name: Update release version. on: release: types: [published] jobs: create-sec-tag: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: fetch-depth: 0 ref: sec - name: Get branch name id: branch-name uses: tj-actions/branch-names@v6 - name: Generate new tag id: generate-tag run: | git tag -a ${{ steps.branch-name.outputs.tag }}-sec -m "Security release for ${{ steps.branch-name.outputs.tag }}" - name: Push tag uses: adm/git-push@master with: args: --follow-tags github_token: ${{ secrets.PAT_TOKEN }} update-version: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - name: Run release-tagger uses: tj-actions/release-tagger@v3 - name: Sync release version. uses: tj-actions/sync-release-version@v13 id: sync-release-version with: pattern: '${{ github.repository }}@' only_major: true paths: | README.md - name: Generate CHANGELOG uses: tj-actions/github-changelog-generator@v1.18 with: output: 'HISTORY.md' - name: Create Pull Request uses: peter-evans/create-pull-request@v4.2.4 with: base: "main" labels: "merge when passing" title: "Upgraded to ${{ steps.sync-release-version.outputs.new_version }}" branch: "upgrade-to-${{ steps.sync-release-version.outputs.new_version }}" commit-message: "Upgraded from ${{ steps.sync-release-version.outputs.old_version }} -> ${{ steps.sync-release-version.outputs.new_version }}" body: "View [CHANGES](https://github.com/${{ github.repository }}/compare/${{ steps.sync-release-version.outputs.old_version }}...${{ steps.sync-release-version.outputs.new_version }})" token: ${{ secrets.PAT_TOKEN }}