
62+
release:
63+
needs: version
64+
if: needs.version.outputs.should_release == 'true'
65+
permissions:
66+
contents: write
67+
# Reuse build.yml's test -> build -> release path with the computed version.
68+
uses: ./.github/workflows/build.yml
69+
with:
70+
version: ${{ needs.version.outputs.next }}

0 commit comments

Comments
 (0)