pingtimeout commented on code in PR #2383: URL: https://github.com/apache/polaris/pull/2383#discussion_r2379793478
########## .github/workflows/release-4-publish-release.yml: ########## @@ -0,0 +1,340 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: Release - 4 - Publish Release After Vote Success + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run mode (check to enable, uncheck to perform actual operations)' + required: false + type: boolean + default: true + +jobs: + publish-release: + name: Release - 4 - Publish Release After Vote Success + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + # Fetch full history for proper branch operations + fetch-depth: 0 + # Use a token with write permissions + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Configure Git + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + + - name: Set up environment variables + run: | + echo "RELEASEY_DIR=$(pwd)/releasey" >> $GITHUB_ENV + echo "LIBS_DIR=$(pwd)/releasey/libs" >> $GITHUB_ENV + + echo "## Mode" >> $GITHUB_STEP_SUMMARY + if [[ "${{ github.event.inputs.dry_run }}" == "true" ]]; then + echo "DRY_RUN=1" >> $GITHUB_ENV + echo "‼️ DRY_RUN mode enabled - No actual changes will be made" >> $GITHUB_STEP_SUMMARY + else + echo "DRY_RUN=0" >> $GITHUB_ENV + echo "DRY_RUN mode disabled - Performing actual operations" >> $GITHUB_STEP_SUMMARY + fi + + - name: Auto-determine release parameters from branch and Git state + run: | + source "${LIBS_DIR}/_version.sh" + + # Get the current branch name + current_branch=$(git branch --show-current) + + echo "## Parameters" >> $GITHUB_STEP_SUMMARY + + # Validate that we're on a release branch + if [[ ! "${current_branch}" =~ ^release/(.+)$ ]]; then + echo "❌ This workflow must be run from a release branch (release/major.minor.x). Current branch: \`${current_branch}\`." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Extract version from release branch name + branch_version="${BASH_REMATCH[1]}" + + # Validate branch version format and extract components + if ! validate_and_extract_branch_version "${branch_version}"; then + echo "❌ Invalid release branch version format: \`${branch_version}\`. Expected format: major.minor.x." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Find the next patch number for this major.minor version by looking at existing tags + find_next_patch_number "${major}" "${minor}" + next_patch=$((patch)) + latest_patch=$((next_patch - 1)) + + if [[ ${next_patch} -eq 0 ]]; then + echo "❌ No existing tags found for version \`${major}.${minor}.0\`. Expected at least one RC to be created before publishing a release." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Build the version string for the latest existing patch + version_without_rc="${major}.${minor}.${latest_patch}-incubating" + + # Find the latest RC tag for this version + find_next_rc_number "${version_without_rc}" + latest_rc=$((rc_number - 1)) + + if [[ ${latest_rc} -lt 0 ]]; then + echo "❌ No RC tags found for version \`${version_without_rc}\`. Expected at least one RC to be created before publishing a release." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + rc_tag="apache-polaris-${version_without_rc}-rc${latest_rc}" + + # Verify the RC tag exists + if ! git rev-parse "${rc_tag}" >/dev/null 2>&1; then + echo "❌ RC tag \`${rc_tag}\` does not exist in repository." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Create final release tag name + final_release_tag="apache-polaris-${version_without_rc}" + + # Check if final release tag already exists + if git rev-parse "${final_release_tag}" >/dev/null 2>&1; then + echo "❌ Final release tag \`${final_release_tag}\` already exists. This release may have already been published." >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + # Export variables for next steps + echo "version_without_rc=${version_without_rc}" >> $GITHUB_ENV + echo "rc_tag=${rc_tag}" >> $GITHUB_ENV + echo "final_release_tag=${final_release_tag}" >> $GITHUB_ENV + echo "release_branch=${current_branch}" >> $GITHUB_ENV + + cat <<EOT >> $GITHUB_STEP_SUMMARY + | Parameter | Value | + | --- | --- | + | Version | \`${version_without_rc}\` | + | RC tag to promote | \`${rc_tag}\` | + | Final release tag | \`${final_release_tag}\` | + | Release branch | \`${current_branch}\` | + EOT + + - name: Copy distribution from SVN dev to release space + env: + SVN_USERNAME: ${{ secrets.APACHE_USERNAME }} + SVN_PASSWORD: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_constants.sh" + source "${LIBS_DIR}/_exec.sh" + + # Define source and destination URLs + dev_artifacts_url="${APACHE_DIST_URL}/dev/incubator/polaris/${version_without_rc}" + release_artifacts_url="${APACHE_DIST_URL}/release/incubator/polaris/${version_without_rc}" + + dev_helm_url="${APACHE_DIST_URL}/dev/incubator/polaris/helm-chart/${version_without_rc}" + release_helm_url="${APACHE_DIST_URL}/release/incubator/polaris/helm-chart/${version_without_rc}" + + exec_process svn mv --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive \ + "${dev_artifacts_url}" "${release_artifacts_url}" \ + -m "Release Apache Polaris ${version_without_rc}" + + exec_process svn mv --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive \ + "${dev_helm_url}" "${release_helm_url}" \ + -m "Release Apache Polaris Helm chart ${version_without_rc}" + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Distribution + Artifacts and Helm chart moved from dist dev to dist release + EOT + + - name: Set up Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4 + with: + version: 'latest' + + - name: Update Helm index in release space + env: + SVN_USERNAME: ${{ secrets.APACHE_USERNAME }} + SVN_PASSWORD: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_constants.sh" + source "${LIBS_DIR}/_exec.sh" + + # Checkout the release Helm chart directory + release_helm_dir="${RELEASEY_DIR}/polaris-dist-release-helm-chart" + release_helm_url="${APACHE_DIST_URL}/release/incubator/polaris/helm-chart" + + exec_process svn checkout --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive "${release_helm_url}" "${release_helm_dir}" + + exec_process cd "${release_helm_dir}" + exec_process helm repo index . + exec_process svn add index.yaml + exec_process svn commit --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive -m "Update Helm index for ${version_without_rc} release" + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Helm Index + Helm index updated in dist release + EOT + + - name: Create final release tag and push to Git repository + run: | + source "${LIBS_DIR}/_exec.sh" + + # Get the commit SHA that the RC tag points to + rc_commit=$(git rev-parse "${rc_tag}") + echo "rc_commit=${rc_commit}" >> $GITHUB_ENV + + exec_process git tag -a "${final_release_tag}" "${rc_commit}" -m "Apache Polaris ${version_without_rc} Release" + exec_process git push apache "${final_release_tag}" + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Git Release Tag + Final release tag \`${final_release_tag}\` created and pushed + EOT + + + + - name: Set up Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Log in to Docker Hub + if: env.DRY_RUN == '0' + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Publish Polaris Server Docker image to Docker Hub + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew :polaris-server:assemble :polaris-server:quarkusAppPartsBuild --rerun \ + -Dquarkus.container-image.build=true \ + -Dquarkus.container-image.push=true \ + -Dquarkus.docker.buildx.platform="linux/amd64,linux/arm64" \ + -Dquarkus.container-image.tag="${final_release_tag}" + + - name: Publish Polaris Admin Tool Docker image to Docker Hub + run: | + source "${LIBS_DIR}/_exec.sh" + + exec_process ./gradlew :polaris-admin:assemble :polaris-admin:quarkusAppPartsBuild --rerun \ + -Dquarkus.container-image.build=true \ + -Dquarkus.container-image.push=true \ + -Dquarkus.docker.buildx.platform="linux/amd64,linux/arm64" \ + -Dquarkus.container-image.tag="${final_release_tag}" + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## Docker Images + ✅ Polaris Server and Admin Tool Docker images published to Docker Hub + EOT + + - name: Create GitHub release with artifacts + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SVN_USERNAME: ${{ secrets.APACHE_USERNAME }} + SVN_PASSWORD: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_constants.sh" + source "${LIBS_DIR}/_exec.sh" + + # Create a temporary directory for downloading artifacts + artifacts_dir="${RELEASEY_DIR}/release-artifacts" + exec_process mkdir -p "${artifacts_dir}" + + # Download artifacts from Apache dist release space + release_artifacts_url="${APACHE_DIST_URL}/release/incubator/polaris/${version_without_rc}" + release_helm_url="${APACHE_DIST_URL}/release/incubator/polaris/helm-chart/${version_without_rc}" + + # Download main artifacts + exec_process svn export --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive \ + "${release_artifacts_url}" "${artifacts_dir}/artifacts" + + # Download Helm chart artifacts + exec_process svn export --username "$SVN_USERNAME" --password "$SVN_PASSWORD" --non-interactive \ + "${release_helm_url}" "${artifacts_dir}/helm" + + # Create GitHub release + release_title="Release ${version_without_rc}" + release_notes="Apache Polaris ${version_without_rc} Release + + ## Release Artifacts + This release includes: + - Source and binary distributions + - Helm chart package + - Docker images published to Docker Hub + - Maven artifacts published to Maven Central + + ## Verification + All artifacts have been signed with GPG and include SHA-512 checksums for verification. + + ## Docker Images + - \`apache/polaris:${final_release_tag}\` - Polaris Server + - \`apache/polaris-admin:${final_release_tag}\` - Polaris Admin Tool" + + # Create the release + exec_process gh release create "${final_release_tag}" \ + --title "${release_title}" \ + --notes "${release_notes}" \ + --target "${rc_commit}" + + # Attach all artifacts from the artifacts directory + find "${artifacts_dir}" -type f -name "*.tar.gz" -o -name "*.tgz" -o -name "*.asc" -o -name "*.sha512" -o -name "*.prov" | while read -r file; do + exec_process gh release upload "${final_release_tag}" "${file}" + done + + cat <<EOT >> $GITHUB_STEP_SUMMARY + ## GitHub Release + GitHub release created: \`${final_release_tag}\` + EOT + + - name: Release candidate repository on Nexus + env: + ORG_GRADLE_PROJECT_apacheUsername: ${{ secrets.APACHE_USERNAME }} + ORG_GRADLE_PROJECT_apachePassword: ${{ secrets.APACHE_PASSWORD }} + run: | + source "${LIBS_DIR}/_exec.sh" + + # Use the Gradle task to release the Apache staging repository + exec_process ./gradlew releaseApacheStagingRepository Review Comment: Done. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
