Add automated release job to GitHub Actions workflow (#6401) [ci skip]

Signed-off-by: Paolo Di Tommaso <[email protected]>
Co-authored-by: Claude <[email protected]>
Co-authored-by: Ben Sherman <[email protected]>

Author: 3 people

.github/workflows/build.yml

@@ -229,3 +229,69 @@ jobs:
             env:
                 GITHUB_TOKEN: ${{ secrets.AUTOMATION_GITHUB_TOKEN }}
                 GRADLE_OPTS: '-Dorg.gradle.daemon=false'
+
+  release:
+    if: ${{ contains(needs.build.outputs.commit_message, '[release]') }}
+    needs: [build, test]
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      actions: write
+      contents: write
+      packages: write
+      pull-requests: write
+      issues: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: true
+          ref: ${{ github.head_ref || github.ref_name }}
+
+      - name: Setup Java 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: 17
+          distribution: 'temurin'
+          architecture: x64
+          cache: gradle
+
+      - name: Configure Git
+        run: |
+          git config --global user.name "${{ github.event.pusher.name || github.actor }}"
+          git config --global user.email "${{ github.event.pusher.email || format('{0}@users.noreply.github.com', github.actor) }}"
+
+      - name: Docker Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Docker Login to Seqera public CR
+        uses: docker/login-action@v3
+        with:
+          registry: "public.cr.seqera.io"
+          username: ${{ vars.SEQERA_PUBLIC_CR_USERNAME }}
+          password: ${{ secrets.SEQERA_PUBLIC_CR_PASSWORD }}
+
+      - name: Run release
+        run: |
+          echo "Starting release process..."
+          echo "npr.apiUrl=$NPR_API_URL" >> gradle.properties
+          echo "npr.apiKey=$NPR_API_KEY" >> gradle.properties
+          bash release.sh
+        env:
+          GRADLE_OPTS: '-Dorg.gradle.daemon=false'
+          AWS_JAVA_V1_DISABLE_DEPRECATION_ANNOUNCEMENT: 'true'
+          # credentials to pubslish nextflow assets
+          NXF_AWS_ACCESS: ${{ vars.NXF_AWS_ACCESS }}
+          NXF_AWS_SECRET: ${{ secrets.NXF_AWS_SECRET }}
+          # credentials to publish maven libraries
+          AWS_ACCESS_KEY_ID: ${{ vars.SEQERA_MAVEN_ACCESS_KEY }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.SEQERA_MAVEN_SECRET_KEY }}
+          # plugin registry
+          NPR_API_URL: ${{ vars.NPR_API_URL }}
+          NPR_API_KEY: ${{ secrets.NPR_API_KEY }}
+          # GitHub secrets
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

CLAUDE.md

@@ -89,6 +89,12 @@ The project follows a modular architecture with a plugin-based system for cloud
 ### Git conventions
 
 - Commit should be signed by adding a `Signed-off-by` line to the commit message as shown below, or by using the `-s` option (see CONTRIBUTING.md for details)
+- Special commit message tags:
+  - `[ci skip]` - Skip the execution of CI tests
+  - `[ci fast]` - Run only unit tests and skip integration tests
+  - `[e2e stage]` - Run end-to-end tests vs Seqera platform stage environment
+  - `[e2e prod]` - Same but against production platform
+  - `[release]` - Trigger release process
 
 ## Important Files
 - `VERSION`: Define the current version number
@@ -97,3 +103,29 @@ The project follows a modular architecture with a plugin-based system for cloud
 - `build.gradle`: Root build configuration with multi-module setup
 - `settings.gradle`: Gradle project structure definition
 - `plugins/*/VERSION`: Define the version of the corresponding plugin sub-project.
+
+## Release process
+
+Follow these actions to make a new release:
+
+- Update the `changelog.txt` file in each plugin sub-project (if any change has been done).
+- Update the `VERSION` file in in each plugin sub-project.
+  Use a semantic version number depending the impact of the change, or do not change
+  if no changes have been done to the plugin.
+- Update `nextflowVersion` attribute in the `build.gradle` file for plugins requiring specific
+  Nextflow versions.
+- Commit the version and changelog files changes independently for each plugin. Use as commit
+  message the template `Bump plugin-name@version` e.g. `Bump [email protected].
+- Update `VERSION` file in the project root using a calendar-like versioning scheme. Versions in the 4-th and 10-th month are "stable releases", e.g. `25.10.0`, while versions in all other months are "edge releases", e.g. `25.09.0-edge`.
+- Update the project root `changelog.txt` with changes since the past release. Use the git log
+  command to determine what changed e.g. `git log v<PREVIOUS VERSION>..`
+- Run `make releaseInfo` to update the version number and generate checksums.
+- Run this command to stage for commit the release files:
+    ```
+    git add VERSION changelog.txt nextflow nextflow.md5 nextflow.sha1 nextflow.sha256
+    ```
+- Make a commit using the `[release]` tag in the comment and push it upstream to trigger the release automation with GitHub action:
+    ```
+    git commit -m "[release] Nextflow version 25.09.0-edge"
+    git push origin master
+    ```

Makefile

@@ -34,6 +34,9 @@ compile:
 assemble:
 	./gradlew buildInfo compile assemble
 
+releaseInfo:
+	./gradlew releaseInfo
+
 check:
 	./gradlew check
 

build.gradle

@@ -208,9 +208,24 @@ task buildInfo { doLast {
     commitId=${project.property('commitId')}
     """.stripIndent()
 
+
+    // -- create plugins-info file
+    def plugins = []
+    new File(rootProject.rootDir, 'plugins')
+            .eachDir { if(it.name.startsWith('nf-')) plugins << project(":plugins:${it.name}") }
+
+    def meta = plugins .collect { "$it.name@$it.version" }
+    file('modules/nextflow/src/main/resources/META-INF/plugins-info.txt').text = meta.toSorted().join('\n')
+}}
+
+/*
+ * Update release information in nextflow wrapper and dockerfile
+ */
+task releaseInfo { doLast {
+    
     // -- update 'nextflow' wrapper
-    file0 = file('nextflow')
-    src = file0.text
+    def file0 = file('nextflow')
+    def src = file0.text
     src = src.replaceAll(/NXF_VER\=\$\{NXF_VER:-'.*'\}/, 'NXF_VER=\\${NXF_VER:-\'' + version + '\'}')
     file0.text = src
 
@@ -219,14 +234,6 @@ task buildInfo { doLast {
     src = file0.text
     src = src.replaceAll(/releases\/v[0-9a-zA-Z_\-\.]+\//, "releases/v$version/" as String)
     file0.text = src
-
-    // -- create plugins-info file
-    def plugins = []
-    new File(rootProject.rootDir, 'plugins')
-            .eachDir { if(it.name.startsWith('nf-')) plugins << project(":plugins:${it.name}") }
-
-    def meta = plugins .collect { "$it.name@$it.version" }
-    file('modules/nextflow/src/main/resources/META-INF/plugins-info.txt').text = meta.toSorted().join('\n')
 }}
 
 
@@ -411,10 +418,12 @@ task makeDigest { doLast {
     file('nextflow.md5').text = bytesToHex(digest) + '\n'
 }}
 
+// Make releaseInfo task automatically run makeDigest after updating versions
+releaseInfo.finalizedBy makeDigest
+
 
 task upload {
     dependsOn compile
-    dependsOn makeDigest
     dependsOn coreProjects.publish
 }
 

release.sh

@@ -0,0 +1,87 @@
+#!/bin/bash
+#
+# Nextflow Release Script
+#
+# This script performs the complete Nextflow release process including:
+# - Building and assembling artifacts
+# - Uploading to S3 and Maven repositories 
+# - Releasing plugins to registry
+# - Creating GitHub releases with signed artifacts
+#
+# REQUIRED SECRETS/ENVIRONMENT VARIABLES FOR GITHUB ACTIONS:
+#
+# AWS S3 Deployment:
+#   NXF_AWS_ACCESS       - AWS Access Key for deploying to s3://www2.nextflow.io
+#   NXF_AWS_SECRET       - AWS Secret Key for S3 deployment
+#
+# Maven Repository (Seqera S3-based):
+#   AWS_ACCESS_KEY_ID    - AWS credentials for Maven repository access
+#   AWS_SECRET_ACCESS_KEY - AWS secret for Maven repository access
+#
+# GitHub Integration:
+#   GITHUB_TOKEN         - For creating releases and uploading assets
+#
+# Plugin Registry:
+#   NPR_API_URL          - Nextflow Plugin Registry API URL
+#   NPR_API_KEY          - Nextflow Plugin Registry API key
+#
+# Container Registry Authentication:
+#   DOCKERHUB_USERNAME   - Docker Hub username for container publishing
+#   DOCKERHUB_TOKEN      - Docker Hub token/password for container publishing
+#   SEQERA_PUBLIC_CR_PASSWORD - Seqera public container registry password
+#
+# Usage: Only run when commit message contains '[release]'
+#
+set -e
+
+echo "=== Starting Nextflow Release Process ==="
+echo "Commit message: ${GITHUB_HEAD_COMMIT_MESSAGE:-$(git log -1 --pretty=format:'%s')}"
+
+# Check required environment variables
+echo "=== Checking required environment variables ==="
+REQUIRED_VARS=(
+    "NXF_AWS_ACCESS"
+    "NXF_AWS_SECRET"
+    "AWS_ACCESS_KEY_ID"
+    "AWS_SECRET_ACCESS_KEY"
+    "GITHUB_TOKEN"
+    "NPR_API_URL"
+    "NPR_API_KEY"
+)
+
+MISSING_VARS=()
+for var in "${REQUIRED_VARS[@]}"; do
+    if [ -z "${!var}" ]; then
+        MISSING_VARS+=("$var")
+    else
+        echo "✓ $var is set"
+    fi
+done
+
+if [ ${#MISSING_VARS[@]} -ne 0 ]; then
+    echo "❌ ERROR: The following required environment variables are not set:"
+    for var in "${MISSING_VARS[@]}"; do
+        echo "  - $var"
+    done
+    echo "Please ensure all required environment variables are configured before running the release."
+    exit 1
+fi
+
+echo "✅ All required environment variables are set"
+
+echo "🔧 === Step 1: Assemble, upload, and deploy ==="
+make assemble upload deploy
+echo "✅ Step 1 completed successfully"
+echo ""
+
+echo "🔌 === Step 2: Release plugins ==="
+make release-plugins
+echo "✅ Step 2 completed successfully"
+echo ""
+
+echo "🚀 === Step 3: Final release ==="
+make release
+echo "✅ Step 3 completed successfully"
+echo ""
+
+echo "🎉 === Release process completed successfully ==="