name: Update Stable Branch from Main on Latest Release on: release: types: [released] permissions: contents: write concurrency: group: update-stable-${{ github.run_id }} cancel-in-progress: true jobs: update-stable-branch: name: Update stable from latest release source runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 # need full history for reset/push - name: Configure Git author run: | git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" - name: Determine source ref & SHA id: meta shell: bash run: | set -euo pipefail SRC="${{ github.event.release.target_commitish }}" if [ -z "$SRC" ] || ! git ls-remote --exit-code origin "refs/heads/$SRC" >/dev/null 2>&1; then # Fallback to main if target_commitish is empty or not a branch SRC="main" fi echo "Using source branch: $SRC" git fetch origin "$SRC":"refs/remotes/origin/$SRC" --prune SHA="$(git rev-parse "origin/$SRC")" echo "sha=$SHA" >> "$GITHUB_OUTPUT" echo "src=$SRC" >> "$GITHUB_OUTPUT" - name: Prepare local stable branch shell: bash run: | set -euo pipefail # Ensure we have the remote stable ref if it exists git fetch origin stable:refs/remotes/origin/stable || true if git show-ref --verify --quiet refs/heads/stable; then echo "Local stable exists." elif git show-ref --verify --quiet refs/remotes/origin/stable; then echo "Creating local stable tracking branch from remote." git checkout -b stable --track origin/stable else echo "Creating new local stable branch at source SHA." git checkout -b stable "${{ steps.meta.outputs.sha }}" fi - name: Reset stable to source SHA run: | git checkout stable git reset --hard "${{ steps.meta.outputs.sha }}" git status --short --branch - name: Push stable (force-with-lease) run: | # Safer than --force; refuses if remote moved unexpectedly git push origin stable --force-with-lease