Merge pull request #67 from rmgrimm/enhance-perform-release

Enhance GitHub Actions workflow for performing releases
FwMotion · Oct 8, 2023 · eed9faa · eed9faa
2 parents 1a38c42 + 99031a8
commit eed9faa
Show file tree

Hide file tree

Showing 5 changed files with 338 additions and 69 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,7 +1,30 @@
 version: 2
 updates:
-  - package-ecosystem: "maven"
-    directory: "/"
+  - package-ecosystem: github-actions
+    directory: /
     schedule:
-      interval: "daily"
-    open-pull-requests-limit: 10
+      interval: weekly
+    commit-message:
+      prefix: '[github-actions] '
+      prefix-development: '[github-actions] '
+      include: scope
+    reviewers:
+      - rmgrimm
+    labels:
+      - build
+    open-pull-requests-limit: 5
+
+  - package-ecosystem: maven
+    directory: /
+    schedule:
+      interval: daily
+    commit-message:
+      prefix: '[maven] '
+      prefix-development: '[maven] '
+      include: scope
+    reviewers:
+      - rmgrimm
+    labels:
+      - build
+      - dependencies
+    open-pull-requests-limit: 5
diff --git a/.github/workflows/build-container-image.yml b/.github/workflows/build-container-image.yml
@@ -0,0 +1,128 @@
+name: Build Container Images
+
+on:
+  workflow_dispatch:
+    inputs:
+      git-ref:
+        description: Git Ref
+        required: true
+        type: string
+      build-mode:
+        description: Build Mode
+        required: false
+        type: choice
+        default: only_jvm
+        options:
+          - only_jvm
+          - only_native
+          - jvm_and_native
+      tag-as-latest:
+        description: Tag as Latest
+        required: false
+        type: boolean
+        default: false
+  workflow_call:
+    inputs:
+      git-ref:
+        required: true
+        type: string
+      build-mode:
+        required: false
+        type: string
+        default: only_jvm
+      tag-as-latest:
+        required: false
+        type: boolean
+        default: false
+
+jobs:
+  container-image:
+    name: Build, Tag, Push Container Image
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout Project
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.git-ref }}
+
+      - name: Set Up JDK
+        uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: '17'
+          settings-path: ${{ github.workspace }}
+          server-id: github
+
+      - name: Determine Home Directory
+        id: find-home
+        run: |
+          echo "home=$HOME" >> $GITHUB_OUTPUT
+
+      - name: Cache Maven Local Repo
+        uses: actions/cache@v3
+        with:
+          path: ${{ steps.find-home.outputs.home }}/.m2/repository
+          key: ${{ runner.os }}-${{ runner.arch }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-${{ runner.arch }}-maven-
+
+      - name: Lowercase Repository Owner
+        id: repo-owner-string
+        uses: ASzc/change-string-case-action@v5
+        with:
+          string: ${{ github.repository_owner }}
+
+      - name: Lowercase Repository Name
+        id: repo-name-string
+        uses: ASzc/change-string-case-action@v5
+        with:
+          string: ${{ github.event.repository.name }}
+
+      - name: Build and Push Image (JVM-mode)
+        if: ${{ success() && contains(fromJSON('["only_jvm","jvm_and_native"]'), inputs.build-mode) }}
+        run: >-
+          ./mvnw
+          --settings ${{ github.workspace }}/settings.xml
+          --batch-mode
+          verify
+          -Dquarkus.jib.platforms=linux/amd64,linux/arm64
+          -Dquarkus.container-image.build=true
+          -Dquarkus.container-image.push=true
+          -Dquarkus.container-image.registry=ghcr.io
+          -Dquarkus.container-image.username=${{ github.actor }}
+          -Dquarkus.container-image.password=${{ github.token }}
+          -Dquarkus.container-image.group=${{ steps.repo-owner-string.outputs.lowercase }}
+          -Dquarkus.container-image.name=${{ steps.repo-name-string.outputs.lowercase }}
+          -Dquarkus.container-image.tag=${{ inputs.git-ref }}
+          ${{ inputs.tag-as-latest == true && '-Dquarkus.container-image.additional-tags=latest' || '' }}
+          -Dquarkus.container-image.labels.\"org.opencontainers.image.source\"=${{ github.server_url }}/${{ github.repository }}
+          -Dquarkus.container-image.labels.url=${{ github.server_url }}/${{ github.repository }}/tree/${{ inputs.git-ref }}
+          -Dquarkus.container-image.labels.vcs-type=git
+          -Dquarkus.container-image.labels.vcs-ref=${{ inputs.git-ref }}
+
+      - name: Build and Push Image (native-mode)
+        if: ${{ success() && contains(fromJSON('["only_native","jvm_and_native"]'), inputs.build-mode) }}
+        run: >-
+          ./mvnw
+          --settings ${{ github.workspace }}/settings.xml
+          --batch-mode
+          verify
+          -Pnative
+          -Dquarkus.container-image.build=true
+          -Dquarkus.container-image.push=true
+          -Dquarkus.container-image.registry=ghcr.io
+          -Dquarkus.container-image.username=${{ github.actor }}
+          -Dquarkus.container-image.password=${{ github.token }}
+          -Dquarkus.container-image.group=${{ steps.repo-owner-string.outputs.lowercase }}
+          -Dquarkus.container-image.name=${{ steps.repo-name-string.outputs.lowercase }}
+          -Dquarkus.container-image.tag=${{ inputs.git-ref }}-native
+          ${{ inputs.tag-as-latest == true && '-Dquarkus.container-image.additional-tags=latest-native' || '' }}
+          -Dquarkus.container-image.labels.\"org.opencontainers.image.source\"=${{ github.server_url }}/${{ github.repository }}
+          -Dquarkus.container-image.labels.url=${{ github.server_url }}/${{ github.repository }}/tree/${{ inputs.git-ref }}
+          -Dquarkus.container-image.labels.vcs-type=git
+          -Dquarkus.container-image.labels.vcs-ref=${{ inputs.git-ref }}
diff --git a/.github/workflows/perform-release.yml b/.github/workflows/perform-release.yml
@@ -1,32 +1,60 @@
 name: Perform Release
 
 on:
-  workflow_dispatch: { }
+  workflow_dispatch:
+    inputs:
+      dry-run:
+        description: Dry Run
+        required: false
+        type: boolean
+        default: false
+      release-version:
+        description: Release Version
+        required: false
+        type: string
+      next-version:
+        description: Next Development Version
+        required: false
+        type: string
 
 jobs:
-  build-deploy-maven:
+  maven-build-deploy:
     name: Build and Deploy Maven Artifacts
     runs-on: ubuntu-latest
+
     permissions:
       contents: write
       packages: write
 
     outputs:
       release-sha: ${{ steps.release-sha.outputs.value }}
+      release-tag: ${{ steps.release-tag.outputs.value }}
 
     steps:
     - name: Checkout 3scale CMS
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Set Up JDK
       uses: actions/setup-java@v3
       with:
         distribution: temurin
         java-version: '17'
-        cache: maven
         settings-path: ${{ github.workspace }}
         server-id: github
 
+    - name: Determine Home Directory
+      id: find-home
+      run: |
+        echo "home=$HOME" >> $GITHUB_OUTPUT
+
+    - name: Cache Maven Local Repo
+      uses: actions/cache@v3
+      with:
+        path: ${{ steps.find-home.outputs.home }}/.m2/repository
+        key: ${{ runner.os }}-${{ runner.arch }}-maven-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-${{ runner.arch }}-maven-
+
     - name: Configure Git User
       run: |
         git config user.name "GitHub Actions"
@@ -41,92 +69,107 @@ jobs:
         -e 's;<developerConnection>.*</developerConnection>;<developerConnection>scm:git:${{ github.server_url }}/${{ github.repository }}.git</developerConnection>;'
         pom.xml
 
-    - name: Prepare Maven Release (build code)
+    - name: Prepare Maven Release (build code and create tag)
+      id: release-prepare
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+        NEXT_VERSION_ARGS: ${{ inputs.next-version && format('-DdevelopmentVersion={0}', inputs.next-version) || '' }}
+        RELEASE_VER_ARGS: ${{ inputs.release-version && format('-DreleaseVersion={0}', inputs.release-version) || '' }}
       run: >-
         ./mvnw
         --settings ${{ github.workspace }}/settings.xml
         --batch-mode
         release:prepare
+        ${{ format('-DdryRun={0}', inputs.dry-run) }}
+        $NEXT_VERSION_ARGS
+        $RELEASE_VER_ARGS
         -DcheckModificationExcludeList=pom.xml
         -Dusername=${{ github.token }}
         -DpreparationGoals='clean verify'
         -Darguments='
         --settings ${{ github.workspace }}/settings.xml
         -DaltDeploymentRepository=github::default::https://maven.pkg.github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}
         '
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
 
     - name: Perform Maven Release (deploy artifacts)
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
       run: >-
         ./mvnw
         --settings ${{ github.workspace }}/settings.xml
         --batch-mode
         release:perform
+        -DlocalCheckout=true
+        ${{ format('-DdryRun={0}', inputs.dry-run) }}
         -Dusername=${{ github.token }}
         -Dgoals='deploy'
+
+    - name: Rollback Maven Release unless Success
+      if: ${{ !success() && !inputs.dry-run && steps.release-prepare.outcome == 'success' }}
       env:
         GITHUB_TOKEN: ${{ github.token }}
+      run: >-
+        ./mvnw
+        --settings ${{ github.workspace }}/settings.xml
+        --batch-mode
+        release:rollback
+        -Dusername=${{ github.token }}
 
-    - name: Determine release commit SHA
+    - name: Determine Release Commit SHA
       id: release-sha
       run: |
         echo "value=$(git rev-parse HEAD^)" >> $GITHUB_OUTPUT
 
-  container-image:
-    name: Build, Tag, Push Container Image
+    - name: Determine Release Tag
+      id: release-tag
+      env:
+        RELEASE_SHA: ${{ steps.release-sha.outputs.value }}
+      run: |
+        echo "value=$(git show-ref --tags --dereference | grep -F $RELEASE_SHA | cut -d' ' -f2 | cut -d'^' -f1 | cut -d'/' -f3-)" >> $GITHUB_OUTPUT
+
+  create-github-release:
+    name: Create GitHub Release from Tag
     runs-on: ubuntu-latest
+
+    if: ${{ success() && !inputs.dry-run }}
+
     permissions:
-      packages: write
+      contents: write
 
     needs:
-    - build-deploy-maven
+      - maven-build-deploy
 
     steps:
-    - name: Checkout 3scale CMS
-      uses: actions/checkout@v3
-      with:
-        ref: ${{ needs.build-deploy-maven.outputs.release-sha }}
+      - name: Checkout Project
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.maven-build-deploy.outputs.release-tag }}
+
+      - uses: spenserblack/actions-tag-to-release@v3
+        with:
+          tag: ${{ needs.maven-build-deploy.outputs.release-tag }}
+          tag-as-title: true
+          draft: true
+          dry-run: ${{ inputs.dry-run }}
+          prerelease: auto
+          prerelease-pattern: v*.*.*-*
+
+  build-container-image:
+    name: Build, Tag, Push Container Image
 
-    - name: Set Up JDK
-      uses: actions/setup-java@v3
-      with:
-        distribution: temurin
-        java-version: '17'
-        cache: maven
-        settings-path: ${{ github.workspace }}
-        server-id: github
+    if: ${{ success() && !inputs.dry-run }}
 
-    - name: Calculate lowercase repository owner
-      id: repo-owner-string
-      uses: ASzc/change-string-case-action@v5
-      with:
-        string: ${{ github.repository_owner }}
+    permissions:
+      contents: read
+      packages: write
 
-    - name: Calculate lowercase repository name
-      id: repo-name-string
-      uses: ASzc/change-string-case-action@v5
-      with:
-        string: ${{ github.event.repository.name }}
+    secrets: inherit
 
-    - name: Build and push CLI container image
-      run: >-
-        ./mvnw
-        --settings ${{ github.workspace }}/settings.xml
-        --batch-mode
-        verify
-        --projects cli
-        --also-make
-        -Dquarkus.jib.platforms=linux/amd64,linux/arm64
-        -Dquarkus.container-image.build=true
-        -Dquarkus.container-image.push=true
-        -Dquarkus.container-image.registry=ghcr.io
-        -Dquarkus.container-image.username=${{ github.actor }}
-        -Dquarkus.container-image.password=${{ github.token }}
-        -Dquarkus.container-image.group=${{ steps.repo-owner-string.outputs.lowercase }}
-        -Dquarkus.container-image.name=${{ steps.repo-name-string.outputs.lowercase }}
-        -Dquarkus.container-image.additional-tags=latest
-        -Dquarkus.container-image.labels.name=${{ steps.repo-owner-string.outputs.lowercase }}/${{ steps.repo-name-string.outputs.lowercase }}
-        -Dquarkus.container-image.labels.url=${{ github.server_url }}/${{ github.repository }}/tree/${{ needs.build-deploy-maven.outputs.release-sha }}
-        -Dquarkus.container-image.labels.vcs-type=git
-        -Dquarkus.container-image.labels.vcs-ref=${{ needs.build-deploy-maven.outputs.release-sha }}
+    needs:
+      - maven-build-deploy
+
+    uses: ./.github/workflows/build-container-image.yml
+    with:
+      git-ref: ${{ needs.maven-build-deploy.outputs.release-tag }}
+      build-mode: jvm_and_native
+      tag-as-latest: true