chore: Adding workflows for automated releases

.github/workflows/release_authenticator.yml

@@ -0,0 +1,91 @@
+name: Release Authenticator
+on:
+  push:
+    branches: [ main ]
+
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  determine-release-type:
+    name: Determine the release type
+    runs-on: ubuntu-latest
+    outputs:
+      release-type: ${{ steps.release-type.outputs.value }}
+    steps:
+      - id: release-type
+        run: |
+          if ${{ github.event.head_commit.author.username == 'github-actions[bot]' && startsWith(github.event.head_commit.message, 'chore: Release ') }}; then
+            VALUE=stable
+          else
+            VALUE=unstable
+          fi
+          echo "value=$VALUE" >> $GITHUB_OUTPUT
+
+  unit-tests:
+    name: Run Unit Tests
+    uses: ./.github/workflows/unit_tests.yml
+    with:
+      identifier: 'workflow-call-unit-test'
+
+  release:
+    environment: Release
+    name: Release new Authenticator ${{ needs.determine-release-type.outputs.release-type }} version
+    needs: [determine-release-type, unit-tests]
+    runs-on: macos-latest
+    env:
+      GITHUB_EMAIL: [email protected]
+      GITHUB_USER: aws-amplify-ops
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 #v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-session-name: ${{ format('{0}.release', github.run_id) }}
+          aws-region: ${{ secrets.AWS_REGION }}
+          mask-aws-account-id: true
+
+      - id: retrieve-token
+        name: Retrieve Token
+        env:
+          DEPLOY_SECRET_ARN: ${{ secrets.DEPLOY_SECRET_ARN }}
+        run: |
+          PAT=$(aws secretsmanager get-secret-value \
+          --secret-id "$DEPLOY_SECRET_ARN" \
+          | jq -r ".SecretString | fromjson | .Credential")
+          echo "token=$PAT" >> $GITHUB_OUTPUT
+
+      - name: Checkout repo
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        with:
+          fetch-depth: 10
+          token: ${{steps.retrieve-token.outputs.token}}
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@22fdc77bf4148f810455b226c90fb81b5cbc00a7 # v1.171.0
+        with:
+          ruby-version: '3.2.1'
+          bundler-cache: true
+
+      - name: Release unstable version
+        if: needs.determine-release-type.outputs.release-type == 'unstable'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: bundle exec fastlane unstable_release
+
+      - name: Determine stable release version
+        id: determine-release-version
+        if: needs.determine-release-type.outputs.release-type == 'stable'
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
+        with:
+          result-encoding: string
+          script: |
+            const matches = `${{ github.event.head_commit.message }}`.match(/[0-9]+\.[0-9]+\.[0-9]+/) ?? []
+            return matches.length > 0 ? matches[0] : ""
+
+      - name:  Release stable version
+        if: steps.determine-release-version.outputs.result != ''
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: bundle exec fastlane stable_release version:${{ steps.determine-release-version.outputs.result }}

.github/workflows/release_kickoff.yml

@@ -0,0 +1,51 @@
+name: Release - Kick-off
+on:
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  pull-requests: write
+
+jobs:
+  release:
+    environment: Release
+    name: Kick off new Authenticator release
+    runs-on: macos-latest
+    env:
+      GITHUB_EMAIL: [email protected]
+      GITHUB_USER: aws-amplify-ops
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 #v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-session-name: ${{ format('{0}.release', github.run_id) }}
+          aws-region: ${{ secrets.AWS_REGION }}
+          mask-aws-account-id: true
+
+      - id: retrieve-token
+        name: Retrieve Token
+        env:
+          DEPLOY_SECRET_ARN: ${{ secrets.DEPLOY_SECRET_ARN }}
+        run: |
+          PAT=$(aws secretsmanager get-secret-value \
+          --secret-id "$DEPLOY_SECRET_ARN" \
+          | jq -r ".SecretString | fromjson | .Credential")
+          echo "token=$PAT" >> $GITHUB_OUTPUT
+
+      - name: Checkout repo
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        with:
+          fetch-depth: 10
+          token: ${{steps.retrieve-token.outputs.token}}
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@22fdc77bf4148f810455b226c90fb81b5cbc00a7 # v1.171.0
+        with:
+          ruby-version: '3.2.1'
+          bundler-cache: true
+
+      - name:  Kick off Authenticator release
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: bundle exec fastlane kickoff_release

.github/workflows/unit_tests.yml

@@ -1,13 +1,21 @@
 name: Run Unit Tests
 
 on:
-  push:
-    branches: [ main ]
   pull_request:
     branches: [ main ]
+  workflow_call:
+    inputs:
+      identifier:
+        required: true
+        type: string
+
+concurrency:
+  group: ${{ inputs.identifier || github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref_name != 'main'}}
 
 jobs:
   unit-test-ios:
+    name: iOS Unit Tests
     runs-on: macos-latest
     steps:
       - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
@@ -28,6 +36,7 @@ jobs:
           token: ${{ secrets.CODECOV_TOKEN }}
 
   unit-test-macos:
+    name: macOS Unit Tests
     runs-on: macos-latest
     steps:
       - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2

Gemfile

@@ -0,0 +1,8 @@
+# Gemfile
+
+source 'https://rubygems.org'
+
+gem 'xcpretty', '0.3.0'
+gem 'fastlane', '2.205.1'
+eval_gemfile('fastlane/Pluginfile')
+

fastlane/.gitignore

@@ -0,0 +1 @@
+test_output

fastlane/Fastfile

@@ -0,0 +1,91 @@
+opt_out_usage
+default_platform(:swift)
+
+platform :swift do
+  before_all do
+    # Perform a fetch before inferring the next version
+    # to reduce race conditions with simultaneous pipelines attempting to create the same tag
+    sh('git', 'fetch', '--tags', '-f')
+    sh('git', 'fetch')
+  end
+
+  desc "Kickoff the next release by updating the changelog, updating the component version, and creating a PR to main"
+  lane :kickoff_release do
+    next_version, commits = calculate_next_release_version
+
+    UI.message("Kicking off new release for version: #{next_version}")
+    # Increment all specs and plists
+    increment_versions(version: next_version)
+
+    # Update Changelog
+    changelog = build_changelog(version: next_version, commits: commits)
+    write_changelog(changelog: changelog, path: 'CHANGELOG.md')
+
+    # Update Package dependencies
+    sh('bundle', 'exec', 'swift', 'package', 'update')
+
+    # Create and push the new branch
+    release_branch = "release/#{next_version}"
+    sh('git', 'checkout', '-b', release_branch)
+    sh('git', 'push', '--set-upstream', 'origin', release_branch)
+
+    # Commit and push
+    pr_title = release_commit(version: next_version).to_s
+
+    # Open the PR to main
+    sh('gh', 'pr', 'create', '--title', pr_title, '--body', 'Kicking off new release', '--base', 'main', '--head', release_branch)
+  end
+
+  desc "Increment versions"
+  private_lane :increment_versions do |options|
+    version = options[:version].to_s
+    set_key_value(file: "Sources/Authenticator/Constants/ComponentInformation.swift", key: "version", value: version)
+  end
+
+  desc "Commit and push"
+  private_lane :release_commit do |options|
+    next_version = options[:version]
+
+    sh('git', 'config', '--global', 'user.email', ENV['GITHUB_EMAIL'])
+    sh('git', 'config', '--global', 'user.name', ENV['GITHUB_USER'])
+
+    commit_message = "chore: Release #{next_version}"
+    sh('git', 'commit', '-am', commit_message)
+    sh('git', 'push')
+    commit_message
+  end
+
+  desc "Create a pre-release version by pushing a new tag to GitHub"
+  lane :unstable_release do
+    next_version = calculate_next_canary_version
+
+    UI.message("Releasing Authenticator unstable version: #{next_version}")
+
+    # Create tag and push to origin
+    add_tag(version: next_version)
+  end
+
+  desc "Create a release version by pushing a new tag to GitHub and creating a new draft release"
+  lane :stable_release do |options|
+    next_version = options[:version]
+
+    UI.message("Releasing Authenticator version: #{next_version}")
+
+    # Create and push the new tag
+    add_tag(version: next_version)
+
+    # Create draft release   
+    release_date = sh("echo $(date +%F)")
+    release_title = "#{next_version} (#{release_date})"
+    sh('gh', 'release', 'create', next_version, '--draft', '--title', release_title)
+  end
+
+
+  desc "Tag in git and push to GitHub"
+  private_lane :add_tag do |options|
+    next_tag = options[:version].to_s
+
+    add_git_tag(tag: next_tag)
+    push_git_tags(tag: next_tag)
+  end
+end

fastlane/Pluginfile

@@ -0,0 +1,5 @@
+# Autogenerated by fastlane
+#
+# Ensure this file is checked in to source control!
+
+gem 'fastlane-plugin-release_actions', git: 'https://github.com/aws-amplify/amplify-ci-support', branch: 'main', glob: 'src/fastlane/release_actions/*.gemspec'

fastlane/README.md

@@ -0,0 +1,24 @@
+fastlane documentation
+----
+
+# Installation
+
+Make sure you have the latest version of the Xcode command line tools installed:
+
+```sh
+xcode-select --install
+```
+
+For _fastlane_ installation instructions, see [Installing _fastlane_](https://docs.fastlane.tools/#installing-fastlane)
+
+# Available Actions
+
+## Swift
+
+### swift release
+
+```sh
+[bundle exec] fastlane swift release
+```
+
+Create a release version by building and committing a changelog, pushing a tag to GitHub