sigs.k8s.io/cluster-api-provider-azure@v1.14.3/.github/workflows/release.yaml

name: Create Release

on:
  push:
    branches:
      - main
    paths:
      - 'CHANGELOG/*.md'

permissions:  # added using https://github.com/step-security/secure-repo
  contents: read

jobs:
  push_release_tag:
    permissions:
      pull-requests: read  # for tj-actions/changed-files
      contents: write  # for "Create Release Tag" step
    runs-on: ubuntu-latest
    outputs:
      release_tag: ${{ steps.release-version.outputs.release_version }}
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
        with:
          egress-policy: audit
      - name: Checkout code
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v4.1.1
        with:
          fetch-depth: 0
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@800a2825992141ddde1a8bca8ad394cec34d3188 # tag=v42.0.5
      - name: Get release version
        id: release-version
        run: |
            if [[ ${{ steps.changed-files.outputs.all_changed_files_count }} != 1 ]]; then
              echo "1 release notes file should be changed to create a release tag, found ${{ steps.changed-files.outputs.all_changed_files_count }}"
              exit 1
            fi
            for changed_file in ${{ steps.changed-files.outputs.all_changed_files }}; do
              export RELEASE_VERSION=$(echo "${changed_file}" | grep -oP '(?<=/)[^/]+(?=\.md)')
              echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV
              echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT
              if [[ "$RELEASE_VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?$ ]]; then
                echo "Valid semver: $RELEASE_VERSION"
              else
                echo "Invalid semver: $RELEASE_VERSION"
                exit 1
              fi
            done
      - name: Determine the release branch to use
        run: |
            if [[ $RELEASE_VERSION =~ beta ]] || [[ $RELEASE_VERSION =~ alpha ]]; then
              export RELEASE_BRANCH=main
              echo "RELEASE_BRANCH=$RELEASE_BRANCH" >> $GITHUB_ENV
              echo "This is a beta or alpha release, will use release branch $RELEASE_BRANCH"
            else
              export RELEASE_BRANCH=release-$(echo $RELEASE_VERSION | sed -E 's/^v([0-9]+)\.([0-9]+)\..*$/\1.\2/')
              echo "RELEASE_BRANCH=$RELEASE_BRANCH" >> $GITHUB_ENV
              echo "This is not a beta or alpha release, will use release branch $RELEASE_BRANCH"
            fi
      - name: Create or checkout release branch
        run: |
          if git show-ref --verify --quiet "refs/remotes/origin/$RELEASE_BRANCH"; then
            echo "Branch $RELEASE_BRANCH already exists"
            git checkout "$RELEASE_BRANCH"
          else
            git checkout -b "$RELEASE_BRANCH"
            git push origin "$RELEASE_BRANCH"
            echo "Created branch $RELEASE_BRANCH"
          fi
      - name: Validate tag does not already exist
        run: |
          if [[ $(git tag -l $RELEASE_VERSION) ]]; then
            echo "Tag $RELEASE_VERSION already exists, exiting"
            exit 1
          fi
      - name: Create Release Tag
        run: |
          git config user.name "${GITHUB_ACTOR}"
          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
          git tag -a ${RELEASE_VERSION} -m ${RELEASE_VERSION}
          git push origin ${RELEASE_VERSION}
          echo "Created tag $RELEASE_VERSION"
  release:
    permissions:
      contents: write  # for softprops/action-gh-release to create GitHub release
    name: create draft release
    runs-on: ubuntu-latest
    needs: push_release_tag
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
        with:
          egress-policy: audit
      - name: Set env
        run:  echo "RELEASE_TAG=${RELEASE_TAG}" >> $GITHUB_ENV
        env:
          RELEASE_TAG: ${{needs.push_release_tag.outputs.release_tag}}
      - name: checkout code
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v4.1.1
        with:
          fetch-depth: 0
          ref: ${{ env.RELEASE_TAG }}
      - name: Calculate go version
        run: echo "go_version=$(make go-version)" >> $GITHUB_ENV
      - name: Set up Go
        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # tag=v5.0.0
        with:
          go-version: ${{ env.go_version }}
      - name: generate release artifacts
        run: |
          make release
      - name: get release notes
        run: |
          curl -L "https://raw.githubusercontent.com/${{ github.repository }}/main/CHANGELOG/${{ env.RELEASE_TAG }}.md" \
          -o "${{ env.RELEASE_TAG }}.md"
      - name: Release
        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # tag=v1
        with:
          draft: true
          files: out/*
          body_path: ${{ env.RELEASE_TAG }}.md
          tag_name: ${{ env.RELEASE_TAG }}