create-cloudinary-react/.github/workflows/release.yml at 86fd306af6e1f6bea1312169dff96e9b5ce223f3 · cloudinary-devs/create-cloudinary-react · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
name: Release

on:
  workflow_dispatch:

permissions:
  contents: write
  id-token: write
  issues: write
  pull-requests: write

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - name: Verify admin permissions
        run: |
          # Use the repository's permission endpoint which works for both personal and org repos
          RESPONSE=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
            -H "Accept: application/vnd.github.v3+json" \
            "https://api.github.com/repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission")

          # Extract permission using jq if available, otherwise use grep
          if command -v jq &> /dev/null; then
            PERMISSION=$(echo "$RESPONSE" | jq -r '.permission // empty')
          else
            PERMISSION=$(echo "$RESPONSE" | grep -o '"permission":"[^"]*"' | head -1 | cut -d'"' -f4)
          fi

          if [ -z "$PERMISSION" ]; then
            echo "Warning: Could not determine permission level. Response: $RESPONSE"
            echo "Note: workflow_dispatch requires write access, proceeding..."
            exit 0
          fi

          if [ "$PERMISSION" != "admin" ]; then
            echo "Error: Only repository admins can trigger releases. Current permission: $PERMISSION"
            exit 1
          fi

          echo "✓ Verified admin permission for ${{ github.actor }}"

      - uses: actions/checkout@v4
        with:
          ref: main
          fetch-depth: 0

      - name: Setup git branch
        run: |
          git checkout -B main
          git branch --set-upstream-to=origin/main main

      - name: Debug branch info
        run: |
          echo "Current branch: $(git branch --show-current)"
          echo "All branches: $(git branch -a)"
          echo "Git remote: $(git remote -v)"
          echo "Git status: $(git status)"

      - uses: actions/setup-node@v4
        with:
          node-version: '20'
          registry-url: 'https://registry.npmjs.org'

      - run: npm ci

      - run: npm test --if-present

      - name: Release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: npx semantic-release