release-step-3 #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: release-step-3 | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: 'Branch or tag ref to run the workflow on' | |
| required: true | |
| default: "main" | |
| version: | |
| description: 'The version to release (e.g. 1.2.3). This workflow will automatically perform the required version bumps' | |
| required: true | |
| dry_run: | |
| description: If set, run a dry-run release | |
| default: false | |
| type: boolean | |
| skip_maven_deploy: | |
| description: | | |
| If enabled, the deployment to maven central will be skipped. | |
| Select this if the deployment job for this release failed in a previous version but the release was actually published. | |
| Check manually on maven central beforehand! | |
| type: boolean | |
| required: true | |
| default: false | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| env: | |
| RELEASE_VERSION: ${{ inputs.version }} | |
| RELEASE_VERSION_TAG: v${{ inputs.version }} | |
| jobs: | |
| validate-tag: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.ref }} | |
| fetch-depth: 0 | |
| - name: Validate tag does not exist on current commit | |
| uses: ./.github/workflows/validate-tag | |
| with: | |
| tag: ${{ env.RELEASE_VERSION_TAG }} | |
| - name: Validate tag match current version | |
| run: | | |
| if [ "$(mvn -q help:evaluate -Dexpression=project.version -DforceStdout)" != "${{ env.RELEASE_VERSION }}" ]; then | |
| echo "Tag should match pom.xml project.version" | |
| exit 1 | |
| fi | |
| - name: Validate version is a release version | |
| run: | | |
| if [[ "$(./mvnw -q help:evaluate -Dexpression=project.version -DforceStdout)" =~ "-SNAPSHOT" ]]; then | |
| echo "This is a snapshot version" | |
| exit 1 | |
| fi | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| if: ${{ ! inputs.skip_maven_deploy }} | |
| needs: | |
| - validate-tag | |
| permissions: | |
| attestations: write | |
| contents: write | |
| id-token: write | |
| env: | |
| TARBALL_FILE: artifacts.tar | |
| steps: | |
| - id: buildkite-run | |
| name: Run Release | |
| uses: elastic/oblt-actions/buildkite/run@v1 | |
| with: | |
| pipeline: ecs-logging-java-release | |
| token: ${{ secrets.BUILDKITE_TOKEN }} | |
| wait-for: true | |
| env-vars: | | |
| ref=${{ inputs.ref }} | |
| dry_run=${{ inputs.dry_run || 'false' }} | |
| TARBALL_FILE=${{ env.TARBALL_FILE }} | |
| - uses: elastic/oblt-actions/buildkite/download-artifact@v1 | |
| with: | |
| build-number: ${{ steps.buildkite-run.outputs.number }} | |
| path: ${{ env.TARBALL_FILE }} | |
| pipeline: ${{ steps.buildkite-run.outputs.pipeline }} | |
| token: ${{ secrets.BUILDKITE_TOKEN }} | |
| - name: untar the buildkite tarball | |
| run: tar xvf ${{ env.TARBALL_FILE }} | |
| - name: generate build provenance | |
| uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3 | |
| with: | |
| subject-path: "${{ github.workspace }}/**/target/*.jar" | |
| - if: ${{ success() }} | |
| uses: elastic/oblt-actions/slack/send@v1 | |
| with: | |
| bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
| channel-id: "#apm-agent-java" | |
| message: | | |
| :runner: [${{ github.repository }}] Release *${{ github.ref_name }}* has been triggered in Buildkite: (<${{ steps.buildkite-run.outputs.build }}|build>) | |
| - if: ${{ failure() }} | |
| uses: elastic/oblt-actions/slack/send@v1 | |
| with: | |
| bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
| channel-id: "#apm-agent-java" | |
| message: | | |
| :ghost: [${{ github.repository }}] Release *${{ github.ref_name }}* didn't get triggered in Buildkite. | |
| Build: (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>) | |
| await-maven-central-artifact: | |
| runs-on: ubuntu-latest | |
| name: Wait for release to be available on maven-central | |
| needs: | |
| - validate-tag | |
| steps: | |
| - uses: elastic/oblt-actions/maven/await-artifact@v1 | |
| with: | |
| group-id: 'co.elastic.logging' | |
| artifact-id: 'ecs-logging-core' | |
| version: ${{ inputs.version }} | |
| create-github-release: | |
| name: "Create GitHub Release" | |
| needs: | |
| - await-maven-central-artifact | |
| runs-on: ubuntu-latest | |
| if: inputs.dry_run == false | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.ref }} | |
| - name: Create GitHub Release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh release create ${{ env.RELEASE_VERSION_TAG }} \ | |
| --title="Release ${{ env.RELEASE_VERSION }}" \ | |
| --generate-notes | |
| post-release: | |
| name: "Bump versions and create PR" | |
| needs: | |
| - await-maven-central-artifact | |
| uses: ./.github/workflows/pre-post-release.yml | |
| permissions: | |
| contents: write | |
| if: inputs.dry_run == false | |
| with: | |
| ref: ${{ inputs.ref }} | |
| version: ${{ inputs.version }} | |
| phase: 'post' | |
| pr_title: "[release] release-step-4 ${{ inputs.version }}" | |
| pr_body: "Step 4 of the release process for version ${{ inputs.version }}: review & merge" | |
| secrets: inherit |