From ac22da0e9cc392c80b7b9e9f011d5a3395dfc385 Mon Sep 17 00:00:00 2001
From: Todd Anderson <tanderson@launchdarkly.com>
Date: Wed, 10 Apr 2024 13:43:42 -0500
Subject: [PATCH] wip

---
 .github/actions/ci/action.yml        | 11 +++---
 .github/actions/publish/action.yml   | 43 ++++++++++++++++++++++
 .github/actions/publish/publish.sh   | 22 ++++++++++++
 .github/workflows/ldotel.yml         |  5 ++-
 .github/workflows/manual-publish.yml | 54 ++++++++++++++++++++++++++++
 .gitignore                           |  2 ++
 6 files changed, 127 insertions(+), 10 deletions(-)
 create mode 100644 .github/actions/publish/action.yml
 create mode 100644 .github/actions/publish/publish.sh
 create mode 100644 .github/workflows/manual-publish.yml
 create mode 100644 .gitignore

diff --git a/.github/actions/ci/action.yml b/.github/actions/ci/action.yml
index 154f4b7..583dc68 100644
--- a/.github/actions/ci/action.yml
+++ b/.github/actions/ci/action.yml
@@ -3,10 +3,7 @@
 # additional package specific steps.
 name: Shared CI Workflow
 inputs:
-  package_name:
-    description: 'Name of the package.'
-    required: true
-  package_path:
+  workspace_path:
     description: 'Path to the package.'
     required: true
   run_tests:
@@ -33,14 +30,14 @@ runs:
     - name: Restore dependencies
       shell: bash
       id: restore
-      run: ${{ inputs.package_path }}/gradlew dependencies -p ${{ inputs.package_path }}
+      run: ${{ inputs.workspace_path }}/gradlew dependencies -p ${{ inputs.workspace_path }}
 
     - name: Build
       shell: bash
       id: build
-      run: ${{ inputs.package_path }}/gradlew jar -p ${{ inputs.package_path }}
+      run: ${{ inputs.workspace_path }}/gradlew jar -p ${{ inputs.workspace_path }}
 
     - name: Run Tests
       if: steps.build.outcome == 'success' && inputs.run_tests == 'true'
       shell: bash
-      run: ${{ inputs.package_path }}/gradlew test -p ${{ inputs.package_path }}
+      run: ${{ inputs.workspace_path }}/gradlew test -p ${{ inputs.workspace_path }}
diff --git a/.github/actions/publish/action.yml b/.github/actions/publish/action.yml
new file mode 100644
index 0000000..305c810
--- /dev/null
+++ b/.github/actions/publish/action.yml
@@ -0,0 +1,43 @@
+name: Publish Package
+description: 'Publish the package to Sonatype'
+inputs:
+  workspace_path:
+    description: 'Path to the workspace.'
+    required: true
+  dry_run:
+    description: 'Is this a dry run. If so no package will be published.'
+    required: true
+  prerelease:
+    description: 'Is this a prerelease. If so then it will be published to the staging repository only.'
+    required: true
+  signing_key_id:
+    description: 'Signing key ID'
+    required: true
+  signing_key_passphrase:
+    description: 'Signing key passphrase'
+    required: true
+  code_signing_keyring:
+    description: 'The path of the code signing keyring.'
+    required: true
+  sonatype_username:
+    description: 'Sonatype repo username.'
+    required: true
+  sonatype_password:
+    description: 'Sonatype repo password.'
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Publish Library
+      shell: bash
+      env:
+        WORKSPACE_PATH: ${{ inputs.workspace_path }}
+        LD_RELEASE_IS_PRERELEASE: ${{ inputs.prerelease }}
+        LD_RELEASE_IS_DRYRUN: ${{ inputs.dry_run }}
+        SIGNING_KEY_ID: ${{ inputs.signing_key_id }}
+        SIGNING_KEY_PASSPHRASE: ${{ inputs.signing_key_passphrase }}
+        SIGNING_SECRET_KEY_RING_FILE: ${{ inputs.code_signing_keyring }}
+        SONATYPE_USER_NAME: ${{ inputs.sonatype_username }}
+        SONATYPE_PASSWORD: ${{ inputs.sonatype_password }}
+      run: source $GITHUB_ACTION_PATH/publish.sh
\ No newline at end of file
diff --git a/.github/actions/publish/publish.sh b/.github/actions/publish/publish.sh
new file mode 100644
index 0000000..dd72f06
--- /dev/null
+++ b/.github/actions/publish/publish.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -ue
+
+if $LD_RELEASE_IS_DRYRUN ; then
+  echo "Doing a dry run of publishing."
+else
+    echo "Publishing to Sonatype"
+    if [ "${LD_RELEASE_IS_PRERELEASE}" == "true" ]; then
+        echo "PRERELEASE"
+        ${WORKSPACE_PATH}/gradlew publishToSonatype -p ${WORKSPACE_PATH} -Psigning.keyId="${SIGNING_KEY_ID}" -Psigning.password="${SIGNING_KEY_PASSPHRASE}" -Psigning.secretKeyRingFile="${SIGNING_SECRET_KEY_RING_FILE}" -PsonatypeUsername="${SONATYPE_USER_NAME}" -PsonatypePassword="${SONATYPE_PASSWORD}" || {
+            echo "Gradle publish/release failed" >&2
+            exit 1
+        }
+    else
+        echo "RELEASE"
+        ${WORKSPACE_PATH}/gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository -p ${WORKSPACE_PATH} -Psigning.keyId="${SIGNING_KEY_ID}" -Psigning.password="${SIGNING_KEY_PASSPHRASE}" -Psigning.secretKeyRingFile="${SIGNING_SECRET_KEY_RING_FILE}" -PsonatypeUsername="${SONATYPE_USER_NAME}" -PsonatypePassword="${SONATYPE_PASSWORD}" || {
+            echo "Gradle publish/release failed" >&2
+            exit 1
+        }
+    fi
+fi
\ No newline at end of file
diff --git a/.github/workflows/ldotel.yml b/.github/workflows/ldotel.yml
index de81c8d..f8fef91 100644
--- a/.github/workflows/ldotel.yml
+++ b/.github/workflows/ldotel.yml
@@ -15,10 +15,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - id: shared
-        name: Shared CI Steps
+
+      - name: Shared CI Steps
         uses: ./.github/actions/ci
         with:
-          package_name: 'ldotel'
           package_path: 'lib/ldotel'
           java_version: 8
diff --git a/.github/workflows/manual-publish.yml b/.github/workflows/manual-publish.yml
new file mode 100644
index 0000000..dce0c0b
--- /dev/null
+++ b/.github/workflows/manual-publish.yml
@@ -0,0 +1,54 @@
+name: Publish Package
+on:
+  workflow_dispatch:
+    inputs:
+      workspace_path:
+        description: 'The workspace to publish'
+        required: true
+        type: choice
+        options:
+          - lib/libotel
+      prerelease:
+        description: 'Is this a prerelease. If so, then the latest tag will not be updated in npm.'
+        type: boolean
+        required: true
+      dry_run:
+        description: 'Is this a dry run. If so no package will be published.'
+        type: boolean
+        required: true
+      run_tests:
+        description: 'If true, run unit tests, otherwise skip them.'
+        type: boolean
+        default: true
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v3
+      
+      - name: Shared CI Steps
+        uses: ./.github/actions/ci
+        with:
+          package_path: '${{ inputs.package_path }}
+          java_version: 8
+
+      - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.1.0
+        name: Get secrets
+        with:
+          aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
+          ssm_parameter_pairs: '/production/common/releasing/sonatype/username = SONATYPE_USER_NAME,
+          /production/common/releasing/sonatype/password = SONATYPE_PASSWORD
+          /production/common/releasing/java/keyId = SIGNING_KEY_ID'
+          s3_path_pairs: 'launchdarkly-releaser/java/code-signing-keyring.gpg = code-signing-keyring.gpg'
+
+      - name: Publish
+        uses: ./.github/actions/publish
+        with:
+          workspace_path: ${{ inputs.workspace_path }}
+          dry_run: ${{ inputs.dry_run }}
+          prerelease: ${{ inputs.prerelease }}
+          code_signing_keyring: 'code-signing-keyring.gpg'
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..23622f5
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+.idea/*
+.vscode