CI: Update release pipeline to deploy full releases

This splits up the release pipeline into a pre-release pipeline and a
release pipeline.

The prerelease pipeline, in addition to creating the release builds
also:

 - Uploads the artifacts to maven
 - Creates a draft release on Github

The release pipeline now:

 - Runs as soon as the draft release on Github is released
 - Pushes the docker images to Docker Hub

Author: zgtm

.github/workflows/prerelease.yaml

@@ -0,0 +1,146 @@
+name: Pre-Release
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build_release:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        include:
+          - os: ubuntu-20.04
+            name: linux
+          - os: macos-11
+            name: macos
+          - os: windows-2019
+            name: windows
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          distribution: zulu
+          java-version: 8
+
+      - name: Set Build Buddy config
+        shell: bash
+        run: .github/scripts/echoBuildBuddyConfig.sh ${{ secrets.BUILDBUDDY_API_KEY }} >> $GITHUB_ENV
+
+      - name: Append build settings to .bazelrc
+        shell: bash
+        run: |
+          echo "build --announce_rc" >> .bazelrc
+          echo "build:linux --config=toolchain" >> .bazelrc
+          echo "build:linux --extra_toolchains=@llvm_toolchain//:cc-toolchain-x86_64-linux" >> .bazelrc
+
+      - name: Build
+        shell: bash
+        # Double forward slashes are converted to single ones by Git Bash on Windows, so we use working directory
+        # relative labels instead.
+        run: |
+          bazelisk build ${{env.BUILD_BUDDY_CONFIG}} deploy:jazzer :jazzer_release
+          cp -L $(bazel cquery --output=files deploy:jazzer) jazzer-${{ matrix.name }}.jar
+          cp -L $(bazel cquery --output=files :jazzer_release) jazzer-${{ matrix.name }}.tar.gz
+
+      - name: Upload jazzer.jar
+        uses: actions/upload-artifact@v3
+        with:
+          name: jazzer_tmp
+          path: jazzer-${{ matrix.name }}.jar
+          if-no-files-found: error
+
+      - name: Upload release archive
+        uses: actions/upload-artifact@v3
+        with:
+          name: jazzer_releases
+          path: jazzer-${{ matrix.name }}.tar.gz
+          if-no-files-found: error
+
+  merge_jars:
+    runs-on: ubuntu-latest
+    needs: build_release
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Download individual jars
+        uses: actions/download-artifact@v3
+        with:
+          name: jazzer_tmp
+          path: _tmp/
+
+      - name: Merge jars
+        run: |
+          bazel run @rules_jvm_external//private/tools/java/com/github/bazelbuild/rules_jvm_external/jar:MergeJars -- \
+            --output "$(pwd)"/_tmp/jazzer.jar \
+            $(find "$(pwd)/_tmp/" -name '*.jar' -printf "--sources %h/%f ")
+
+      - name: Upload merged jar
+        uses: actions/upload-artifact@v3
+        with:
+          name: jazzer
+          path: _tmp/jazzer.jar
+          if-no-files-found: error
+
+  maven_predeploy:
+    runs-on: ubuntu-latest
+    needs: merge_jars
+
+    environment:
+      name: Deploy
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Download merged jar
+        uses: actions/download-artifact@v3
+        with:
+          name: jazzer
+          path: _tmp/
+
+      - name: Run Deployment
+        env:
+          RELEASE_SIGNING_KEY_ID: ${{ secrets.RELEASE_SIGNING_KEY_ID }}
+          RELEASE_SIGNING_KEY_PRIVATE: ${{ secrets.RELEASE_SIGNING_KEY_PRIVATE }}
+          MAVEN_USER: ${{ secrets.MAVEN_USER }}
+          MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
+        run: JAZZER_JAR_PATH="$(pwd)/_tmp/jazzer.jar" bazel run deploy
+
+  create_release:
+    needs: build_release
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write # for creating releases
+
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: Download individual tar.gzs
+        uses: actions/download-artifact@v3
+        with:
+          name: jazzer_releases
+          path: _releases/
+
+      - name: read version
+        id: read-version
+        run: |
+          echo ::set-output name=version::\
+          $(sed -nr 's/JAZZER_VERSION = "(.*)"/\1/p' maven.bzl)
+        shell: bash
+
+      - name: create release
+        uses: softprops/action-gh-release@v1
+        with:
+          name: v${{ steps.read-version.outputs.version }}
+          tag_name: v${{ steps.read-version.outputs.version }}
+          generate_release_notes: true
+          draft: true
+          files: |
+            _releases/jazzer-linux.tar.gz
+            _releases/jazzer-macos.tar.gz
+            _releases/jazzer-windows.tar.gz

.github/workflows/release.yml

@@ -2,85 +2,21 @@ name: Release
 
 on:
   workflow_dispatch:
+  release:
+    types: [released]
 
 jobs:
-  build_release:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        include:
-          - os: ubuntu-20.04
-            name: linux
-          - os: macos-11
-            name: macos
-          - os: windows-2019
-            name: windows
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Set up JDK
-        uses: actions/setup-java@v3
-        with:
-          distribution: zulu
-          java-version: 8
-
-      - name: Set Build Buddy config
-        shell: bash
-        run: .github/scripts/echoBuildBuddyConfig.sh ${{ secrets.BUILDBUDDY_API_KEY }} >> $GITHUB_ENV
-
-      - name: Append build settings to .bazelrc
-        shell: bash
-        run: |
-          echo "build --announce_rc" >> .bazelrc
-          echo "build:linux --config=toolchain" >> .bazelrc
-          echo "build:linux --extra_toolchains=@llvm_toolchain//:cc-toolchain-x86_64-linux" >> .bazelrc
-
-      - name: Build
-        shell: bash
-        # Double forward slashes are converted to single ones by Git Bash on Windows, so we use working directory
-        # relative labels instead.
-        run: |
-          bazelisk build ${{env.BUILD_BUDDY_CONFIG}} deploy:jazzer :jazzer_release
-          cp -L $(bazel cquery --output=files deploy:jazzer) jazzer-${{ matrix.name }}.jar
-          cp -L $(bazel cquery --output=files :jazzer_release) jazzer-${{ matrix.name }}.tar.gz
-
-      - name: Upload jazzer.jar
-        uses: actions/upload-artifact@v3
-        with:
-          name: jazzer_tmp
-          path: jazzer-${{ matrix.name }}.jar
-          if-no-files-found: error
-
-      - name: Upload release archive
-        uses: actions/upload-artifact@v3
-        with:
-          name: jazzer_releases
-          path: jazzer-${{ matrix.name }}.tar.gz
-          if-no-files-found: error
-
-  merge_jars:
+  docker_push:
     runs-on: ubuntu-latest
-    needs: build_release
+
+    environment:
+      name: Deploy
 
     steps:
       - uses: actions/checkout@v3
 
-      - name: Download individual jars
-        uses: actions/download-artifact@v3
-        with:
-          name: jazzer_tmp
-          path: _tmp/
-
-      - name: Merge jars
-        run: |
-          bazel run @rules_jvm_external//private/tools/java/com/github/bazelbuild/rules_jvm_external/jar:MergeJars -- \
-            --output "$(pwd)"/_tmp/jazzer.jar \
-            $(find "$(pwd)/_tmp/" -name '*.jar' -printf "--sources %h/%f ")
+      - name: Docker login
+        run: echo "${{ secrets.DOCKER_TOKEN }}" | docker login --username ${{ secrets.DOCKER_USER }} --password-stdin
 
-      - name: Upload merged jar
-        uses: actions/upload-artifact@v3
-        with:
-          name: jazzer
-          path: _tmp/jazzer.jar
-          if-no-files-found: error
+      - name: Push docker containers
+        run: docker/push_all.sh

deploy/deploy.sh

@@ -22,6 +22,9 @@ fail() {
 
 cd "$BUILD_WORKSPACE_DIRECTORY" || fail "BUILD_WORKSPACE_DIRECTORY not found"
 
+echo "$RELEASE_SIGNING_KEY_PRIVATE" | gpg --import
+echo "default-key $RELEASE_SIGNING_KEY_ID" > $HOME/.gnupg/gpg.conf
+
 JAZZER_COORDINATES=$1
 
 [ -z "${MAVEN_USER+x}" ] && \