Skip to content

Release

Release #62

Workflow file for this run

# Copyright (C) 2021 The Authors of CEL-Java
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Release
on:
# Manually triggered
workflow_dispatch:
inputs:
releaseVersion:
description: 'The version to release - e.g. `0.5.0`'
required: true
nextVersion:
description: 'The NEXT version to release - e.g. `0.6.0` without the -SNAPSHOT suffix'
required: true
jobs:
release:
name: Release
runs-on: ubuntu-latest
env:
GIT_TAG: v${{ github.event.inputs.releaseVersion }}
RELEASE_VERSION: ${{ github.event.inputs.releaseVersion }}
NEXT_VERSION: ${{ github.event.inputs.nextVersion }}
steps:
- name: Check parameters
run: |
if [[ ${RELEASE_VERSION} =~ ^[0-9]+[.][0-9.]*[0-9](-[a-zA-Z0-9]+)?$ ]]; then
echo "Parameter check for 'releaseVersion' OK"
else
echo "Parameter check for 'releaseVersion' failed"
exit 1
fi
if [[ ${NEXT_VERSION} =~ ^[0-9]+[.][0-9.]*[0-9](-[a-zA-Z0-9]+)?$ ]]; then
echo "Parameter check for 'nextVersion' OK"
else
echo "Parameter check for 'nextVersion' failed"
exit 1
fi
- uses: actions/checkout@v4
with:
fetch-depth: '0'
submodules: 'true'
- name: Check commit status
run: |
echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
SHA=$(git rev-parse HEAD)
gh api repos/projectnessie/cel-java/commits/${SHA}/check-runs --jq 'if ([.check_runs[] | select(.name | endswith("Release") or startswith("Dependabot ") or startswith("codecov/") or startswith("Report") | not ) | .conclusion // "pending" ] | unique == ["success"] or unique == []) then "OK" else error("Commit checks are not OK") end'
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 11
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE
- name: Configure release-bot-user in git config
run: |
git config --global user.email "cel-java-release-noreply@projectnessie.org"
git config --global user.name "CEL-Java Release Workflow [bot]"
- name: Bump to release version
run: echo "${RELEASE_VERSION}" > version.txt
- name: Update README.md
run: |
cp README.md README.md.bak
cat README.md.bak | \
sed "s/<version>.*<\/version>/<version>${RELEASE_VERSION}<\/version>/" | \
sed "s/enforcedPlatform(\"org.projectnessie.cel:\(cel-.*\):.*\")/enforcedPlatform(\"org.projectnessie.cel:\1:${RELEASE_VERSION}\")/" > README.md
rm README.md.bak
- name: Record ${{ github.event.inputs.releaseVersion }} release in git
run: |
git commit -a -m "[release] v${RELEASE_VERSION}"
git tag -f ${GIT_TAG}
- name: Publish to Sonatype
uses: gradle/gradle-build-action@v2
env:
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.OSSRH_ACCESS_ID }}
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.OSSRH_TOKEN }}
with:
cache-read-only: true
arguments: --rerun-tasks --no-watch-fs assemble check publishToMavenLocal -x jmh publishToSonatype closeAndReleaseSonatypeStagingRepository -Prelease
- name: Bump to next development version
run: echo "${NEXT_VERSION}-SNAPSHOT" > version.txt
- name: Record next development version in git
run: git commit -a -m "[release] next development version ${NEXT_VERSION}"
- name: Push tag + branch
run: |
# Push directly using the remote repo URL, which includes the secret so this job can push to the repo
UPSTREAM="https://${{ secrets.NESSIE_BUILDER }}@github.com/${GITHUB_REPOSITORY}.git"
# Move the default auth settings in ~/.gitconfig out of the way, so the git-push can use the token
git config --rename-section http.https://github.com/ http.https://save.github.com/
git push --no-verify "${UPSTREAM}" HEAD:${GITHUB_REF} ${GIT_TAG}
# Move the default auth settings in ~/.gitconfig back
git config --rename-section http.https://save.github.com/ http.https://github.com/
- name: Prepare Release Notes
id: prep_release
run: |
DIR=$(mktemp -d)
NOTES_FILE=${DIR}/release-notes.md
LAST_TAG=$(git describe --abbrev=0 --tags $(git rev-list --tags --skip=1 --max-count=1))
NUM_COMMITS=$(git log --format='format:%h' ${LAST_TAG}..HEAD | wc -l)
git log --perl-regexp --author '^(?!.*dependabot|.*renovate|.*cel-java-release-workflow).*$' --format='format:* %s' ${LAST_TAG}..${GIT_TAG} | grep -v '^\* \[release\] .*$' > ${DIR}/release-log
cat <<EOF > ${NOTES_FILE}
# Version ${RELEASE_VERSION}
${NUM_COMMITS} commits since ${LAST_TAG#v}
## Full Changelog (minus dependabot/renovate commits):
$(cat ${DIR}/release-log)
EOF
echo "NOTES_FILE=${NOTES_FILE}" >> ${GITHUB_ENV}
- name: Create Release in GitHub
run: |
echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
gh release create ${GIT_TAG} --notes-file ${NOTES_FILE} --title "CEL-Java ${RELEASE_VERSION}"