nocobase/.github/workflows/manual-release.yml

name: manual-release

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

on:
  workflow_dispatch:
    inputs:
      is_feat:
        description: 'is feat'
        type: boolean

jobs:
  app-token:
    uses: nocobase/nocobase/.github/workflows/get-nocobase-app-token.yml@main
    secrets: inherit
  pre-merge-main-into-next:
    runs-on: ubuntu-latest
    needs: app-token
    strategy:
      matrix:
        repo:
          - 'nocobase'
          - 'pro-plugins'
          - ${{ fromJSON(vars.PRO_PLUGIN_REPOS) }}
    steps:
      - name: Decrypt app token
        id: app-token
        shell: bash
        run: |
          ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }};
          BINARY_ENCRYPTED_SECRET=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode);
          APP_TOKEN=$(echo -n "$BINARY_ENCRYPTED_SECRET" | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}");
          echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT
      - name: Checkout
        uses: actions/checkout@v4
        with:
          # ref: 'main'
          repository: nocobase/${{ matrix.repo }}
          fetch-depth: 0
          token: ${{ steps.app-token.outputs.token }}
      - name: main -> next (nocobase/${{ matrix.repo }})
        run: |
          git config --global user.name '${{ needs.app-token.outputs.app-slug }}[bot]'
          git config --global user.email '${{ needs.app-token.outputs.user-id }}+${{ needs.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
          git checkout main
          git pull origin main
          git checkout next
          git merge main
          git push origin next --tags --atomic
  update-version:
    needs:
      - app-token
      - pre-merge-main-into-next
    runs-on: ubuntu-latest
    steps:
      - name: Decrypt app token
        id: app-token
        shell: bash
        run: |
          ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }};
          BINARY_ENCRYPTED_SECRET=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode);
          APP_TOKEN=$(echo -n "$BINARY_ENCRYPTED_SECRET" | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}");
          echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT
      - name: Checkout
        uses: actions/checkout@v4
        with:
          repository: nocobase/nocobase
          token: ${{ steps.app-token.outputs.token }}
          persist-credentials: true
          fetch-depth: 0
      - name: Checkout pro-plugins
        uses: actions/checkout@v4
        with:
          repository: nocobase/pro-plugins
          path: packages/pro-plugins
          fetch-depth: 0
          token: ${{ steps.app-token.outputs.token }}
          persist-credentials: true
      - name: Clone pro repos
        shell: bash
        run: |
          for repo in ${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ' ') }}
          do
          git clone -b main https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/nocobase/$repo.git packages/pro-plugins/@nocobase/$repo
          done
      - name: Set Node.js 18
        uses: actions/setup-node@v3
        with:
          node-version: 18
      - name: Install Lerna
        run: npm install -g lerna@4 auto-changelog@2
      - name: Run release.sh
        shell: bash
        run: |
          cd ./packages/pro-plugins
          git checkout main
          git rm -rf --cached .
          for repo in ${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ' ') }}
          do
            echo "@nocobase/$repo" >> .git/info/exclude
          done
          echo "$(<.git/info/exclude )"
          cd ./../..
          git checkout main
          git config --global user.name '${{ needs.app-token.outputs.app-slug }}[bot]'
          git config --global user.email '${{ needs.app-token.outputs.user-id }}+${{ needs.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
          echo "packages/pro-plugins" >> .git/info/exclude
          bash release.sh $IS_FEAT
        env:
          IS_FEAT: ${{ inputs.is_feat && '--is-feat' || '' }}
          PRO_PLUGIN_REPOS: ${{ vars.PRO_PLUGIN_REPOS }}
      - name: push pro repos
        run: |
          for repo in ${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ' ') }}
          do
            cd ./packages/pro-plugins/@nocobase/$repo
            git push origin main --atomic --tags
            cd ../../../../
          done
      - name: push pro plugins
        continue-on-error: true
        uses: ad-m/github-push-action@master
        with:
          ssh: true
          branch: main
          directory: packages/pro-plugins
          repository: nocobase/pro-plugins
          tags: true
          atomic: true
      - name: push nocobase
        uses: ad-m/github-push-action@master
        with:
          branch: main
          ssh: true
          repository: nocobase/nocobase
          tags: true
          atomic: true
  post-merge-main-into-next:
    needs:
      - app-token
      - pre-merge-main-into-next
      - update-version
    runs-on: ubuntu-latest
    strategy:
      matrix:
        repo:
          - 'nocobase'
          - 'pro-plugins'
          - ${{ fromJSON(vars.PRO_PLUGIN_REPOS) }}
    steps:
      - name: Decrypt app token
        id: app-token
        shell: bash
        run: |
          ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }};
          BINARY_ENCRYPTED_SECRET=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode);
          APP_TOKEN=$(echo -n "$BINARY_ENCRYPTED_SECRET" | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}");
          echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT
      - name: Checkout
        uses: actions/checkout@v4
        with:
          repository: nocobase/${{ matrix.repo }}
          fetch-depth: 0
          token: ${{ steps.app-token.outputs.token }}
      - name: main -> next (nocobase/${{ matrix.repo }})
        run: |
          git config --global user.name '${{ needs.app-token.outputs.app-slug }}[bot]'
          git config --global user.email '${{ needs.app-token.outputs.user-id }}+${{ needs.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
          git checkout main
          git pull origin main
          git checkout next
          git merge -X ours main --no-edit
          git push origin next --tags --atomic