👷 refactor workflow files for improved readability and organization

Author: techouse

.github/workflows/codacy.yml

@@ -2,46 +2,35 @@ name: Codacy Security Scan
 
 on:
   push:
-    branches: [ "main" ]
+    branches:
+      - main
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "main" ]
+    branches:
+      - main
   schedule:
     - cron: '35 11 * * 0'
-
 permissions:
   contents: read
-
 jobs:
   codacy-security-scan:
     permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+      contents: read
+      security-events: write
+      actions: read
     name: Codacy Security Scan
     runs-on: ubuntu-latest
     steps:
-      # Checkout the repository to the GitHub Actions runner
       - name: Checkout code
         uses: actions/checkout@v4
-
-      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
       - name: Run Codacy Analysis CLI
         uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
         with:
-          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
-          # You can also omit the token and run the tools that support default configurations
           project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
           verbose: true
           output: results.sarif
           format: sarif
-          # Adjust severity of non-security issues
           gh-code-scanning-compat: true
-          # Force 0 exit code to allow SARIF file generation
-          # This will handover control about PR rejection to the GitHub side
           max-allowed-issues: 2147483647
-
-      # Upload the SARIF file generated in the previous step
       - name: Upload SARIF results file
         uses: github/codeql-action/upload-sarif@v3
         with:

.github/workflows/publish.yml

@@ -4,47 +4,80 @@ on:
   push:
     tags:
       - 'v[0-9]+.[0-9]+.[0-9]+*'
-
-permissions: read-all
-
+permissions:
+  contents: read
 jobs:
   test:
     uses: ./.github/workflows/test.yml
     secrets: inherit
   publish:
     needs: test
-    name: Publish (Maven Central)
+    name: Publish
     permissions:
       id-token: write
     runs-on: ubuntu-latest
     environment: maven
-
     env:
       ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
       ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
       ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.SIGNING_KEY }}
       ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SIGNING_PASSWORD }}
-
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-
       - name: Validate Gradle Wrapper
         uses: gradle/actions/wrapper-validation@v4
-
       - name: Set up JDK 17
         uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: '17'
           cache: 'gradle'
-
       - name: Show Java and Gradle versions
         run: |
           java -version
           ./gradlew --version
-
       - name: Publish to Sonatype (staging) and release
         run: ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository --stacktrace
+  release:
+    needs:
+      - test
+      - publish
+    name: Github Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: Get name, version, and group from Gradle files
+        id: get_version_and_name
+        run: |
+          set -e
+          VERSION=$(awk -F'"' '/^[[:space:]]*version[[:space:]]*=/ { print $2; exit }' build.gradle.kts)
+          GROUP=$(awk -F'"' '/^[[:space:]]*group[[:space:]]*=/ { print $2; exit }' build.gradle.kts)
+          NAME=$(awk -F'"' '/^[[:space:]]*rootProject\.name[[:space:]]*=/ { print $2; exit }' settings.gradle.kts)
+          echo "VERSION=$VERSION" >> $GITHUB_ENV
+          echo "GROUP=$GROUP" >> $GITHUB_ENV
+          echo "NAME=$NAME" >> $GITHUB_ENV
+      - name: Create tag-specific CHANGELOG
+        id: create_changelog
+        run: |
+          set -e
+          CHANGELOG_PATH=$RUNNER_TEMP/CHANGELOG.md
+          awk '/^##[[:space:]].*/ { if (count == 1) exit; count++; print } count == 1 && !/^##[[:space:]].*/ { print }' CHANGELOG.md | sed -e :a -e '/^\n*$/{$d;N;ba' -e '}' > $CHANGELOG_PATH
+          echo -en "\n[https://central.sonatype.com/artifact/$GROUP/$NAME/$VERSION](https://central.sonatype.com/artifact/$GROUP/$NAME/$VERSION)" >> $CHANGELOG_PATH
+          echo "CHANGELOG_PATH=$CHANGELOG_PATH" >> $GITHUB_ENV
+      - name: Create release
+        id: create_release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: ${{ env.VERSION }}
+          tag_name: v${{ env.VERSION }}
+          body_path: ${{ env.CHANGELOG_PATH }}
+      - name: Clean up
+        id: clean_up
+        if: ${{ always() }}
+        run: |
+          rm -rf $CHANGELOG_PATH

.github/workflows/test.yml

@@ -1,8 +1,5 @@
 name: Test
 
-permissions:
-  contents: read
-
 on:
   push:
     branches:
@@ -11,34 +8,29 @@ on:
     branches:
       - main
   workflow_call:
-
+permissions:
+  contents: read
 concurrency:
   group: test-${{ github.ref }}
   cancel-in-progress: true
-
 jobs:
   style:
     name: Code style (ktfmt) + Gradle cache
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-
       - name: Validate Gradle Wrapper
         uses: gradle/actions/wrapper-validation@v4
-
       - name: Set up JDK 17
         uses: actions/setup-java@v4
         with:
           distribution: temurin
           java-version: '17'
-
       - name: Setup Gradle (with caching)
         uses: gradle/actions/setup-gradle@v4
-
       - name: Run ktfmtCheck (qs-kotlin)
         run: ./gradlew :qs-kotlin:ktfmtCheck --stacktrace
-
   jvm-tests:
     name: JVM tests (Java ${{ matrix.java }})
     runs-on: ubuntu-latest
@@ -49,26 +41,20 @@ jobs:
         java:
           - '17'
           - '21'
-
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-
       - name: Validate Gradle Wrapper
         uses: gradle/actions/wrapper-validation@v4
-
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
           distribution: temurin
           java-version: ${{ matrix.java }}
-
       - name: Setup Gradle (with caching)
         uses: gradle/actions/setup-gradle@v4
-
       - name: Run JVM tests
         run: ./gradlew :qs-kotlin:clean :qs-kotlin:test :qs-kotlin:jacocoTestReport --stacktrace
-
       - name: Upload test results
         uses: codecov/codecov-action@v5
         with:
@@ -77,35 +63,27 @@ jobs:
           name: qs-kotlin-jvm-${{ matrix.java }}
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-
   android-aar:
     name: Android AAR (AGP) + unit tests
     runs-on: ubuntu-latest
     needs: style
-
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-
       - name: Validate Gradle Wrapper
         uses: gradle/actions/wrapper-validation@v4
-
       - name: Set up JDK 17
         uses: actions/setup-java@v4
         with:
           distribution: temurin
           java-version: '17'
-
       - name: Set up Android SDK
         uses: android-actions/setup-android@v3
         with:
           accept-android-sdk-licenses: true
           log-accepted-android-sdk-licenses: true
           packages: 'platform-tools'
-
       - name: Setup Gradle (with caching)
         uses: gradle/actions/setup-gradle@v4
-
       - name: Assemble AAR + run unit tests
-        run: |
-          ./gradlew :qs-kotlin-android:assembleRelease :qs-kotlin-android:testReleaseUnitTest --stacktrace
+        run: ./gradlew :qs-kotlin-android:assembleRelease :qs-kotlin-android:testReleaseUnitTest --stacktrace