From 15930ad3f1466091e4a8e76e61fe169436b200cf Mon Sep 17 00:00:00 2001
From: Di Wu <github@wudi.me>
Date: Fri, 27 Sep 2024 14:06:24 -0700
Subject: [PATCH 1/4] ci: add release workflow (#13)

---
 .../build-on-minimum-supported-platform.yaml  |   7 +-
 .github/workflows/release.yaml                | 108 ++++++++++++++++++
 .github/workflows/unit-test.yaml              |   7 +-
 3 files changed, 120 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/release.yaml

diff --git a/.github/workflows/build-on-minimum-supported-platform.yaml b/.github/workflows/build-on-minimum-supported-platform.yaml
index f8fcfb0..6b5e4d8 100644
--- a/.github/workflows/build-on-minimum-supported-platform.yaml
+++ b/.github/workflows/build-on-minimum-supported-platform.yaml
@@ -2,6 +2,11 @@ name: Build on minimum supported platforms
 
 on:
   workflow_dispatch:
+  workflow_call:
+    inputs:
+      identifier:
+        required: true
+        type: string
   pull_request:
     branches:
       - main
@@ -9,7 +14,7 @@ on:
 permissions: {}
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  group: ${{ inputs.identifier || github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 
 jobs:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 0000000..3f190b2
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,108 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - release
+
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  extract-release-version:
+    name: Extract release version
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.extract-release-version.outputs.result }}
+    steps:
+      - name: Extract release version
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        id: extract-release-version
+        with:
+          result-encoding: string
+          script: |
+            const matches = `${{ github.event.head_commit.message }}`.match(/[0-9]+\.[0-9]+\.[0-9]+/) ?? []
+            return matches.length > 0 ? matches[0] : ""
+
+  validate-version-format:
+    name: Validate Version Format
+    needs:
+      - extract-release-version
+    if: ${{ needs.extract-release-version.outputs.version != '' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validated
+        run: echo "Releasing new version ${{ needs.extract-release-version.outputs.version }}"
+
+  unit-test:
+    name: Unit Tests
+    needs:
+      - validate-version-format
+    uses: ./.github/workflows/unit-test.yaml
+    with:
+      identifier: workflow-call-unit-test
+
+  build-on-minimum-supported-platforms:
+    name: Build on minimum supported platforms
+    needs:
+      - validate-version-format
+    uses: ./.github/workflows/build-on-minimum-supported-platform.yaml
+    with:
+      identifier: workflow-call-build-on-minimum-platforms
+
+  release:
+    name: Release new version
+    needs:
+      - extract-release-version
+      - unit-test
+      - build-on-minimum-supported-platforms
+    runs-on: ubuntu-latest
+    env:
+      RELEASE_VERSION: ${{ needs.extract-release-version.outputs.version }}
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          ref: release
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-session-name: ${{ format('{0}.release', github.run_id) }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Setup Github Token
+        id: setup-pat
+        env:
+          DEPLOY_SECRET_ARN: ${{ secrets.DEPLOY_SECRET_ARN }}
+        run: |
+          PAT=$(aws secretsmanager get-secret-value \
+          --secret-id "${DEPLOY_SECRET_ARN}" \
+          | jq -r ".SecretString")
+          echo "token=$PAT" >> $GITHUB_OUTPUT
+
+      - name: Create new version tag ${{ needs.extract-release-version.outputs.version }}
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            github.rest.git.createRef({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              ref: `refs/tags/${process.env.RELEASE_VERSION}`,
+              sha: context.sha,
+              force: true
+            })
+
+      - name: Sync Back to Main
+        env:
+          PAT: ${{ steps.setup-pat.outputs.token }}
+          GITHUB_USER: aws-amplify-ops
+          GITHUB_EMAIL: aws-amplify-ops@amazon.com
+        run: |
+          git config user.name $GITHUB_USER
+          git config user.email $GITHUB_EMAIL
+          git push "https://${PAT}@github.com/${{ github.repository }}" HEAD:main
diff --git a/.github/workflows/unit-test.yaml b/.github/workflows/unit-test.yaml
index d86a9bf..63393d7 100644
--- a/.github/workflows/unit-test.yaml
+++ b/.github/workflows/unit-test.yaml
@@ -2,6 +2,11 @@ name: Unit Test
 
 on:
   workflow_dispatch:
+  workflow_call:
+    inputs:
+      identifier:
+        required: true
+        type: string
   pull_request:
     branches:
       - main
@@ -9,7 +14,7 @@ on:
 permissions: {}
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  group: ${{ inputs.identifier || github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 
 jobs:

From 4f1330946b2d78c7570c78a49c3640f1ffa2c84e Mon Sep 17 00:00:00 2001
From: Di Wu <github@wudi.me>
Date: Fri, 27 Sep 2024 14:52:02 -0700
Subject: [PATCH 2/4] fix: add environment to release workflow (#25)

---
 .github/workflows/release.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 3f190b2..a1bdcdf 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -53,6 +53,7 @@ jobs:
 
   release:
     name: Release new version
+    environment: Release
     needs:
       - extract-release-version
       - unit-test

From 1e77782dcbb020cd29448b62836c9a2f4be56a02 Mon Sep 17 00:00:00 2001
From: Di Wu <github@wudi.me>
Date: Fri, 27 Sep 2024 15:27:25 -0700
Subject: [PATCH 3/4] fix: release workflow credential retrieval script (#28)

---
 .github/workflows/release.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index a1bdcdf..800f9b5 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -83,7 +83,7 @@ jobs:
         run: |
           PAT=$(aws secretsmanager get-secret-value \
           --secret-id "${DEPLOY_SECRET_ARN}" \
-          | jq -r ".SecretString")
+          | jq -r ".SecretString | fromjson | .Credential")
           echo "token=$PAT" >> $GITHUB_OUTPUT
 
       - name: Create new version tag ${{ needs.extract-release-version.outputs.version }}

From 101fe0c1f385b93fc6aae11e1f44bb808613aa2e Mon Sep 17 00:00:00 2001
From: aws-amplify-ops <aws-amplify-ops@amazon.com>
Date: Fri, 27 Sep 2024 22:28:07 +0000
Subject: [PATCH 4/4] [bump version 1.0.1]

---
 Sources/AWSAppSyncApolloExtensions/Utilities/PackageInfo.swift | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Sources/AWSAppSyncApolloExtensions/Utilities/PackageInfo.swift b/Sources/AWSAppSyncApolloExtensions/Utilities/PackageInfo.swift
index c894688..9a6b1be 100644
--- a/Sources/AWSAppSyncApolloExtensions/Utilities/PackageInfo.swift
+++ b/Sources/AWSAppSyncApolloExtensions/Utilities/PackageInfo.swift
@@ -21,7 +21,7 @@ import AppKit
 
 class PackageInfo {
 
-    private static let version = "1.0.0"
+    private static let version = "1.0.1"
 
     @MainActor
     private static var os: (name: String, version: String) = {