name: Update release version. on: release: types: [published] jobs: create-sec-tag: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: fetch-depth: 0 ref: sec - name: Get branch name id: branch-name uses: tj-actions/branch-names@v6 - name: Generate new tag id: generate-tag run: | git config --local user.email "github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" git tag -a ${{ steps.branch-name.outputs.tag }}-sec -m "Security release for ${{ steps.branch-name.outputs.tag }}" - name: Push tag uses: ad-m/github-push-action@master with: tags: true github_token: ${{ secrets.PAT_TOKEN }} branch: sec update-version: runs-on: ubuntu-latest needs: create-sec-tag steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - name: Run release-tagger uses: tj-actions/release-tagger@v3 - name: Sync release version. uses: tj-actions/sync-release-version@v13 id: sync-release-version with: pattern: '${{ github.repository }}@' only_major: true paths: | README.md - name: Run git-cliff uses: tj-actions/git-cliff@v1 - name: Create Pull Request uses: peter-evans/create-pull-request@v5.0.0 with: base: "main" labels: "merge when passing" title: "Upgraded to ${{ steps.sync-release-version.outputs.new_version }}" branch: "upgrade-to-${{ steps.sync-release-version.outputs.new_version }}" commit-message: "Upgraded from ${{ steps.sync-release-version.outputs.old_version }} -> ${{ steps.sync-release-version.outputs.new_version }}" body: "View [CHANGES](https://github.com/${{ github.repository }}/compare/${{ steps.sync-release-version.outputs.old_version }}...${{ steps.sync-release-version.outputs.new_version }})" token: ${{ secrets.PAT_TOKEN }}