Promote release 1.1.0 to main #16
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: Apache-2.0 | |
| # © Crown Copyright 2025. This work has been developed by the National Digital Twin Programme and is legally attributed to the Department for Business and Trade (UK) as the governing entity. | |
| # This workflow is triggered when a pull request is merged into the main branch | |
| # from a release/* or hotfix/* branch. It extracts the release version from the source branch, | |
| # generates a Software Bill of Materials (SBOM) using the GitHub API, | |
| # creates a Git tag with the version, and publishes a GitHub release including the SBOM file. | |
| name: Generate SBOM, Tag and Publish GitHub Release | |
| on: | |
| pull_request: | |
| types: | |
| - closed | |
| branches: | |
| - main | |
| jobs: | |
| versioning: | |
| if: | | |
| github.event.pull_request.merged == true && | |
| (startsWith(github.head_ref, 'release/') || startsWith(github.head_ref, 'hotfix/')) | |
| permissions: | |
| contents: read | |
| name: Extract Release Version | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.extract_version.outputs.VERSION }} | |
| steps: | |
| - name: Extract Version from Source Branch Name | |
| id: extract_version | |
| env: | |
| HEAD_REF: ${{ github.head_ref }} | |
| run: | | |
| SOURCE_BRANCH="$HEAD_REF" | |
| VERSION=$(echo "$SOURCE_BRANCH" | grep -o '[0-9]\+\.[0-9]\+\.[0-9]\+') | |
| if [ -z "$VERSION" ]; then | |
| echo "Error: No semantic release version found in source branch: $SOURCE_BRANCH" | |
| exit 1 | |
| fi | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | |
| - name: Validate Version Format (Semantic Versioning) | |
| env: | |
| VERSION: ${{ env.VERSION }} | |
| run: | | |
| if [[ ! "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| echo "Error: Invalid version format found. Expected semantic version in release or hotfix branch name (e.g., release/0.9.0 or hotfix/0.9.1)" | |
| exit 1 | |
| fi | |
| - name: Print Tag Version | |
| id: print_tag | |
| env: | |
| EXTRACTED_VERSION: ${{ steps.extract_version.outputs.version }} | |
| run: | | |
| echo "Identified release semantic version: $EXTRACTED_VERSION" | |
| generate-sbom: | |
| permissions: | |
| contents: read | |
| name: Generate SPDX SBOM | |
| runs-on: ubuntu-latest | |
| needs: [versioning] | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Generate SPDX SBOM | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REPO: ${{ github.repository }} | |
| run: | | |
| # Call GitHub API to generate SBOM | |
| api_response=$(curl -sSL \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "Authorization: Bearer $GITHUB_TOKEN" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| "$GITHUB_API_URL/repos/$REPO/dependency-graph/sbom") | |
| # Extract nested "sbom" object into a valid SPDX file | |
| echo "$api_response" | jq '.sbom' > sbom.spdx.json | |
| - name: Upload SBOM Artifact | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: sbom | |
| path: sbom.spdx.json | |
| create-git-tag: | |
| permissions: | |
| contents: write | |
| name: Create Git Tag | |
| needs: [versioning, generate-sbom] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Create Git Tag | |
| uses: rickstaa/action-create-tag@a1c7777fcb2fee4f19b0f283ba888afa11678b72 # v1.7.2 | |
| with: | |
| tag: "v${{ needs.versioning.outputs.version }}" | |
| message: "Release v${{ needs.versioning.outputs.version }}" | |
| force_push_tag: true | |
| # Tag the HEAD commit from the merged release branch not the merge commit to | |
| # ensure the tag points to the correct source code state for the release. | |
| # This ensures that the release tag is also visible on any branch which does | |
| # not contain the merge commit such as develop. | |
| commit_sha: ${{ github.event.pull_request.head.sha }} | |
| create-git-release: | |
| permissions: | |
| contents: write | |
| name: Create GitHub Release | |
| needs: [versioning, generate-sbom, create-git-tag] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download SBOM Artifact | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: sbom | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 | |
| with: | |
| tag_name: "v${{ needs.versioning.outputs.version }}" | |
| name: "Release v${{ needs.versioning.outputs.version }}" | |
| body: "Automated release for version ${{ needs.versioning.outputs.version }}. For details of fixes, new features and changes in this release, please see [CHANGELOG.md](${{ github.server_url }}/${{ github.repository }}/blob/main/CHANGELOG.md)." | |
| draft: false | |
| prerelease: false | |
| files: | | |
| sbom.spdx.json | |