-
Notifications
You must be signed in to change notification settings - Fork 479
212 lines (199 loc) · 8.16 KB
/
cicd_6-release.yml
File metadata and controls
212 lines (199 loc) · 8.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
#
# Release Workflow
#
# This workflow handles the complete release process for dotCMS following the established
# phase pattern: initialize -> build -> deployment -> finalize
#
# Key features:
# - Release preparation (branch creation, version setting)
# - Standard build phase for artifact generation
# - Release-specific deployment (Artifactory, Javadocs, plugins)
# - Docker image deployment via standard deployment phase
# - SBOM generation
# - GitHub label management
# - Release notifications
#
# This workflow follows the modular phase pattern established in the CICD architecture
# and replaces the legacy-release_maven-release-process.yml workflow
#
name: '-6 Release Process'
run-name: "Release ${{ inputs.release_version }}${{ inputs.java-version && format(' [{0}]', inputs.java-version) || '' }}"
on:
workflow_dispatch:
inputs:
release_version:
description: 'Release Version (yy.mm.dd-## or yy.mm.dd_lts_v##] ##: counter)'
required: true
release_commit:
description: 'Commit Hash (default to latest commit)'
required: false
deploy_artifact:
description: 'Deploy Artifact to Artifactory'
type: boolean
default: true
required: false
update_plugins:
description: 'Update Plugins'
type: boolean
default: true
required: false
upload_javadocs:
description: 'Upload Javadocs to S3'
type: boolean
default: true
required: false
update_github_labels:
description: 'Update GitHub labels'
type: boolean
default: true
required: false
notify_slack:
description: 'Notify Slack'
type: boolean
default: true
required: false
java-version:
description: 'Override Java version (SDKMAN format, e.g., 25.0.1-open). Compiler release auto-defaults to Java major version.'
type: string
required: false
default: ''
artifact-suffix:
description: 'Artifact suffix without leading separator (e.g., java25, java25-ms). Separators added automatically: dash (-) for Maven artifacts, underscore (_) for Docker tags. If not set, derived from java-version major (e.g., java25).'
type: string
required: false
default: ''
# No concurrency control - releases should complete without interruption
concurrency:
group: release-${{ github.event.inputs.release_version }}
cancel-in-progress: false
jobs:
# Initialize - standard initialization phase (always first)
initialize:
name: Initialize
uses: ./.github/workflows/cicd_comp_initialize-phase.yml
# Release builds everything - no change detection needed
with:
change-detection: 'disabled'
# Release Prepare - validates version, creates release branch, sets version
release-prepare:
name: Release Prepare
needs: [ initialize ]
uses: ./.github/workflows/cicd_comp_release-prepare-phase.yml
with:
release_version: ${{ github.event.inputs.release_version }}
release_commit: ${{ github.event.inputs.release_commit }}
secrets:
CI_MACHINE_TOKEN: ${{ secrets.CI_MACHINE_TOKEN }}
CI_MACHINE_USER: ${{ secrets.CI_MACHINE_USER }}
# Build - standard build phase for artifact generation
build:
name: Build
needs: [ release-prepare, initialize ]
if: always() && !failure() && !cancelled()
uses: ./.github/workflows/cicd_comp_build-phase.yml
with:
core-build: true
run-pr-checks: false
ref: ${{ needs.release-prepare.outputs.release_tag }}
validate: false
version: ${{ needs.release-prepare.outputs.release_version }}
generate-docker: true
java-version: ${{ github.event.inputs.java-version }}
artifact-suffix: ${{ github.event.inputs.artifact-suffix }}
permissions:
contents: read
packages: write
# Deployment - standard deployment phase for Docker images and NPM
deployment:
name: Deployment
needs: [ release-prepare, initialize, build ]
if: always() && !failure() && !cancelled()
uses: ./.github/workflows/cicd_comp_deployment-phase.yml
with:
environment: 'release'
tag-identifier: ${{ needs.release-prepare.outputs.release_version }}
omit-environment-prefix: true
artifact-run-id: ${{ github.run_id }}
latest: ${{ needs.release-prepare.outputs.is_latest == 'true' }}
deploy-cli: true
deploy-dev-image: true
publish-npm-cli: false
publish-npm-sdk-libs: false
java-version: ${{ github.event.inputs.java-version }}
artifact-suffix: ${{ github.event.inputs.artifact-suffix }}
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
EE_REPO_USERNAME: ${{ secrets.EE_REPO_USERNAME }}
EE_REPO_PASSWORD: ${{ secrets.EE_REPO_PASSWORD }}
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
DEV_REQUEST_TOKEN: ${{ secrets.DEV_REQUEST_TOKEN }}
# Release - release-specific operations (Artifactory, Javadocs, Plugins, SBOM, Labels)
# Waits for deployment to complete to safely update labels only if both succeed
release:
name: Release
needs: [ release-prepare, initialize, build, deployment ]
if: always() && !failure() && !cancelled()
uses: ./.github/workflows/cicd_comp_release-phase.yml
with:
release_version: ${{ needs.release-prepare.outputs.release_version }}
release_tag: ${{ needs.release-prepare.outputs.release_tag }}
artifact_run_id: ${{ github.run_id }}
deploy_artifact: ${{ github.event.inputs.deploy_artifact == 'true' }}
upload_javadocs: ${{ github.event.inputs.upload_javadocs == 'true' }}
update_plugins: ${{ github.event.inputs.update_plugins == 'true' }}
update_github_labels: ${{ github.event.inputs.update_github_labels == 'true' }}
java-version: ${{ github.event.inputs.java-version }}
artifact-suffix: ${{ github.event.inputs.artifact-suffix }}
secrets:
EE_REPO_USERNAME: ${{ secrets.EE_REPO_USERNAME }}
EE_REPO_PASSWORD: ${{ secrets.EE_REPO_PASSWORD }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CI_MACHINE_TOKEN: ${{ secrets.CI_MACHINE_TOKEN }}
# Release Notes - AI-generated changelog for the GitHub release description
# Runs after the release job succeeds; non-blocking for finalize/report
release-notes:
name: Release Notes
needs: [ release-prepare, release ]
if: success()
uses: ./.github/workflows/cicd_comp_ai-release-notes-phase.yml
with:
release_tag: ${{ needs.release-prepare.outputs.release_tag }}
allow_failure: true
secrets:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
CI_MACHINE_TOKEN: ${{ secrets.CI_MACHINE_TOKEN }}
# Finalize - standard finalization phase (required for phase pattern)
finalize:
name: Finalize
if: always()
needs: [ initialize, build, deployment, release ]
uses: ./.github/workflows/cicd_comp_finalize-phase.yml
with:
artifact-run-id: ${{ github.run_id }}
needsData: ${{ toJson(needs) }}
# Report - send release notification to Slack
report:
name: Report
runs-on: ubuntu-${{ vars.UBUNTU_RUNNER_VERSION || '24.04' }}
needs: [ release-prepare, deployment, finalize ]
if: always()
steps:
- name: Checkout core
uses: actions/checkout@v4
with:
ref: main
- uses: ./.github/actions/core-cicd/cleanup-runner
- name: Slack Notification
uses: rtCamp/action-slack-notify@v2
env:
SLACK_WEBHOOK: ${{ secrets.RELEASE_SLACK_WEBHOOK }}
SLACK_USERNAME: dotBot
SLACK_TITLE: "Important news!"
SLACK_MSG_AUTHOR: " "
MSG_MINIMAL: true
SLACK_FOOTER: ""
SLACK_ICON: https://avatars.slack-edge.com/temp/2021-12-08/2830145934625_e4e464d502865ff576e4.png
SLACK_MESSAGE: "<!channel> This automated script is excited to announce the release of a new version of dotCMS `${{ needs.release-prepare.outputs.release_version }}` :rocket:\n:docker: Produced images: [${{ needs.deployment.outputs.formatted_tags || needs.deployment.outputs.docker_tags }}]"
if: success() && github.event.inputs.notify_slack == 'true'