-
Notifications
You must be signed in to change notification settings - Fork 46
52 lines (50 loc) · 1.73 KB
/
release_drafter.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
name: Draft Release
on:
push:
tags:
- "*"
jobs:
draft_release:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
issues: write
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- id: get_approvers
run: |
echo "approvers=$(cat .github/CODEOWNERS | grep @ | tr -d '* ' | sed 's/@/,/g' | sed 's/,//1')" >> $GITHUB_OUTPUT
- uses: trstringer/manual-approval@v1
with:
secret: ${{ github.TOKEN }}
approvers: ${{ steps.get_approvers.outputs.approvers }}
minimum-approvals: 1
issue-title: "Release ${{ github.ref_name }}"
issue-body: "Please approve or deny the release **TAG**: ${{ github.ref_name }} **COMMIT**: ${{ github.sha }}"
exclude-workflow-initiator-as-approver: true
- name: Install Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.1
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.GET_SECRET_IAM_ROLE }}
aws-region: us-east-1
- name: Download signing key
run: |
aws secretsmanager get-secret-value --secret-id jenkins-opensearchproject-rubygems-private-key --query SecretString --output text > gem-private_key.pem
- name: Build and package gem artifact
run: |
gem build opensearch-ruby.gemspec
mkdir dist && mv opensearch-ruby-*.gem dist/
tar -cvf artifacts.tar.gz dist
- name: Draft a release
uses: softprops/action-gh-release@v2
with:
draft: true
generate_release_notes: true
files: |
artifacts.tar.gz