setup tagpr

.github/actions/release/action.yml

@@ -0,0 +1,88 @@
+name: release
+description: release my_echo
+inputs:
+  tag:
+    description: tag name to be released
+    default: ''
+  token:
+    description: GitHub token
+    required: true
+  signing-identifier:
+    description: signing identifier to codesign
+    required: true
+  apple-id:
+    description: Apple ID for Notarization
+    required: true
+  apple-id-password:
+    description: Apple ID's password for Notarization. Using App Password is recommended.
+    required: true
+  team-id:
+    description: Team ID for Notarization
+    required: true
+  certificate-base64:
+    description: Base64 encoded Developer ID certificate
+    required: true
+  p12-password:
+    description: password for Developer ID certificate
+    required: true
+  keychain-profile:
+    description: 'notarytool --keychain-profile parameter'
+    required: true
+    default: 'AC_PASSWORD'
+runs:
+  using: composite
+  steps:
+  - uses: maxim-lobanov/setup-xcode@v1
+    with:
+      xcode-version: '14.0.1'
+  - name: Install the Apple certificate
+    env:
+      CERTIFICATE_BASE64: ${{ inputs.certificate-base64 }}
+      P12_PASSWORD: ${{ inputs.p12-password }}
+    run: |
+      # create variables
+      CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+      KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+      KEYCHAIN_PASSWORD=$(uuidgen)
+
+      # echo
+      echo "CERTIFICATE_PATH: ${CERTIFICATE_PATH}"
+      echo "KEYCHAIN_PATH: ${KEYCHAIN_PATH}"
+      echo "KEYCHAIN_PASSWORD: ${KEYCHAIN_PASSWORD}"
+      echo "CERTIFICATE_BASE64: ${CERTIFICATE_BASE64}"
+      echo "P12_PASSWORD: ${P12_PASSWORD}"
+      echo ${{ inputs.certificate-base64 }}
+      echo ${{ inputs.team-id }}
+
+      # import certificate and provisioning profile from secrets
+      echo -n "$CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
+
+      # create temporary keychain
+      security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+      security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+      security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+      # import certificate to keychain
+      security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+      security list-keychain -d user -s $KEYCHAIN_PATH
+
+      # import credentials from secrets
+      xcrun notarytool store-credentials "${{ inputs.keychain-profile }}" --apple-id "${{ inputs.apple-id }}" --password "${{ inputs.apple-id-password }}" --team-id "${{ inputs.team-id }}" --keychain "${KEYCHAIN_PATH}"
+    shell: bash
+  - name: Resolve
+    run: swift package resolve
+    shell: bash
+  - name: Build
+    env:
+      SIGNING_IDENTIFIER: ${{ inputs.signing-identifier }}
+    run: |
+      make release_zip
+    shell: bash
+  - name: upload
+    uses: softprops/action-gh-release@v1
+    env:
+      GITHUB_TOKEN: ${{ inputs.token }}
+    with:
+      files: release_binary.zip
+      tag_name: ${{ inputs.tag }}
+    if: "inputs.tag != ''"

.github/release.yml

@@ -0,0 +1,4 @@
+changelog:
+  exclude:
+    labels:
+      - tagpr

.github/workflows/tagpr.yaml

@@ -0,0 +1,37 @@
+name: tagpr
+on:
+  push:
+    branches:
+    - "main"
+jobs:
+  tagpr:
+    runs-on: macos-12
+    steps:
+    - name: checkout
+      uses: actions/checkout@v3
+    - name: tagpr
+      id: tagpr
+      uses: Songmu/tagpr@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - uses: ./.github/actions/release
+      with:
+        tag: ${{ steps.tagpr.outputs.tag }}
+        token: ${{ secrets.GITHUB_TOKEN }}
+        signing-identifier: ${{ secrets.SIGNING_IDENTIFIER }}
+        apple-id: ${{ secrets.APPLE_ID }}
+        apple-id-password: ${{ secrets.APPLE_ID_PASSWORD }}
+        team-id: ${{ secrets.TEAM_ID }}
+        certificate-base64: ${{ secrets.CERTIFICATE_BASE64 }}
+        p12-password: ${{ secrets.P12_PASSWORD }}
+      if: "steps.tagpr.outputs.tag != ''"
+    - name: Update formula on tag
+      if: "steps.tagpr.outputs.tag != ''"
+      uses: "mislav/bump-homebrew-formula-action@v2"
+      with:
+        tag-name: ${{ steps.tagpr.outputs.tag }}
+        download-url: https://github.com/griffin-stewie/xopen-cli/releases/download/${{ steps.tagpr.outputs.tag }}/release_binary.zip
+        formula-name: xopen-cli
+        homebrew-tap: griffin-stewie/homebrew-formulae
+      env:
+        COMMITTER_TOKEN: ${{ secrets.COMMITTER_TOKEN }}

.tagpr

@@ -0,0 +1,35 @@
+# config file for the tagpr in git config format
+# The tagpr generates the initial configuration, which you can rewrite to suit your environment.
+# CONFIGURATIONS:
+#   tagpr.releaseBranch
+#       Generally, it is "main." It is the branch for releases. The pcpr tracks this branch,
+#       creates or updates a pull request as a release candidate, or tags when they are merged.
+#
+#   tagpr.versionFile
+#       Versioning file containing the semantic version needed to be updated at release.
+#       It will be synchronized with the "git tag".
+#       Often this is a meta-information file such as gemspec, setup.cfg, package.json, etc.
+#       Sometimes the source code file, such as version.go or Bar.pm, is used.
+#       If you do not want to use versioning files but only git tags, specify the "-" string here.
+#       You can specify multiple version files by comma separated strings.
+#
+#   tagpr.vPrefix
+#       Flag whether or not v-prefix is added to semver when git tagging. (e.g. v1.2.3 if true)
+#       This is only a tagging convention, not how it is described in the version file.
+#
+#   tagpr.changelog (Optional)
+#       Flag whether or not changelog is added or changed during the release.
+#
+#   tagpr.command (Optional)
+#       Command to change files just before release.
+#
+#   tagpr.tmplate (Optional)
+#       Pull request template in go template format
+#
+#   tagpr.release (Optional)
+#       GitHub Release creation behavior after tagging [true, draft, false]
+#       If this value is not set, the release is to be created.
+[tagpr]
+	vPrefix = true
+	releaseBranch = main
+	versionFile = Sources/xopen/Commands/RootCommand.swift