Update Version Bump workflow (#3547)

Co-authored-by: Bitwarden DevOps <106330231+bitwarden-devops-bot@users.noreply.github.com>
2025-04-05 05:00:19 -05:00 · 2023-12-12 06:27:28 -05:00 · 2023-12-12 06:27:28 -05:00 · 26e99ba000
commit 26e99ba000
parent c68cfdd12e
1 changed files with 58 additions and 11 deletions
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@ -1,16 +1,23 @@
 ---
 name: Version Bump
+run-name: Version Bump - v${{ inputs.version_number }}

 on:
+  workflow_call:
+    inputs:
+      version_number:
+        description: "New version (example: '2024.1.0')"
+        required: true
+        type: string
  workflow_dispatch:
    inputs:
      version_number:
-        description: "New Version"
+        description: "New version (example: '2024.1.0')"
        required: true

 jobs:
-  bump_props_version:
-    name: "Create version_bump_${{ github.event.inputs.version_number }} branch"
+  bump_version:
+    name: "Bump Version to v${{ inputs.version_number }}"
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout Branch
@ -26,7 +33,9 @@ jobs:
        uses: bitwarden/gh-actions/get-keyvault-secrets@main
        with:
          keyvault: "bitwarden-ci"
-          secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"
+          secrets: "github-gpg-private-key,
+            github-gpg-private-key-passphrase,
+            github-pat-bitwarden-devops-bot-repo-scope"

      - name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
@ -39,14 +48,38 @@ jobs:
      - name: Create Version Branch
        id: create-branch
        run: |
-          NAME=version_bump_${{ github.ref_name }}_${{ github.event.inputs.version_number }}
+          NAME=version_bump_${{ github.ref_name }}_${{ inputs.version_number }}
          git switch -c $NAME
          echo "name=$NAME" >> $GITHUB_OUTPUT

+      - name: Install xmllint
+        run: sudo apt install -y libxml2-utils
+
+      - name: Verify input version
+        env:
+          NEW_VERSION: ${{ inputs.version_number }}
+        run: |
+          CURRENT_VERSION=$(xmllint -xpath "/Project/PropertyGroup/Version/text()" Directory.Build.props)
+
+          # Error if version has not changed.
+          if [[ "$NEW_VERSION" == "$CURRENT_VERSION" ]]; then
+            echo "Version has not changed."
+            exit 1
+          fi
+
+          # Check if version is newer.
+          printf '%s\n' "${CURRENT_VERSION}" "${NEW_VERSION}" | sort -C -V
+          if [ $? -eq 0 ]; then
+            echo "Version check successful."
+          else
+            echo "Version check failed."
+            exit 1
+          fi
+
      - name: Bump Version - Props
        uses: bitwarden/gh-actions/version-bump@main
        with:
-          version: ${{ github.event.inputs.version_number }}
+          version: ${{ inputs.version_number }}
          file_path: "Directory.Build.props"

      - name: Refresh lockfiles
@ -69,7 +102,7 @@ jobs:

      - name: Commit files
        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        run: git commit -m "Bumped version to ${{ github.event.inputs.version_number }}" -a
+        run: git commit -m "Bumped version to ${{ inputs.version_number }}" -a

      - name: Push changes
        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
@ -79,12 +112,13 @@ jobs:

      - name: Create Version PR
        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
+        id: create-pr
        env:
          PR_BRANCH: ${{ steps.create-branch.outputs.name }}
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-          TITLE: "Bump version to ${{ github.event.inputs.version_number }}"
+          GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
+          TITLE: "Bump version to ${{ inputs.version_number }}"
        run: |
-          gh pr create --title "$TITLE" \
+          PR_URL=$(gh pr create --title "$TITLE" \
            --base "$GITHUB_REF" \
            --head "$PR_BRANCH" \
            --label "version update" \
@ -98,4 +132,17 @@ jobs:
              - [X] Other

              ## Objective
-              Automated version bump to ${{ github.event.inputs.version_number }}"
+              Automated version bump to ${{ inputs.version_number }}")
+          echo "pr_number=${PR_URL##*/}" >> $GITHUB_OUTPUT
+
+      - name: Approve PR
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }}
+        run: gh pr review $PR_NUMBER --approve
+
+      - name: Merge PR
+        env:
+          GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
+          PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }}
+        run: gh pr merge $PR_NUMBER --squash --auto --delete-branch