1515 description : " Version String for task.h on main branch (leave empty to leave as-is)."
1616 required : false
1717 default : ' '
18+ github_token :
19+ description : ' GitHub token for creating releases and pushing changes'
20+ required : true
1821
1922jobs :
2023 release-packager :
2124 permissions :
25+ contents : write
26+ pull-requests : write
2227 id-token : write
2328 name : Release Packager
2429 runs-on : ubuntu-latest
2934 with :
3035 architecture : x64
3136 env :
32- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
37+ GITHUB_TOKEN : ${{ github.event.inputs.github_token }}
38+
39+ - name : Install GitHub CLI
40+ run : |
41+ command -v gh >/dev/null 2>&1 || {
42+ curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg
43+ sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg
44+ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
45+ sudo apt update
46+ sudo apt install gh
47+ }
3348
3449# Currently FreeRTOS/.github/scripts houses the release script. Download it for upcoming usage
3550 - name : Checkout FreeRTOS Release Tools
@@ -52,53 +67,118 @@ jobs:
5267 git config --global user.name "$ACTOR"
5368 git config --global user.email "$ACTOR"@users.noreply.github.com
5469
55- name : create a new branch that references commit id
70+ name : Create version branch
5671 env :
5772 VERSION_NUMBER : ${{ github.event.inputs.version_number }}
5873 COMMIT_ID : ${{ github.event.inputs.commit_id }}
5974 working-directory : ./local_kernel
6075 run : |
6176 git checkout -b "$VERSION_NUMBER" "$COMMIT_ID"
77+ git push -u origin "$VERSION_NUMBER"
6278 echo "COMMIT_SHA_1=$(git rev-parse HEAD)" >> $GITHUB_ENV
6379
80+ name : Create release preparation branch
81+ env :
82+ VERSION_NUMBER : ${{ github.event.inputs.version_number }}
83+ working-directory : ./local_kernel
84+ run : |
85+ git checkout -b "release-prep-$VERSION_NUMBER"
86+
6487name : Update source files with version info
6588 env :
6689 VERSION_NUMBER : ${{ github.event.inputs.version_number }}
6790 MAIN_BR_VERSION_NUMBER : ${{ github.event.inputs.main_br_version }}
6891 COMMIT_SHA_1 : ${{ env.COMMIT_SHA_1 }}
69- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
92+ GITHUB_TOKEN : ${{ github.event.inputs.github_token }}
7093 run : |
7194 # Install deps and run
7295 pip install -r ./tools/.github/scripts/release-requirements.txt
7396 ./tools/.github/scripts/update_src_version.py FreeRTOS --kernel-repo-path=local_kernel --kernel-commit="$COMMIT_SHA_1" --new-kernel-version="$VERSION_NUMBER" --new-kernel-main-br-version="$MAIN_BR_VERSION_NUMBER"
7497 exit $?
7598
76- name : Update version number in manifest.yml
99+ name : Update version number in manifest.yml
77100 env :
78101 VERSION_NUMBER : ${{ github.event.inputs.version_number }}
79102 working-directory : ./local_kernel
80103 run : |
81104 ./.github/scripts/manifest_updater.py -v "$VERSION_NUMBER"
82105 exit $?
83106
84- name : Commit version number change in manifest.yml
107+ name : Commit and push release preparation branch
85108 env :
86109 VERSION_NUMBER : ${{ github.event.inputs.version_number }}
87110 working-directory : ./local_kernel
88111 run : |
112+ # The update_src_version.py script detaches HEAD by checking out a SHA.
113+ # Re-attach HEAD to the release prep branch, keeping all commits.
114+ git branch -f "release-prep-$VERSION_NUMBER" HEAD
115+ git checkout "release-prep-$VERSION_NUMBER"
116+
89117 git add .
90- git commit -m '[AUTO][RELEASE]: Update version number in manifest.yml'
91- git push -u origin "$VERSION_NUMBER"
118+ if git diff --cached --quiet; then
119+ echo "No new changes to commit — source files and manifest already up to date."
120+ else
121+ git commit -m '[AUTO][RELEASE]: Update version number in manifest.yml and source files'
122+ fi
123+ git push -u origin "release-prep-$VERSION_NUMBER"
124+
125+ name : Create pull request
126+ env :
127+ VERSION_NUMBER : ${{ github.event.inputs.version_number }}
128+ GH_TOKEN : ${{ github.event.inputs.github_token }}
129+ REPO_FULL_NAME : ${{ github.repository }}
130+ working-directory : ./local_kernel
131+ run : |
132+ PR_URL=$(gh pr create \
133+ --repo "$REPO_FULL_NAME" \
134+ --base "$VERSION_NUMBER" \
135+ --head "release-prep-$VERSION_NUMBER" \
136+ --title "[AUTO][RELEASE]: Release $VERSION_NUMBER" \
137+ --body "Automated release preparation for $VERSION_NUMBER. Updates version numbers in source files and manifest.yml.")
138+ echo "PR_URL=$PR_URL" >> $GITHUB_ENV
139+
140+ name : Wait for PR to be merged
141+ env :
142+ GH_TOKEN : ${{ github.event.inputs.github_token }}
143+ REPO_FULL_NAME : ${{ github.repository }}
144+ working-directory : ./local_kernel
145+ run : |
146+ PR_NUMBER=$(echo "$PR_URL" | grep -oE '[0-9]+$')
147+ while true; do
148+ STATE=$(gh pr view "$PR_NUMBER" --repo "$REPO_FULL_NAME" --json state --jq .state)
149+ if [ "$STATE" = "MERGED" ]; then
150+ echo "PR merged successfully"
151+ break
152+ elif [ "$STATE" = "CLOSED" ]; then
153+ echo "Error: PR was closed without merging"
154+ exit 1
155+ fi
156+ echo "Waiting for PR to be merged... (current state: $STATE)"
157+ sleep 30
158+ done
159+
160+ name : Re-checkout after merge
161+ uses : actions/checkout@v4.1.1
162+ with :
163+ path : local_kernel
164+ ref : ${{ github.event.inputs.version_number }}
165+ fetch-depth : 0
92166
93167 - name : Generate SBOM
94168 uses : FreeRTOS/CI-CD-Github-Actions/sbom-generator@main
95169 with :
96- repo_path : ./local_kernel
97- source_path : ./
170+ directory : ./local_kernel
171+ distribution-type : repository
172+ creator : Amazon Web Services, Inc.
173+ download-location : git+https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}.git@${{ github.event.inputs.version_number }}
174+ homepage : https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}
175+ namespace-prefix : https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}/releases/download/${{ github.event.inputs.version_number }}/
176+ include-file-hashes : true
98177
99- - name : commit SBOM file
178+ - name : Commit SBOM file
100179 env :
101180 VERSION_NUMBER : ${{ github.event.inputs.version_number }}
181+ GITHUB_TOKEN : ${{ github.event.inputs.github_token }}
102182 working-directory : ./local_kernel
103183 run : |
104184 git add .
@@ -112,7 +192,7 @@ jobs:
112192 MAIN_BR_VERSION_NUMBER : ${{ github.event.inputs.main_br_version }}
113193 COMMIT_SHA_2 : ${{ env.COMMIT_SHA_2 }}
114194 REPO_OWNER : ${{ github.repository_owner }}
115- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
195+ GITHUB_TOKEN : ${{ github.event.inputs.github_token }}
116196 run : |
117197 # Install deps and run
118198 pip install -r ./tools/.github/scripts/release-requirements.txt
@@ -127,10 +207,17 @@ jobs:
127207 artifact_path : ./FreeRTOS-KernelV${{ github.event.inputs.version_number }}.zip
128208 release_tag : ${{ github.event.inputs.version_number }}
129209
130- - name : Cleanup
210+ - name : Delete release preparation branch
211+ if : always()
131212 env :
132213 VERSION_NUMBER : ${{ github.event.inputs.version_number }}
214+ GH_TOKEN : ${{ github.event.inputs.github_token }}
133215 working-directory : ./local_kernel
134216 run : |
135- # Delete the branch created for Tag by SBOM generator
136- git push -u origin --delete "$VERSION_NUMBER"
217+ # Only delete release-prep branch if the PR was already merged
218+ PR_STATE=$(gh pr list --repo "${{ github.repository }}" --head "release-prep-$VERSION_NUMBER" --json state --jq '.[0].state' 2>/dev/null || echo "")
219+ if [ "$PR_STATE" = "MERGED" ] || [ -z "$PR_STATE" ]; then
220+ git push origin --delete "release-prep-$VERSION_NUMBER" || true
221+ else
222+ echo "Skipping release-prep branch deletion — PR is still open (state: $PR_STATE)"
223+ fi
0 commit comments