cloud-sdk-java/.github/workflows/perform-release.yml at main · SAP/cloud-sdk-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
name: 'Perform Release'

on:
  workflow_dispatch:
    inputs:
      release_pr_number:
        description: 'The PR number of the release PR'
        required: true
      skip-pr-merge:
        description: 'Whether to skip merging the PRs'
        required: false
        default: false
        type: boolean

env:
  MVN_CLI_ARGS: --batch-mode --no-transfer-progress --fail-at-end --show-version -DskipTests
  JAVA_VERSION: 17
  DOCS_REPO: SAP/cloud-sdk

jobs:
  prerequisites:
    name: 'Prerequisites'
    outputs:
      code-branch: ${{ steps.determine-branch-names.outputs.CODE_BRANCH_NAME }}
      docs-branch: ${{ steps.determine-branch-names.outputs.DOCS_BRANCH_NAME }}
      release-notes-branch: ${{ steps.determine-branch-names.outputs.RELEASE_NOTES_BRANCH_NAME }}
      release-javadoc-branch: ${{ steps.determine-branch-names.outputs.RELEASE_JAVADOC_BRANCH_NAME }}
      release-tag: ${{ steps.determine-branch-names.outputs.RELEASE_TAG }}
      release-commit: ${{ steps.determine-branch-names.outputs.RELEASE_COMMIT }}
    permissions: write-all # contents and push are needed to see the draft release
    runs-on: ubuntu-latest
    steps:
      - name: 'Determine Branch Names'
        id: determine-branch-names
        run: |
          CODE_BRANCH_NAME=$(gh pr view ${{github.event.inputs.release_pr_number}} --repo ${{github.repository}} --json headRefName --jq '.headRefName')
          RELEASE_VERSION=$(echo $CODE_BRANCH_NAME | cut -d '-' -f2)
          RELEASE_TAG=rel/$RELEASE_VERSION
          RELEASE_COMMIT=$(gh release view $RELEASE_TAG --repo ${{github.repository}} --json targetCommitish --jq '.targetCommitish')
          RELEASE_NOTES_BRANCH_NAME=java/release-notes-$RELEASE_VERSION
          RELEASE_JAVADOC_BRANCH_NAME=java/release-docs-$RELEASE_VERSION

          echo "CODE_BRANCH_NAME=$CODE_BRANCH_NAME" >> $GITHUB_OUTPUT
          echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT
          echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_OUTPUT
          echo "RELEASE_COMMIT=$RELEASE_COMMIT" >> $GITHUB_OUTPUT
          echo "RELEASE_NOTES_BRANCH_NAME=$RELEASE_NOTES_BRANCH_NAME" >> $GITHUB_OUTPUT
          echo "RELEASE_JAVADOC_BRANCH_NAME=$RELEASE_JAVADOC_BRANCH_NAME" >> $GITHUB_OUTPUT

          echo -e "[DEBUG] Current GITHUB_OUTPUT:\n$(cat $GITHUB_OUTPUT)"
        env:
          GH_TOKEN: ${{ github.token }}

      - name: 'Checkout Repository'
        uses: actions/checkout@v6

      - name: 'Check Whether Code PR Can Be Merged'
        if: ${{ inputs.skip-pr-merge != 'true' }}
        uses: ./.github/actions/pr-is-mergeable
        with:
          pr-ref: ${{ steps.determine-branch-names.outputs.CODE_BRANCH_NAME }}
          excluded-check-runs: |
            {
              \"Continuous Integration\": [\"Run BlackDuck Scan\", \"Run Security Rating\"],
              \"dependabot merger\": []
            }

      - name: 'Check Code Release Commit Continuous Integration'
        if: ${{ inputs.skip-pr-merge != 'true' }}
        uses: ./.github/actions/workflow-succeeded
        with:
          workflow: 'Continuous Integration'
          sha: ${{ steps.determine-branch-names.outputs.RELEASE_COMMIT }}
          excluded-jobs: '["Run BlackDuck Scan"]'

      - name: 'Create GitHub App Token'
        id: app-token
        uses: actions/create-github-app-token@v3
        with:
          client-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }}
          private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }}
          owner: SAP
          repositories: cloud-sdk

      - name: 'Check Whether Release Notes PR Can Be Merged'
        if: ${{ inputs.skip-pr-merge != 'true' }}
        uses: ./.github/actions/pr-is-mergeable
        with:
          pr-ref: ${{ steps.determine-branch-names.outputs.RELEASE_NOTES_BRANCH_NAME }}
          repo: ${{ env.DOCS_REPO }}
          token: ${{ steps.app-token.outputs.token }}
          excluded-check-runs: |
            {
              \"Build Cloud SDK Documentation\": [\"dependabot\"]
            }

      - name: 'Check Whether JavaDoc PR Can Be Merged'
        if: ${{ inputs.skip-pr-merge != 'true' }}
        uses: ./.github/actions/pr-is-mergeable
        with:
          pr-ref: ${{ steps.determine-branch-names.outputs.RELEASE_JAVADOC_BRANCH_NAME }}
          repo: ${{ env.DOCS_REPO }}
          token: ${{ steps.app-token.outputs.token }}
          excluded-check-runs: |
            {
              \"Build Cloud SDK Documentation\": [\"dependabot\"]
            }

  release:
    name: 'Release'
    needs: [prerequisites]
    runs-on: ubuntu-latest
    permissions:
      contents: write # needed to modify the release draft
    steps:
      - name: 'Create GitHub App Token'
        id: app-token
        uses: actions/create-github-app-token@v3
        with:
          client-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }}
          private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }}
          owner: SAP
          repositories: cloud-sdk-java,cloud-sdk
          permission-contents: write
          permission-pull-requests: write # needed to merge the release PR

      - name: 'Setup java'
        uses: actions/setup-java@v5
        with:
          distribution: 'sapmachine'
          java-version: ${{ env.JAVA_VERSION }}

      - name: 'Download Release Asset'
        id: download-asset
        run: |
          gh release download ${{ needs.prerequisites.outputs.release-tag }} --dir ./ --repo "${{ github.repository }}"
          # x=extract v=verbose z=decompress f=file C=destination directory
          tar -xvzf release-*.tar.gz -C .
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: 'Import GPG Key'
        run: |
          echo "${{ secrets.PGP_PRIVATE_KEY }}" | gpg --batch --passphrase "$MAVEN_GPG_PASSPHRASE" --import
        env:
          MAVEN_GPG_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}

      - name: 'Create settings.xml'
        run: |
          echo '${{ secrets.CENTRAL_SONATYPE_SETTINGS_XML }}' > settings.xml

      - name: 'Deploy'
        run: |
          MVN_ARGS="${{ env.MVN_CLI_ARGS }} -Drelease -s settings.xml"
          mvn deploy $MVN_ARGS
        env:
          MAVEN_GPG_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}

      - name: 'Merge Code PR'
        if: ${{ inputs.skip-pr-merge != 'true' }}
        run: gh pr merge --squash "${{ needs.prerequisites.outputs.code-branch }}" --delete-branch --repo "${{ github.repository }}"
        env:
          GH_TOKEN: ${{ steps.app-token.outputs.token }}

      - name: 'Publish the Draft Release'
        run: gh release edit ${{ needs.prerequisites.outputs.release-tag }} --draft=false --repo "${{ github.repository }}"
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: 'Merge Release Notes PR'
        if: ${{ inputs.skip-pr-merge != 'true' }}
        run: gh pr merge --squash "${{ needs.prerequisites.outputs.release-notes-branch }}" --delete-branch --repo "${{ env.DOCS_REPO }}"
        env:
          GH_TOKEN: ${{ steps.app-token.outputs.token }}

      - name: 'Merge JavaDoc PR'
        if: ${{ inputs.skip-pr-merge != 'true' }}
        run: gh pr merge --squash "${{ needs.prerequisites.outputs.release-javadoc-branch }}" --delete-branch --repo "${{ env.DOCS_REPO }}"
        env:
          GH_TOKEN: ${{ steps.app-token.outputs.token }}