-
Notifications
You must be signed in to change notification settings - Fork 76
167 lines (152 loc) · 5.26 KB
/
release-step-3.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
---
name: release-step-3
on:
workflow_dispatch:
inputs:
ref:
description: 'Branch or tag ref to run the workflow on'
required: true
default: "main"
version:
description: 'The version to release (e.g. 1.2.3). This workflow will automatically perform the required version bumps'
required: true
dry_run:
description: If set, run a dry-run release
default: false
type: boolean
skip_maven_deploy:
description: |
If enabled, the deployment to maven central will be skipped.
Select this if the deployment job for this release failed in a previous version but the release was actually published.
Check manually on maven central beforehand!
type: boolean
required: true
default: false
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}
env:
RELEASE_VERSION: ${{ inputs.version }}
RELEASE_VERSION_TAG: v${{ inputs.version }}
jobs:
validate-tag:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
fetch-depth: 0
- name: Validate tag does not exist on current commit
uses: ./.github/workflows/validate-tag
with:
tag: ${{ env.RELEASE_VERSION_TAG }}
- name: Validate tag match current version
run: |
if [ "$(mvn -q help:evaluate -Dexpression=project.version -DforceStdout)" != "${{ env.RELEASE_VERSION }}" ]; then
echo "Tag should match pom.xml project.version"
exit 1
fi
- name: Validate version is a release version
run: |
if [[ "$(./mvnw -q help:evaluate -Dexpression=project.version -DforceStdout)" =~ "-SNAPSHOT" ]]; then
echo "This is a snapshot version"
exit 1
fi
release:
name: Release
runs-on: ubuntu-latest
if: ${{ ! inputs.skip_maven_deploy }}
needs:
- validate-tag
permissions:
attestations: write
contents: write
id-token: write
env:
TARBALL_FILE: artifacts.tar
steps:
- id: buildkite-run
name: Run Release
uses: elastic/oblt-actions/buildkite/run@v1
with:
pipeline: ecs-logging-java-release
token: ${{ secrets.BUILDKITE_TOKEN }}
wait-for: true
env-vars: |
ref=${{ inputs.ref }}
dry_run=${{ inputs.dry_run || 'false' }}
TARBALL_FILE=${{ env.TARBALL_FILE }}
- uses: elastic/oblt-actions/buildkite/download-artifact@v1
with:
build-number: ${{ steps.buildkite-run.outputs.number }}
path: ${{ env.TARBALL_FILE }}
pipeline: ${{ steps.buildkite-run.outputs.pipeline }}
token: ${{ secrets.BUILDKITE_TOKEN }}
- name: untar the buildkite tarball
run: tar xvf ${{ env.TARBALL_FILE }}
- name: generate build provenance
uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
with:
subject-path: "${{ github.workspace }}/**/target/*.jar"
- if: ${{ success() }}
uses: elastic/oblt-actions/slack/send@v1
with:
bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
channel-id: "#apm-agent-java"
message: |
:runner: [${{ github.repository }}] Release *${{ github.ref_name }}* has been triggered in Buildkite: (<${{ steps.buildkite-run.outputs.build }}|build>)
- if: ${{ failure() }}
uses: elastic/oblt-actions/slack/send@v1
with:
bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
channel-id: "#apm-agent-java"
message: |
:ghost: [${{ github.repository }}] Release *${{ github.ref_name }}* didn't get triggered in Buildkite.
Build: (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>)
await-maven-central-artifact:
runs-on: ubuntu-latest
name: Wait for release to be available on maven-central
needs:
- validate-tag
steps:
- uses: elastic/oblt-actions/maven/await-artifact@v1
with:
group-id: 'co.elastic.logging'
artifact-id: 'ecs-logging-core'
version: ${{ inputs.version }}
create-github-release:
name: "Create GitHub Release"
needs:
- await-maven-central-artifact
runs-on: ubuntu-latest
if: inputs.dry_run == false
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- name: Create GitHub Release
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release create ${{ env.RELEASE_VERSION_TAG }} \
--title="Release ${{ env.RELEASE_VERSION }}" \
--generate-notes
post-release:
name: "Bump versions and create PR"
needs:
- await-maven-central-artifact
uses: ./.github/workflows/pre-post-release.yml
permissions:
contents: write
if: inputs.dry_run == false
with:
ref: ${{ inputs.ref }}
version: ${{ inputs.version }}
phase: 'post'
pr_title: "[release] release-step-4 ${{ inputs.version }}"
pr_body: "Step 4 of the release process for version ${{ inputs.version }}: review & merge"
secrets: inherit