.github/workflows/perform-release.yml

name: "Perform Release"

on:
  workflow_dispatch:
    inputs:
      release_pr_number:
        description: "The PR number of the release PR"
        required: true
      skip-pr-merge:
        description: "Whether to skip merging the PRs"
        required: false
        default: false
        type: boolean

env:
  MVN_CLI_ARGS: --batch-mode --no-transfer-progress --fail-at-end --show-version -DskipTests
  JAVA_VERSION: 17

jobs:
  prerequisites:
    name: "Prerequisites"
    outputs:
      release-version: ${{ steps.determine-branch-names.outputs.RELEASE_VERSION }}
      release-tag: ${{ steps.determine-branch-names.outputs.RELEASE_TAG }}
      code-branch: ${{ steps.determine-branch-names.outputs.CODE_BRANCH_NAME }}
      release-commit: ${{ steps.determine-branch-names.outputs.RELEASE_COMMIT }}
    permissions:
      pull-requests: read
      contents: read
    runs-on: ubuntu-latest
    steps:
      - name: "Determine Branch Names"
        id: determine-branch-names
        run: |
          if [[ "${{ github.event_name }}" == "pull_request_review" ]]; then
            echo "[DEBUG] Taking branch name from pull request event"
            BRANCH_NAME=${{ github.event.pull_request.head.ref }}
          elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
            echo "[DEBUG] Taking branch name from workflow dispatch event"
            BRANCH_NAME=$(gh pr view ${{ github.event.inputs.release_pr_number }} --repo "${{ github.repository }}" --json headRefName | jq -r '.headRefName')
          else
            echo "Cannot determine branch name from event '${{ github.event_name }}'"
            exit 1
          fi
          
          RELEASE_VERSION=$(echo "$BRANCH_NAME" | cut -d '-' -f2) 

          echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT
          echo "RELEASE_TAG=rel/$RELEASE_VERSION" >> $GITHUB_OUTPUT
          echo "CODE_BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_OUTPUT
          echo "RELEASE_COMMIT=$(gh release view "$RELEASE_TAG" --repo "${{ github.repository }}" --json targetCommitish | jq -r '.targetCommitish')" >> $GITHUB_OUTPUT
          
          echo "[DEBUG] Current GITHUB_OUTPUT: '$(cat $GITHUB_OUTPUT)'"
        env:
          GH_TOKEN: ${{ github.token }}

      - name: "Checkout Repository"
        uses: actions/checkout@v4

      - name: "Check Whether Code PR Can Be Merged"
        if: ${{ inputs.skip-pr-merge != 'true' }}
        uses: ./.github/actions/pr-is-mergeable
        with:
          pr-ref: ${{ steps.determine-branch-names.outputs.CODE_BRANCH_NAME }}
          excluded-check-runs: |
            {
              \"Continuous Integration\": [\"Run BlackDuck Scan\", \"Run Security Rating\"], 
              \"dependabot merger\": [] 
            }

      - name: "Check Code Release Commit Continuous Integration"
        if: ${{ inputs.skip-pr-merge != 'true' }}
        uses: ./.github/actions/workflow-succeeded
        with:
          workflow: "Continuous Integration"
          sha: ${{ steps.determine-branch-names.outputs.RELEASE_COMMIT }}

  release:
    name: "Release"
    needs: [ prerequisites ]
    runs-on: ubuntu-latest
    permissions:
      contents: write # needed to modify the release draft
      pull-requests: write # needed to merge the release PR
    steps:
      - name: "Setup java"
        uses: actions/setup-java@v4
        with:
          distribution: "sapmachine"
          java-version: ${{ env.JAVA_VERSION }}
          server-id: ossrh
          server-username: MAVEN_CENTRAL_USER # env variable for username in deploy
          server-password: MAVEN_CENTRAL_PASSWORD # env variable for token in deploy

      - name: "Download Release Asset"
        id: download-asset
        run: |
          gh release download ${{ needs.prerequisites.outputs.release-tag }} --dir ./ --repo "${{ github.repository }}"
          # x=extract v=verbose z=decompress f=file C=destination directory
          tar -xvzf release-artifacts.tar.gz -C .
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: "Import GPG Key"
        run: |
          echo "${{ secrets.PGP_PRIVATE_KEY }}" | gpg --batch --passphrase "$PASSPHRASE" --import
        env:
          PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}

      - name: "Create settings.xml"
        run: |
          echo '${{ secrets.CENTRAL_SONATYPE_SETTINGS_XML }}' > settings.xml

      - name: "Deploy"
        run: |
          MVN_ARGS="${{ env.MVN_CLI_ARGS }} deploy -Drelease -s settings.xml"
          mvn $MVN_ARGS
        env:
          MAVEN_GPG_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}

      - name: "Merge Code PR"
        if: ${{ inputs.skip-pr-merge != 'true' }}
        run: gh pr merge --squash "${{ needs.prerequisites.outputs.code-branch }}" --delete-branch --repo "${{ github.repository }}"
        env:
          GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}

      - name: "Publish the Draft Release"
        run: gh release edit ${{ needs.prerequisites.outputs.release-tag }} --draft=false --repo "${{ github.repository }}"
        env:
          GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}