name: Trigger Release on Dependabot updates
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 with:
egress-policy: audit
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with:
fetch-depth: 0
- name: Configure git
run: |
git config user.name "github-actions"
git config user.email "github-actions@github.com"
- name: Determine next patch version
id: version
run: |
CURRENT=$(sed -nE \
's/^version = "([^"]+)".*/\1/p' \
Cargo.toml | head -n1)
echo "Current version: $CURRENT"
IFS='.' read -r MAJOR MINOR PATCH <<< "$CURRENT"
PATCH=$((PATCH + 1))
NEW_VERSION="$MAJOR.$MINOR.$PATCH"
echo "New version: $NEW_VERSION"
echo "version=$NEW_VERSION" >> "$GITHUB_OUTPUT"
- name: Update Cargo.toml version
env:
VERSION: ${{ steps.version.outputs.version }}
run: |
FILES=(
"./Cargo.toml"
)
for file in "${FILES[@]}"
do
echo "Updating $file"
sed -Ei \
's/^version = "[^"]+"/version = "'"$VERSION"'"/' \
"$file"
done
- name: Update CHANGELOG.md
env:
VERSION: ${{ steps.version.outputs.version }}
COMMIT_MSG: ${{ github.event.head_commit.message }}
run: |
DATE=$(date +%m-%d-%Y)
SAFE_COMMIT_MSG=$(printf '%s\n' "$COMMIT_MSG")
DEP=""
FROM_VERSION=""
TO_VERSION=""
CHANGE_TEXT=""
#
# Dependabot examples:
#
# chore: Bump k8s.io/api from 0.36.0 to 0.36.1
#
if [ -z "$DEP" ]; then
DEP=$(printf '%s\n' "$SAFE_COMMIT_MSG" | sed -n \
's/^.*Bump \(.*\) from .*$/\1/p')
FROM_VERSION=$(printf '%s\n' "$SAFE_COMMIT_MSG" | sed -n \
's/^.*from \(.*\) to .*$/\1/p')
TO_VERSION=$(printf '%s\n' "$SAFE_COMMIT_MSG" | sed -n \
's/^.*to \(.*\)$/\1/p')
if [ -n "$DEP" ]; then
CHANGE_TEXT="- Updated ${DEP} from ${FROM_VERSION} to ${TO_VERSION} through automated dependency management"
fi
fi
#
# Final fallback
#
if [ -z "$CHANGE_TEXT" ]; then
CHANGE_TEXT="- Updated dependency(s) through automated dependency management"
fi
echo "Detected dependency: $DEP"
echo "From: $FROM_VERSION"
echo "To: $TO_VERSION"
cat > changelog_entry.md <<EOF
## macro_paste Version ${VERSION} (${DATE})
#### New Features
#### Improvements
${CHANGE_TEXT}
#### Fixes
-----
EOF
cat changelog_entry.md CHANGELOG.md > CHANGELOG.tmp
mv CHANGELOG.tmp CHANGELOG.md
- name: Commit version updates
run: |
git add .
git commit -m "chore(release): dependency updated. Bump project version to ${{ steps.version.outputs.version }}" || true
git push origin HEAD:main
- name: Install Rust
uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8
- name: Publish crates
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
run: |
set -euo pipefail
echo "Publishing macro_paste..."
cargo publish \
--manifest-path Cargo.toml