Skip to content

Promote release 1.1.0 to main #16

Promote release 1.1.0 to main

Promote release 1.1.0 to main #16

# SPDX-License-Identifier: Apache-2.0
# © Crown Copyright 2025. This work has been developed by the National Digital Twin Programme and is legally attributed to the Department for Business and Trade (UK) as the governing entity.
# This workflow is triggered when a pull request is merged into the main branch
# from a release/* or hotfix/* branch. It extracts the release version from the source branch,
# generates a Software Bill of Materials (SBOM) using the GitHub API,
# creates a Git tag with the version, and publishes a GitHub release including the SBOM file.
name: Generate SBOM, Tag and Publish GitHub Release
on:
pull_request:
types:
- closed
branches:
- main
jobs:
versioning:
if: |
github.event.pull_request.merged == true &&
(startsWith(github.head_ref, 'release/') || startsWith(github.head_ref, 'hotfix/'))
permissions:
contents: read
name: Extract Release Version
runs-on: ubuntu-latest
outputs:
version: ${{ steps.extract_version.outputs.VERSION }}
steps:
- name: Extract Version from Source Branch Name
id: extract_version
env:
HEAD_REF: ${{ github.head_ref }}
run: |
SOURCE_BRANCH="$HEAD_REF"
VERSION=$(echo "$SOURCE_BRANCH" | grep -o '[0-9]\+\.[0-9]\+\.[0-9]\+')
if [ -z "$VERSION" ]; then
echo "Error: No semantic release version found in source branch: $SOURCE_BRANCH"
exit 1
fi
echo "VERSION=$VERSION" >> $GITHUB_ENV
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
- name: Validate Version Format (Semantic Versioning)
env:
VERSION: ${{ env.VERSION }}
run: |
if [[ ! "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: Invalid version format found. Expected semantic version in release or hotfix branch name (e.g., release/0.9.0 or hotfix/0.9.1)"
exit 1
fi
- name: Print Tag Version
id: print_tag
env:
EXTRACTED_VERSION: ${{ steps.extract_version.outputs.version }}
run: |
echo "Identified release semantic version: $EXTRACTED_VERSION"
generate-sbom:
permissions:
contents: read
name: Generate SPDX SBOM
runs-on: ubuntu-latest
needs: [versioning]
steps:
- name: Checkout Code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Generate SPDX SBOM
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPO: ${{ github.repository }}
run: |
# Call GitHub API to generate SBOM
api_response=$(curl -sSL \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"$GITHUB_API_URL/repos/$REPO/dependency-graph/sbom")
# Extract nested "sbom" object into a valid SPDX file
echo "$api_response" | jq '.sbom' > sbom.spdx.json
- name: Upload SBOM Artifact
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: sbom
path: sbom.spdx.json
create-git-tag:
permissions:
contents: write
name: Create Git Tag
needs: [versioning, generate-sbom]
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Create Git Tag
uses: rickstaa/action-create-tag@a1c7777fcb2fee4f19b0f283ba888afa11678b72 # v1.7.2
with:
tag: "v${{ needs.versioning.outputs.version }}"
message: "Release v${{ needs.versioning.outputs.version }}"
force_push_tag: true
# Tag the HEAD commit from the merged release branch not the merge commit to
# ensure the tag points to the correct source code state for the release.
# This ensures that the release tag is also visible on any branch which does
# not contain the merge commit such as develop.
commit_sha: ${{ github.event.pull_request.head.sha }}
create-git-release:
permissions:
contents: write
name: Create GitHub Release
needs: [versioning, generate-sbom, create-git-tag]
runs-on: ubuntu-latest
steps:
- name: Download SBOM Artifact
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
name: sbom
- name: Create GitHub Release
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
with:
tag_name: "v${{ needs.versioning.outputs.version }}"
name: "Release v${{ needs.versioning.outputs.version }}"
body: "Automated release for version ${{ needs.versioning.outputs.version }}. For details of fixes, new features and changes in this release, please see [CHANGELOG.md](${{ github.server_url }}/${{ github.repository }}/blob/main/CHANGELOG.md)."
draft: false
prerelease: false
files: |
sbom.spdx.json