stages: - prepare unbound_release_preconditions_failed: stage: .pre image: amd64/alpine:3.23.2@sha256:f276aafd5da0d02877540e1dbf42bdd6b08191073438dd03f0d3b8078f30fb34 script: - | echo "To use Unbound Release, a UNBOUND_RELEASE_TOKEN environment variable needs to be defined." echo "It needs API access to write repository files, create MRs and releases and it needs at least Developer access." echo " " echo "See more info here:" echo "Personal Access Tokens: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html" echo "Project Access Tokens: https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html" echo "Group Access Tokens: https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html" - 'false' rules: - if: $UNBOUND_RELEASE_TOKEN == null unbound_release_changelog: stage: .pre image: name: orhunp/git-cliff:2.11.0@sha256:9a214cf1b62ed3bfe4071ec0442c71eac7a4efe462f79ffe62781df081387a24 entrypoint: [ "" ] variables: GIT_STRATEGY: clone # clone entire repo instead of reusing workspace GIT_DEPTH: 0 # avoid shallow clone to give cliff all the info it needs script: - 'echo "Generating changelog"' - 'git-cliff --bump --unreleased --strip header > CHANGES.md' - 'git-cliff --bump | sed "s/\s\+$//" > CHANGELOG.md' - 'echo "Bumping version"' - 'git-cliff --bumped-version 2>/dev/null > VERSION' artifacts: paths: - CHANGES.md - CHANGELOG.md - VERSION rules: - if: $UNBOUND_RELEASE_TOKEN == null when: never - if: $CI_DEFAULT_BRANCH == $CI_COMMIT_BRANCH unbound_release_handle_mr: stage: .pre image: amd64/alpine:3.23.2@sha256:f276aafd5da0d02877540e1dbf42bdd6b08191073438dd03f0d3b8078f30fb34 variables: GIT_STRATEGY: clone # clone entire repo instead of reusing workspace GIT_DEPTH: 0 # avoid shallow clone to have the tags available needs: - unbound_release_changelog before_script: - 'apk add --no-cache git jq curl' script: - | VERSION="$(cat VERSION)" LATEST="$(cat .version 2>/dev/null | jq -r '.version' || git describe --abbrev=0 --tags 2>/dev/null || echo '')" if [[ -n "${LATEST}" && "${VERSION}" == "${LATEST}" ]]; then echo "No changes worthy of a version bump" exit 0 fi echo "Fetching existing release MRs" MRS=$(curl -sf \ -H "Authorization: Bearer ${UNBOUND_RELEASE_TOKEN}" \ "https://gitlab.com/api/v4/projects/${CI_PROJECT_ID}/merge_requests?state=opened&source_branch=next-release") BRANCHES=$(curl -sf \ -H "Authorization: Bearer ${UNBOUND_RELEASE_TOKEN}" \ "https://gitlab.com/api/v4/projects/${CI_PROJECT_ID}/repository/branches?regex=^next-release\$") MR=$(echo "${MRS}" | jq ".[].iid") BRANCH=$(echo "${BRANCHES}" | jq ".[].name") TITLE="chore(release): prepare for ${VERSION}" DESCRIPTION="$(cat CHANGES.md)" CONTENT="$(base64 -w0 CHANGES.md else git-cliff --bump --unreleased --strip header > CHANGES.md fi echo "Bumping version" git-cliff --bumped-version 2>/dev/null > VERSION artifacts: paths: - CHANGES.md - VERSION rules: - if: $UNBOUND_RELEASE_TOKEN == null when: never - if: $CI_COMMIT_TAG == null && $CI_DEFAULT_BRANCH != $CI_COMMIT_BRANCH when: never - if: $CI_DEFAULT_BRANCH == $CI_COMMIT_BRANCH - if: $CI_COMMIT_TAG unbound_release_create_release: stage: .pre image: amd64/alpine:3.23.2@sha256:f276aafd5da0d02877540e1dbf42bdd6b08191073438dd03f0d3b8078f30fb34 variables: GIT_STRATEGY: clone # clone entire repo instead of reusing workspace GIT_DEPTH: 0 # avoid shallow clone to have the tags available needs: - unbound_release_prepare_release before_script: - 'apk add --no-cache git jq curl' script: - | if [ ! -r .version ]; then echo "Version file not found" exit 0 fi VERSION="$(cat .version 2>/dev/null | jq -r '.version')" LATEST="$(git describe --abbrev=0 --tags 2>/dev/null || echo '')" if [[ -n "${LATEST}" && "${VERSION}" == "${LATEST}" ]]; then echo "Version ${VERSION} already exists" exit 0 fi echo "Creating release" NAME="$(cat VERSION)" MESSAGE="$(cat CHANGES.md)" BODY_TMPL='{"name":$name,"tag_name":$name,"tag_message":$name,"description":$message,"ref":$ref}' BODY="$(jq --null-input -c \ --arg name "${NAME}" \ --arg message "${MESSAGE}" \ --arg ref "${CI_DEFAULT_BRANCH}" \ "${BODY_TMPL}")" curl -sf -X POST \ -H "Authorization: Bearer ${UNBOUND_RELEASE_TOKEN}" \ -H "Content-Type: application/json" \ --data "${BODY}" \ "https://gitlab.com/api/v4/projects/${CI_PROJECT_ID}/releases" rules: - if: $UNBOUND_RELEASE_TOKEN == null when: never - if: $CI_DEFAULT_BRANCH != $CI_COMMIT_BRANCH when: never - if: $UNBOUND_RELEASE_TAG_ONLY == "true" when: never - if: $CI_DEFAULT_BRANCH == $CI_COMMIT_BRANCH unbound_release_tag: stage: .pre image: amd64/alpine:3.23.2@sha256:f276aafd5da0d02877540e1dbf42bdd6b08191073438dd03f0d3b8078f30fb34 variables: GIT_STRATEGY: clone # clone entire repo instead of reusing workspace GIT_DEPTH: 0 # avoid shallow clone to have the tags available needs: - unbound_release_prepare_release before_script: - 'apk add --no-cache git jq curl' script: - | if [ ! -r .version ]; then echo "Version file not found" exit 0 fi VERSION="$(cat .version 2>/dev/null | jq -r '.version')" LATEST="$(git describe --abbrev=0 --tags 2>/dev/null || echo '')" if [[ -n "${LATEST}" && "${VERSION}" == "${LATEST}" ]]; then echo "Version ${VERSION} already exists" exit 0 fi echo "Creating tag" NAME="$(cat VERSION)" MESSAGE="$(cat CHANGES.md)" curl -sf -X POST \ -H "Authorization: Bearer ${UNBOUND_RELEASE_TOKEN}" \ -H "Content-Type: application/json" \ "https://gitlab.com/api/v4/projects/${CI_PROJECT_ID}/repository/tags?tag_name=${NAME}&ref=${CI_DEFAULT_BRANCH}&message=${NAME}" rules: - if: $UNBOUND_RELEASE_TOKEN == null when: never - if: $CI_DEFAULT_BRANCH != $CI_COMMIT_BRANCH when: never - if: $UNBOUND_RELEASE_TAG_ONLY == null when: never - if: $UNBOUND_RELEASE_TAG_ONLY == "false" when: never - if: $UNBOUND_RELEASE_TAG_ONLY == "true"