Perform Release #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Perform Release" | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release_pr_number: | |
| description: "The PR number of the release PR" | |
| required: true | |
| skip-pr-merge: | |
| description: "Whether to skip merging the PRs" | |
| required: false | |
| default: false | |
| type: boolean | |
| env: | |
| MVN_CLI_ARGS: --batch-mode --no-transfer-progress --fail-at-end --show-version -DskipTests | |
| JAVA_VERSION: 17 | |
| jobs: | |
| prerequisites: | |
| name: "Prerequisites" | |
| outputs: | |
| release-version: ${{ steps.determine-branch-names.outputs.RELEASE_VERSION }} | |
| release-tag: ${{ steps.determine-branch-names.outputs.RELEASE_TAG }} | |
| code-branch: ${{ steps.determine-branch-names.outputs.CODE_BRANCH_NAME }} | |
| release-commit: ${{ steps.determine-branch-names.outputs.RELEASE_COMMIT }} | |
| permissions: | |
| pull-requests: read | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "Determine Branch Names" | |
| id: determine-branch-names | |
| run: | | |
| if [[ "${{ github.event_name }}" == "pull_request_review" ]]; then | |
| echo "[DEBUG] Taking branch name from pull request event" | |
| BRANCH_NAME=${{ github.event.pull_request.head.ref }} | |
| elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
| echo "[DEBUG] Taking branch name from workflow dispatch event" | |
| BRANCH_NAME=$(gh pr view ${{ github.event.inputs.release_pr_number }} --repo "${{ github.repository }}" --json headRefName | jq -r '.headRefName') | |
| else | |
| echo "Cannot determine branch name from event '${{ github.event_name }}'" | |
| exit 1 | |
| fi | |
| RELEASE_VERSION=$(echo "$BRANCH_NAME" | cut -d '-' -f2) | |
| echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT | |
| echo "RELEASE_TAG=rel/$RELEASE_VERSION" >> $GITHUB_OUTPUT | |
| echo "CODE_BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_OUTPUT | |
| echo "RELEASE_COMMIT=$(gh release view "$RELEASE_TAG" --repo "${{ github.repository }}" --json targetCommitish | jq -r '.targetCommitish')" >> $GITHUB_OUTPUT | |
| echo "[DEBUG] Current GITHUB_OUTPUT: '$(cat $GITHUB_OUTPUT)'" | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| - name: "Checkout Repository" | |
| uses: actions/checkout@v4 | |
| - name: "Check Whether Code PR Can Be Merged" | |
| if: ${{ inputs.skip-pr-merge != 'true' }} | |
| uses: ./.github/actions/pr-is-mergeable | |
| with: | |
| pr-ref: ${{ steps.determine-branch-names.outputs.CODE_BRANCH_NAME }} | |
| excluded-check-runs: | | |
| { | |
| \"Continuous Integration\": [\"Run BlackDuck Scan\", \"Run Security Rating\"], | |
| \"dependabot merger\": [] | |
| } | |
| - name: "Check Code Release Commit Continuous Integration" | |
| if: ${{ inputs.skip-pr-merge != 'true' }} | |
| uses: ./.github/actions/workflow-succeeded | |
| with: | |
| workflow: "Continuous Integration" | |
| sha: ${{ steps.determine-branch-names.outputs.RELEASE_COMMIT }} | |
| release: | |
| name: "Release" | |
| needs: [ prerequisites ] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # needed to modify the release draft | |
| pull-requests: write # needed to merge the release PR | |
| steps: | |
| - name: "Setup java" | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: "sapmachine" | |
| java-version: ${{ env.JAVA_VERSION }} | |
| server-id: ossrh | |
| server-username: MAVEN_CENTRAL_USER # env variable for username in deploy | |
| server-password: MAVEN_CENTRAL_PASSWORD # env variable for token in deploy | |
| - name: "Download Release Asset" | |
| id: download-asset | |
| run: | | |
| gh release download ${{ needs.prerequisites.outputs.release-tag }} --dir ./ --repo "${{ github.repository }}" | |
| # x=extract v=verbose z=decompress f=file C=destination directory | |
| tar -xvzf release-artifacts.tar.gz -C . | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Import GPG Key" | |
| run: | | |
| echo "${{ secrets.PGP_PRIVATE_KEY }}" | gpg --batch --passphrase "$PASSPHRASE" --import | |
| env: | |
| PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }} | |
| - name: "Create settings.xml" | |
| run: | | |
| echo '${{ secrets.CENTRAL_SONATYPE_SETTINGS_XML }}' > settings.xml | |
| - name: "Deploy" | |
| run: | | |
| MVN_ARGS="${{ env.MVN_CLI_ARGS }} deploy -Drelease -s settings.xml" | |
| mvn $MVN_ARGS | |
| env: | |
| MAVEN_GPG_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }} | |
| - name: "Merge Code PR" | |
| if: ${{ inputs.skip-pr-merge != 'true' }} | |
| run: gh pr merge --squash "${{ needs.prerequisites.outputs.code-branch }}" --delete-branch --repo "${{ github.repository }}" | |
| env: | |
| GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} | |
| - name: "Publish the Draft Release" | |
| run: gh release edit ${{ needs.prerequisites.outputs.release-tag }} --draft=false --repo "${{ github.repository }}" | |
| env: | |
| GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} |