release #58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
# This workflow | |
# - calculates the version number to release | |
# - generates release notes | |
# - releases the library | |
on: | |
repository_dispatch: | |
types: | |
- release | |
concurrency: ci-${{ github.workflow }}-${{ github.ref }} | |
env: | |
releaseOpenAPIClients: false | |
publishNodeOpenAPIClient: true | |
publishTypeScriptFrontendModels: false | |
publishAdditionalProjects: false | |
generateChangelogUpdate: true | |
jobs: | |
determine-version: | |
name: Determine version bump | |
runs-on: ubuntu-latest | |
outputs: | |
version-bump: ${{ steps.calculate-next-version.outputs.version }} | |
current-version: ${{ steps.get-current-version.outputs.gradle_version }} | |
permissions: | |
contents: write # Allows cloning the repository and creating releases in the "Release" page | |
issues: write # Allows searching through PRs and issues | |
pull-requests: write # Allows search through PRs, issues and commenting on PRs | |
packages: write # Allows writing to packages | |
timeout-minutes: 30 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 | |
with: | |
fetch-depth: 0 | |
# Set up a JDK environment for building, testing and releasing. | |
- name: Setup JDK 17 | |
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 | |
with: | |
java-version: 17 | |
distribution: temurin | |
# Allow caching Gradle executions to further speed up CI/CD steps invoking Gradle. | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2 | |
with: | |
gradle-version: wrapper | |
cache-read-only: true | |
# Allow caching the Auto executable to speed up CI/CD steps by not re-downloading Auto. | |
- name: Cache Auto | |
id: cache-auto | |
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
with: | |
path: ~/auto | |
key: dependency--intuit/auto-v11.1.6 | |
# Set up Auto for determining the version bump to release. | |
- name: Setup Auto | |
if: steps.cache-auto.outputs.cache-hit != 'true' | |
run: | | |
curl -vkL -o - https://github.com/intuit/auto/releases/download/v11.1.6/auto-linux.gz | gunzip > ~/auto | |
chmod a+x ~/auto | |
# Get the currently released version for determining how big a version jump to release. | |
- name: Get current version number (Gradle) | |
id: get-current-version | |
run: | | |
GRADLE_OUTPUT="$(./gradlew properties)" | |
EXIT_CODE=$? | |
GRADLE_VERSION="$(echo "$GRADLE_OUTPUT" | grep "^version: " | awk '{print $2}')" | |
echo "$GRADLE_VERSION" | |
echo "gradle_version=$GRADLE_VERSION" >> "$GITHUB_OUTPUT" | |
exit $EXIT_CODE | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | |
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | |
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | |
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | |
# Verify that the current version is tagged in git as expected. | |
- name: Verify previous release tag | |
run: | | |
if git rev-parse "$TAG" >/dev/null 2>&1; then | |
echo "Found previous release tag $TAG"; | |
else | |
echo "Did not find $TAG - creating release tag $TAG" | |
PREVIOUS_COMMIT="$(git rev-parse HEAD^1)" | |
git tag "$TAG" "$PREVIOUS_COMMIT" | |
fi | |
env: | |
TAG: v${{ steps.get-current-version.outputs.gradle_version }} | |
# Determine how big a version bump to release (patch, minor, major). | |
- name: Calculate new version (Auto) | |
id: calculate-next-version | |
run: | | |
CURRENT_VERSION="v${{ steps.get-current-version.outputs.gradle_version }}" | |
AUTO_VERSION="$(~/auto version --plugins --from $CURRENT_VERSION 2>&1)" || (echo "Error detecting version: $AUTO_VERSION"; exit 1) | |
echo "Detected version: $AUTO_VERSION" | |
echo "version=$AUTO_VERSION" >> "$GITHUB_OUTPUT" | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
bump-versions: | |
name: Bump versions | |
runs-on: ubuntu-latest-8-cores | |
needs: determine-version | |
if: needs.determine-version.outputs.version-bump | |
outputs: | |
new-version: $ {{ steps.get-updated-version-number.outputs.version }} | |
permissions: | |
contents: write # Allows cloning the repository and creating releases in the "Release" page | |
issues: write # Allows searching through PRs and issues | |
pull-requests: write # Allows search through PRs, issues and commenting on PRs | |
packages: write # Allows writing to packages | |
timeout-minutes: 30 | |
steps: | |
# Elevate token permissions to allow pushing to the default branch without branch protections. | |
- name: Allow pushing version updates to the default branch | |
id: get-admin-token | |
uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 # v3 | |
with: | |
application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }} | |
application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }} | |
# Checkout the code with the elevated token to allow default branch pushes. | |
- name: Checkout code | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 | |
with: | |
fetch-depth: 0 | |
ref: main | |
token: ${{ steps.get-admin-token.outputs.token }} | |
# Allow caching the Auto executable to speed up CI/CD steps by not re-downloading Auto. | |
- name: Cache Auto | |
id: cache-auto | |
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
with: | |
path: ~/auto | |
key: dependency--intuit/auto-v11.1.6 | |
# Set up Auto for generating a CHANGELOG. | |
- name: Setup Auto | |
if: steps.cache-auto.outputs.cache-hit != 'true' | |
run: | | |
curl -vkL -o - https://github.com/intuit/auto/releases/download/v11.1.6/auto-linux.gz | gunzip > ~/auto | |
chmod a+x ~/auto | |
# Setup JDK environment for Gradle build tasks. | |
- name: Setup JDK 17 | |
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 | |
with: | |
java-version: 17 | |
distribution: temurin | |
# Allow caching Gradle executions to further speed up CI/CD steps invoking Gradle. | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2 | |
with: | |
gradle-version: wrapper | |
cache-read-only: true | |
# Setup Node for TS/JS/Node client generation. | |
- name: Setup Node | |
if: env.releaseOpenAPIClients == 'true' | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4 | |
with: | |
node-version: 16 | |
# Bump the version according to the version bump detected by Auto. | |
- name: Bump library version (Gradle) | |
run: ./gradlew incrementVersion -Pmode=${{ needs.determine-version.outputs.version-bump }} --stacktrace | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | |
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | |
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | |
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | |
# Get the new version. | |
- name: Get updated version number (Gradle) | |
id: get-updated-version-number | |
run: | | |
GRADLE_OUTPUT="$(./gradlew properties)" | |
EXIT_CODE=$? | |
GRADLE_VERSION="$(echo "$GRADLE_OUTPUT" | grep "^version: " | awk '{print $2}')" | |
echo "$GRADLE_VERSION" | |
echo "gradle_version=$GRADLE_VERSION" >> "$GITHUB_OUTPUT" | |
exit $EXIT_CODE | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | |
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | |
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | |
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | |
# Generate the Kotlin and TS/JS/Node client. | |
- name: Build project and generate clients (Gradle) | |
if: env.releaseOpenAPIClients == 'true' | |
run: ./gradlew build -x test -x functest --stacktrace | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | |
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | |
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | |
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | |
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | |
# Commit and push the project with version changes applied to the default branch. | |
- name: Add changes (Git) | |
uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9 | |
with: | |
author_name: pleo-bot-auto-versioning | |
author_email: [email protected] | |
message: Release ${{ steps.get-updated-version-number.outputs.gradle_version }} [skip ci] | |
commit: --no-verify | |
tag: v${{ steps.get-updated-version-number.outputs.gradle_version }} | |
# Generate the CHANGELOG with changes from the previously released version to the current version. | |
- name: Generate Release Notes (Auto) | |
if: env.generateChangelogUpdate == 'true' | |
run: ~/auto changelog --from v${{ needs.determine-version.outputs.current-version }} | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# Add and push the generated CHANGELOG to the default branch. | |
- name: Push changes (Git) | |
if: env.generateChangelogUpdate == 'true' | |
uses: ad-m/github-push-action@master | |
with: | |
github_token: ${{ steps.get-admin-token.outputs.token }} | |
publish: | |
name: Publish | |
runs-on: ubuntu-latest-8-cores | |
needs: | |
- determine-version | |
- bump-versions | |
if: needs.determine-version.outputs.current-version != needs.bump-versions.outputs.new-version | |
permissions: | |
contents: write # Allows cloning the repository and creating releases in the "Release" page | |
issues: write # Allows searching through PRs and issues | |
pull-requests: write # Allows search through PRs, issues and commenting on PRs | |
packages: write # Allows writing to packages | |
timeout-minutes: 30 | |
steps: | |
# Checkout the code to publish. | |
- name: Checkout code | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 | |
with: | |
fetch-depth: 0 | |
ref: main | |
# Set up expected environment variables for the repository name and the default branch. | |
- name: Environment standardization | |
run: | | |
default_branch=${{ github.event.repository.default_branch }} | |
echo "default_branch=${default_branch}" >> "$GITHUB_ENV" | |
default_branch_ref="refs/heads/${default_branch}" | |
echo "default_branch_ref=${default_branch_ref}" >> "$GITHUB_ENV" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# Setup a JDK environment for running Gradle publishing tasks. | |
- name: Setup JDK 17 | |
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 | |
with: | |
java-version: 17 | |
distribution: temurin | |
# Allow caching Gradle executions to further speed up CI/CD steps invoking Gradle. | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2 | |
with: | |
gradle-version: wrapper | |
gradle-home-cache-cleanup: true | |
cache-read-only: true | |
# Setup a Node environment to allow publishing to the private GitHub NPM package repository. | |
- name: Setup Node | |
if: env.releaseOpenAPIClients == 'true' | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4 | |
with: | |
node-version: 16 | |
# Build the project and generate the Kotlin and TS/JS/Node client for publishing. | |
- name: Build project (Gradle) | |
if: env.releaseOpenAPIClients == 'true' | |
run: ./gradlew build -x test --stacktrace | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | |
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | |
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | |
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | |
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | |
# Push the generated OpenAPI definition to OpsLevel | |
- name: Push generated OpenAPI definitions to OpsLevel | |
continue-on-error: true | |
run: | | |
SERVICE_ALIAS="${{ github.event.repository.name }}" | |
if [[ -z "${SERVICE_ALIAS}" ]]; then | |
echo "Could not detect an OpsLevel service alias." | |
echo "::error::Could not detect an OpsLevel service alias." | |
exit 1 | |
fi | |
echo "Detected service alias as $SERVICE_ALIAS" | |
FILE_PATH="$(find "pleo-$SERVICE_ALIAS-rest" -type f -name "$SERVICE_ALIAS-openapi.yaml" -not -path "pleo-$SERVICE_ALIAS-rest/build/*")" | |
echo "Detected OpenAPI schema location: $FILE_PATH" | |
echo "Pushing OpenAPI definition to OpsLevel..." | |
echo "" | |
curl --retry 5 \ | |
--retry-delay 0 \ | |
--max-time 10 \ | |
--retry-max-time 80 \ | |
-i \ | |
-X POST "${{ secrets.OPSLEVEL_API_DOCS_URL }}/$SERVICE_ALIAS/openapi" \ | |
-H 'content-type: application/octet-stream' \ | |
--data-binary @"${FILE_PATH}" | |
# Release the library. | |
- name: Release library (Gradle) | |
if: env.releaseOpenAPIClients == 'false' | |
id: release-library | |
continue-on-error: true | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3 | |
with: | |
command: ./gradlew publish --parallel --continue --stacktrace --no-configuration-cache | |
max_attempts: 3 # Attempt to release a maximum of three times | |
timeout_minutes: 30 # Minutes to wait before attempt times out. | |
retry_wait_seconds: 5 # Wait 5 seconds before retrying | |
env: | |
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | |
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | |
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | |
# Publish the Kotlin client to the private GitHub Maven repository. | |
- name: Publish Kotlin OpenAPI client (Gradle) | |
if: env.releaseOpenAPIClients == 'true' | |
run: ./gradlew :pleo-${{ github.event.repository.name }}-client-kotlin:publish -x test -x formatKotlin -x functest --stacktrace --no-configuration-cache | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | |
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | |
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | |
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | |
# Publish the TS/JS/Node client to the private GitHub NPM repository. | |
- name: Publish Node OpenAPI client (NPM) | |
if: env.releaseOpenAPIClients == 'true' && env.publishNodeOpenAPIClient == 'true' | |
working-directory: pleo-${{ github.event.repository.name }}-client-js/output/node | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
npm install | |
npm config set '//npm.pkg.github.com/:_authToken' "${GITHUB_TOKEN}" | |
npm publish --access restricted | |
# Publish the TS/JS/Node models to the private GitHub NPM repository for frontend requests. | |
- name: Publish TypeScript models (NPM) | |
if: env.releaseOpenAPIClients == 'true' && env.publishTypeScriptFrontendModels == 'true' | |
working-directory: pleo-${{ github.event.repository.name }}-client-js/output/models | |
continue-on-error: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
npm install | |
npm config set '//npm.pkg.github.com/:_authToken' "${GITHUB_TOKEN}" | |
npm publish --access restricted | |
# Publish additional publishing configurations to the private GitHub Maven repository. | |
- name: Publish additional publishing configurations (Gradle) | |
if: env.publishAdditionalProjects == 'true' && env.releaseOpenAPIClients == 'true' | |
run: ./gradlew publish -x test -x formatKotlin -x :pleo-${{ github.event.repository.name }}-client-kotlin:publish -x functest --stacktrace --no-configuration-cache | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | |
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | |
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | |
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | |
# Alert in Slack on any failure in the publishing job. | |
- name: Alert in Slack on failure | |
if: cancelled() || failure() | |
uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 # v2.3.0 | |
env: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} | |
SLACK_CHANNEL: dev-deploy-failure | |
SLACK_COLOR: danger | |
SLACK_TITLE: ${{ github.actor }} publish of one or more libraries in `${{ github.repository }}` failed or was/were cancelled | |
SLACK_MESSAGE: "Reason: <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}| Release job failed :warning:>" | |
SLACK_USERNAME: GitHub Actions | |
SLACK_ICON_EMOJI: ":crashingrocket:" | |
SLACK_FOOTER: "" |