Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release automation #680

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions .github/actions/get-prerelease/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: Return a boolean indicating if the version contains prerelease identifiers

#
# Returns a simple true/false boolean indicating whether the version indicates it's a prerelease or not.
#
# TODO: Remove once the common repo is public.
#

inputs:
version:
required: true

outputs:
prerelease:
value: ${{ steps.get_prerelease.outputs.PRERELEASE }}

runs:
using: composite

steps:
- id: get_prerelease
shell: bash
run: |
if [[ "${VERSION}" == *"beta"* || "${VERSION}" == *"alpha"* ]]; then
echo "PRERELEASE=true" >> $GITHUB_OUTPUT
else
echo "PRERELEASE=false" >> $GITHUB_OUTPUT
fi
env:
VERSION: ${{ inputs.version }}
42 changes: 42 additions & 0 deletions .github/actions/get-release-notes/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
name: Return the release notes extracted from the body of the PR associated with the release.

#
# Returns the release notes from the content of a pull request linked to a release branch. It expects the branch name to be in the format release/vX.Y.Z, release/X.Y.Z, release/vX.Y.Z-beta.N. etc.
#
# TODO: Remove once the common repo is public.
#
inputs:
version:
required: true
repo_name:
required: false
repo_owner:
required: true
token:
required: true

outputs:
release-notes:
value: ${{ steps.get_release_notes.outputs.RELEASE_NOTES }}

runs:
using: composite

steps:
- uses: actions/github-script@v7
id: get_release_notes
with:
result-encoding: string
script: |
const { data: pulls } = await github.rest.pulls.list({
owner: process.env.REPO_OWNER,
repo: process.env.REPO_NAME,
state: 'all',
head: `${process.env.REPO_OWNER}:release/${process.env.VERSION}`,
});
core.setOutput('RELEASE_NOTES', pulls[0].body);
env:
GITHUB_TOKEN: ${{ inputs.token }}
REPO_OWNER: ${{ inputs.repo_owner }}
REPO_NAME: ${{ inputs.repo_name }}
VERSION: ${{ inputs.version }}
21 changes: 21 additions & 0 deletions .github/actions/get-version/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: Return the version extracted from the branch name

#
# Returns the version from the .version file.
#
# TODO: Remove once the common repo is public.
#

outputs:
version:
value: ${{ steps.get_version.outputs.VERSION }}

runs:
using: composite

steps:
- id: get_version
shell: bash
run: |
VERSION=$(head -1 .version)
echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
44 changes: 44 additions & 0 deletions .github/actions/maven-publish/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
name: Publish release to Java

inputs:
ossr-username:
required: true
ossr-password:
required: true
signing-key:
required: true
signing-password:
required: true
java-version:
required: true
is-android:
required: true
version:
required: true

runs:
using: composite

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Java
shell: bash
run: |
curl -s "https://get.sdkman.io" | bash
source "/home/runner/.sdkman/bin/sdkman-init.sh"
sdk list java
sdk install java ${{ inputs.java-version }} && sdk default java ${{ inputs.java-version }}

- uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # pin@1.1.0

- name: Publish Java
shell: bash
if: inputs.is-android == 'false'
run: ./gradlew clean assemble sign publishMavenJavaPublicationToMavenRepository -PisSnapshot=false -Pversion="${{ inputs.version }}" -PossrhUsername="${{ inputs.ossr-username }}" -PossrhPassword="${{ inputs.ossr-password }}" -PsigningKey="${{ inputs.signing-key }}" -PsigningPassword="${{ inputs.signing-password }}"

- name: Publish Android
shell: bash
if: inputs.is-android == 'true'
run: ./gradlew clean assemble sign publishAndroidLibraryPublicationToMavenRepository -PisSnapshot=false -Pversion="${{ inputs.version }}" -PossrhUsername="${{ inputs.ossr-username }}" -PossrhPassword="${{ inputs.ossr-password }}" -PsigningKey="${{ inputs.signing-key }}" -PsigningPassword="${{ inputs.signing-password }}"
47 changes: 47 additions & 0 deletions .github/actions/release-create/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: Create a GitHub release

#
# Creates a GitHub release with the given version.
#
# TODO: Remove once the common repo is public.
#

inputs:
token:
required: true
files:
required: false
name:
required: true
body:
required: true
tag:
required: true
commit:
required: true
draft:
default: false
required: false
prerelease:
default: false
required: false
fail_on_unmatched_files:
default: true
required: false

runs:
using: composite

steps:
- uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844
with:
body: ${{ inputs.body }}
name: ${{ inputs.name }}
tag_name: ${{ inputs.tag }}
target_commitish: ${{ inputs.commit }}
draft: ${{ inputs.draft }}
prerelease: ${{ inputs.prerelease }}
fail_on_unmatched_files: ${{ inputs.fail_on_unmatched_files }}
files: ${{ inputs.files }}
env:
GITHUB_TOKEN: ${{ inputs.token }}
36 changes: 36 additions & 0 deletions .github/actions/tag-exists/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: Return a boolean indicating if a tag already exists for the repository

#
# Returns a simple true/false boolean indicating whether the tag exists or not.
#
# TODO: Remove once the common repo is public.
#

inputs:
token:
required: true
tag:
required: true

outputs:
exists:
description: 'Whether the tag exists or not'
value: ${{ steps.tag-exists.outputs.EXISTS }}

runs:
using: composite

steps:
- id: tag-exists
shell: bash
run: |
GET_API_URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/git/ref/tags/${TAG_NAME}"
http_status_code=$(curl -LI $GET_API_URL -o /dev/null -w '%{http_code}\n' -s -H "Authorization: token ${GITHUB_TOKEN}")
if [ "$http_status_code" -ne "404" ] ; then
echo "EXISTS=true" >> $GITHUB_OUTPUT
else
echo "EXISTS=false" >> $GITHUB_OUTPUT
fi
env:
TAG_NAME: ${{ inputs.tag }}
GITHUB_TOKEN: ${{ inputs.token }}
88 changes: 88 additions & 0 deletions .github/workflows/java-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
name: Create Java and GitHub Release

on:
workflow_call:
inputs:
java-version:
required: true
type: string
is-android:
required: true
type: string
secrets:
ossr-username:
required: true
ossr-password:
required: true
signing-key:
required: true
signing-password:
required: true
github-token:
required: true

### TODO: Replace instances of './.github/actions/' w/ `auth0/dx-sdk-actions/` and append `@latest` after the common `dx-sdk-actions` repo is made public.
### TODO: Also remove `get-prerelease`, `get-version`, `release-create`, `tag-create` and `tag-exists` actions from this repo's .github/actions folder once the repo is public.

jobs:
release:
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/'))
runs-on: ubuntu-latest
environment: release

steps:
# Checkout the code
- uses: actions/checkout@v4
with:
fetch-depth: 0

# Get the version from the branch name
- id: get_version
uses: ./.github/actions/get-version

# Get the prerelease flag from the branch name
- id: get_prerelease
uses: ./.github/actions/get-prerelease
with:
version: ${{ steps.get_version.outputs.version }}

# Get the release notes
- id: get_release_notes
uses: ./.github/actions/get-release-notes
with:
token: ${{ secrets.github-token }}
version: ${{ steps.get_version.outputs.version }}
repo_owner: ${{ github.repository_owner }}
repo_name: ${{ github.event.repository.name }}

# Check if the tag already exists
- id: tag_exists
uses: ./.github/actions/tag-exists
with:
tag: ${{ steps.get_version.outputs.version }}
token: ${{ secrets.github-token }}

# If the tag already exists, exit with an error
- if: steps.tag_exists.outputs.exists == 'true'
run: exit 1

# Publish the release to Maven
- uses: ./.github/actions/maven-publish
with:
java-version: ${{ inputs.java-version }}
is-android: ${{ inputs.is-android }}
version: ${{ steps.get_version.outputs.version }}
ossr-username: ${{ secrets.ossr-username }}
ossr-password: ${{ secrets.ossr-password }}
signing-key: ${{ secrets.signing-key }}
signing-password: ${{ secrets.signing-password }}

# Create a release for the tag
- uses: ./.github/actions/release-create
with:
token: ${{ secrets.github-token }}
name: ${{ steps.get_version.outputs.version }}
body: ${{ steps.get_release_notes.outputs.release-notes }}
tag: ${{ steps.get_version.outputs.version }}
commit: ${{ github.sha }}
prerelease: ${{ steps.get_prerelease.outputs.prerelease }}
27 changes: 27 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: Create GitHub Release

on:
pull_request:
types:
- closed
workflow_dispatch:

permissions:
contents: write

### TODO: Replace instances of './.github/workflows/' w/ `auth0/dx-sdk-actions/workflows/` and append `@latest` after the common `dx-sdk-actions` repo is made public.
### TODO: Also remove `get-prerelease`, `get-release-notes`, `get-version`, `maven-publish`, `release-create`, and `tag-exists` actions from this repo's .github/actions folder once the repo is public.
### TODO: Also remove `java-release` workflow from this repo's .github/workflows folder once the repo is public.

jobs:
release:
uses: ./.github/workflows/java-release.yml
with:
java-version: 11.0.21-tem
is-android: false
secrets:
ossr-username: ${{ secrets.OSSR_USERNAME }}
ossr-password: ${{ secrets.OSSR_PASSWORD }}
signing-key: ${{ secrets.SIGNING_KEY }}
signing-password: ${{ secrets.SIGNING_PASSWORD }}
github-token: ${{ secrets.GITHUB_TOKEN }}
1 change: 1 addition & 0 deletions .shiprc
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{
"files": {
"README.md": [],
".version": [],
"lib/build.gradle": ["version = \"{MAJOR}.{MINOR}.{PATCH}\""]
},
"prefixVersion": false
Expand Down
1 change: 1 addition & 0 deletions .version
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
4.4.0
16 changes: 8 additions & 8 deletions lib/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,16 @@ tasks.named("checkstyleJmh").configure({

logger.lifecycle("Using version ${version} for ${group}.${name}")

def signingKey = findProperty('signingKey')
def signingKeyPwd = findProperty('signingPassword')

oss {
name "java jwt"
repository "java-jwt"
organization "auth0"
description "Java implementation of JSON Web Token (JWT)"
baselineCompareVersion "4.1.0"
skipAssertSigningConfiguration true

developers {
auth0 {
Expand All @@ -54,6 +58,10 @@ oss {
}
}

signing {
useInMemoryPgpKeys(signingKey, signingKeyPwd)
}

java {
toolchain {
languageVersion = JavaLanguageVersion.of(11)
Expand Down Expand Up @@ -158,14 +166,6 @@ jar {
compileModuleInfoJava.dependsOn compileJava
classes.dependsOn compileModuleInfoJava

// Creates a version.txt file containing the current version of the SDK.
// This file is picked up and parsed by our Ship Orb to determine the version.
task exportVersion() {
doLast {
new File(rootDir, "version.txt").text = "$version"
}
}

// you can pass any arguments JMH accepts via Gradle args.
// Example: ./gradlew runJMH --args="-lrf"
tasks.register('runJMH', JavaExec) {
Expand Down