Install Lefthook #24
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow creates version tags in Git for the release commit on the `main` branch. | |
| # | |
| # It is triggered automatically by merging a pull request to the `main` branch, | |
| # as created by the `release.yml` workflow. | |
| # | |
| # It can be triggered manually on any branch via the GitHub CLI: | |
| # | |
| # gh workflow run release-tags.yml --field version=<major.minor.patch[-prerelease][+buildinfo]> --ref <branch-name> | |
| # gh run watch | |
| # | |
| # It can be triggered manually via the GitHub web interface: | |
| # https://github.com/rainstormy/presets-typescript/actions/workflows/release-tags.yml | |
| name: Release / Tags | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| types: | |
| - closed | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: The semantic version number of the new release. | |
| type: string | |
| required: true | |
| # Cancel all previous runs of this workflow that are still in progress on the same branch. | |
| # https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#concurrency | |
| concurrency: | |
| group: release-tags-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # All third-party actions are pinned to a specific commit SHA for security reasons. | |
| # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions | |
| jobs: | |
| quality-assurance: | |
| name: Quality assurance | |
| if: github.event_name != 'pull_request' || (github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/')) | |
| permissions: | |
| contents: read # Allow the job to call the reusable `ci.yml` workflow. | |
| pull-requests: read # `ci.yml` requires `pull-requests` read permissions. | |
| uses: ./.github/workflows/ci.yml | |
| tags: | |
| name: Tags | |
| if: github.event_name != 'pull_request' || (github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/')) | |
| needs: quality-assurance | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 1 | |
| permissions: { } | |
| steps: | |
| - name: Check out the repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| # Use a separate access token to allow the push tag event in this workflow to trigger the subsequent `release-github.yml` workflow. | |
| # https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow | |
| token: ${{ secrets.BOT_NIMBUS_GH_AUTH_TOKEN }} | |
| # | |
| - name: Use Nimbus (Bot) in Git | |
| uses: rainstormy/rainstorm-release/bot-nimbus@5aa67a14e95403e7db0a7a43f8e18c1cdd51ba5f # v1.0.0 | |
| with: | |
| bot-nimbus-ssh-public-key: ${{ secrets.BOT_NIMBUS_SSH_PUBLIC_KEY }} | |
| __bot-nimbus-ssh-private-key__: ${{ secrets.BOT_NIMBUS_SSH___THE___PRIVATE___KEY }} | |
| ssh-key-fingerprints-github: ${{ secrets.SSH_KEY_FINGERPRINTS_GITHUB }} | |
| # | |
| - name: Create a full semantic version tag in Git | |
| uses: rainstormy/release/tag@73fe3aae49ad74af650e529107d94f45002798fd # v1.1.0 | |
| with: | |
| version: ${{ inputs.version || github.head_ref }} |