From 961ed73ac58c99203178f407203c4f3707bad39e Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Sat, 9 Dec 2023 23:57:35 +0100 Subject: [PATCH 1/3] feat: use jreleaser for assembling and publishing the release --- .github/actions/increase-semver/action.yml | 29 ++++ .../increase-semver/increase_semver.py | 26 +++ .../actions/increase-semver/requirements.txt | 1 + .github/release-drafter.yml | 1 - .github/workflows/release-drafter.yml | 29 ---- .github/workflows/release.yml | 151 ++++++++++-------- .gitignore | 1 + pom.xml | 2 +- 8 files changed, 143 insertions(+), 97 deletions(-) create mode 100644 .github/actions/increase-semver/action.yml create mode 100644 .github/actions/increase-semver/increase_semver.py create mode 100644 .github/actions/increase-semver/requirements.txt delete mode 100644 .github/release-drafter.yml delete mode 100644 .github/workflows/release-drafter.yml diff --git a/.github/actions/increase-semver/action.yml b/.github/actions/increase-semver/action.yml new file mode 100644 index 0000000..a18c173 --- /dev/null +++ b/.github/actions/increase-semver/action.yml @@ -0,0 +1,29 @@ +name: 'Increase semantic version' +description: 'Increases ' +inputs: + current-version: + description: 'The current semantic version string' + required: true + version-fragment: + description: 'The version fragment to increase' + required: false + default: 'minor' +outputs: + next-version: + description: "The next semantic version string with the specific fragment being increased" + value: ${{ steps.increase-semver.outputs.next-version }} +runs: + using: "composite" + steps: + - uses: actions/setup-python@b64ffcaf5b410884ad320a9cfac8866006a109aa # v4.8.0 + with: + python-version: '3.10' + cache: 'pip' + - shell: bash + run: pip install -r $GITHUB_ACTION_PATH/requirements.txt + - id: increase-semver + shell: bash + run: | + NEXT_VERSION=$(cd $GITHUB_ACTION_PATH && python increase_semver.py ${{ inputs.current-version }} ${{ inputs.version-fragment }}) + echo "Next Version: $NEXT_VERSION" + echo "next-version=${NEXT_VERSION}" >> $GITHUB_OUTPUT diff --git a/.github/actions/increase-semver/increase_semver.py b/.github/actions/increase-semver/increase_semver.py new file mode 100644 index 0000000..c6d4f0b --- /dev/null +++ b/.github/actions/increase-semver/increase_semver.py @@ -0,0 +1,26 @@ +# ******************************************************************************* +# Copyright (c) 2023 Eclipse Foundation and others. +# This program and the accompanying materials are made available +# under the terms of the MIT License +# which is available at https://spdx.org/licenses/MIT.html +# SPDX-License-Identifier: MIT +# ******************************************************************************* + +import sys +from semver.version import Version + + +def run(current_version: str, version_fragment: str) -> None: + v = Version.parse(current_version) + print(str(v.next_version(part=version_fragment))) + + +if __name__ == "__main__": + args = sys.argv[1:] + + if len(args) != 2: + print("Error: Need to provide 2 arguments: 'current-version' and 'version-fragment'.") + exit(1) + + run(args[0], args[1]) + exit(0) diff --git a/.github/actions/increase-semver/requirements.txt b/.github/actions/increase-semver/requirements.txt new file mode 100644 index 0000000..cdd56f2 --- /dev/null +++ b/.github/actions/increase-semver/requirements.txt @@ -0,0 +1 @@ +semver==3.0.2 diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml deleted file mode 100644 index ad06f98..0000000 --- a/.github/release-drafter.yml +++ /dev/null @@ -1 +0,0 @@ -_extends: .github \ No newline at end of file diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml deleted file mode 100644 index 5df00cf..0000000 --- a/.github/workflows/release-drafter.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: Release Drafter - -on: - push: - # branches to consider in the event; optional, defaults to all - branches: - - main - # pull_request event is required only for autolabeler - pull_request: - # Only following types are handled by the action, but one can default to all as well - types: [opened, reopened, synchronize] - -permissions: - contents: write - pull-requests: read - -jobs: - update_release_draft: - runs-on: ubuntu-latest - # don't run this workflow in forks - if: github.repository == 'eclipse-cbi/macos-notarization-service' - steps: - # Drafts your next Release notes as Pull Requests are merged into "master" - - uses: release-drafter/release-drafter@v5 - # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml - # with: - # config-name: my-config.yml - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d24b025..73e1da9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,31 +1,42 @@ name: Release on: workflow_dispatch: + inputs: + version: + description: 'Release version' + required: true + version-fragment: + description: 'Version fragment to increase for next development cycle' + required: false + default: 'minor' env: BOT_USER_NAME: eclipse-cbi-bot BOT_EMAIL: cbi-bot@eclipse.org - JAVA_VERSION: '17' + JAVA_VERSION: 17 JAVA_DISTRO: 'temurin' concurrency: group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -permissions: # added using https://github.com/step-security/secure-repo - contents: read + cancel-in-progress: false jobs: - build: - runs-on: ubuntu-latest - # don't run this workflow in forks - if: github.repository == 'eclipse-cbi/macos-notarization-service' + precheck: + runs-on: ubuntu-22.04 permissions: contents: write + if: github.repository == 'netomi/macos-notarization-service' outputs: - tag: ${{ steps.retrieve-tag.outputs.tag }} - hash: ${{ steps.hash.outputs.hash }} + release-version: ${{ steps.prepare-release.outputs.RELEASE_VERSION }} steps: + - name: Check ref + shell: bash + run: | + if [ "${{ github.ref }}" != "refs/heads/main" ]; then + echo "Release shall only be made from 'main' branch, triggered branch '${{ github.ref_name }}', aborting." + exit 1 + fi + - name: Setup Git User run: | git config --global user.name '${{ env.BOT_USER_NAME }}' @@ -34,6 +45,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ github.ref }} + fetch-depth: 0 - name: Setup Java uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 @@ -42,70 +54,77 @@ jobs: distribution: ${{ env.JAVA_DISTRO }} cache: maven - - name: Build Release - run: | - ./mvnw -ntp -B -Prelease release:clean release:prepare -Dmaven.test.skip=true - ./mvnw -ntp -B -Pdist -Prelease -Psbom release:perform -Darguments="-Dmaven.deploy.skip=true" -Dgoals=package - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - id: retrieve-tag + - name: Prepare release + id: prepare-release + shell: bash run: | - echo "tag=$(git describe --tags --abbrev=0)" >> "$GITHUB_OUTPUT" - - - if: cancelled() || failure() - run: ./mvnw -B -Prelease release:rollback - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Generate hashes used for provenance. - - name: generate hash - id: hash - run: cd target/checkout/target/distributions && echo "hash=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT - - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - with: - path: target/checkout/target/distributions + PROJECT_VERSION="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" + RELEASE_VERSION="${{ github.event.inputs.version }}" + echo "PROJECT_VERSION=$(echo $PROJECT_VERSION)" >> $GITHUB_OUTPUT + echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT + + echo "Project version: $PROJECT_VERSION" + echo "Release version: $RELEASE_VERSION" + + if git show-ref --tags --verify --quiet "refs/tags/v${RELEASE_VERSION}"; then + echo "Release Tag 'v${RELEASE_VERSION}' already exists, aborting." + exit 1 + fi + + if [ "$PROJECT_VERSION" != "$RELEASE_VERSION" ]; then + ./mvnw -B versions:set versions:commit -DnewVersion=$RELEASE_VERSION + git commit -a -m "Releasing version $RELEASE_VERSION" + git push origin ${{ github.ref }} + fi - update_release_draft: - needs: ['build'] + release: + needs: ['precheck'] permissions: contents: write - pull-requests: read - runs-on: ubuntu-latest - steps: - # Update the release notes for the released version - - uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5.25.0 - with: - tag: ${{ needs.build.outputs.tag }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - provenance: - needs: ['build'] - permissions: actions: read + packages: write id-token: write - contents: write - # Can't pin with hash due to how this workflow works. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 + uses: jreleaser/release-action/.github/workflows/builder_slsa3.yml@java with: - base64-subjects: ${{ needs.build.outputs.hash }} + project-version: ${{ needs.precheck.outputs.release-version }} + branch: ${{ github.ref_name }} + jreleaser-version: '1.9.0' + java-version: 17 + java-distribution: 'temurin' + rekor-log-public: true + secrets: + github-token: ${{ secrets.GITHUB_TOKEN }} - upload-artifacts: - # Upload the distribution and provenance to a GitHub release. They remain - # available as build artifacts for a while as well. - needs: ['build', 'provenance', 'update_release_draft'] - runs-on: ubuntu-latest + prepare-for-next-development-cycle: + runs-on: ubuntu-22.04 + needs: ['precheck', 'release'] permissions: contents: write steps: - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 - - name: upload artifacts to release - run: > - gh release upload --repo ${{ github.repository }} - ${{ needs.build.outputs.tag }} - *.intoto.jsonl/* artifact/* - env: - GH_TOKEN: ${{ github.token }} + - name: Setup Git User + run: | + git config --global user.name '${{ env.BOT_USER_NAME }}' + git config --global user.email '${{ env.BOT_EMAIL }}' + + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ github.ref }} + + - name: Setup Java + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + with: + java-version: ${{ env.JAVA_VERSION }} + distribution: ${{ env.JAVA_DISTRO }} + cache: maven + + - id: increase-semver + uses: ./.github/actions/increase-semver + with: + current-version: ${{ needs.precheck.outputs.release-version }} + version-fragment: ${{ github.event.inputs.version-fragment }} + - name: Update next development version in POMs + run: | + ./mvnw -B versions:set versions:commit -DnewVersion=${{ steps.increase-semver.outputs.next-version }}-SNAPSHOT -DgenerateBackupPoms=false + git commit -a -m "Prepare for next development cycle" + git push origin ${{ github.ref }} diff --git a/.gitignore b/.gitignore index 2f6ab54..8531c88 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,7 @@ .classpath .settings/ bin/ +out/ # IntelliJ .idea diff --git a/pom.xml b/pom.xml index c89c20c..119b1e7 100644 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,7 @@ UTF-8 UTF-8 - 1698421459 + 1702162494 17 17 true From 6c83dcdc6df8f659cea8aaf0e17af8d59752224f Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Sun, 10 Dec 2023 00:05:23 +0100 Subject: [PATCH 2/3] Fix owner --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 73e1da9..a618809 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-22.04 permissions: contents: write - if: github.repository == 'netomi/macos-notarization-service' + if: github.repository == 'eclipse-cbi/macos-notarization-service' outputs: release-version: ${{ steps.prepare-release.outputs.RELEASE_VERSION }} steps: From c850f58f853e6aa9289b5699326faad6deedc9fb Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Sun, 10 Dec 2023 09:12:53 +0100 Subject: [PATCH 3/3] Make version fragment a choice input. --- .github/workflows/release.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a618809..a4cad4c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,8 +7,13 @@ on: required: true version-fragment: description: 'Version fragment to increase for next development cycle' - required: false + required: true default: 'minor' + type: choice + options: + - major + - minor + - patch env: BOT_USER_NAME: eclipse-cbi-bot