diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000000..dffd0c304f --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,84 @@ +name: Maven Release + +on: + workflow_dispatch: + inputs: + releaseVersion: + type: string + required: true + description: The POM release version of this release. + nextDevelopmentVersion: + type: string + required: true + description: The next POM development version with suffix "-SNAPSHOT", will be the next development version after the release is done. + dry-run: + type: boolean + required: true + description: Dry run, will not push branches or upload the artifacts. + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Validate Input + run: | + echo "${{ github.ref_type }}" | perl -ne 'die unless m/^branch$/' + echo "${{ github.ref_name }}" | perl -ne 'die unless m/^release-\d+$/' + echo "${{ github.event.inputs.releaseVersion }}" | perl -ne 'die unless m/^\d+\.\d+\.\d+$/' + echo "${{ github.event.inputs.nextDevelopmentVersion }}" | perl -ne 'die unless m/^\d+\.\d+\.\d+-SNAPSHOT$/' + - name: Checkout + uses: actions/checkout@v2 + - name: Check Actor + run: | + # Release actor should be in the OWNER list + cat OWNERS | grep ${{ github.actor }} + - name: Setup Java + uses: actions/setup-java@v2 + with: + distribution: 'temurin' + java-version: 8.0.x + server-id: ossrh + server-username: OSSRH_USERNAME + server-password: OSSRH_TOKEN + gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg-passphrase: GPG_PASSPHRASE + - name: Prepare + run: | + export GPG_TTY=$(tty) + (echo 5; echo y; echo save) | gpg --command-fd 0 --no-tty --pinentry-mode loopback --passphrase ${{ secrets.GPG_PASSWORD }} --no-greeting --edit-key 'Kubernetes Client Publishers' trust + (echo 0; echo y; echo save) | gpg --command-fd 0 --no-tty --pinentry-mode loopback --passphrase ${{ secrets.GPG_PASSWORD }} --no-greeting --edit-key 'Kubernetes Client Publishers' expire + git config user.email "k8s.ci.robot@gmail.com" + git config user.name "Kubernetes Prow Robot" + - name: Check Current Version + run: | + mvn -q \ + -Dexec.executable=echo \ + -Dexec.args='${project.version}' \ + --non-recursive \ + exec:exec | perl -ne 'die unless m/${{ github.event.inputs.releaseVersion }}-SNAPSHOT/' + - name: Release Prepare + run: | + mvn --batch-mode \ + release:prepare \ + -Dtag=v${{ github.event.inputs.releaseVersion }} \ + -DconnectionUrl=https://${{ github.token }}@github.com/${{ github.repository }}.git \ + -DreleaseVersion=${{ github.event.inputs.releaseVersion }} \ + -DdevelopmentVersion=${{ github.event.inputs.nextDevelopmentVersion }} \ + -DpushChanges=false + - name: Release Perform + if: ${{ github.event.inputs.dry-run != 'true' }} + env: + OSSRH_USERNAME: ${{ secrets.SNAPSHOT_UPLOAD_USER }} + OSSRH_TOKEN: ${{ secrets.SNAPSHOT_UPLOAD_PASSWORD }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSWORD }} + run: | + # The tests are already executed in the prepare, skipping + mvn -DlocalCheckout=true -Darguments=-DskipTests release:perform + git push https://${{ github.token }}@github.com/${{ github.repository }}.git ${{ github.ref_name }}:${{ github.ref_name }} + git push https://${{ github.token }}@github.com/${{ github.repository }}.git v${{ github.event.inputs.releaseVersion }} + - name: Publish Release + if: ${{ github.event.inputs.dry-run != 'true' }} + uses: ncipollo/release-action@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + tag: v${{ github.event.inputs.releaseVersion }} \ No newline at end of file diff --git a/RELEASES.md b/RELEASES.md index 3194ddeb19..dfc82f8f9e 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -10,6 +10,55 @@ Releases are done on an as-needed basis, and this doc applies only to This does _not_ describe the process of cherry-picking changes onto release branches. +## Release via Github Action + +Maintainers meet the following requirements will be able to perform automated +release to maven central via Github Action job named "Maven Release": + +* Has "collaborator" permission or greater access (otherwise the can't run the + job manually). +* Should be in the OWNERS file. + +### Steps + +#### Make sure the release job runs on the release branch + +When cutting the next major release, firstly we need to fork out a new release +branch named `release-`. So the release job will execute the maven +release plugin and push generated releasing commits to the release branch +if the `release:prepare` process finishes successfully. Note that if we're +bumping a new patch version from an existing release branch, this step can be +omitted. + +#### Filling release job input manually + +The github action job will require three manual input: + +* The POM releasing version, must be a valid semver `X.Y.Z` (without "v" prefix). +* The next development POM version, conventionally we should bump a patch + version from the current release version and add a `-SNAPSHOT` suffix. i.e. + `X.Y.(Z+1)-SNAPSHOT`. +* Dry-Run: Indicating whether the release job will push the generated release + commits to the release branch and actually upload the artifacts. + +Filling the inputs, then click "Run" to start the job. + +> Note that during the release process, no commits shall be added the release +> branch. + +#### Release note, announcements + +After the release job successfully finishes, we're supposed to see two generated +commits automatically added to the release branch: + +1. Bump the previous development version to the target release version. +2. Bump the release version to the next development version. + +And a git tag `vX.Y.Z` will also be pushed on the commit (1), a GITHUB release +will also be packed on the tag. + +In the end, don't forget to clarify the release notes on the GITHUB release. + ## One time setup You will need to have the following in place: