name: Release CLI on: push: branches: - main # Prevent concurrent runs concurrency: group: release-cli cancel-in-progress: false permissions: contents: read jobs: check-version: runs-on: ubuntu-latest outputs: version: ${{ steps.get-version.outputs.version }} tag_exists: ${{ steps.check-tag.outputs.exists }} steps: - name: Harden Runner uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 with: egress-policy: block allowed-endpoints: > github.com:443 - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 fetch-tags: true - name: Get version from file id: get-version run: echo "version=$(cat cli/version)" >> "$GITHUB_OUTPUT" - name: Check if tag exists id: check-tag run: | if git rev-parse "cli/v${{ steps.get-version.outputs.version }}" >/dev/null 2>&1; then echo "exists=true" >> "$GITHUB_OUTPUT" else echo "exists=false" >> "$GITHUB_OUTPUT" fi test-cli: needs: [check-version] if: needs.check-version.outputs.tag_exists == 'false' runs-on: ubuntu-latest permissions: contents: read steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 with: egress-policy: audit - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 fetch-tags: true - name: Set up Go uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: "1.26.2" - name: Run CLI tests working-directory: cli run: go test ./... release-cli: needs: [check-version, test-cli] if: needs.check-version.outputs.tag_exists == 'false' runs-on: ubuntu-latest permissions: contents: write outputs: success: ${{ steps.release.outputs.success }} steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 with: egress-policy: audit - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 fetch-tags: true token: ${{ secrets.GH_TOKEN }} - name: Set up Go uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: "1.26.2" - name: Configure Git run: | git config user.name "GitHub Actions Bot" git config user.email "github-actions[bot]@users.noreply.github.com" - name: Release CLI id: release env: GH_TOKEN: ${{ secrets.GH_TOKEN }} R2_ENDPOINT: ${{ secrets.R2_ENDPOINT }} R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} R2_BUCKET: ${{ secrets.R2_BUCKET }} run: ./.github/workflows/scripts/release-cli.sh "${{ needs.check-version.outputs.version }}" push-mintlify-changelog: needs: [check-version, release-cli] if: needs.check-version.outputs.tag_exists == 'false' && needs.release-cli.result == 'success' runs-on: ubuntu-latest permissions: contents: write steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 with: egress-policy: audit - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 fetch-tags: true token: ${{ secrets.GH_TOKEN }} - name: Push Mintlify changelog run: | ./.github/workflows/scripts/push-cli-mintlify-changelog.sh "${{ needs.check-version.outputs.version }}"