Skip to content

release

release #58

Workflow file for this run

name: Release
# This workflow
# - calculates the version number to release
# - generates release notes
# - releases the library
on:
repository_dispatch:
types:
- release
concurrency: ci-${{ github.workflow }}-${{ github.ref }}
env:
releaseOpenAPIClients: false
publishNodeOpenAPIClient: true
publishTypeScriptFrontendModels: false
publishAdditionalProjects: false
generateChangelogUpdate: true
jobs:
determine-version:
name: Determine version bump
runs-on: ubuntu-latest
outputs:
version-bump: ${{ steps.calculate-next-version.outputs.version }}
current-version: ${{ steps.get-current-version.outputs.gradle_version }}
permissions:
contents: write # Allows cloning the repository and creating releases in the "Release" page
issues: write # Allows searching through PRs and issues
pull-requests: write # Allows search through PRs, issues and commenting on PRs
packages: write # Allows writing to packages
timeout-minutes: 30
steps:
- name: Checkout code
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
with:
fetch-depth: 0
# Set up a JDK environment for building, testing and releasing.
- name: Setup JDK 17
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
java-version: 17
distribution: temurin
# Allow caching Gradle executions to further speed up CI/CD steps invoking Gradle.
- name: Setup Gradle
uses: gradle/actions/setup-gradle@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2
with:
gradle-version: wrapper
cache-read-only: true
# Allow caching the Auto executable to speed up CI/CD steps by not re-downloading Auto.
- name: Cache Auto
id: cache-auto
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: ~/auto
key: dependency--intuit/auto-v11.1.6
# Set up Auto for determining the version bump to release.
- name: Setup Auto
if: steps.cache-auto.outputs.cache-hit != 'true'
run: |
curl -vkL -o - https://github.com/intuit/auto/releases/download/v11.1.6/auto-linux.gz | gunzip > ~/auto
chmod a+x ~/auto
# Get the currently released version for determining how big a version jump to release.
- name: Get current version number (Gradle)
id: get-current-version
run: |
GRADLE_OUTPUT="$(./gradlew properties)"
EXIT_CODE=$?
GRADLE_VERSION="$(echo "$GRADLE_OUTPUT" | grep "^version: " | awk '{print $2}')"
echo "$GRADLE_VERSION"
echo "gradle_version=$GRADLE_VERSION" >> "$GITHUB_OUTPUT"
exit $EXIT_CODE
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }}
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }}
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }}
# Verify that the current version is tagged in git as expected.
- name: Verify previous release tag
run: |
if git rev-parse "$TAG" >/dev/null 2>&1; then
echo "Found previous release tag $TAG";
else
echo "Did not find $TAG - creating release tag $TAG"
PREVIOUS_COMMIT="$(git rev-parse HEAD^1)"
git tag "$TAG" "$PREVIOUS_COMMIT"
fi
env:
TAG: v${{ steps.get-current-version.outputs.gradle_version }}
# Determine how big a version bump to release (patch, minor, major).
- name: Calculate new version (Auto)
id: calculate-next-version
run: |
CURRENT_VERSION="v${{ steps.get-current-version.outputs.gradle_version }}"
AUTO_VERSION="$(~/auto version --plugins --from $CURRENT_VERSION 2>&1)" || (echo "Error detecting version: $AUTO_VERSION"; exit 1)
echo "Detected version: $AUTO_VERSION"
echo "version=$AUTO_VERSION" >> "$GITHUB_OUTPUT"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
bump-versions:
name: Bump versions
runs-on: ubuntu-latest-8-cores
needs: determine-version
if: needs.determine-version.outputs.version-bump
outputs:
new-version: $ {{ steps.get-updated-version-number.outputs.version }}
permissions:
contents: write # Allows cloning the repository and creating releases in the "Release" page
issues: write # Allows searching through PRs and issues
pull-requests: write # Allows search through PRs, issues and commenting on PRs
packages: write # Allows writing to packages
timeout-minutes: 30
steps:
# Elevate token permissions to allow pushing to the default branch without branch protections.
- name: Allow pushing version updates to the default branch
id: get-admin-token
uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 # v3
with:
application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }}
application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }}
# Checkout the code with the elevated token to allow default branch pushes.
- name: Checkout code
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
with:
fetch-depth: 0
ref: main
token: ${{ steps.get-admin-token.outputs.token }}
# Allow caching the Auto executable to speed up CI/CD steps by not re-downloading Auto.
- name: Cache Auto
id: cache-auto
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: ~/auto
key: dependency--intuit/auto-v11.1.6
# Set up Auto for generating a CHANGELOG.
- name: Setup Auto
if: steps.cache-auto.outputs.cache-hit != 'true'
run: |
curl -vkL -o - https://github.com/intuit/auto/releases/download/v11.1.6/auto-linux.gz | gunzip > ~/auto
chmod a+x ~/auto
# Setup JDK environment for Gradle build tasks.
- name: Setup JDK 17
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
java-version: 17
distribution: temurin
# Allow caching Gradle executions to further speed up CI/CD steps invoking Gradle.
- name: Setup Gradle
uses: gradle/actions/setup-gradle@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2
with:
gradle-version: wrapper
cache-read-only: true
# Setup Node for TS/JS/Node client generation.
- name: Setup Node
if: env.releaseOpenAPIClients == 'true'
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4
with:
node-version: 16
# Bump the version according to the version bump detected by Auto.
- name: Bump library version (Gradle)
run: ./gradlew incrementVersion -Pmode=${{ needs.determine-version.outputs.version-bump }} --stacktrace
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }}
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }}
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }}
# Get the new version.
- name: Get updated version number (Gradle)
id: get-updated-version-number
run: |
GRADLE_OUTPUT="$(./gradlew properties)"
EXIT_CODE=$?
GRADLE_VERSION="$(echo "$GRADLE_OUTPUT" | grep "^version: " | awk '{print $2}')"
echo "$GRADLE_VERSION"
echo "gradle_version=$GRADLE_VERSION" >> "$GITHUB_OUTPUT"
exit $EXIT_CODE
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }}
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }}
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }}
# Generate the Kotlin and TS/JS/Node client.
- name: Build project and generate clients (Gradle)
if: env.releaseOpenAPIClients == 'true'
run: ./gradlew build -x test -x functest --stacktrace
env:
GITHUB_TOKEN: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }}
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }}
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }}
# Commit and push the project with version changes applied to the default branch.
- name: Add changes (Git)
uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9
with:
author_name: pleo-bot-auto-versioning
author_email: [email protected]
message: Release ${{ steps.get-updated-version-number.outputs.gradle_version }} [skip ci]
commit: --no-verify
tag: v${{ steps.get-updated-version-number.outputs.gradle_version }}
# Generate the CHANGELOG with changes from the previously released version to the current version.
- name: Generate Release Notes (Auto)
if: env.generateChangelogUpdate == 'true'
run: ~/auto changelog --from v${{ needs.determine-version.outputs.current-version }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Add and push the generated CHANGELOG to the default branch.
- name: Push changes (Git)
if: env.generateChangelogUpdate == 'true'
uses: ad-m/github-push-action@master
with:
github_token: ${{ steps.get-admin-token.outputs.token }}
publish:
name: Publish
runs-on: ubuntu-latest-8-cores
needs:
- determine-version
- bump-versions
if: needs.determine-version.outputs.current-version != needs.bump-versions.outputs.new-version
permissions:
contents: write # Allows cloning the repository and creating releases in the "Release" page
issues: write # Allows searching through PRs and issues
pull-requests: write # Allows search through PRs, issues and commenting on PRs
packages: write # Allows writing to packages
timeout-minutes: 30
steps:
# Checkout the code to publish.
- name: Checkout code
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
with:
fetch-depth: 0
ref: main
# Set up expected environment variables for the repository name and the default branch.
- name: Environment standardization
run: |
default_branch=${{ github.event.repository.default_branch }}
echo "default_branch=${default_branch}" >> "$GITHUB_ENV"
default_branch_ref="refs/heads/${default_branch}"
echo "default_branch_ref=${default_branch_ref}" >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Setup a JDK environment for running Gradle publishing tasks.
- name: Setup JDK 17
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
java-version: 17
distribution: temurin
# Allow caching Gradle executions to further speed up CI/CD steps invoking Gradle.
- name: Setup Gradle
uses: gradle/actions/setup-gradle@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2
with:
gradle-version: wrapper
gradle-home-cache-cleanup: true
cache-read-only: true
# Setup a Node environment to allow publishing to the private GitHub NPM package repository.
- name: Setup Node
if: env.releaseOpenAPIClients == 'true'
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4
with:
node-version: 16
# Build the project and generate the Kotlin and TS/JS/Node client for publishing.
- name: Build project (Gradle)
if: env.releaseOpenAPIClients == 'true'
run: ./gradlew build -x test --stacktrace
env:
GITHUB_TOKEN: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }}
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }}
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }}
# Push the generated OpenAPI definition to OpsLevel
- name: Push generated OpenAPI definitions to OpsLevel
continue-on-error: true
run: |
SERVICE_ALIAS="${{ github.event.repository.name }}"
if [[ -z "${SERVICE_ALIAS}" ]]; then
echo "Could not detect an OpsLevel service alias."
echo "::error::Could not detect an OpsLevel service alias."
exit 1
fi
echo "Detected service alias as $SERVICE_ALIAS"
FILE_PATH="$(find "pleo-$SERVICE_ALIAS-rest" -type f -name "$SERVICE_ALIAS-openapi.yaml" -not -path "pleo-$SERVICE_ALIAS-rest/build/*")"
echo "Detected OpenAPI schema location: $FILE_PATH"
echo "Pushing OpenAPI definition to OpsLevel..."
echo ""
curl --retry 5 \
--retry-delay 0 \
--max-time 10 \
--retry-max-time 80 \
-i \
-X POST "${{ secrets.OPSLEVEL_API_DOCS_URL }}/$SERVICE_ALIAS/openapi" \
-H 'content-type: application/octet-stream' \
--data-binary @"${FILE_PATH}"
# Release the library.
- name: Release library (Gradle)
if: env.releaseOpenAPIClients == 'false'
id: release-library
continue-on-error: true
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3
with:
command: ./gradlew publish --parallel --continue --stacktrace --no-configuration-cache
max_attempts: 3 # Attempt to release a maximum of three times
timeout_minutes: 30 # Minutes to wait before attempt times out.
retry_wait_seconds: 5 # Wait 5 seconds before retrying
env:
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }}
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }}
# Publish the Kotlin client to the private GitHub Maven repository.
- name: Publish Kotlin OpenAPI client (Gradle)
if: env.releaseOpenAPIClients == 'true'
run: ./gradlew :pleo-${{ github.event.repository.name }}-client-kotlin:publish -x test -x formatKotlin -x functest --stacktrace --no-configuration-cache
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }}
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }}
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }}
# Publish the TS/JS/Node client to the private GitHub NPM repository.
- name: Publish Node OpenAPI client (NPM)
if: env.releaseOpenAPIClients == 'true' && env.publishNodeOpenAPIClient == 'true'
working-directory: pleo-${{ github.event.repository.name }}-client-js/output/node
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
npm install
npm config set '//npm.pkg.github.com/:_authToken' "${GITHUB_TOKEN}"
npm publish --access restricted
# Publish the TS/JS/Node models to the private GitHub NPM repository for frontend requests.
- name: Publish TypeScript models (NPM)
if: env.releaseOpenAPIClients == 'true' && env.publishTypeScriptFrontendModels == 'true'
working-directory: pleo-${{ github.event.repository.name }}-client-js/output/models
continue-on-error: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
npm install
npm config set '//npm.pkg.github.com/:_authToken' "${GITHUB_TOKEN}"
npm publish --access restricted
# Publish additional publishing configurations to the private GitHub Maven repository.
- name: Publish additional publishing configurations (Gradle)
if: env.publishAdditionalProjects == 'true' && env.releaseOpenAPIClients == 'true'
run: ./gradlew publish -x test -x formatKotlin -x :pleo-${{ github.event.repository.name }}-client-kotlin:publish -x functest --stacktrace --no-configuration-cache
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }}
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }}
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }}
# Alert in Slack on any failure in the publishing job.
- name: Alert in Slack on failure
if: cancelled() || failure()
uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 # v2.3.0
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_CHANNEL: dev-deploy-failure
SLACK_COLOR: danger
SLACK_TITLE: ${{ github.actor }} publish of one or more libraries in `${{ github.repository }}` failed or was/were cancelled
SLACK_MESSAGE: "Reason: <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}| Release job failed :warning:>"
SLACK_USERNAME: GitHub Actions
SLACK_ICON_EMOJI: ":crashingrocket:"
SLACK_FOOTER: ""