refactor: CI/CD Pipelines #44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Perform Release" | ||
| on: | ||
| pull_request_review: | ||
| types: [submitted] | ||
| branches: [RELEASE-*] | ||
| workflow_dispatch: | ||
| inputs: | ||
| release_pr_number: | ||
| description: "The PR number of the release PR" | ||
| required: true | ||
| env: | ||
| MVN_CLI_ARGS: "--batch-mode --no-transfer-progress --fail-at-end --show-version" | ||
| DOCS_REPO: Johannes-Schneider/cloud-sdk | ||
| jobs: | ||
| prerequisites: | ||
| name: "Prerequisites" | ||
| outputs: | ||
| release-version: ${{ steps.determine-branch-names.outputs.RELEASE_VERSION }} | ||
| release-tag: ${{ steps.determine-branch-names.outputs.RELEASE_TAG }} | ||
| code-branch: ${{ steps.determine-branch-names.outputs.CODE_BRANCH_NAME }} | ||
| docs-branch: ${{ steps.determine-branch-names.outputs.DOCS_BRANCH_NAME }} | ||
| release-notes-branch: ${{ steps.determine-branch-names.outputs.RELEASE_NOTES_BRANCH_NAME }} | ||
| permissions: | ||
| pull-requests: read | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: "Determine Branch Names" | ||
| id: determine-branch-names | ||
| run: | | ||
| if [[ "${{ github.event_name }}" == "pull_request_review" ]]; then | ||
| echo "[DEBUG] Taking branch name from pull request event" | ||
| BRANCH_NAME=${{ github.event.pull_request.head.ref }} | ||
| elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | ||
| echo "[DEBUG] Taking branch name from workflow dispatch event" | ||
| BRANCH_NAME=$(gh pr view ${{ github.event.inputs.release_pr_number }} --repo "${{ github.repository }}" --json headRefName | jq -r '.headRefName') | ||
| else | ||
| echo "Cannot determine branch name from event '${{ github.event_name }}'" | ||
| exit 1 | ||
| fi | ||
| RELEASE_VERSION=$(echo "$BRANCH_NAME" | cut -d '-' -f2) | ||
| DOCS_BRANCH=java/release-docs-$RELEASE_VERSION | ||
| RELEASE_NOTES_BRANCH=java/release-notes-$RELEASE_VERSION | ||
| echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT | ||
| echo "RELEASE_TAG=rel/$RELEASE_VERSION" >> $GITHUB_OUTPUT | ||
| echo "CODE_BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_OUTPUT | ||
| echo "DOCS_BRANCH_NAME=$DOCS_BRANCH" >> $GITHUB_OUTPUT | ||
| echo "RELEASE_NOTES_BRANCH_NAME=$RELEASE_NOTES_BRANCH" >> $GITHUB_OUTPUT | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| check-prs: | ||
| name: "Check PRs" | ||
| runs-on: ubuntu-latest | ||
| needs: [ prerequisites ] | ||
| permissions: | ||
| pull-requests: read | ||
| strategy: | ||
| matrix: | ||
| task: | ||
| - { | ||
| "name": "Code PR", | ||
| "branch": ${{ needs.prerequisites.outputs.code-branch }}, | ||
| "repo": ${{ github.repository }}, | ||
| "token": ${{ github.token }} | ||
| } | ||
| - { | ||
| "name": "Docs PR", | ||
| "branch": ${{ needs.prerequisites.outputs.docs-branch }}, | ||
| "repo": ${{ env.DOCS_REPO }}, | ||
| "token": ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} | ||
| } | ||
| - { | ||
| "name": "Release Notes PR", | ||
| "branch": ${{ needs.prerequisites.outputs.release-notes-branch }}, | ||
| "repo": ${{ env.DOCS_REPO }}, | ||
| "token": ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} | ||
| } | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ needs.prerequisites.outputs.code-branch }} | ||
| - name: "Check Whether ${{ matrix.task.name }} Can Be Merged" | ||
| uses: ./.github/actions/pr-is-mergeable | ||
| with: | ||
| pr-ref: ${{ matrix.task.branch }} | ||
| repo: ${{ matrix.task.repo }} | ||
| token: ${{ matrix.task.token }} | ||
| fail-on-unmergeable: "true" | ||
| release: | ||
| name: "Release" | ||
| needs: [ prerequisites, check-prs ] | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write # needed to modify the release draft | ||
| pull-requests: write # needed to merge the release PR | ||
| steps: | ||
| - name: "Setup java" | ||
| uses: actions/setup-java@v3 | ||
| with: | ||
| distribution: "temurin" | ||
| java-version: "17" | ||
| server-id: ossrh | ||
| server-username: MAVEN_CENTRAL_USER # env variable for username in deploy | ||
| server-password: MAVEN_CENTRAL_PASSWORD # env variable for token in deploy | ||
| - name: "Download Release Asset" | ||
| id: download-asset | ||
| run: | | ||
| gh release download ${{ needs.prerequisites.outputs.release-tag }} --dir ./ --repo "${{ github.repository }}" | ||
| # x=extract v=verbose z=decompress f=file C=destination directory | ||
| tar -xvzf apidocs-*.tar.gz -C . | ||
| tar -xvzf release-*.tar.gz -C . | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: "Import GPG Key" | ||
| run: | | ||
| echo "${{ secrets.PGP_PRIVATE_KEY }}" | gpg --batch --passphrase "$PASSPHRASE" --import | ||
| env: | ||
| PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | ||
| - name: "Perform Release" | ||
| run: > | ||
| mvn | ||
| $MVN_CLI_ARGS | ||
| -DrepositoryId=local | ||
| -Durl=file:./temp_local_repo | ||
| -Dmaven.install.skip=true | ||
| -Dgpg.passphrase="$GPG_PASSPHRASE" | ||
| -Dgpg.keyname="$MAVEN_CENTRAL_USER" | ||
| deploy | ||
| mvn | ||
| $MVN_CLI_ARGS | ||
| org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13:deploy-staged-repository | ||
| -DserverId=ossrh | ||
| -DnexusUrl=https://oss.sonatype.org | ||
| -DrepositoryDirectory=./temp_local_repo | ||
| -DstagingProfileId=$MAVEN_CENTRAL_PROFILE_ID | ||
| env: | ||
| MAVEN_CENTRAL_USER: ${{ secrets.MAVEN_CENTRAL_USER }} | ||
| MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} | ||
| MAVEN_CENTRAL_PROFILE_ID: ${{ secrets.MAVEN_CENTRAL_PROFILE_ID }} | ||
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | ||
| - name: "Merge Code PR" | ||
| run: gh pr merge --squash "${{ needs.prerequisites.outputs.code-branch }}" --delete-branch --repo "${{ github.repository }}" | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| - name: "Publish the Draft Release" | ||
| run: gh release edit ${{ needs.prerequisites.outputs.release-tag }} --draft=false --repo "${{ github.repository }}" | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| - name: "Merge Docs PR" | ||
| run: gh pr merge --squash "${{ needs.prerequisites.outputs.docs-branch }}" --delete-branch --repo "${{ env.DOCS_REPO }}" | ||
| env: | ||
| GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} | ||
| - name: "Merge Release Notes PR" | ||
| run: | | ||
| # https://github.com/cli/cli/issues/8092#issuecomment-1814439651 | ||
| # The Release Notes mergeability computation hasn't completed yet | ||
| # Because the base branch just changed from merging the Javadoc. | ||
| # Sleep and retry to work around "Base branch was modified." error. | ||
| for i in {1..3}; do | ||
| sleep 5 | ||
| if gh pr merge --squash "${{ needs.prerequisites.outputs.release-notes-branch }}" --delete-branch --repo "${{ env.DOCS_REPO }}"; then | ||
| exit 0 | ||
| fi | ||
| done | ||
| exit 1 | ||
| env: | ||
| GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} | ||
| notify-job: | ||
| runs-on: ubuntu-latest | ||
| needs: [ prerequisites, release ] | ||
| if: ${{ failure() }} | ||
| steps: | ||
| - name: "Checkout" | ||
| uses: actions/checkout@v4 | ||
| - name: "Notify" | ||
| run: python .pipeline/scripts/notify.py | ||
| env: | ||
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | ||
| WORKFLOW: ${{ github.workflow }} | ||
| WORKFLOW_RUN_URL: https://github.com/SAP/cloud-sdk-java/actions/runs/${{ github.run_id }} | ||
| BRANCH_NAME: ${{ needs.prerequisites.outputs.code-branch }} | ||
