FilesExpand file tree

 main

/

release.yml

Copy path

View Runs

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

328 lines (317 loc) · 11.8 KB

 main

/

release.yml

Top

File metadata and controls

• Code
• Blame

328 lines (317 loc) · 11.8 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

# Release

#

# Description:

# Creates a release for the project

#

# 1. Runs a setup job to set needed variables (build_matrix & version)

# 2. Versions to the project and stores as an artifact

# 3. Run quality checks

# 4. Build

# 5. Publish to Maven Central

# 6. Create PR

# 7. Publish docs

#

# Inputs:

# - version (string): SemVer of the new release (X.Y.Z)

# - snapshot (bool): If it's a snapshot release, this skips versioning assets like docs

# - skip_checks (bool): Don't run quality checks if it's an emergency release

# - skip_publish (bool): Don't publish to maven central

# - continue_on_error (bool): Don't fail the workflow if a quality check fails

#

# Triggers:

# - workflow_dispatch

#

# Secrets:

# - RELEASE.GPG_SIGNING_KEY

# - RELEASE.OSSRH_JIRA_USERNAME

# - RELEASE.OSSRH_JIRA_PASSWORD

# - RELEASE.GPG_PASSPHRASE

# - DOCS.AWS_DOCS_ROLE_ARN

# - DOCS.AWS_DOCS_BUCKET

on:

workflow_dispatch:

inputs:

version:

type: string

description: Semver version to release

snapshot:

type: boolean

description: Create snapshot release

default: false

skip_checks:

type: boolean

description: Skip quality checks

default: false

skip_publish:

type: boolean

description: Skip publish to Maven Central

default: false

continue_on_error:

type: boolean

description: Continue to build if there's an error in quality checks

default: false

name: Release

run-name: Release – ${{ inputs.version }}

permissions:

contents: read

env:

RELEASE_COMMIT: ${{ github.sha }}

RELEASE_TAG_VERSION: ${{ inputs.version }}

jobs:

setup:

runs-on: ubuntu-latest

outputs:

version: ${{ format('{0}{1}', steps.version_release.outputs.version, steps.version_snapshot.outputs.version) }}

build_matrix: ${{ format('{0}{1}', steps.build_matrix_v1.outputs.build_matrix, steps.build_matrix_v2.outputs.build_matrix) }}

steps:

- id: version_snapshot

if: ${{ inputs.snapshot }}

name: Version

run: |

echo version="$(grep -q "SNAPSHOT" <<< "${{ inputs.version }}" && echo "${{ inputs.version }}" || echo "${{ inputs.version }}-SNAPSHOT")" >> "$GITHUB_OUTPUT"

- id: version_release

if: ${{ !inputs.snapshot }}

name: Version

run: |

echo version="${{ inputs.version }}" >> "$GITHUB_OUTPUT"

- id: base

name: Base

run: |

echo build_version=$(test ${{ github.ref_name }} == "main" && echo "v2" || echo "v1") >> $GITHUB_OUTPUT

- id: build_matrix_v1

name: Build matrix (v1)

if: ${{ steps.base.outputs.build_version == 'v1' }}

run: |

echo build_matrix='["8", "11", "17", "21"]' >> "$GITHUB_OUTPUT"

- id: build_matrix_v2

name: Build matrix (v2)

if: ${{ steps.base.outputs.build_version == 'v2' }}

run: |

echo build_matrix='["11", "17", "21"]'>> "$GITHUB_OUTPUT"

version_seal:

runs-on: ubuntu-latest

needs:

- setup

outputs:

source_hash: ${{ steps.upload_source.outputs.artifact-digest }}

steps:

- id: checkout

name: Checkout repository

uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

- id: version

name: version

uses: ./.github/actions/version

with:

new_version: ${{ needs.setup.outputs.version }}

snapshot: ${{ inputs.snapshot}}

- id: upload_source

name: Upload artifacts

uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2

with:

if-no-files-found: error

name: source

path: |

*

!.git/*

include-hidden-files: true

retention-days: 1

quality:

runs-on: aws-powertools_ubuntu-latest_8-core

needs:

- version_seal

if: ${{ inputs.skip_checks == false }}

permissions:

contents: write

id-token: write

steps:

- id: download_source

name: Download artifacts

uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v4.6.1

with:

name: source

- name: Setup Java

uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165

with:

distribution: corretto

java-version: 21

cache: maven

# non-exhuastive, but gives a fair indication if the final build will succeed, tests will run when we build later

- name: Run unit tests

run: mvn -B test --file pom.xml

continue-on-error: ${{ inputs.continue_on_error }}

- name: Run Spotbugs

run: mvn -Pbuild-with-spotbugs -B install --file pom.xml -DskipTests -Dmaven.javadoc.skip=true -Dspotbugs.failOnError=true

continue-on-error: ${{ inputs.continue_on_error }}

- uses: pmd/pmd-github-action@d9c1f3c5940cbf5923f1354e83fa858b4496ebaa # v2.0.0

with:

rulesets: '.github/pmd-ruleset.xml'

token: ${{ secrets.GITHUB_TOKEN }}

uploadSarifReport: false

build:

runs-on: aws-powertools_ubuntu-latest_8-core

needs:

- setup

- quality

- version_seal

if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}

strategy:

matrix:

java: ${{ fromJson(needs.setup.outputs.build_matrix) }}

steps:

- id: download_source

name: Download artifacts

uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v4.6.1

with:

name: source

- name: Setup Java

uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165

with:

distribution: corretto

java-version: ${{ matrix.java }}

cache: maven

- id: build-maven

name: Build (Maven)

run: |

mvn -B install --file pom.xml

publish:

runs-on: aws-powertools_ubuntu-latest_8-core

if: ${{ github.repository == 'aws-powertools/powertools-lambda-java' && inputs.skip_publish == false && always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}

needs:

- build

environment: Release

steps:

- id: download_source

name: Download artifacts

uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v4.6.1

with:

name: source

- name: Setup Java

uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165

with:

distribution: corretto

java-version: 21

cache: maven

gpg-private-key: ${{ secrets.GPG_SIGNING_KEY }}

gpg-passphrase: GPG_PASSPHRASE

server-id: central

server-username: MAVEN_USERNAME

server-password: MAVEN_PASSWORD

- name: Publish package

run: mvn -Prelease clean deploy -DskipTests

env:

MAVEN_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}

MAVEN_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}

GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

create_pr:

runs-on: ubuntu-latest

if: ${{ inputs.snapshot == false && always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}

needs:

- build

- publish

permissions:

pull-requests: write

contents: write

steps:

- id: checkout

name: Checkout repository

uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

with:

ref: ${{ env.RELEASE_COMMIT }}

- id: download_source

name: Download artifacts

uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v4.6.1

with:

name: source

- id: setup-git

name: Git client setup and refresh tip

run: |

git config user.name "Powertools for AWS Lambda (Java) Bot"

git config user.email "[email protected]"

git config pull.rebase true

git config remote.origin.url >&-

- id: branch

name: Create branch

run: |

git checkout -b ci-${{ github.run_id }}

git commit -am "chore(ci): bump version to ${{ inputs.version }}"

git push origin ci-${{ github.run_id }}

- id: create_pr

name: Create PR

run: |

gh pr create \

--title "chore(ci): bump version to ${{ inputs.version }}" \

--body "This is an automated PR created from the following workflow: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"

env:

GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- id: tag

name: Create tag

run: |

git tag -a v${{ inputs.version }} -m "Release v${{ inputs.version }}"

git push origin v${{ inputs.version }}

docs:

runs-on: ubuntu-latest

if: ${{ inputs.snapshot == false }}

needs:

- create_pr

permissions:

contents: read

id-token: write

environment: Docs

steps:

- id: checkout

name: Checkout repository

uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

with:

# Checkout PR branch to make sure we build the version-bumped docs

ref: ci-${{ github.run_id }}

- name: Build

run: |

mkdir -p dist

docker build -t squidfunk/mkdocs-material ./docs/

docker run --rm -t -v ${PWD}:/docs squidfunk/mkdocs-material build

- name: Configure AWS credentials

uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a

with:

aws-region: us-east-1

role-to-assume: ${{ secrets.AWS_DOCS_ROLE_ARN }}

- name: Deploy Docs (Version)

env:

VERSION: ${{ inputs.version }}

ALIAS: 'latest'

run: |

aws s3 sync \

site/ \

s3://${{ secrets.AWS_DOCS_BUCKET }}/lambda-java/${{ env.VERSION }}/

- name: Deploy Docs (Alias)

env:

VERSION: ${{ inputs.version }}

ALIAS: 'latest'

run: |

aws s3 sync \

site/ \

s3://${{ secrets.AWS_DOCS_BUCKET }}/lambda-java/${{ env.ALIAS }}/

- name: Deploy Docs (Version JSON)

env:

VERSION: ${{ inputs.version }}

ALIAS: 'latest'

# We originally used "mike" from PyPi to manage versions for us, but since we moved to S3, we can't use it to manage versions any more.

# Instead, we're using some shell script that manages the versions.

#

# Operations:

# 1. Download the versions.json file from S3

# 2. Find any reference to the alias and delete it from the versions file

# 3. This is voodoo (don't use JQ):

# - we assign the input as $o and the new version/alias as $n,

# - we check if the version number exists in the file already (for republishing docs)

# - if it's an alias (stage/latest/*) or old version, we do nothing and output $o (original input)

# - if it's a new version number, we add it at position 0 in the array.

# 4. Once done, we'll upload it back to S3.

run: |

aws s3 cp \

s3://${{ secrets.AWS_DOCS_BUCKET }}/lambda-java/versions.json \

versions_old.json

jq 'del(.[].aliases[] | select(. == "${{ env.ALIAS }}"))' < versions_old.json > versions_proc.json

jq '. as $o | [{"title": "${{ env.VERSION }}", "version": "${{ env.VERSION }}", "aliases": ["${{ env.ALIAS }}"] }] as $n | $n | if .[0].title | test("[a-z]+") or any($o[].title == $n[0].title;.) then [($o | .[] | select(.title == $n[0].title).aliases += $n[0].aliases | . )] else $n + $o end' < versions_proc.json > versions.json

aws s3 cp \

versions.json \

s3://${{ secrets.AWS_DOCS_BUCKET }}/lambda-java/versions.json