github-actions-magento2/.github/workflows/release-please.yml

name: Create Release

on:
  push:
    branches:
      - main

env:
  RELEASE_BRANCH: release-please--branches--main--components--github-actions-magento2

jobs:
  release-please:
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - id: release
        uses: googleapis/release-please-action@v4
        with:
          token: ${{ secrets.GRAYCORE_GITHUB_TOKEN }}

      - name: Checkout release PR branch
        uses: actions/checkout@v6
        with:
          ref: ${{ env.RELEASE_BRANCH }}
          token: ${{ secrets.GRAYBOT_PIN_BACK_PAT }}

      - name: Pin refs on release PR branch
        id: pin-refs
        run: |
          VERSION="v$(jq -r '."."' .release-please-manifest.json)"
          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT

          sed -i "s|uses: graycoreio/github-actions-magento2/\([^@]*\)@main|uses: graycoreio/github-actions-magento2/\1@${VERSION}|g" \
            */action.yml \
            $(find .github/workflows \( -name "*.yml" -o -name "*.yaml" \) ! -name "release-*")

          if git diff --quiet; then
            echo "HAS_CHANGES=false" >> $GITHUB_OUTPUT
          else
            echo "HAS_CHANGES=true" >> $GITHUB_OUTPUT
          fi

      - name: Commit pinned refs
        if: steps.pin-refs.outputs.HAS_CHANGES == 'true'
        env:
          GRAYBOT_GPG_KEY: ${{ secrets.GRAYBOT_GPG_KEY }}
        run: |
          echo "$GRAYBOT_GPG_KEY" | gpg --batch --import
          export GPG_KEY_ID=$(gpg --list-secret-keys --keyid-format LONG | grep sec | awk '{print $2}' | cut -d/ -f2)
          git config --global user.signingkey $GPG_KEY_ID
          git config --global commit.gpgSign true
          git config --global user.email "automation@graycore.io"
          git config --global user.name "Beep Boop"
          git add .
          git commit -m "chore: pin internal action refs to ${{ steps.pin-refs.outputs.VERSION }}"
          git push origin ${{ env.RELEASE_BRANCH }}