name: Create next release branch on: workflow_call: inputs: ownerRepo: type: string description: Owner/repo of the repository where the branch is created (e.g. 'grafana/grafana') required: true source: description: The release branch to increment (eg providing `release-11.2.3` will result in `release-11.2.4` being created) type: string required: true outputs: branch: description: The new branch that was created value: ${{ jobs.main.outputs.branch }} workflow_dispatch: inputs: ownerRepo: description: Owner/repo of the repository where the branch is created (e.g. 'grafana/grafana') source: description: The release branch to increment (eg providing `release-11.2.3` will result in `release-11.2.4` being created) type: string required: true permissions: contents: read id-token: write jobs: main: runs-on: ubuntu-latest outputs: branch: ${{ steps.branch.outputs.branch }} steps: - name: "Get vault secrets" id: vault-secrets uses: grafana/shared-workflows/actions/get-vault-secrets@main with: # Secrets placed in the ci/data/repo/grafana/grafana/delivery-bot-app path in Vault repo_secrets: | GRAFANA_DELIVERY_BOT_APP_PEM=delivery-bot-app:PRIVATE_KEY - name: "Generate token" id: generate_token uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a with: app_id: ${{ vars.DELIVERY_BOT_APP_ID }} private_key: ${{ env.GRAFANA_DELIVERY_BOT_APP_PEM }} repositories: "[\"grafana\", \"grafana-enterprise\"]" permissions: "{\"contents\": \"write\", \"pull_requests\": \"write\", \"workflows\":\"write\"}" - name: Create release branch id: branch uses: grafana/grafana-github-actions-go/bump-release@main # zizmor: ignore[unpinned-uses] with: ownerRepo: ${{ inputs.ownerRepo }} source: ${{ inputs.source }} token: ${{ steps.generate_token.outputs.token }}