Consolidate releases

.github/workflows/deployToAWS.yml

@@ -1,11 +1,33 @@
 name: "Publish to SNS Topic: Triggers Deployment to AWS"
 
 on:
+  workflow_call:
+    inputs:
+      DEPLOYMENT_ENVIRONMENT:
+        description: 'Environment'
+        type: string
+        required: true
+      targetCommitRef:
+        description: 'Commit ref to deploy'
+        type: string
+        default: 'main'
+    secrets:
+      AWS_REGION:
+        required: true
+      AWS_TOPIC_ARN:
+        required: true
+      AWS_ACCESS_KEY_ID:
+        required: true
+      AWS_SECRET_ACCESS_KEY:
+        required: true
   workflow_dispatch:
     inputs:
       DEPLOYMENT_ENVIRONMENT:
         description: 'Environment'
         required: true
+      targetCommitRef:
+        description: 'Commit ref to deploy'
+        default: 'main'
 
 jobs:
   setup:
@@ -29,4 +51,5 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           DEPLOYMENT_ENVIRONMENT: ${{ inputs.DEPLOYMENT_ENVIRONMENT }}
+          TARGET_COMMIT_REF: ${{ inputs.targetCommitRef }}
         run: python tools/aws_sns_publish_topic.py

.github/workflows/pass-java-release.yml

@@ -0,0 +1,231 @@
+name: Perform release for PASS Java projects
+
+# Java project releases are grouped together in this workflow because of their dependency
+# hierarchy. Building the projects together in the same workflow (on the same runner)
+# allows local dependency resolution, avoiding having to wait for syncing with Maven
+# Central.
+# 
+# We avoid having to duplicate secrets with a single workflow as well.
+
+# TODO: How are we going to get the correct credentials to push to other Java repos?
+# For this repo, we can easily use secrets.GITHUB_TOKEN, provided automatically to the
+# workflow. This token is assotiated with the user that manually triggers the workflow,
+# but is scope-limited to only the repository that hosts the workflow. Manipulation
+# other repositories will need credentials to be provided (a username/PAT).
+# Should we include documentation for the release manager to create a short-lived PAT 
+# then update the TOKEN secret?
+
+on:
+  workflow_call:
+    inputs:
+      repository:
+        description: 'org/repo name of the repository to release (e.g. eclipse-pass/pass-core)'
+        type: string
+        required: true
+      releaseversion:
+        description: 'Release version (e.g. 0.7.0)'
+        type: string
+        required: true
+      nextversion:
+        description: 'Next dev version (e.g. 0.8.0-SNAPSHOT)'
+        type: string
+        required: true
+    secrets:
+      MAVEN_GPG_KEY:
+        required: true
+      MAVEN_GPG_PASSPHRASE:
+        required: true
+      OSSRH_USERNAME:
+        required: true
+      OSSRH_PASSWORD:
+        required: true
+      # GH_PAT:
+      #   description: Token needed for pushing commits to various PASS Java repositories
+      #   required: true
+
+env:
+  RELEASE: ${{ inputs.releaseversion }}
+  NEXT: ${{ inputs.nextversion }}
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    steps:
+      # Setup
+      - name: Config git user
+        run: |
+          git config --global user.name ${{ github.actor }}
+          git config --global user.email "${{ github.actor }}@users.noreply.github.com"
+
+      - name: Setup Java & Maven
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: 'temurin'
+          server-id: ossrh
+          server-username: MAVEN_USERNAME
+          server-pasword: MAVEN_PASSWORD
+          gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }}
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
+
+      - name: Login to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # =============================================================================
+      # main
+      # =============================================================================
+      - name: Checkout 'main'
+        uses: actions/checkout@v3
+        with:
+          repository: eclipse-pass/main
+          path: main
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Publish release
+        run: | # Newlines for readability
+          mvn -B -U -V -ntp release:prepare \
+            -DreleaseVersion=$RELEASE \
+            -Dtag=$RELEASE \
+            -DdevelopmentVersion=$NEXT \
+            -DautoVersionSubmodules=true 
+          mvn -B -U -V -ntp release:perform -P release
+        env:
+          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+
+      - name: Build and publish new dev version
+        run: mvn -B -U -V -ntp deploy -P release
+        env:
+          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+
+      - name: Push release plugin commits
+        if: github.ref_type == 'branch' && github.ref_protected == false
+        run: git push origin ${{ github.ref_name }}
+
+      - name: Push new release tag GH
+        run: git push origin --tags
+
+      # =============================================================================
+      # pass-core
+      # =============================================================================
+      - name: Checkout pass-core
+        uses: actions/checkout@v3
+        with:
+          repository: eclipse-pass/pass-core
+          path: pass-core
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      # Version:update-parent will grab the latest specified release (non-snapshot)
+      - name: Bump version to release
+        run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$RELEASE
+
+      - name: Commit release version bump
+        uses: EndBug/add-and-commit@v9
+        with:
+          add: pom.xml **/pom.xml
+          message: "Update parent version to release"
+
+      - name: Publish release
+        run: |
+          mvn -B -U -V -ntp release:prepare \
+            -DreleaseVersion=$RELEASE \
+            -Dtag=$RELEASE \
+            -DdevelopmentVersion=$NEXT \
+            -DautoVersionSubmodules=true 
+          mvn -B -U -V -ntp release:perform -P release
+        env:
+          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+
+      # Project & submodule POMs already updated to correct dev version
+      # But reference to parent POM (eclipse-pass-parent) needs to be updated
+      - name: Update parent POM to new dev version
+        run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$NEXT -DallowSnapshots=true
+
+      - name: Commit snapshot version bump and push commits
+        uses: EndBug/add-and-commit@v9
+        with:
+          add: pom.xml **/pom.xml
+          message: "Update parent version to next development version"
+          push: true
+
+      # Will produce a new Docker image for the new dev version
+      - name: Build and publish new dev version
+        run: mvn -B -U -V -ntp deploy -P release
+        env:
+          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+
+      - name: Push new release tag GH
+        run: git push origin --tags
+
+      - name: Push Docker image to GHCR
+        run: |
+          docker push ghcr.io/eclipse-pass/pass-core-main:$RELEASE
+          docker push ghcr.io/eclipse-pass/pass-core-main:$NEXT
+
+      # =============================================================================
+      # pass-support
+      # =============================================================================
+      - name: Checkout pass-support
+        uses: actions/checkout@v3
+        with:
+          repository: eclipse-pass/pass-support
+          path: pass-support
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      # Version:update-parent will grab the latest specified release (non-snapshot)
+      - name: Bump version to release
+        run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$RELEASE
+
+      - name: Commit release version bump
+        uses: EndBug/add-and-commit@v9
+        with:
+          add: pom.xml **/pom.xml
+          message: "Update parent version to release"
+
+      - name: Publish release
+        run: |
+          mvn -B -U -V -ntp release:prepare \
+            -DreleaseVersion=$RELEASE \
+            -Dtag=$RELEASE \
+            -DdevelopmentVersion=$NEXT \
+            -DautoVersionSubmodules=true 
+          mvn -B -U -V -ntp release:perform -P release
+        env:
+          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+
+      # Project & submodule POMs already updated to correct dev version
+      # But reference to parent POM (eclipse-pass-parent) needs to be updated
+      - name: Update parent POM to new dev version
+        run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$NEXT -DallowSnapshots=true
+
+      - name: Commit snapshot version bump and push commits
+        uses: EndBug/add-and-commit@v9
+        with:
+          add: pom.xml **/pom.xml
+          message: "Update parent version to next development version"
+          push: true
+
+      # Will produce a new Docker image for the new dev version
+      - name: Build and publish new dev version
+        run: mvn -B -U -V -ntp deploy -P release
+        env:
+          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+
+      - name: Push new release tag GH
+        run: git push origin --tags

tools/aws_sns_publish_topic.py

@@ -7,8 +7,9 @@
 TOPIC_ARN = os.getenv('AWS_TOPIC_ARN')
 DEPLOYMENT_ENVIRONMENT = os.getenv('DEPLOYMENT_ENVIRONMENT')
 REGION=os.getenv('AWS_REGION')
+COMMIT_REF = os.getenv('TARGET_COMMIT_REF')
 
-MESSAGE = {"action": "DeployStart", "commitRef": "main", "deployEnv": DEPLOYMENT_ENVIRONMENT}
+MESSAGE = {"action": "DeployStart", "commitRef": COMMIT_REF, "deployEnv": DEPLOYMENT_ENVIRONMENT}
 
 client = boto3.client('sns',
     region_name=REGION,