automated-release.yml

name: Automate Release

on:
  workflow_call:
    inputs:
      jira-project-key:
        description: "Jira project key"
        required: true
        type: string
      project-name:
        description: "Project name"
        required: true
        type: string
      plugin-name:
        description: "Plugin name"
        required: true
        type: string
      plugin-artifacts-sqs:
        description: "SQS Plugin artifacts"
        required: false
        type: string
      plugin-artifacts-sqc:
        description: "SQC Plugin artifacts"
        required: false
        type: string
      use-jira-sandbox:
        description: "Use Jira sandbox"
        required: false
        type: boolean
        default: true
      is-draft-release:
        description: "Create draft release"
        required: false
        type: boolean
        default: true
      pm-email:
        description: "Product manager email"
        required: true
        type: string
      release-automation-secret-name:
        description: "Release automation secret name to create integration PRs in SQS and SQC. If not provided uses `sonar-{plugin-name}-release-automation` as default."
        required: false
        type: string
      short-description:
        description: "A brief summary of what the release contains. This description will be used for the release ticket and integration tickets."
        required: true
        type: string
      rule-props-changed:
        description: "Did any rule properties change in this release"
        required: true
        type: string
      branch:
        description: "Branch from which to do the release"
        required: true
        type: string
        default: "master"
      release-notes:
        description: "Release notes for the Jira Release Version. If blank, release notes will be generated from the Jira Release."
        required: false
        type: string
      sq-ide-short-description:
        description: "Short summary of SQ IDE related changes."
        required: false
        type: string
      new-version:
        description: "New version to release"
        required: true
        type: string
      create-slvs-ticket:
        description: "Create SLVS integration ticket"
        required: false
        type: boolean
        default: false
      create-slvscode-ticket:
        description: "Create SLVSCODE integration ticket"
        required: false
        type: boolean
        default: false
      create-sle-ticket:
        description: "Create SLE integration ticket"
        required: false
        type: boolean
        default: false
      create-sli-ticket:
        description: "Create SLI integration ticket"
        required: false
        type: boolean
        default: false
      sqs-integration:
        description: "Creat SQS integration ticket and PR"
        required: false
        type: boolean
        default: true
      sqc-integration:
        description: "Creat SQC integration ticket and PR"
        required: false
        type: boolean
        default: true
      runner-environment:
        description: "Environment where the workflow will run"
        required: false
        type: string
        default: "sonar-m"
      release-process:
        description: "Release process documentation URL"
        required: false
        type: string
        default: "https://xtranet-sonarsource.atlassian.net/wiki/x/YtoL" # general Release Procedures page
      verbose:
        description: "Emit job summaries"
        required: false
        type: boolean
        default: false
      freeze-branch:
        description: "Freeze the branch during the release"
        required: false
        type: boolean
        default: true
      check-releasability:
        description: "Check the releasability status after freezing the branch"
        required: false
        type: boolean
        default: true
      slack-channel:
        description: "Slack channel for notifications"
        required: false
        type: string
      issue-categories:
        description: "Jira issue categories to include in the release notes"
        required: false
        type: string
        default: "Feature,False Positive,False Negative,Bug,Security"
      bump-version:
        description: "Whether to bump the version after the release. If false, the workflow will just output the next version without modifying any files."
        required: false
        type: boolean
        default: false
      bump-version-normalize:
        description: "If true, the version will have full major.minor.patch format, otherwise the final .0 is dropped."
        required: false
        type: boolean
        default: false
      bump-version-pr-lables:
        description: "Labels to apply to the version bump pull request if bump-version is true. For example, 'update-next-dev,skip-qa'."
        required: false
        type: string
      bump-version-exlusions:
        description: "Comma-separated list of module to exclude from the version bump commit."
        required: false
        type: string

    outputs:
      new-version:
        description: "New version to release"
        value: ${{ jobs.release-in-jira.outputs.new-version }}
env:
  JIRA_PROJECT_KEY: ${{ inputs.jira-project-key }}
  USE_JIRA_SANDBOX: ${{ inputs.use-jira-sandbox == true && 'true' || 'false' }}

jobs:
  # This job freezes the specified branch to prevent changes during the release process.
  freeze-branch:
    name: Freeze ${{ inputs.branch }} branch
    if: ${{ inputs.freeze-branch }}
    runs-on: ${{ inputs.runner-environment }}
    permissions:
      id-token: write
    steps:
      - name: Freeze branch
        uses: SonarSource/release-github-actions/lock-branch@2a5ddd698dd3992bf592cf454a04da8fc99fecc5
        with:
          branch: ${{ inputs.branch }}
          freeze: true
          slack-channel: ${{ inputs.slack-channel }}
      - name: Summary
        if: ${{ inputs.verbose }}
        shell: bash
        env:
          BRANCH: ${{ inputs.branch }}
          SLACK_CHANNEL: ${{ inputs.slack-channel || 'not set' }}
        run: |
          echo "## 🧊 Freeze Branch" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### What happened" >> $GITHUB_STEP_SUMMARY
          echo "- Locked branch pattern \`$BRANCH\` to prevent changes during the release." >> $GITHUB_STEP_SUMMARY
          echo "- Notifications sent to Slack channel: \`$SLACK_CHANNEL\`." >> $GITHUB_STEP_SUMMARY

  # This job executes the releasability check on the branch to ensure it is ready for release.
  # Running this check early prevents unnecessary work (like creating REL tickets) if the release cannot proceed.
  check-releasability:
    name: Check Releasability
    if: |
      inputs.check-releasability &&
      !cancelled() &&
      (needs.freeze-branch.result == 'success' || needs.freeze-branch.result == 'skipped')
    needs: [ freeze-branch ]
    runs-on: ${{ inputs.runner-environment }}
    permissions:
      id-token: write
      contents: read
      statuses: read
    outputs:
      release-version: ${{ steps.get-version.outputs.release-version }}
    steps:
      - name: Get Release Version
        id: get-version
        uses: SonarSource/release-github-actions/get-release-version@v1
        with:
          branch: ${{ inputs.branch }}

      - uses: SonarSource/gh-action_releasability@v3
        id: releasability
        with:
          branch: ${{ github.ref_name }}
          commit-sha: ${{ github.sha }}
          organization: ${{ github.repository_owner }}
          repository: ${{ github.event.repository.name }}
          version: ${{ steps.get-version.outputs.release-version }}

      - name: Summary
        if: ${{ always() && inputs.verbose }}
        shell: bash
        env:
          BRANCH: ${{ inputs.branch }}
          VERSION: ${{ steps.get-version.outputs.release-version }}
          CHECK_OUTCOME: ${{ steps.releasability.outcome }}
          CHECK_DEPENDENCIES: ${{ steps.releasability.outputs.releasabilityCheckDependencies }}
          CHECK_QA: ${{ steps.releasability.outputs.releasabilityQA }}
          CHECK_JIRA: ${{ steps.releasability.outputs.releasabilityJira }}
          CHECK_PEACHEE: ${{ steps.releasability.outputs.releasabilityCheckPeacheeLanguagesStatistics }}
          CHECK_QUALITY_GATE: ${{ steps.releasability.outputs.releasabilityQualityGate }}
          CHECK_PARENT_POM: ${{ steps.releasability.outputs.releasabilityParentPOM }}
          CHECK_GITHUB: ${{ steps.releasability.outputs.releasabilityGitHub }}
          CHECK_MANIFEST: ${{ steps.releasability.outputs.releasabilityCheckManifestValues }}
          CHECK_LICENSES: ${{ steps.releasability.outputs.releasabilityCheckLicenses }}
        run: |
          if [ "$CHECK_OUTCOME" = "success" ]; then
            echo "## ✅ Releasability Check" >> $GITHUB_STEP_SUMMARY
          else
            echo "## ❌ Releasability Check Failed" >> $GITHUB_STEP_SUMMARY
          fi
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### What happened" >> $GITHUB_STEP_SUMMARY
          echo "- Executed releasability check on branch \`$BRANCH\` for version \`$VERSION\`." >> $GITHUB_STEP_SUMMARY
          if [ "$CHECK_OUTCOME" != "success" ]; then
            echo "" >> $GITHUB_STEP_SUMMARY
            echo "### Failed Checks" >> $GITHUB_STEP_SUMMARY
            [ "$CHECK_DEPENDENCIES" = "FAILED" ] && echo "- ❌ CheckDependencies" >> $GITHUB_STEP_SUMMARY
            [ "$CHECK_QA" = "FAILED" ] && echo "- ❌ QA" >> $GITHUB_STEP_SUMMARY
            [ "$CHECK_JIRA" = "FAILED" ] && echo "- ❌ Jira" >> $GITHUB_STEP_SUMMARY
            [ "$CHECK_PEACHEE" = "FAILED" ] && echo "- ❌ CheckPeacheeLanguagesStatistics" >> $GITHUB_STEP_SUMMARY
            [ "$CHECK_QUALITY_GATE" = "FAILED" ] && echo "- ❌ QualityGate" >> $GITHUB_STEP_SUMMARY
            [ "$CHECK_PARENT_POM" = "FAILED" ] && echo "- ❌ ParentPOM" >> $GITHUB_STEP_SUMMARY
            [ "$CHECK_GITHUB" = "FAILED" ] && echo "- ❌ GitHub" >> $GITHUB_STEP_SUMMARY
            [ "$CHECK_MANIFEST" = "FAILED" ] && echo "- ❌ CheckManifestValues" >> $GITHUB_STEP_SUMMARY
            [ "$CHECK_LICENSES" = "FAILED" ] && echo "- ❌ CheckLicenses" >> $GITHUB_STEP_SUMMARY
          fi

  # This step determines the release version, Jira version name, and gathers release notes.
  # It sets up the necessary outputs for subsequent steps.
  # These outputs include the release version, Jira version name, release notes, Jira release notes, and Jira release URL.
  prepare-release:
    name: Prepare Release
    needs: [ check-releasability ]
    if: |
      !cancelled() &&
      (needs.check-releasability.result == 'success' || needs.check-releasability.result == 'skipped')
    runs-on: ${{ inputs.runner-environment }}
    permissions:
      statuses: read
      contents: read
      id-token: write
    outputs:
      release-version: ${{ needs.check-releasability.outputs.release-version || steps.get-release-version.outputs.release-version }}
      jira-version-name: ${{ steps.get-jira-version.outputs.jira-version-name }}
      release-notes: ${{ inputs.release-notes != '' && inputs.release-notes || steps.get-jira-release-notes.outputs.release-notes }}
      jira-release-notes: ${{ inputs.release-notes != '' && inputs.release-notes || steps.get-jira-release-notes.outputs.jira-release-notes }}
      jira-release-url: ${{ steps.get-jira-release-notes.outputs.jira-release-url }}
      jira-release-issue-filter-url: ${{ steps.get-jira-release-notes.outputs.jira-release-issue-filter-url }}
    steps:
      - name: Get Release Version
        id: get-release-version
        if: ${{ needs.check-releasability.result == 'skipped' }}
        uses: SonarSource/release-github-actions/get-release-version@v1
        with:
          branch: ${{ inputs.branch }}

      - name: Get Jira Version
        id: get-jira-version
        uses: SonarSource/release-github-actions/get-jira-version@v1

      - name: Get Jira Release Notes
        id: get-jira-release-notes
        if: inputs.release-notes == ''
        uses: SonarSource/release-github-actions/get-jira-release-notes@v1
        with:
          issue-types: ${{ inputs.issue-categories }}

      - name: Summary
        if: ${{ inputs.verbose }}
        shell: bash
        env:
          BRANCH: ${{ inputs.branch }}
          JIRA_PROJECT_KEY: ${{ inputs.jira-project-key }}
          USE_JIRA_SANDBOX: ${{ inputs.use-jira-sandbox == true && 'true' || 'false' }}
          RELEASE_NOTES: ${{ inputs.release-notes }}
        run: |
          echo "## 🆗 Prepare Release" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### What happened" >> $GITHUB_STEP_SUMMARY
          echo "- Determined the release version from branch \`$BRANCH\`." >> $GITHUB_STEP_SUMMARY
          echo "- Retrieved the Jira version name for project \`$JIRA_PROJECT_KEY\` (sandbox: \`$USE_JIRA_SANDBOX\`)." >> $GITHUB_STEP_SUMMARY
          if [ "$RELEASE_NOTES" != "" ]; then
            echo "- Used release notes provided by the caller." >> $GITHUB_STEP_SUMMARY
          else
            echo "- Generated release notes from Jira." >> $GITHUB_STEP_SUMMARY
            echo "  - See Jira release: ${{ steps.get-jira-release-notes.outputs.jira-release-url }}" >> $GITHUB_STEP_SUMMARY
          fi
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### Results" >> $GITHUB_STEP_SUMMARY
          echo "- Release version: \`${{ needs.check-releasability.outputs.release-version || steps.get-release-version.outputs.release-version }}\`." >> $GITHUB_STEP_SUMMARY
          echo "- Jira version name: \`${{ steps.get-jira-version.outputs.jira-version-name }}\`." >> $GITHUB_STEP_SUMMARY

  # This step creates a Jira release ticket using the prepared release information.
  # It outputs the release ticket key and URL for further use.
  create-release-ticket:
    name: Create Release Ticket
    runs-on: ${{ inputs.runner-environment }}
    needs: prepare-release
    permissions:
      statuses: read
      contents: read
      id-token: write
    outputs:
      release-ticket-key: ${{ steps.create-ticket.outputs.release-ticket-key }}
      release-ticket-url: ${{ steps.create-ticket.outputs.release-ticket-url }}
    steps:
      - name: Create Jira Release Ticket
        id: create-ticket
        uses: SonarSource/release-github-actions/create-jira-release-ticket@v1
        with:
          project-name: ${{ inputs.project-name }}
          short-description: ${{ inputs.short-description }}
          rule-props-changed: ${{ inputs.rule-props-changed == 'true' && 'Yes' || 'No' }}
          jira-release-url: ${{ needs.prepare-release.outputs.jira-release-issue-filter-url }}
          start-progress: true
          version: ${{ needs.prepare-release.outputs.release-version }}

      - name: Summary
        if: ${{ inputs.verbose }}
        shell: bash
        env:
          PROJECT_NAME: ${{ inputs.project-name }}
          RULE_PROPS_CHANGED: ${{ inputs.rule-props-changed }}
        run: |
          echo "## 🧾 Create Release Ticket" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### What happened" >> $GITHUB_STEP_SUMMARY
          echo "- Created a Jira release ticket for project \`$PROJECT_NAME\` using version \`${{ needs.prepare-release.outputs.release-version }}\`." >> $GITHUB_STEP_SUMMARY
          echo "- Rule properties changed: \`$RULE_PROPS_CHANGED\`." >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### Results" >> $GITHUB_STEP_SUMMARY
          echo "- Ticket key: \`${{ steps.create-ticket.outputs.release-ticket-key }}\`." >> $GITHUB_STEP_SUMMARY
          echo "- Ticket link: ${{ steps.create-ticket.outputs.release-ticket-url }}" >> $GITHUB_STEP_SUMMARY

  # This step publishes the GitHub release using the prepared release information and the created Jira release ticket.
  # It outputs the GitHub release URL for further use.
  publish-github-release:
    name: Publish Github Release
    runs-on: ${{ inputs.runner-environment }}
    needs: [ prepare-release, create-release-ticket ]
    permissions:
      id-token: write
      contents: write
      actions: write
    outputs:
      github-release-url: ${{ steps.publish-github-release.outputs.release-url}}
    steps:
      - name: Publish GitHub Release
        id: publish-github-release
        uses: SonarSource/release-github-actions/publish-github-release@v1
        with:
          release-version: ${{ needs.prepare-release.outputs.release-version }}
          release-notes: ${{ inputs.release-notes != '' && inputs.release-notes || needs.prepare-release.outputs.release-notes }}
          draft: ${{ inputs.is-draft-release }}
          branch: ${{ inputs.branch }}

      - name: Summary
        if: ${{ inputs.verbose }}
        shell: bash
        env:
          BRANCH: ${{ inputs.branch }}
          IS_DRAFT_RELEASE: ${{ inputs.is-draft-release == true && 'true' || 'false' }}
        run: |
          echo "## 📦 Publish GitHub Release" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### What happened" >> $GITHUB_STEP_SUMMARY
          echo "- Published a GitHub release for version \`${{ needs.prepare-release.outputs.release-version }}\` from branch \`$BRANCH\`." >> $GITHUB_STEP_SUMMARY
          echo "- Draft release: \`$IS_DRAFT_RELEASE\`." >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### Results" >> $GITHUB_STEP_SUMMARY
          echo "- Release page: ${{ steps.publish-github-release.outputs.release-url }}" >> $GITHUB_STEP_SUMMARY

  # This job unfreezes the specified branch after the GitHub release is published.
  unfreeze-branch:
    name: Unfreeze ${{ inputs.branch }} branch
    if: ${{ inputs.freeze-branch }}
    runs-on: ${{ inputs.runner-environment }}
    needs: [ publish-github-release ]
    permissions:
      id-token: write
    steps:
      - name: Unfreeze branch
        uses: SonarSource/release-github-actions/lock-branch@2a5ddd698dd3992bf592cf454a04da8fc99fecc5
        with:
          branch: ${{ inputs.branch }}
          freeze: false
          slack-channel: ${{ inputs.slack-channel }}
      - name: Summary
        if: ${{ inputs.verbose }}
        shell: bash
        env:
          BRANCH: ${{ inputs.branch }}
          SLACK_CHANNEL: ${{ inputs.slack-channel || 'not set' }}
        run: |
          echo "## 🔓 Unfreeze Branch" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### What happened" >> $GITHUB_STEP_SUMMARY
          echo "- Unlocked branch pattern \`$BRANCH\` after publishing the GitHub release." >> $GITHUB_STEP_SUMMARY
          echo "- Notifications sent to Slack channel: \`$SLACK_CHANNEL\`." >> $GITHUB_STEP_SUMMARY

  # This step releases the version in Jira and moves the release ticket to the "Technical Release Done" status.
  # It outputs the new version name and integration ticket keys and URLs.
  release-in-jira:
    name: Release Version In Jira
    runs-on: ${{ inputs.runner-environment }}
    needs: [ prepare-release, publish-github-release, create-release-ticket ]
    permissions:
      statuses: read
      contents: read
      id-token: write
    outputs:
      new-version: ${{ steps.create-jira-version.outputs.jira-new-version-name }}
    steps:
      - name: Release in Jira
        uses: SonarSource/release-github-actions/release-jira-version@v1
        with:
          jira-version-name: ${{ needs.prepare-release.outputs.jira-version-name }}
      - name: Create new release in jira
        id: create-jira-version
        uses: SonarSource/release-github-actions/create-jira-version@v1
        with:
          jira-version-name: ${{ needs.prepare-release.outputs.jira-version-name }}
          jira-new-version-name: ${{ inputs.new-version }}
      - name: Move release ticket to Technical release Done
        uses: SonarSource/release-github-actions/update-release-ticket-status@v1
        with:
          release-ticket-key: ${{ needs.create-release-ticket.outputs.release-ticket-key }}
          status: "Technical Release Done"
          assignee: ${{ inputs.pm-email }}

      - name: Summary
        if: ${{ inputs.verbose }}
        shell: bash
        env:
          NEW_VERSION: ${{ inputs.new-version || 'not specified, autoincrement minor version' }}
          PM_EMAIL: ${{ inputs.pm-email }}
        run: |
          echo "## 🗂️ Release in Jira" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### What happened" >> $GITHUB_STEP_SUMMARY
          echo "- Released current Jira version \`${{ needs.prepare-release.outputs.jira-version-name }}\`." >> $GITHUB_STEP_SUMMARY
          echo "- Created new Jira version named \`$NEW_VERSION\`." >> $GITHUB_STEP_SUMMARY
          echo "- Moved the release ticket to \"Technical Release Done\" and assigned it to \`$PM_EMAIL\`." >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### Results" >> $GITHUB_STEP_SUMMARY
          echo "- New Jira version: \`${{ steps.create-jira-version.outputs.jira-new-version-name }}\`." >> $GITHUB_STEP_SUMMARY

  # This step bumps the version in the codebase and creates a pull request for the next development iteration.
  bump-version:
    name: Bump Version
    needs: [ release-in-jira ]
    if: ${{ inputs.bump-version }}
    runs-on: ${{ inputs.runner-environment }}
    permissions:
      id-token: write
      contents: write
      pull-requests: write
    steps:
      # Convert the version returned by release-in-jira to the full "major.minor.patch" format
      # (it drops the patch if it is 0).
      - name: Normalize Version
        id: normalize
        if: ${{ inputs.bump-version-normalize }}
        shell: bash
        run: |
          INPUT="${{ needs.release-in-jira.outputs.new-version }}"
          if [[ $INPUT =~ ^[0-9]+\.[0-9]+$ ]]; then
            OUTPUT="${INPUT}.0"
          else
            OUTPUT="$INPUT"
          fi
          echo "version=${OUTPUT}" >> "$GITHUB_OUTPUT"

      - name: Bump version and create PR
        uses: SonarSource/release-github-actions/bump-version@v1
        with:
          version: ${{ steps.normalize.outputs.version || needs.release-in-jira.outputs.new-version }}
          pr-labels: ${{ inputs.bump-version-pr-lables }}
          excluded-modules: ${{ inputs.bump-version-exlusions }}
          base-branch: ${{ inputs.branch }}

  # This step creates integration tickets in various Jira projects based on the inputs provided.
  # It creates tickets for SLVS, SLVSCODE, SLE, SLI, SQC, and SQS as specified.
  # It outputs the integration ticket keys for SQC and SQS for further use.
  create-integration-tickets:
    name: Create Integration Tickets
    needs: [ prepare-release, publish-github-release, create-release-ticket ]
    if: ${{ inputs.create-slvs-ticket || inputs.create-slvscode-ticket || inputs.create-sle-ticket || inputs.create-sli-ticket || inputs.sqc-integration || inputs.sqs-integration }}
    permissions:
      statuses: read
      contents: read
      id-token: write
    outputs:
      sqc-ticket-key: ${{ steps.create-sqc-ticket.outputs.ticket-key }}
      sqc-ticket-url: ${{ steps.create-sqc-ticket.outputs.ticket-url }}
      sqs-ticket-key: ${{ steps.create-sqs-ticket.outputs.ticket-key }}
      sqs-ticket-url: ${{ steps.create-sqs-ticket.outputs.ticket-url }}
    runs-on: ${{ inputs.runner-environment }}
    steps:
      - name: Create SLVS Ticket
        if: ${{ inputs.create-slvs-ticket }}
        uses: SonarSource/release-github-actions/create-integration-ticket@v1
        with:
          plugin-name: ${{ inputs.plugin-name }}
          release-version: ${{ needs.prepare-release.outputs.release-version }}
          release-ticket-key: ${{ needs.create-release-ticket.outputs.release-ticket-key }}
          target-jira-project: "SLVS"
          ticket-description: ${{ inputs.sq-ide-short-description != '' && inputs.sq-ide-short-description || inputs.short-description }}
          jira-release-url: ${{ needs.prepare-release.outputs.jira-release-url }}

      - name: Create SLVSCODE Ticket
        if: ${{ inputs.create-slvscode-ticket }}
        uses: SonarSource/release-github-actions/create-integration-ticket@v1
        with:
          plugin-name: ${{ inputs.plugin-name }}
          release-version: ${{ needs.prepare-release.outputs.release-version }}
          release-ticket-key: ${{ needs.create-release-ticket.outputs.release-ticket-key }}
          target-jira-project: "SLVSCODE"
          ticket-description: ${{ inputs.sq-ide-short-description != '' && inputs.sq-ide-short-description || inputs.short-description }}
          jira-release-url: ${{ needs.prepare-release.outputs.jira-release-url }}

      - name: Create SLE Ticket
        if: ${{ inputs.create-sle-ticket }}
        uses: SonarSource/release-github-actions/create-integration-ticket@v1
        with:
          plugin-name: ${{ inputs.plugin-name }}
          release-version: ${{ needs.prepare-release.outputs.release-version }}
          release-ticket-key: ${{ needs.create-release-ticket.outputs.release-ticket-key }}
          target-jira-project: "SLE"
          ticket-description: ${{ inputs.sq-ide-short-description != '' && inputs.sq-ide-short-description || inputs.short-description }}
          jira-release-url: ${{ needs.prepare-release.outputs.jira-release-url }}

      - name: Create SLI Ticket
        if: ${{ inputs.create-sli-ticket }}
        uses: SonarSource/release-github-actions/create-integration-ticket@v1
        with:
          plugin-name: ${{ inputs.plugin-name }}
          release-version: ${{ needs.prepare-release.outputs.release-version }}
          release-ticket-key: ${{ needs.create-release-ticket.outputs.release-ticket-key }}
          target-jira-project: "SLI"
          ticket-description: ${{ inputs.sq-ide-short-description != '' && inputs.sq-ide-short-description || inputs.short-description }}
          jira-release-url: ${{ needs.prepare-release.outputs.jira-release-url }}

      - name: Create SQC Ticket
        if: ${{ inputs.sqc-integration }}
        id: create-sqc-ticket
        uses: SonarSource/release-github-actions/create-integration-ticket@v1
        with:
          plugin-name: ${{ inputs.plugin-name }}
          release-version: ${{ needs.prepare-release.outputs.release-version }}
          release-ticket-key: ${{ needs.create-release-ticket.outputs.release-ticket-key }}
          target-jira-project: "SC"
          ticket-description: ${{ inputs.short-description }}
          jira-release-url: ${{ needs.prepare-release.outputs.jira-release-url }}

      - name: Create SQS Ticket
        if: ${{ inputs.sqs-integration }}
        id: create-sqs-ticket
        uses: SonarSource/release-github-actions/create-integration-ticket@v1
        with:
          plugin-name: ${{ inputs.plugin-name }}
          release-version: ${{ needs.prepare-release.outputs.release-version }}
          release-ticket-key: ${{ needs.create-release-ticket.outputs.release-ticket-key }}
          target-jira-project: "SONAR"
          ticket-description: ${{ inputs.short-description }}
          jira-release-url: ${{ needs.prepare-release.outputs.jira-release-url }}

      - name: Summary
        if: ${{ inputs.verbose }}
        shell: bash
        env:
          PLUGIN_NAME: ${{ inputs.plugin-name }}
          CREATE_SLVS_TICKET: ${{ inputs.create-slvs-ticket == true && 'true' || 'false' }}
          CREATE_SLVSCODE_TICKET: ${{ inputs.create-slvscode-ticket == true && 'true' || 'false' }}
          CREATE_SLE_TICKET: ${{ inputs.create-sle-ticket == true && 'true' || 'false' }}
          CREATE_SLI_TICKET: ${{ inputs.create-sli-ticket == true && 'true' || 'false' }}
          SQC_INTEGRATION: ${{ inputs.sqc-integration == true && 'true' || 'false' }}
          SQS_INTEGRATION: ${{ inputs.sqs-integration == true && 'true' || 'false' }}
        run: |
          echo "## 🔗 Create Integration Tickets" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### What happened" >> $GITHUB_STEP_SUMMARY
          echo "- Based on flags, created integration tickets for selected projects." >> $GITHUB_STEP_SUMMARY
          echo "- Plugin: \`$PLUGIN_NAME\`, Release ticket: \`${{ needs.create-release-ticket.outputs.release-ticket-key }}\`." >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### Results" >> $GITHUB_STEP_SUMMARY
          if [ "$CREATE_SLVS_TICKET" = "true" ]; then echo "- SLVS ticket created." >> $GITHUB_STEP_SUMMARY; fi
          if [ "$CREATE_SLVSCODE_TICKET" = "true" ]; then echo "- SLVSCODE ticket created." >> $GITHUB_STEP_SUMMARY; fi
          if [ "$CREATE_SLE_TICKET" = "true" ]; then echo "- SLE ticket created." >> $GITHUB_STEP_SUMMARY; fi
          if [ "$CREATE_SLI_TICKET" = "true" ]; then echo "- SLI ticket created." >> $GITHUB_STEP_SUMMARY; fi
          if [ "$SQC_INTEGRATION" = "true" ]; then echo "- SQC ticket \`${{ steps.create-sqc-ticket.outputs.ticket-key }}\` — ${{ steps.create-sqc-ticket.outputs.ticket-url }}" >> $GITHUB_STEP_SUMMARY; fi
          if [ "$SQS_INTEGRATION" = "true" ]; then echo "- SQS ticket \`${{ steps.create-sqs-ticket.outputs.ticket-key }}\` — ${{ steps.create-sqs-ticket.outputs.ticket-url }}" >> $GITHUB_STEP_SUMMARY; fi

  # This step updates the analyzers in SQS and SQC by creating pull requests based on the integration tickets created in the previous step.
  # It outputs the pull request URLs for SQS and SQC for further use.
  update-analyzers:
    name: Update Analyzers in SQS and SQC
    runs-on: ${{ inputs.runner-environment }}
    needs: [ prepare-release, create-integration-tickets ]
    if: ${{ (inputs.sqs-integration || inputs.sqc-integration) }}
    permissions:
      id-token: write
    outputs:
      sqs-pull-request-url: ${{ steps.update-sqs.outputs.pull-request-url }}
      sqc-pull-request-url: ${{ steps.update-sqc.outputs.pull-request-url }}
    steps:
      - name: Update analyzer in SQS
        id: update-sqs
        if: ${{ inputs.sqs-integration }}
        uses: SonarSource/release-github-actions/update-analyzer@v1
        with:
          release-version: ${{ needs.prepare-release.outputs.release-version }}
          ticket-key: ${{ needs.create-integration-tickets.outputs.sqs-ticket-key }}
          plugin-name: ${{ inputs.plugin-name }}
          secret-name: ${{ inputs.release-automation-secret-name || format('sonar-{0}-release-automation', inputs.plugin-name) }}
          plugin-artifacts: ${{inputs.plugin-artifacts-sqs || inputs.plugin-name }}
          draft: ${{ inputs.is-draft-release }}
          reviewers: ${{ github.actor }}

      - name: Update analyzer in SQC
        id: update-sqc
        if: ${{ inputs.sqc-integration }}
        uses: SonarSource/release-github-actions/update-analyzer@v1
        with:
          release-version: ${{ needs.prepare-release.outputs.release-version }}
          ticket-key: ${{ needs.create-integration-tickets.outputs.sqc-ticket-key }}
          plugin-name: ${{ inputs.plugin-name }}
          secret-name: ${{ inputs.release-automation-secret-name || format('sonar-{0}-release-automation', inputs.plugin-name) }}
          plugin-artifacts: ${{inputs.plugin-artifacts-sqc || inputs.plugin-name }}
          draft: ${{ inputs.is-draft-release }}
          reviewers: ${{ github.actor }}

      - name: Summary
        if: ${{ inputs.verbose }}
        shell: bash
        env:
          PLUGIN_NAME: ${{ inputs.plugin-name }}
          PLUGIN_ARTIFACTS_SQS: ${{ inputs.plugin-artifacts-sqs }}
          PLUGIN_ARTIFACTS_SQC: ${{ inputs.plugin-artifacts-sqc }}
          IS_DRAFT_RELEASE: ${{ inputs.is-draft-release == true && 'true' || 'false' }}
          RELEASE_AUTOMATION_SECRET_NAME: ${{ inputs.release-automation-secret-name }}
          SQS_INTEGRATION: ${{ inputs.sqs-integration == true && 'true' || 'false' }}
          SQC_INTEGRATION: ${{ inputs.sqc-integration == true && 'true' || 'false' }}
        run: |
          echo "## 🔄 Update Analyzers" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### What happened" >> $GITHUB_STEP_SUMMARY
          echo "- Prepared analyzer updates and opened PRs where requested." >> $GITHUB_STEP_SUMMARY
          echo "- Artifacts SQS: \`$([ -n "$PLUGIN_ARTIFACTS_SQS" ] && echo "$PLUGIN_ARTIFACTS_SQS" || echo "$PLUGIN_NAME" )\`, Artifacts SQC: \`$([ -n "$PLUGIN_ARTIFACTS_SQC" ] && echo "$PLUGIN_ARTIFACTS_SQC" || echo "$PLUGIN_NAME" )\`." >> $GITHUB_STEP_SUMMARY
          echo "- Draft PRs: \`$IS_DRAFT_RELEASE\`, Secret present: \`$([ -n "$RELEASE_AUTOMATION_SECRET_NAME" ] && echo true || echo false)\`." >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### Results" >> $GITHUB_STEP_SUMMARY
          if [ "$SQS_INTEGRATION" = "true" ]; then echo "- SQS PR: ${{ steps.update-sqs.outputs.pull-request-url }}" >> $GITHUB_STEP_SUMMARY; fi
          if [ "$SQC_INTEGRATION" = "true" ]; then echo "- SQC PR: ${{ steps.update-sqc.outputs.pull-request-url }}" >> $GITHUB_STEP_SUMMARY; fi

  # This step summarizes the results of the entire release process.
  # It checks the outcomes of all previous steps and generates a summary indicating whether the release was
  # successful or failed, along with relevant links and information.
  summarize_release:
    name: Release Results
    runs-on: ${{ inputs.runner-environment }}
    if: always()
    needs: [ check-releasability, prepare-release, publish-github-release, create-release-ticket, release-in-jira, create-integration-tickets, update-analyzers ]
    env:
        RELEASE_PROCESS: ${{ inputs.release-process != '' && inputs.release-process || 'https://xtranet-sonarsource.atlassian.net/wiki/spaces/CSD/pages/4325048388/Release+Instructions+-+Cloud+Security' }}
    steps:
      - name: Post Summary to Workflow
        shell: bash
        env:
          RELEASE_VERSION: ${{ needs.prepare-release.outputs.release-version }}
          NEW_VERSION: ${{ needs.release-in-jira.outputs.new-version || 'not created' }}
          JIRA_RELEASE_URL: ${{ needs.prepare-release.outputs.jira-release-url || 'not resolved' }}
          RELEASE_TICKET_URL: ${{ needs.create-release-ticket.outputs.release-ticket-url || 'not created' }}
          GITHUB_RELEASE_URL: ${{ needs.publish-github-release.outputs.github-release-url || 'not created' }}
          SQS_TICKET_URL: ${{ needs.create-integration-tickets.outputs.sqs-ticket-url || 'not created' }}
          SQC_TICKET_URL: ${{ needs.create-integration-tickets.outputs.sqc-ticket-url || 'not created' }}
          SQS_PR_URL: ${{ needs.update-analyzers.outputs.sqs-pull-request-url || 'not created' }}
          SQC_PR_URL: ${{ needs.update-analyzers.outputs.sqc-pull-request-url || 'not created' }}
        run: |
          ALL_SUCCESS=$(echo '${{ toJson(needs) }}' | jq -r 'to_entries | all(.value.result == "success" or .value.result == "skipped")')
          
          if [[ "$ALL_SUCCESS" == "true" ]]; then
            echo "# 🎉 Release Successful" >> $GITHUB_STEP_SUMMARY
            echo "The automated release completed without errors. Below is a consolidated overview of the run." >> $GITHUB_STEP_SUMMARY
          else
            echo "# ❌ Release Failed" >> $GITHUB_STEP_SUMMARY
            echo "One or more jobs failed. Review the job logs and links below." >> $GITHUB_STEP_SUMMARY
          fi
          echo "" >> $GITHUB_STEP_SUMMARY

          cat <<EOF >> $GITHUB_STEP_SUMMARY
          - Released Version: \`$RELEASE_VERSION\`
          - New Version: \`$NEW_VERSION\`
          - Jira Release: $JIRA_RELEASE_URL
          - Release Ticket: $RELEASE_TICKET_URL
          - GitHub Release: $GITHUB_RELEASE_URL
          - SQS Integration Ticket: $SQS_TICKET_URL
          - SQC Integration Ticket: $SQC_TICKET_URL
          - SQS Analyzer PR: $SQS_PR_URL
          - SQC Analyzer PR: $SQC_PR_URL
          EOF

          echo "## Guidance" >> $GITHUB_STEP_SUMMARY
          if [[ "$ALL_SUCCESS" == "true" ]]; then
            echo "- Review and merge the bump version, SQS and SQC PRs." >> $GITHUB_STEP_SUMMARY
            echo "- Update integration ticket statuses (ensure SQS ticket fix versions are set)." >> $GITHUB_STEP_SUMMARY
          else
            echo "- Check failed jobs for error messages and re-run as needed." >> $GITHUB_STEP_SUMMARY
          fi
          echo "- Reference: $RELEASE_PROCESS" >> $GITHUB_STEP_SUMMARY