ponylang / release-bot-action Goto Github PK
View Code? Open in Web Editor NEW:horse: Bot that handles the standard release process for ponylang projects
Home Page: https://ponylang.io
License: BSD 2-Clause "Simplified" License
:horse: Bot that handles the standard release process for ponylang projects
Home Page: https://ponylang.io
License: BSD 2-Clause "Simplified" License
https://github.com/ponylang/release-notes-bot-action
.release-notes/next-release.md
if it exists at the start of the release notesPoint of discussion, rather than being optional, should release-notes-bot support be a requirement.
Looking at our usage of ASSET_NAME with trigger-a-release
announcement is pretty much fixed across all repos. We are currently announcing using the repo
name. Like corral
, crypto
, release-bot-action
etc.
Except that it is a value we have to change in the workflow.
Given this, we should switch to using GITHUB_REPOSITORY for the value and not taking an ASSET_NAME.
This means that we can copy the workflow defintion without having to change it.
Additionally when we make so others can use, Announcement will be something like
ponylang/corral
So there's no namespacing issue and its very clear what is what.
Using alpine as a base for python work that needs the python crypto package is a pain in the ass as we need to build it from source and that now requires rust. It's much easier to use a recent ubuntu and get the precompiled wheels installed.
When we make this change, we can unpin the PyGithub version from where it currently is.
At the moment, the trigger release announcement step gets the version from GITHUB_REF. For this to work, the step has to be triggered by a tag being pushed.
This is good for most use-cases, but not all. For example, ponyc build assets for release on cirrus-ci not github actions. This means that we want to trigger a release announcement once we've been notified assets have been uploaded to cloudsmith.
This will not work with trigger release announcement as it can't get the version from GITHUB_REF as it isn't available there.
To handle this, getting the version from GITHUB_REF should be the default, however if an optional environment variable "VERSION" is provided, it will be used as the version instead of parsing it out of GITHUB_REF.
The update for this should probably include some documentation on how and when it might be used related to triggering not based on a tag. However, it could be bypassed for now as it isn't the standard usage.
If corral.json exists for the released project and if it has the version
field on the info
object, it should be incremented as well.
This was missed as an issue up until now because we haven't as a community been using the info
object in corral.json
.
So we can more easily do our "retry on failure" logic.
It would suck to have a dep change underneath us without testing. That is unlikely but possible with right now.
The change is easy, the "no testing prior to release" is harder.
This requires #49 to be done first.
Things as part of 0.6.0 that I (still) need to do
main
And after release
main
to 0.6.0
readme-version-updater-action
repoWe could use it, I'm sure.
This will probably involve some updates to the scripts as well.
We've had a couple occassions where committers have not read the release instructions and instead of pushing a tag like release-0.1.0
they push 0.1.0
. This will result in the release process failing because not all steps were done (start-a-release) was skipped.
The release step should start by checking to make sure the CHANGELOG.md has the correct versions entries in it and if not, it should...
delete the pushed tag and exit with a big old error message.
The workflow release.yml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.
At the moment, the release-bot can't be used for non ponylang projects.
The git information that is configured in entrypoint.sh is very pony project specific. We need to make that configurable via ENVIRONMENT variables.
The README has multiple examples that refer to the [email protected]
As part of release, they should be updated.
This would be in release.yml as a prerequistite for trigger-release-announcement
step being run.
The workflow pr.yml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.
Because we explictly try to checkout a branch, this will cause a default v2 setup to fail.
We should upgrade to only working with checkout@v2 and have everything work as needed.
That will apparently require some code changes.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.