Perform Release #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Perform Release" | |
on: | |
workflow_dispatch: | |
inputs: | |
release_pr_number: | |
description: "The PR number of the release PR" | |
required: true | |
skip-pr-merge: | |
description: "Whether to skip merging the PRs" | |
required: false | |
default: false | |
type: boolean | |
env: | |
MVN_CLI_ARGS: --batch-mode --no-transfer-progress --fail-at-end --show-version -DskipTests | |
JAVA_VERSION: 17 | |
jobs: | |
prerequisites: | |
name: "Prerequisites" | |
outputs: | |
release-version: ${{ steps.determine-branch-names.outputs.RELEASE_VERSION }} | |
release-tag: ${{ steps.determine-branch-names.outputs.RELEASE_TAG }} | |
code-branch: ${{ steps.determine-branch-names.outputs.CODE_BRANCH_NAME }} | |
release-commit: ${{ steps.determine-branch-names.outputs.RELEASE_COMMIT }} | |
permissions: | |
pull-requests: read | |
contents: read | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Determine Branch Names" | |
id: determine-branch-names | |
run: | | |
if [[ "${{ github.event_name }}" == "pull_request_review" ]]; then | |
echo "[DEBUG] Taking branch name from pull request event" | |
BRANCH_NAME=${{ github.event.pull_request.head.ref }} | |
elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
echo "[DEBUG] Taking branch name from workflow dispatch event" | |
BRANCH_NAME=$(gh pr view ${{ github.event.inputs.release_pr_number }} --repo "${{ github.repository }}" --json headRefName | jq -r '.headRefName') | |
else | |
echo "Cannot determine branch name from event '${{ github.event_name }}'" | |
exit 1 | |
fi | |
RELEASE_VERSION=$(echo "$BRANCH_NAME" | cut -d '-' -f2) | |
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT | |
echo "RELEASE_TAG=rel/$RELEASE_VERSION" >> $GITHUB_OUTPUT | |
echo "CODE_BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_OUTPUT | |
echo "RELEASE_COMMIT=$(gh release view "$RELEASE_TAG" --repo "${{ github.repository }}" --json targetCommitish | jq -r '.targetCommitish')" >> $GITHUB_OUTPUT | |
echo "[DEBUG] Current GITHUB_OUTPUT: '$(cat $GITHUB_OUTPUT)'" | |
env: | |
GH_TOKEN: ${{ github.token }} | |
- name: "Checkout Repository" | |
uses: actions/checkout@v4 | |
- name: "Check Whether Code PR Can Be Merged" | |
if: ${{ inputs.skip-pr-merge != 'true' }} | |
uses: ./.github/actions/pr-is-mergeable | |
with: | |
pr-ref: ${{ steps.determine-branch-names.outputs.CODE_BRANCH_NAME }} | |
excluded-check-runs: | | |
{ | |
\"Continuous Integration\": [\"Run BlackDuck Scan\", \"Run Security Rating\"], | |
\"dependabot merger\": [] | |
} | |
- name: "Check Code Release Commit Continuous Integration" | |
if: ${{ inputs.skip-pr-merge != 'true' }} | |
uses: ./.github/actions/workflow-succeeded | |
with: | |
workflow: "Continuous Integration" | |
sha: ${{ steps.determine-branch-names.outputs.RELEASE_COMMIT }} | |
release: | |
name: "Release" | |
needs: [ prerequisites ] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write # needed to modify the release draft | |
pull-requests: write # needed to merge the release PR | |
steps: | |
- name: "Setup java" | |
uses: actions/setup-java@v4 | |
with: | |
distribution: "sapmachine" | |
java-version: ${{ env.JAVA_VERSION }} | |
server-id: ossrh | |
server-username: MAVEN_CENTRAL_USER # env variable for username in deploy | |
server-password: MAVEN_CENTRAL_PASSWORD # env variable for token in deploy | |
- name: "Download Release Asset" | |
id: download-asset | |
run: | | |
gh release download ${{ needs.prerequisites.outputs.release-tag }} --dir ./ --repo "${{ github.repository }}" | |
# x=extract v=verbose z=decompress f=file C=destination directory | |
tar -xvzf release-artifacts.tar.gz -C . | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: "Import GPG Key" | |
run: | | |
echo "${{ secrets.PGP_PRIVATE_KEY }}" | gpg --batch --passphrase "$PASSPHRASE" --import | |
env: | |
PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }} | |
- name: "Deploy Locally" | |
run: > | |
mvn | |
$MVN_CLI_ARGS | |
-DaltDeploymentRepository=local::file:./temp_local_repo | |
-Drelease | |
deploy | |
env: | |
MAVEN_CENTRAL_USER: ${{ secrets.MAVEN_CENTRAL_USER }} | |
MAVEN_GPG_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }} | |
- name: "Deploy Staging" | |
run: | | |
# Create an empty directory to correctly execute the plugin | |
mkdir temp | |
cd temp | |
MVN_ARGS="$MVN_CLI_ARGS org.sonatype.plugins:nexus-staging-maven-plugin:1.7.0:deploy-staged-repository -DserverId=ossrh -DnexusUrl=https://oss.sonatype.org -DrepositoryDirectory=../temp_local_repo -DstagingProfileId=$MAVEN_CENTRAL_PROFILE_ID" | |
mvn $MVN_ARGS | |
env: | |
MAVEN_CENTRAL_USER: ${{ secrets.SONATYPE_TOKEN_NAME }} | |
MAVEN_CENTRAL_PASSWORD: ${{ secrets.SONATYPE_TOKEN_PASS }} | |
MAVEN_CENTRAL_PROFILE_ID: ${{ secrets.MAVEN_CENTRAL_PROFILE_ID }} | |
- name: "Merge Code PR" | |
if: ${{ inputs.skip-pr-merge != 'true' }} | |
run: gh pr merge --squash "${{ needs.prerequisites.outputs.code-branch }}" --delete-branch --repo "${{ github.repository }}" | |
env: | |
GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} | |
- name: "Publish the Draft Release" | |
run: gh release edit ${{ needs.prerequisites.outputs.release-tag }} --draft=false --repo "${{ github.repository }}" | |
env: | |
GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} |