[Release] Step 2: Tag next release (Autorun)

remove check_approve_count job in wsl workflow #75

Workflow file for this run

.github/workflows/tag_next_release.yml at 9f803c5

	name: "[Release] Step 2: Tag next release (Autorun)"

	on:
	workflow_dispatch:
	pull_request:
	types: [ closed ]

	# TODO: update workflow permissions to least privilege after auditing all the APIs used
	# permissions: # limit the permissions of the GITHIUB_TOKEN to reading repository contents
	# contents: read

	jobs:
	create_release:
	runs-on: ubuntu-latest
	if: github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'release') && contains(github.event.pull_request.user.login, 'google-flank-bot[bot]') && contains(github.event.pull_request.title, 'release notes for')
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@v2
	with:
	egress-policy: audit
	# TODO: change to 'egress-policy: block' after auditing a number of runs and updating the allowed-endpoints option accordingly

	- uses: actions/checkout@v3
	- uses: tibdex/github-app-token@v1
	id: generate-token
	with:
	app_id: ${{ secrets.FLANK_RELEASE_APP_ID }}
	private_key: ${{ secrets.FLANK_RELEASE_PRIVATE_KEY }}

	- name: Download flankScripts and add it to PATH.
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	./gradlew :flank-scripts:download
	echo "./flank-scripts/bash" >> $GITHUB_PATH
	- name: Set next release tag variable
	run: \|
	TAG=$(flankScripts release next_tag --token=${{ secrets.GITHUB_TOKEN }})
	echo "NEXT_RELEASE_TAG=$(echo $TAG)" >> $GITHUB_ENV

	- name: Push tag
	id: tag_version
	uses: mathieudutour/github-tag-action@v5
	with:
	github_token: ${{ steps.generate-token.outputs.token }}
	custom_tag: ${{ env.NEXT_RELEASE_TAG }}
	tag_prefix: ''

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

remove check_approve_count job in wsl workflow #75

Workflow file

remove check_approve_count job in wsl workflow #75

Jobs

Run details

Workflow file for this run