From 9b9a43da9a0c00334e2c5dc078e10d5be5de97ba Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 18 Jan 2026 18:26:28 +0000 Subject: [PATCH 1/2] Initial plan From 113ac8e2a7db695c572ef57a60946de4044c060c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 18 Jan 2026 18:28:19 +0000 Subject: [PATCH 2/2] Remove all workflows and scripts Co-authored-by: jmiller-moko <230051081+jmiller-moko@users.noreply.github.com> --- .github/workflows/ci.yml | 56 --- .github/workflows/dependency-review.yml | 253 ------------- .github/workflows/joomla_testing.yml | 25 -- .github/workflows/php_quality.yml | 28 -- .github/workflows/standards-compliance.yml | 74 ---- .github/workflows/version_branch.yml | 402 --------------------- 6 files changed, 838 deletions(-) delete mode 100644 .github/workflows/ci.yml delete mode 100644 .github/workflows/dependency-review.yml delete mode 100644 .github/workflows/joomla_testing.yml delete mode 100644 .github/workflows/php_quality.yml delete mode 100644 .github/workflows/standards-compliance.yml delete mode 100644 .github/workflows/version_branch.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index ae22098..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright (C) 2026 Moko Consulting -# -# This file is part of a Moko Consulting project. -# -# SPDX-License-Identifier: GPL-3.0-or-later -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# FILE INFORMATION -# DEFGROUP: GitHub.Workflow -# INGROUP: MokoStandards.CI -# REPO: https://github.com/mokoconsulting-tech/MokoStandards -# PATH: /.github/workflows/ci.yml -# VERSION: 02.00.00 -# BRIEF: Continuous integration workflow using local reusable workflow -# NOTE: Delegates CI execution to local reusable-ci-validation.yml for repository validation - -name: Continuous Integration - -on: - push: - branches: - - main - - dev/** - - rc/** - - version/** - pull_request: - branches: - - main - - dev/** - - rc/** - - version/** - -permissions: - contents: read - pull-requests: write - checks: write - -jobs: - ci: - name: Repository Validation Pipeline - uses: mokoconsulting-tech/MokoStandards/.github/workflows/reusable-ci-validation.yml@main - with: - profile: full - secrets: inherit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml deleted file mode 100644 index e122b44..0000000 --- a/.github/workflows/dependency-review.yml +++ /dev/null @@ -1,253 +0,0 @@ -# Copyright (C) 2026 Moko Consulting -# -# This file is part of a Moko Consulting project. -# -# SPDX-License-Identifier: GPL-3.0-or-later -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# FILE INFORMATION -# DEFGROUP: GitHub.Workflow -# INGROUP: MokoStandards.Security -# REPO: https://github.com/mokoconsulting-tech/MokoStandards -# PATH: /.github/workflows/dependency-review.yml -# VERSION: 01.00.00 -# BRIEF: Dependency review workflow for vulnerability scanning in pull requests -# NOTE: Scans dependencies for security vulnerabilities and license compliance - -name: Dependency Review - -on: - pull_request: - branches: - - main - - dev/** - - rc/** - - version/** - -permissions: - contents: read - pull-requests: write - -jobs: - dependency-review: - name: Dependency Security Review - runs-on: ubuntu-latest - - steps: - - name: Checkout Repository - uses: actions/checkout@v6 - - - name: Dependency Review - uses: actions/dependency-review-action@v4 - with: - # Fail on critical or high severity vulnerabilities - fail-on-severity: moderate - - # Allow specific licenses (customize for your project) - # Common open-source licenses - allow-licenses: GPL-3.0, GPL-3.0-or-later, MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, LGPL-3.0 - - # Comment on PR with results - comment-summary-in-pr: always - - - name: Generate Dependency Report - if: always() - run: | - echo "# Dependency Review Summary" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "✅ Dependency review completed" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "This workflow checks:" >> $GITHUB_STEP_SUMMARY - echo "- Security vulnerabilities in new dependencies" >> $GITHUB_STEP_SUMMARY - echo "- License compatibility" >> $GITHUB_STEP_SUMMARY - echo "- Dependency changes between base and head" >> $GITHUB_STEP_SUMMARY - - composer-audit: - name: Composer Audit - runs-on: ubuntu-latest - - steps: - - name: Checkout Repository - uses: actions/checkout@v6 - - - name: Check for composer.json - id: check-composer - run: | - if [ -f "composer.json" ]; then - echo "exists=true" >> $GITHUB_OUTPUT - else - echo "exists=false" >> $GITHUB_OUTPUT - fi - - - name: Setup PHP - if: steps.check-composer.outputs.exists == 'true' - uses: shivammathur/setup-php@v2 - with: - php-version: '8.1' - tools: composer:v2 - - - name: Install Dependencies - if: steps.check-composer.outputs.exists == 'true' - run: composer install --no-interaction --prefer-dist - - - name: Run Composer Audit - if: steps.check-composer.outputs.exists == 'true' - run: | - echo "### Composer Audit Results" >> $GITHUB_STEP_SUMMARY - - # Run audit and capture results - if composer audit; then - echo "✅ No vulnerabilities found in Composer dependencies" >> $GITHUB_STEP_SUMMARY - else - echo "⚠️ Vulnerabilities detected - please review" >> $GITHUB_STEP_SUMMARY - composer audit || true - fi - - - name: Check for Outdated Packages - if: steps.check-composer.outputs.exists == 'true' - run: | - echo "" >> $GITHUB_STEP_SUMMARY - echo "### Outdated Composer Packages" >> $GITHUB_STEP_SUMMARY - composer outdated --direct || echo "All packages are up to date" >> $GITHUB_STEP_SUMMARY - - - name: Skip Composer Audit - if: steps.check-composer.outputs.exists == 'false' - run: | - echo "### Composer Audit Results" >> $GITHUB_STEP_SUMMARY - echo "ℹ️ No composer.json found - skipping Composer audit" >> $GITHUB_STEP_SUMMARY - - python-safety: - name: Python Safety Check - runs-on: ubuntu-latest - - steps: - - name: Checkout Repository - uses: actions/checkout@v6 - - - name: Check for Python dependency files - id: check-python - run: | - if [ -f "requirements.txt" ] || [ -f "pyproject.toml" ] || [ -f "Pipfile" ]; then - echo "exists=true" >> $GITHUB_OUTPUT - else - echo "exists=false" >> $GITHUB_OUTPUT - fi - - - name: Setup Python - if: steps.check-python.outputs.exists == 'true' - uses: actions/setup-python@v6 - with: - python-version: '3.11' - - - name: Install Safety - if: steps.check-python.outputs.exists == 'true' - run: pip install safety - - - name: Run Safety Check - if: steps.check-python.outputs.exists == 'true' - run: | - echo "### Python Safety Check Results" >> $GITHUB_STEP_SUMMARY - - # Check requirements.txt if exists - if [ -f "requirements.txt" ]; then - if safety check -r requirements.txt 2>&1 | tee safety_output.txt; then - echo "✅ No known vulnerabilities in Python dependencies" >> $GITHUB_STEP_SUMMARY - else - echo "⚠️ Vulnerabilities detected in Python dependencies" >> $GITHUB_STEP_SUMMARY - cat safety_output.txt >> $GITHUB_STEP_SUMMARY || true - rm -f safety_output.txt - exit 0 - fi - rm -f safety_output.txt - else - echo "ℹ️ No requirements.txt found" >> $GITHUB_STEP_SUMMARY - fi - - - name: Skip Python Safety Check - if: steps.check-python.outputs.exists == 'false' - run: | - echo "### Python Safety Check Results" >> $GITHUB_STEP_SUMMARY - echo "ℹ️ No Python dependency files found - skipping Python safety check" >> $GITHUB_STEP_SUMMARY - - license-check: - name: License Compliance Check - runs-on: ubuntu-latest - - steps: - - name: Checkout Repository - uses: actions/checkout@v6 - - - name: Check License File - run: | - echo "### License Compliance" >> $GITHUB_STEP_SUMMARY - - if [ -f "LICENSE" ] || [ -f "LICENSE.md" ] || [ -f "LICENSE.txt" ]; then - echo "✅ LICENSE file present" >> $GITHUB_STEP_SUMMARY - - # Check for GPL-3.0 (MokoStandards default) - if grep -qi "GNU GENERAL PUBLIC LICENSE" LICENSE* 2>/dev/null; then - echo "✅ GPL-3.0 or compatible license detected" >> $GITHUB_STEP_SUMMARY - else - echo "ℹ️ Non-GPL license detected - verify compatibility" >> $GITHUB_STEP_SUMMARY - fi - else - echo "❌ LICENSE file missing" >> $GITHUB_STEP_SUMMARY - echo "Please add a LICENSE file to the repository root" >> $GITHUB_STEP_SUMMARY - exit 1 - fi - - - name: Check SPDX Headers (Optional) - run: | - echo "" >> $GITHUB_STEP_SUMMARY - echo "### SPDX Header Compliance" >> $GITHUB_STEP_SUMMARY - - # Check for SPDX identifiers in source files - MISSING_HEADERS=0 - - # Check PHP files - if find . -name "*.php" -type f ! -path "./vendor/*" | head -1 | grep -q .; then - TOTAL_PHP=$(find . -name "*.php" -type f ! -path "./vendor/*" | wc -l) - WITH_SPDX=$(find . -name "*.php" -type f ! -path "./vendor/*" -exec grep -l "SPDX-License-Identifier" {} \; | wc -l) - echo "- PHP files: $WITH_SPDX/$TOTAL_PHP with SPDX headers" >> $GITHUB_STEP_SUMMARY - fi - - # Check JavaScript files - if find . -name "*.js" -type f ! -path "./node_modules/*" ! -path "./vendor/*" | head -1 | grep -q .; then - TOTAL_JS=$(find . -name "*.js" -type f ! -path "./node_modules/*" ! -path "./vendor/*" | wc -l) - WITH_SPDX_JS=$(find . -name "*.js" -type f ! -path "./node_modules/*" ! -path "./vendor/*" -exec grep -l "SPDX-License-Identifier" {} \; | wc -l) - echo "- JavaScript files: $WITH_SPDX_JS/$TOTAL_JS with SPDX headers" >> $GITHUB_STEP_SUMMARY - fi - - echo "ℹ️ SPDX headers are recommended but not required for this check" >> $GITHUB_STEP_SUMMARY - - summary: - name: Review Summary - runs-on: ubuntu-latest - needs: [dependency-review, composer-audit, python-safety, license-check] - if: always() - - steps: - - name: Generate Final Summary - run: | - echo "# Dependency Review Complete" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "All dependency security and license checks have been executed." >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "## Checks Performed:" >> $GITHUB_STEP_SUMMARY - echo "- ✅ GitHub Dependency Review" >> $GITHUB_STEP_SUMMARY - echo "- ✅ Package Manager Audits (composer, pip)" >> $GITHUB_STEP_SUMMARY - echo "- ✅ License Compliance" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "Review the job results above for any issues that need attention." >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/joomla_testing.yml b/.github/workflows/joomla_testing.yml deleted file mode 100644 index 7d649ae..0000000 --- a/.github/workflows/joomla_testing.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Joomla Testing - -on: - push: - branches: - - main - - dev/** - - rc/** - pull_request: - branches: - - main - - dev/** - - rc/** - -permissions: - contents: read - -jobs: - testing: - uses: mokoconsulting-tech/MokoStandards/.github/workflows/reusable-joomla-testing.yml@main - with: - php-versions: '["8.0", "8.1", "8.2", "8.3"]' - joomla-versions: '["4.4", "5.0", "5.1"]' - template-path: 'src' - secrets: inherit diff --git a/.github/workflows/php_quality.yml b/.github/workflows/php_quality.yml deleted file mode 100644 index 3e8cec8..0000000 --- a/.github/workflows/php_quality.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: PHP Code Quality - -on: - push: - branches: - - main - - dev/** - - rc/** - - version/** - pull_request: - branches: - - main - - dev/** - - rc/** - - version/** - -permissions: - contents: read - -jobs: - quality: - uses: mokoconsulting-tech/MokoStandards/.github/workflows/reusable-php-quality.yml@main - with: - php-versions: '["8.0", "8.1", "8.2", "8.3"]' - php-extensions: 'mbstring, xml, ctype, json, zip' - working-directory: '.' - phpstan-level: '5' - secrets: inherit diff --git a/.github/workflows/standards-compliance.yml b/.github/workflows/standards-compliance.yml deleted file mode 100644 index c1cdacf..0000000 --- a/.github/workflows/standards-compliance.yml +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright (C) 2026 Moko Consulting -# -# This file is part of a Moko Consulting project. -# -# SPDX-License-Identifier: GPL-3.0-or-later -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# FILE INFORMATION -# DEFGROUP: GitHub.Workflow -# INGROUP: MokoStandards.Compliance -# REPO: https://github.com/mokoconsulting-tech/MokoStandards -# PATH: /.github/workflows/standards-compliance.yml -# VERSION: 01.00.00 -# BRIEF: Standards compliance validation workflow -# NOTE: Runs manually, monthly, and on release builds - -name: Standards Compliance - -on: - # Run monthly on the 1st at 00:00 UTC - schedule: - - cron: '0 0 1 * *' - - # Run on release creation - release: - types: [published, created] - - # Allow manual triggering with options - workflow_dispatch: - inputs: - profile: - description: 'Validation profile' - required: false - type: choice - options: - - 'basic' - - 'full' - - 'strict' - default: 'full' - fail-on-warnings: - description: 'Fail workflow on warnings' - required: false - type: boolean - default: false - -permissions: - contents: read - pull-requests: write - checks: write - -jobs: - compliance: - name: Standards Compliance Validation - uses: mokoconsulting-tech/MokoStandards/.github/workflows/reusable-ci-validation.yml@main - with: - profile: ${{ inputs.profile || 'full' }} - validate-manifests: true - validate-changelogs: true - validate-licenses: true - validate-security: true - fail-on-warnings: ${{ inputs.fail-on-warnings || false }} - secrets: inherit diff --git a/.github/workflows/version_branch.yml b/.github/workflows/version_branch.yml deleted file mode 100644 index eed8836..0000000 --- a/.github/workflows/version_branch.yml +++ /dev/null @@ -1,402 +0,0 @@ -# Copyright (C) 2026 Moko Consulting -# -# This file is part of a Moko Consulting project. -# -# SPDX-License-Identifier: GPL-3.0-or-later -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# FILE INFORMATION -# DEFGROUP: GitHub.WorkflowTemplate -# INGROUP: MokoStandards.Templates -# REPO: https://github.com/mokoconsulting-tech/MokoStandards -# PATH: /.github/workflow-templates/release-cycle.yml -# VERSION: 01.00.00 -# BRIEF: Release management workflow with automated release flow -# NOTE: Implements main → dev → rc → version → main cycle with semantic versioning - -name: Release Management - -on: - workflow_dispatch: - inputs: - action: - description: 'Release action to perform' - required: true - type: choice - options: - - start-release - - create-rc - - finalize-release - - hotfix - version: - description: 'Version number (e.g., 1.2.3 for semantic versioning)' - required: true - type: string - release_notes: - description: 'Release notes or changelog summary (optional)' - required: false - type: string - -permissions: - contents: write - pull-requests: write - -jobs: - validate-version: - name: Validate Version Format - runs-on: ubuntu-latest - outputs: - version: ${{ steps.validate.outputs.version }} - major: ${{ steps.validate.outputs.major }} - minor: ${{ steps.validate.outputs.minor }} - patch: ${{ steps.validate.outputs.patch }} - - steps: - - name: Validate Semantic Version - id: validate - run: | - VERSION="${{ inputs.version }}" - - # Remove 'v' prefix if present - VERSION=${VERSION#v} - - # Validate semantic versioning format (MAJOR.MINOR.PATCH) - if ! echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then - echo "❌ Invalid version format: $VERSION" >> $GITHUB_STEP_SUMMARY - echo "Expected format: MAJOR.MINOR.PATCH (e.g., 1.2.3)" >> $GITHUB_STEP_SUMMARY - exit 1 - fi - - # Extract version components - MAJOR=$(echo "$VERSION" | cut -d. -f1) - MINOR=$(echo "$VERSION" | cut -d. -f2) - PATCH=$(echo "$VERSION" | cut -d. -f3) - - echo "version=$VERSION" >> $GITHUB_OUTPUT - echo "major=$MAJOR" >> $GITHUB_OUTPUT - echo "minor=$MINOR" >> $GITHUB_OUTPUT - echo "patch=$PATCH" >> $GITHUB_OUTPUT - - echo "✅ Valid semantic version: $VERSION" >> $GITHUB_STEP_SUMMARY - echo "- Major: $MAJOR" >> $GITHUB_STEP_SUMMARY - echo "- Minor: $MINOR" >> $GITHUB_STEP_SUMMARY - echo "- Patch: $PATCH" >> $GITHUB_STEP_SUMMARY - - start-release: - name: Start Release (main → dev) - runs-on: ubuntu-latest - needs: validate-version - if: inputs.action == 'start-release' - - steps: - - name: Checkout Repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - ref: main - - - name: Configure Git - run: | - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - - - name: Create Development Branch - run: | - VERSION="${{ needs.validate-version.outputs.version }}" - DEV_BRANCH="dev/$VERSION" - - # Check if dev branch already exists - if git ls-remote --heads origin "$DEV_BRANCH" | grep -q "$DEV_BRANCH"; then - echo "⚠️ Development branch $DEV_BRANCH already exists" >> $GITHUB_STEP_SUMMARY - exit 1 - fi - - # Create and push development branch - git checkout -b "$DEV_BRANCH" - git push origin "$DEV_BRANCH" - - echo "✅ Created development branch: $DEV_BRANCH" >> $GITHUB_STEP_SUMMARY - echo "Next steps:" >> $GITHUB_STEP_SUMMARY - echo "1. Make changes in $DEV_BRANCH" >> $GITHUB_STEP_SUMMARY - echo "2. Run 'create-rc' action when ready for testing" >> $GITHUB_STEP_SUMMARY - - - name: Update Version Files - run: | - VERSION="${{ needs.validate-version.outputs.version }}" - - # Update version in common files (customize for your project) - # Examples: - if [ -f "package.json" ]; then - npm version "$VERSION" --no-git-tag-version - git add package.json package-lock.json 2>/dev/null || true - echo "✅ Updated package.json" >> $GITHUB_STEP_SUMMARY - fi - - if [ -f "composer.json" ]; then - # Update version in composer.json if it exists - if grep -q "\"version\":" composer.json; then - sed -i "s/\"version\": \".*\"/\"version\": \"$VERSION\"/" composer.json - git add composer.json - echo "✅ Updated composer.json" >> $GITHUB_STEP_SUMMARY - fi - fi - - # Commit changes if any - if ! git diff --staged --quiet; then - git commit -m "chore: bump version to $VERSION" - git push origin "dev/$VERSION" - echo "✅ Version files updated and committed" >> $GITHUB_STEP_SUMMARY - fi - - create-rc: - name: Create Release Candidate (dev → rc) - runs-on: ubuntu-latest - needs: validate-version - if: inputs.action == 'create-rc' - - steps: - - name: Checkout Repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - ref: dev/${{ needs.validate-version.outputs.version }} - - - name: Configure Git - run: | - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - - - name: Create Release Candidate Branch - run: | - VERSION="${{ needs.validate-version.outputs.version }}" - RC_BRANCH="rc/$VERSION" - DEV_BRANCH="dev/$VERSION" - - # Check if rc branch already exists - if git ls-remote --heads origin "$RC_BRANCH" | grep -q "$RC_BRANCH"; then - echo "⚠️ Release candidate branch $RC_BRANCH already exists" >> $GITHUB_STEP_SUMMARY - exit 1 - fi - - # Create RC branch from dev - git checkout -b "$RC_BRANCH" - git push origin "$RC_BRANCH" - - echo "✅ Created release candidate branch: $RC_BRANCH" >> $GITHUB_STEP_SUMMARY - echo "Next steps:" >> $GITHUB_STEP_SUMMARY - echo "1. Test thoroughly in $RC_BRANCH" >> $GITHUB_STEP_SUMMARY - echo "2. Fix any issues found (commit to $RC_BRANCH)" >> $GITHUB_STEP_SUMMARY - echo "3. Run 'finalize-release' action when ready to release" >> $GITHUB_STEP_SUMMARY - - - name: Create Pre-release Tag - run: | - VERSION="${{ needs.validate-version.outputs.version }}" - TAG="v${VERSION}-rc" - - git tag -a "$TAG" -m "Release Candidate $VERSION" - git push origin "$TAG" - - echo "✅ Created pre-release tag: $TAG" >> $GITHUB_STEP_SUMMARY - - finalize-release: - name: Finalize Release (rc → version → main) - runs-on: ubuntu-latest - needs: validate-version - if: inputs.action == 'finalize-release' - - steps: - - name: Checkout Repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - ref: rc/${{ needs.validate-version.outputs.version }} - - - name: Configure Git - run: | - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - - - name: Create Version Branch - run: | - VERSION="${{ needs.validate-version.outputs.version }}" - VERSION_BRANCH="version/$VERSION" - - # Create version branch (permanent record) - git checkout -b "$VERSION_BRANCH" - git push origin "$VERSION_BRANCH" - - echo "✅ Created version branch: $VERSION_BRANCH" >> $GITHUB_STEP_SUMMARY - - - name: Merge to Main - run: | - VERSION="${{ needs.validate-version.outputs.version }}" - - # Merge to main - git checkout main - git pull origin main - git merge --no-ff "version/$VERSION" -m "Release version $VERSION" - git push origin main - - echo "✅ Merged to main branch" >> $GITHUB_STEP_SUMMARY - - - name: Create Release Tag - run: | - VERSION="${{ needs.validate-version.outputs.version }}" - TAG="v$VERSION" - - git tag -a "$TAG" -m "Release $VERSION" - git push origin "$TAG" - - echo "✅ Created release tag: $TAG" >> $GITHUB_STEP_SUMMARY - - - name: Generate Release Notes - id: release_notes - run: | - VERSION="${{ needs.validate-version.outputs.version }}" - - # Generate changelog from commits - NOTES="${{ inputs.release_notes }}" - - if [ -z "$NOTES" ]; then - # Auto-generate from git log if not provided - NOTES=$(git log --pretty=format:"- %s" "v${VERSION}-rc"..HEAD 2>/dev/null || echo "Initial release") - fi - - # Save to file for GitHub release - cat > release_notes.md </dev/null || echo "- Initial release") - EOF - - echo "✅ Generated release notes" >> $GITHUB_STEP_SUMMARY - - - name: Create GitHub Release - uses: softprops/action-gh-release@v1 - with: - tag_name: v${{ needs.validate-version.outputs.version }} - name: Release ${{ needs.validate-version.outputs.version }} - body_path: release_notes.md - draft: false - prerelease: false - - - name: Cleanup Development Branches - run: | - VERSION="${{ needs.validate-version.outputs.version }}" - - # Optionally delete dev and rc branches after release - # Uncomment if you want automatic cleanup: - # git push origin --delete "dev/$VERSION" 2>/dev/null || true - # git push origin --delete "rc/$VERSION" 2>/dev/null || true - - echo "ℹ️ Development branches retained for history" >> $GITHUB_STEP_SUMMARY - echo "To manually cleanup, run:" >> $GITHUB_STEP_SUMMARY - echo " git push origin --delete dev/$VERSION" >> $GITHUB_STEP_SUMMARY - echo " git push origin --delete rc/$VERSION" >> $GITHUB_STEP_SUMMARY - - hotfix: - name: Create Hotfix Branch - runs-on: ubuntu-latest - needs: validate-version - if: inputs.action == 'hotfix' - - steps: - - name: Checkout Repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - ref: main - - - name: Configure Git - run: | - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - - - name: Create Hotfix Branch - run: | - VERSION="${{ needs.validate-version.outputs.version }}" - HOTFIX_BRANCH="hotfix/$VERSION" - - # Create hotfix branch from main - git checkout -b "$HOTFIX_BRANCH" - git push origin "$HOTFIX_BRANCH" - - echo "✅ Created hotfix branch: $HOTFIX_BRANCH" >> $GITHUB_STEP_SUMMARY - echo "Next steps:" >> $GITHUB_STEP_SUMMARY - echo "1. Apply hotfix changes to $HOTFIX_BRANCH" >> $GITHUB_STEP_SUMMARY - echo "2. Test thoroughly" >> $GITHUB_STEP_SUMMARY - echo "3. Create PR to merge back to main" >> $GITHUB_STEP_SUMMARY - echo "4. After merge, create release tag manually or re-run finalize-release" >> $GITHUB_STEP_SUMMARY - - summary: - name: Release Summary - runs-on: ubuntu-latest - needs: [validate-version, start-release, create-rc, finalize-release, hotfix] - if: always() - - steps: - - name: Generate Summary - run: | - echo "# Release Management Summary" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Action**: ${{ inputs.action }}" >> $GITHUB_STEP_SUMMARY - echo "**Version**: ${{ needs.validate-version.outputs.version }}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - case "${{ inputs.action }}" in - start-release) - echo "## Release Started" >> $GITHUB_STEP_SUMMARY - echo "- Development branch created: dev/${{ needs.validate-version.outputs.version }}" >> $GITHUB_STEP_SUMMARY - echo "- Version files updated" >> $GITHUB_STEP_SUMMARY - ;; - create-rc) - echo "## Release Candidate Created" >> $GITHUB_STEP_SUMMARY - echo "- RC branch created: rc/${{ needs.validate-version.outputs.version }}" >> $GITHUB_STEP_SUMMARY - echo "- Pre-release tag created: v${{ needs.validate-version.outputs.version }}-rc" >> $GITHUB_STEP_SUMMARY - ;; - finalize-release) - echo "## Release Finalized" >> $GITHUB_STEP_SUMMARY - echo "- Version branch created: version/${{ needs.validate-version.outputs.version }}" >> $GITHUB_STEP_SUMMARY - echo "- Merged to main" >> $GITHUB_STEP_SUMMARY - echo "- Release tag created: v${{ needs.validate-version.outputs.version }}" >> $GITHUB_STEP_SUMMARY - echo "- GitHub release published" >> $GITHUB_STEP_SUMMARY - ;; - hotfix) - echo "## Hotfix Branch Created" >> $GITHUB_STEP_SUMMARY - echo "- Hotfix branch created: hotfix/${{ needs.validate-version.outputs.version }}" >> $GITHUB_STEP_SUMMARY - ;; - esac - -# RELEASE FLOW DIAGRAM: -# -# Normal Release: -# main → dev/X.Y.Z → rc/X.Y.Z → version/X.Y.Z → main (tagged vX.Y.Z) -# -# Hotfix: -# main → hotfix/X.Y.Z → main (tagged vX.Y.Z) -# -# SEMANTIC VERSIONING: -# - MAJOR version: incompatible API changes -# - MINOR version: backwards-compatible functionality -# - PATCH version: backwards-compatible bug fixes -# -# CUSTOMIZATION: -# - Modify version file updates in start-release job -# - Add build/test steps before creating releases -# - Customize release notes generation -# - Add notification steps (Slack, email, etc.)