Skip to content
Release

fix: trim whitespace from API keys and host config #26

Sign in to view logs

fix: trim whitespace from API keys and host config

fix: trim whitespace from API keys and host config #26

Workflow file for this run

.github/workflows/release.yml at f0a43ed
name: "Release"
on:
pull_request:
types: [closed]
branches: [main]
workflow_dispatch:
inputs:
bump_type:
description: Version bump to apply
required: true
type: choice
options:
- patch
- minor
- major
permissions:
contents: read
# Concurrency control: only one release process can run at a time
# This prevents race conditions if multiple PRs with 'release' label merge simultaneously
concurrency:
group: release
cancel-in-progress: false
jobs:
check-release-label:
name: Check for release label
runs-on: ubuntu-latest
# Run when PR with 'release' label is merged to main, or when manually triggered
if: |
github.event_name == 'workflow_dispatch' ||
(github.event_name == 'pull_request' &&
github.event.pull_request.merged == true &&
contains(github.event.pull_request.labels.*.name, 'release'))
outputs:
should-release: ${{ steps.check.outputs.should-release }}
bump-type: ${{ steps.check.outputs.bump-type }}
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
ref: main
fetch-depth: 0
- name: Check release conditions
id: check
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
EVENT_NAME: ${{ github.event_name }}
INPUT_BUMP_TYPE: ${{ inputs.bump_type }}
HAS_BUMP_MAJOR: ${{ contains(github.event.pull_request.labels.*.name, 'bump-major') }}
HAS_BUMP_MINOR: ${{ contains(github.event.pull_request.labels.*.name, 'bump-minor') }}
HAS_BUMP_PATCH: ${{ contains(github.event.pull_request.labels.*.name, 'bump-patch') }}
run: |
# Determine bump type from workflow input or PR labels
if [ "$EVENT_NAME" = "workflow_dispatch" ]; then
echo "bump-type=$INPUT_BUMP_TYPE" >> "$GITHUB_OUTPUT"
echo "should-release=true" >> "$GITHUB_OUTPUT"
echo "Manual release requested with bump type '$INPUT_BUMP_TYPE'"
elif [ "$HAS_BUMP_MAJOR" = "true" ]; then
echo "bump-type=major" >> "$GITHUB_OUTPUT"
echo "should-release=true" >> "$GITHUB_OUTPUT"
elif [ "$HAS_BUMP_MINOR" = "true" ]; then
echo "bump-type=minor" >> "$GITHUB_OUTPUT"
echo "should-release=true" >> "$GITHUB_OUTPUT"
elif [ "$HAS_BUMP_PATCH" = "true" ]; then
echo "bump-type=patch" >> "$GITHUB_OUTPUT"
echo "should-release=true" >> "$GITHUB_OUTPUT"
fi
notify-approval-needed:
name: Notify Slack - Approval Needed
needs: check-release-label
if: needs.check-release-label.outputs.should-release == 'true'
uses: posthog/.github/.github/workflows/notify-approval-needed.yml@main
with:
slack_channel_id: ${{ vars.SLACK_APPROVALS_CLIENT_LIBRARIES_CHANNEL_ID }}
slack_user_group_id: ${{ vars.GROUP_CLIENT_LIBRARIES_SLACK_GROUP_ID }}
secrets:
slack_bot_token: ${{ secrets.SLACK_CLIENT_LIBRARIES_BOT_TOKEN }}
posthog_project_api_key: ${{ secrets.POSTHOG_PROJECT_API_KEY }}
release:
name: Bump versions and release
needs: [check-release-label, notify-approval-needed]
runs-on: ubuntu-latest
# Use `always()` to ensure the job runs even if the check-release-label job fails
# but still depend on it to be able to use `needs.notify-approval-needed.outputs.slack_ts`
if: always() && needs.check-release-label.outputs.should-release == 'true'
environment: "Release" # This will require an approval from a maintainer, they are notified in Slack above
permissions:
contents: write
actions: write
steps:
- name: Notify Slack - Approved
if: needs.notify-approval-needed.outputs.slack_ts != ''
uses: posthog/.github/.github/actions/slack-thread-reply@main
with:
slack_bot_token: ${{ secrets.SLACK_CLIENT_LIBRARIES_BOT_TOKEN }}
slack_channel_id: ${{ vars.SLACK_APPROVALS_CLIENT_LIBRARIES_CHANNEL_ID }}
thread_ts: ${{ needs.notify-approval-needed.outputs.slack_ts }}
message: "✅ Release approved! Version bump in progress..."
emoji_reaction: "white_check_mark"
- name: Get GitHub App token
id: releaser
uses: actions/create-github-app-token@v3
with:
client-id: ${{ secrets.GH_APP_POSTHOG_PHP_RELEASER_APP_ID }}
private-key: ${{ secrets.GH_APP_POSTHOG_PHP_RELEASER_PRIVATE_KEY }} # Secrets available only inside the 'Release' environment, requires approval from a maintainer
- name: Checkout repository
uses: actions/checkout@v6
with:
ref: main
fetch-depth: 0
token: ${{ steps.releaser.outputs.token }}
- name: Bump version
id: bump-version
run: |
current_version=$(grep -oP "public const VERSION = '\K[^']+" lib/PostHog.php)
IFS='.' read -ra version_parts <<< "$current_version"
major=${version_parts[0]}
minor=${version_parts[1]}
patch=${version_parts[2]}
if [ "${{ needs.check-release-label.outputs.bump-type }}" == "major" ]; then
new_version="$((major + 1)).0.0"
elif [ "${{ needs.check-release-label.outputs.bump-type }}" == "minor" ]; then
new_version="$major.$((minor + 1)).0"
else
new_version="$major.$minor.$((patch + 1))"
fi
sed -i "s/public const VERSION = '$current_version'/public const VERSION = '$new_version'/" lib/PostHog.php
sed -i "s/\"version\": \"$current_version\"/\"version\": \"$new_version\"/" composer.json
echo "current_version=$current_version" >> $GITHUB_OUTPUT
echo "new_version=$new_version" >> $GITHUB_OUTPUT
if ! git diff --quiet lib/PostHog.php composer.json; then
echo "has_changes=true" >> "$GITHUB_OUTPUT"
else
echo "has_changes=false" >> "$GITHUB_OUTPUT"
fi
- name: Update CHANGELOG.md
env:
CURRENT_VERSION: ${{ steps.bump-version.outputs.current_version }}
NEW_VERSION: ${{ steps.bump-version.outputs.new_version }}
run: |
release_date=$(date +%Y-%m-%d)
echo -e "## $NEW_VERSION - $release_date\n\n* [Full Changelog](https://github.com/PostHog/posthog-php/compare/${CURRENT_VERSION}...${NEW_VERSION})\n\n$(cat CHANGELOG.md)" > CHANGELOG.md
- name: Commit version bump
if: steps.bump-version.outputs.has_changes == 'true'
uses: planetscale/ghcommit-action@25309d8005ac7c3bcd61d3fe19b69e0fe47dbdde # v0.2.20
with:
commit_message: "chore: bump version to ${{ steps.bump-version.outputs.new_version }} [version bump]"
repo: ${{ github.repository }}
branch: main
file_pattern: "lib/PostHog.php composer.json CHANGELOG.md"
env:
GITHUB_TOKEN: ${{ steps.releaser.outputs.token }}
- name: Create GitHub release
if: steps.bump-version.outputs.has_changes == 'true'
env:
GH_TOKEN: ${{ steps.releaser.outputs.token }}
NEW_VERSION: ${{ steps.bump-version.outputs.new_version }}
run: |
LAST_CHANGELOG_ENTRY=$(awk -v defText="see CHANGELOG.md" '/^## /{if (flag) exit; flag=1} flag && /^##$/{exit} flag; END{if (!flag) print defText}' CHANGELOG.md)
gh release create "$NEW_VERSION" \
--target main \
--title "$NEW_VERSION" \
--notes "$LAST_CHANGELOG_ENTRY"
# Notify in case of a failure
- name: Send failure event to PostHog
if: ${{ failure() }}
uses: PostHog/posthog-github-action@v0.1
with:
posthog-token: "${{ secrets.POSTHOG_PROJECT_API_KEY }}"
event: "posthog-php-github-release-workflow-failure"
properties: >-
{
"commitSha": "${{ github.sha }}",
"jobStatus": "${{ job.status }}",
"ref": "${{ github.ref }}",
"version": "${{ steps.bump-version.outputs.new_version }}"
}
- name: Notify Slack - Failed
if: ${{ failure() && needs.notify-approval-needed.outputs.slack_ts != '' }}
uses: posthog/.github/.github/actions/slack-thread-reply@main
with:
slack_bot_token: ${{ secrets.SLACK_CLIENT_LIBRARIES_BOT_TOKEN }}
slack_channel_id: ${{ vars.SLACK_APPROVALS_CLIENT_LIBRARIES_CHANNEL_ID }}
thread_ts: ${{ needs.notify-approval-needed.outputs.slack_ts }}
message: "❌ Failed to release `posthog-php@${{ steps.bump-version.outputs.new_version }}`! <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|View logs>"
emoji_reaction: "x"
notify-released:
name: Notify Slack - Released
needs: [notify-approval-needed, release]
runs-on: ubuntu-latest
if: always() && needs.release.result == 'success' && needs.notify-approval-needed.outputs.slack_ts != ''
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Notify Slack - Released
uses: posthog/.github/.github/actions/slack-thread-reply@main
with:
slack_bot_token: ${{ secrets.SLACK_CLIENT_LIBRARIES_BOT_TOKEN }}
slack_channel_id: ${{ vars.SLACK_APPROVALS_CLIENT_LIBRARIES_CHANNEL_ID }}
thread_ts: ${{ needs.notify-approval-needed.outputs.slack_ts }}
message: "🚀 posthog-php released successfully!"
emoji_reaction: "rocket"
notify-rejected:
name: Notify Slack - Rejected
needs: [release, notify-approval-needed]
runs-on: ubuntu-latest
if: always() && needs.release.result == 'failure' && needs.notify-approval-needed.outputs.slack_ts != ''
steps:
- name: Check for rejection
id: check-rejection
env:
GH_TOKEN: ${{ github.token }}
run: |
RESPONSE=$(gh api /repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/approvals)
REJECTED=$(echo "$RESPONSE" | jq '[.[] | select(.state == "rejected")] | length')
if [ "$REJECTED" -gt 0 ]; then
echo "was_rejected=true" >> "$GITHUB_OUTPUT"
COMMENT=$(echo "$RESPONSE" | jq -r '.[] | select(.state == "rejected") | .comment // empty' | head -1)
if [ -n "$COMMENT" ]; then
{
echo 'message<<EOF'
echo "🚫 Release was rejected: $COMMENT"
echo 'EOF'
} >> "$GITHUB_OUTPUT"
else
echo "message=🚫 Release was rejected." >> "$GITHUB_OUTPUT"
fi
else
echo "was_rejected=false" >> "$GITHUB_OUTPUT"
fi
- name: Notify Slack - Rejected
if: steps.check-rejection.outputs.was_rejected == 'true'
continue-on-error: true
uses: PostHog/.github/.github/actions/slack-thread-reply@main
with:
slack_bot_token: ${{ secrets.SLACK_CLIENT_LIBRARIES_BOT_TOKEN }}
slack_channel_id: ${{ vars.SLACK_APPROVALS_CLIENT_LIBRARIES_CHANNEL_ID }}
thread_ts: ${{ needs.notify-approval-needed.outputs.slack_ts }}
message: '${{ steps.check-rejection.outputs.message }}'
emoji_reaction: 'no_entry_sign'