Release Automation #12

Workflow file for this run

.github/workflows/release-automation.yaml at 543ee3e

	# SPDX-License-Identifier: Apache-2.0
	name: Release Automation

	on:
	workflow_dispatch:
	inputs:
	version:
	description: "Version (semver)"
	required: true

	permissions:
	contents: write
	actions: write

	defaults:
	run:
	shell: bash

	jobs:
	release:
	name: Release
	runs-on: block-node-linux-medium
	env:
	RELEASE_NOTES_FILENAME: release_notes
	outputs:
	create_pr: ${{ env.CREATE_PR }}
	next_version_snapshot: ${{ env.NEXT_VERSION_SNAPSHOT }}
	pr_title: ${{ env.PR_TITLE }}
	release_branch: ${{ env.RELEASE_BRANCH }}

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
	with:
	egress-policy: audit

	- name: Parse Version
	id: version_parser
	uses: step-security/semver-utils@a24a84bec134bf99b85937a44b58cc9a1d268edd # v4.3.0
	with:
	lenient: false
	version: ${{ github.event.inputs.version }}

	- name: Set Release Environment Variables
	run: \|
	PREMINOR_VERSION=${{ steps.version_parser.outputs.inc-preminor }}
	NEXT_VERSION_SNAPSHOT=${PREMINOR_VERSION//-0/-SNAPSHOT}
	RELEASE_BRANCH="release/${{ steps.version_parser.outputs.major }}.${{ steps.version_parser.outputs.minor }}"
	[[ -z "${{ steps.version_parser.outputs.prerelease }}" ]] && \
	VERSION=${{ steps.version_parser.outputs.release }} \|\| \
	VERSION="${{ steps.version_parser.outputs.release }}-${{ steps.version_parser.outputs.prerelease }}"
	RELEASE_TAG="v${VERSION}"

	cat >> $GITHUB_ENV <<EOF
	NEXT_VERSION_SNAPSHOT=$NEXT_VERSION_SNAPSHOT
	RELEASE_BRANCH=$RELEASE_BRANCH
	RELEASE_TAG=$RELEASE_TAG
	VERSION=$VERSION
	EOF

	- name: Checkout Repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	fetch-depth: 0
	ref: main
	token: ${{ secrets.GH_ACCESS_TOKEN }}
	persist-credentials: "true"

	- name: Import GPG Key
	id: gpg_importer
	uses: step-security/ghaction-import-gpg@6c8fe4d0126a59d57c21f87c9ae5dd3451fa3cca # v6.1.0
	with:
	git_commit_gpgsign: true
	git_tag_gpgsign: true
	git_user_signingkey: true
	gpg_private_key: ${{ secrets.GPG_KEY_CONTENTS }}
	passphrase: ${{ secrets.GPG_KEY_PASSPHRASE }}

	- name: Install JDK
	uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
	with:
	distribution: "temurin"
	java-version: "21.0.5"

	- name: Setup Gradle
	uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2

	- name: Create and Switch to Release Branch
	run: \|
	git fetch origin
	if ! git ls-remote --exit-code --heads --quiet origin refs/heads/${RELEASE_BRANCH}; then
	git checkout -b ${RELEASE_BRANCH}
	git push -u origin ${RELEASE_BRANCH}

	# create a PR to bump main branch to the next snapshot version
	echo "CREATE_PR=true" >> $GITHUB_ENV
	echo "PR_TITLE=chore(release): Bump versions for v$NEXT_VERSION_SNAPSHOT" >> $GITHUB_ENV
	else
	git checkout ${RELEASE_BRANCH}
	fi

	# task is currently failing due to needing credentials.username for PublishToMavenRepository task
	#- name: Gradle Release
	# run: ./gradlew release -Pversion=${{ env.VERSION }}

	- name: Bump Version
	run: ./gradlew bumpVersion -Pversion=${{ env.VERSION }}

	- name: Close the Milestone
	if: ${{ steps.version_parser.outputs.prerelease == '' }}
	id: milestone
	uses: step-security/close-milestone@2ec61fc36f20d36256b3652d302aa89fd4ca2abf # v2.1.0
	with:
	milestone_name: ${{ steps.version_parser.outputs.release }}
	env:
	GITHUB_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}

	- name: Create Release Notes
	if: ${{ steps.milestone.outputs.milestone_id != '' }}
	uses: step-security/release-notes-generator-action@d7cdbb310d4aab8d98f273f4ae20fdd7cb055799 # v3.1.6
	env:
	FILENAME: ${{ env.RELEASE_NOTES_FILENAME }}
	GITHUB_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}
	MILESTONE_NUMBER: ${{ steps.milestone.outputs.milestone_id }}

	- name: Commit and Tag
	uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0
	with:
	commit_author: ${{ steps.gpg_importer.outputs.name }} <${{ steps.gpg_importer.outputs.email }}>
	commit_message: Bump versions for ${{ env.RELEASE_TAG }}
	commit_options: "--no-verify --signoff"
	commit_user_name: ${{ steps.gpg_importer.outputs.name }}
	commit_user_email: ${{ steps.gpg_importer.outputs.email }}
	tagging_message: ${{ env.RELEASE_TAG }}

	- name: Create Github Release
	uses: ncipollo/release-action@cdcc88a9acf3ca41c16c37bb7d21b9ad48560d87 # v1.15.0
	with:
	bodyFile: ${{ env.RELEASE_NOTES_FILENAME }}.md
	commit: ${{ env.RELEASE_BRANCH }}
	draft: ${{ steps.version_parser.outputs.prerelease == '' }}
	name: ${{ env.RELEASE_TAG }}
	omitBody: ${{ steps.milestone.outputs.milestone_id == '' }}
	prerelease: ${{ steps.version_parser.outputs.prerelease != '' }}
	tag: ${{ env.RELEASE_TAG }}
	token: ${{ secrets.GH_ACCESS_TOKEN }}

	create_pr:
	name: Create PR
	runs-on: block-node-linux-medium
	needs: release
	if: ${{ needs.release.outputs.create_pr == 'true' }}
	env:
	NEXT_VERSION_SNAPSHOT: ${{ needs.release.outputs.next_version_snapshot }}
	RELEASE_BRANCH: ${{ needs.release.outputs.release_branch }}

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
	with:
	egress-policy: audit

	- name: Checkout Repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	fetch-depth: 0
	ref: main
	token: ${{ secrets.GH_ACCESS_TOKEN }}

	- name: Import GPG Key
	id: gpg_importer
	uses: step-security/ghaction-import-gpg@6c8fe4d0126a59d57c21f87c9ae5dd3451fa3cca # v6.1.0
	with:
	git_commit_gpgsign: true
	git_tag_gpgsign: true
	git_user_signingkey: true
	gpg_private_key: ${{ secrets.GPG_KEY_CONTENTS }}
	passphrase: ${{ secrets.GPG_KEY_PASSPHRASE }}

	- name: Install JDK
	uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
	with:
	distribution: "temurin"
	java-version: "21.0.5"

	- name: Setup Gradle
	uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2

	- name: Reset main to release branch
	run: \|
	git fetch origin $RELEASE_BRANCH:$RELEASE_BRANCH
	git reset --hard $RELEASE_BRANCH

	- name: Gradle Release for Next Minor Snapshot
	run: ./gradlew bumpVersion -Pversion=${{ env.NEXT_VERSION_SNAPSHOT }}

	- name: Create Pull Request
	uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
	with:
	author: ${{ steps.gpg_importer.outputs.name }} <${{ steps.gpg_importer.outputs.email }}>
	body: Bump versions for v${{ env.NEXT_VERSION_SNAPSHOT }}
	branch: create-pull-request/${{ env.RELEASE_BRANCH }}
	commit-message: Bump versions for v${{ env.NEXT_VERSION_SNAPSHOT }}
	committer: ${{ steps.gpg_importer.outputs.name }} <${{ steps.gpg_importer.outputs.email }}>
	delete-branch: true
	signoff: true
	title: ${{ needs.release.outputs.pr_title }}
	token: ${{ secrets.GH_ACCESS_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release Automation #12

Workflow file

Release Automation #12

Jobs

Run details

Workflow file for this run