DAT-13175 Full automation of OSS extension release #134
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 9 commits
November 16, 2023 08:42
…sion prefix for better readability feat(extension-attach-artifact-release.yml): set draft release title to include the artifact id and version for better clarity and organization
…se the version number from Maven
The release title was previously set to "Support for Liquibase ${{ github.event.repository.name }} Extension v${{ env.artifact_id }}". This commit updates the release title to use the version number obtained from Maven. The version number is retrieved using the command "mvn help:evaluate -Dexpression=project.version -q -DforceStdout". The new release title format is "v$version", where $version is the version number obtained from Maven.
This commit adds a new workflow file `os-extension-automated-release.yml` that automates the release process for OS extensions. The workflow is triggered by a workflow call and requires two inputs: `version` (the version to release) and `repositories` (a comma-separated list of repositories). The workflow consists of several jobs: 1. `check-security-vulnerabilities`: This job checks for open Dependabot security alerts in the specified repositories. It loops through each repository, checks for open alerts, and sets a flag if any security vulnerabilities are found. If security vulnerabilities are found, the job prints an error message and exits with an error code. 2. `run-liquibase-dependabot`: This job installs the Dependabot CLI and runs Dependabot to check for and update dependencies in the Liquibase/Liquibase repository. 3. `release-draft-releases`: This job checks for draft releases in the specified repositories. If draft releases are found, it checks if they contain the specified version to release. If the version is found, it publishes the draft release as the latest release. 4. `create-and-close-nexus-stagging`: This job pauses the workflow for 60 seconds to allow time for Sonatype Nexus staging repositories to be ready. It then uses the Sonatype Nexus API to retrieve information about staging repositories and extracts the IDs of repositories containing the string "liquibase." For each repository, it checks if it is an extension by examining its relative path. If an extension is detected, the repository is closed using the Sonatype Nexus API. The purpose of this workflow is to automate the release process for OS extensions, including checking for security vulnerabilities, updating dependencies, publishing draft releases, and closing Nexus staging repositories for extensions. Note: The release step in the `create-and-close-nexus-stagging` job is currently commented out for safety.
…ositories input parameter to clarify its purpose
…blished_drafts.txt and closed_nexus_repos.txt files to preserve release information feat(os-extension-automated-release.yml): add logic to store the name and version of published drafts in published_drafts.txt file feat(os-extension-automated-release.yml): add logic to store the name and path of closed Nexus repositories in closed_nexus_repos.txt file
…l command to reduce output noise
…ilent mode (-s) to reduce output noise feat(os-extension-automated-release.yml): retrieve relative path of closed repository and store it in a file for reference
…to run on multiple repositories fix(.DS_Store): delete .DS_Store file
…ely reflect the repositories being targeted by dependabot
feat(os-extension-automated-release.yml): add update-pom job to update pom.xml with specified version
…positories input to be a JSON array instead of a comma separated string to improve readability and maintainability
…fix variable references feat(os-extension-automated-release.yml): add support for matrix strategy to run jobs for multiple repositories refactor(os-extension-automated-release.yml): simplify code by removing unnecessary loop and fix variable references refactor(os-extension-automated-release.yml): improve code readability by removing unnecessary loop and fix variable references fix(os-extension-automated-release.yml): fix typo in comment fix(os-extension-automated-release.yml): fix typo in comment and remove unnecessary loop fix(os-extension-automated-release.yml): fix typo in comment and simplify code by removing unnecessary loop fix(os-extension-automated-release.yml): fix typo in comment and improve code readability by removing unnecessary loop fix(os-extension-automated-release.yml): fix typo in comment and improve code readability by removing unnecessary loop and fix variable references fix(os-extension-automated-release.yml): fix typo in comment and improve code readability by removing unnecessary loop, fix variable references, and remove unnecessary steps
… Security Vulnerabilities" to "Security" for clarity fix(os-extension-automated-release.yml): rename step name from "Dependabot" to "Update pom.xml" for clarity fix(os-extension-automated-release.yml): rename step name from "Release Draft" to "Nexus" for clarity
…d checkout repository to improve workflow reliability chore(os-extension-automated-release.yml): remove redundant git config commands from Update pom.xml step
… clone repository chore(os-extension-automated-release.yml): remove unused git clone command to improve workflow efficiency
…and to improve script efficiency
…ecified version using sed command fix(os-extension-automated-release.yml): set GH_TOKEN environment variable to the value of BOT_TOKEN secret for updating pom.xml
… to fix authentication issue fix(workflows): set up Git user email and name to use "liquibot" for automated releases
…nnecessary empty line fix(os-extension-automated-release.yml): fix token variable indentation and remove unnecessary whitespace fix(os-extension-automated-release.yml): set remote URL with token for authentication
…e checking for artifacts in draft releases to allow time for the release to be published
…ition for running the job
…nd project version to ${{ inputs.version }} to reflect changes in the project
… seconds to allow more time for artifact to be published in draft releases feat(os-extension-automated-release.yml): add maven settings for liquibase and liquibase-pro repositories to enable fetching dependencies from them
… seconds to 120 seconds for checking artifact in draft releases to improve workflow efficiency
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://datical.atlassian.net/browse/DAT-13175