Release a new version 8.8.0-alpha102 #463
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release a new version | |
| run-name: Release a new version ${{ github.event.release.tag_name }} | |
| on: | |
| release: | |
| types: [ created ] | |
| jobs: | |
| setup: | |
| name: Prepare the repository | |
| runs-on: ubuntu-latest | |
| outputs: | |
| tagType: ${{ steps.validate_tag.outputs.type }} | |
| releaseBranch: ${{ steps.determine_release_branch.outputs.releaseBranch }} | |
| previousTag: ${{ steps.validate_tag.outputs.previousTag }} | |
| steps: | |
| - name: Import Secrets | |
| id: vault-secrets | |
| uses: hashicorp/[email protected] | |
| with: | |
| url: ${{ secrets.VAULT_ADDR }} | |
| method: approle | |
| roleId: ${{ secrets.VAULT_ROLE_ID }} | |
| secretId: ${{ secrets.VAULT_SECRET_ID}} | |
| secrets: | | |
| secret/data/products/connectors/ci/common GITHUB_APP_ID; | |
| secret/data/products/connectors/ci/common GITHUB_APP_PRIVATE_KEY; | |
| - name: Generate a GitHub token for connectors | |
| id: app-token | |
| uses: actions/create-github-app-token@v1 | |
| with: | |
| app-id: ${{ steps.vault-secrets.outputs.GITHUB_APP_ID }} | |
| private-key: ${{ steps.vault-secrets.outputs.GITHUB_APP_PRIVATE_KEY }} | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ steps.app-token.outputs.token }} | |
| ref: ${{ github.event.release.target_commitish }} | |
| fetch-depth: 0 | |
| - name: Validate release tag and determine previous tag | |
| id: validate_tag | |
| run: | | |
| OUTPUT="$(.github/workflows/scripts/prev_tag.sh ${{ github.event.release.tag_name }})" | |
| if [ $? -ne 0 ]; then | |
| echo "Script failed" | |
| exit 1 | |
| fi | |
| echo "type=$( echo $OUTPUT | cut -d ' ' -f1 )" >> $GITHUB_OUTPUT | |
| echo "previousTag=$( echo $OUTPUT | cut -d ' ' -f2 )" >> $GITHUB_OUTPUT | |
| # We will update this branch by setting the new version and pushing it | |
| - name: Determine release branch name | |
| id: determine_release_branch | |
| run: | | |
| releaseBranch=$( git branch --contains ${RELEASE_VERSION} --format='%(refname:short)' ) | |
| git checkout "$releaseBranch" | |
| echo "releaseBranch=$releaseBranch" >> $GITHUB_OUTPUT | |
| env: | |
| RELEASE_VERSION: ${{ github.event.release.tag_name }} | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.PROTECTED_BRANCH_PAT }} | |
| ref: ${{ github.event.release.target_commitish }} | |
| fetch-depth: 0 | |
| - name: Prepare Java and Maven settings | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '21' | |
| - name: Compile and Test | |
| run: mvn clean install -DskipTests | |
| - name: Upload repository | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: repository | |
| path: . | |
| include-hidden-files: 'true' | |
| maven-release: | |
| needs: setup | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download repository | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: repository | |
| - name: Prepare Java and Maven settings | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '21' | |
| - name: Import Secrets | |
| id: secrets | |
| uses: hashicorp/[email protected] | |
| with: | |
| url: ${{ secrets.VAULT_ADDR }} | |
| method: approle | |
| roleId: ${{ secrets.VAULT_ROLE_ID }} | |
| secretId: ${{ secrets.VAULT_SECRET_ID }} | |
| exportEnv: false # we rely on step outputs, no need for environment variables | |
| secrets: | | |
| secret/data/products/connectors/ci/common ARTIFACTORY_USR; | |
| secret/data/products/connectors/ci/common ARTIFACTORY_PSW; | |
| secret/data/github.com/organizations/camunda MAVEN_CENTRAL_DEPLOYMENT_USR; | |
| secret/data/github.com/organizations/camunda MAVEN_CENTRAL_DEPLOYMENT_PSW; | |
| secret/data/github.com/organizations/camunda MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE; | |
| secret/data/github.com/organizations/camunda MAVEN_CENTRAL_GPG_SIGNING_KEY_SEC; | |
| - name: Import GPG key | |
| id: import_gpg | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_SEC }} | |
| passphrase: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE }} | |
| - name: Restore cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: 'Create settings.xml' | |
| uses: s4u/[email protected] | |
| with: | |
| githubServer: false | |
| servers: | | |
| [{ | |
| "id": "camunda-nexus", | |
| "username": "${{ steps.secrets.outputs.ARTIFACTORY_USR }}", | |
| "password": "${{ steps.secrets.outputs.ARTIFACTORY_PSW }}" | |
| }, | |
| { | |
| "id": "central", | |
| "username": "${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_USR }}", | |
| "password": "${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_PSW }}" | |
| } | |
| ] | |
| mirrors: '[{"url": "https://repository.nexus.camunda.cloud/content/groups/internal/", "id": "camunda-nexus", "mirrorOf": "camunda-nexus", "name": "camunda Nexus"}]' | |
| - name: Configure git user | |
| run: | | |
| # https://github.com/actions/checkout/issues/13#issuecomment-724415212 | |
| git config user.name "github-actions[bot]" | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| - name: Install element templates CLI | |
| run: npm install --global element-templates-cli | |
| # Maven build & version bump | |
| - name: Set Connectors release version | |
| run: mvn -B versions:set -DnewVersion=${RELEASE_VERSION} -DgenerateBackupPoms=false -f parent | |
| env: | |
| RELEASE_VERSION: ${{ github.event.release.tag_name }} | |
| - name: Deploy artifacts to Artifactory and Maven Central (Staging) | |
| run: mvn -B -q compile generate-sources source:jar javadoc:jar deploy -PcheckFormat -Psonatype-oss-release | |
| env: | |
| NEXUS_USR: ${{ steps.secrets.outputs.ARTIFACTORY_USR }} | |
| NEXUS_PSW: ${{ steps.secrets.outputs.ARTIFACTORY_PSW }} | |
| MAVEN_USR: ${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_USR }} | |
| MAVEN_PSW: ${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_PSW }} | |
| MAVEN_GPG_PASSPHRASE: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE }} | |
| - name: Generate sbom reports | |
| run: | | |
| mvn cyclonedx:makeAggregateBom -pl bundle/default-bundle | |
| docker-release: | |
| needs: setup | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download repository | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: repository | |
| - name: Import Secrets | |
| id: secrets | |
| uses: hashicorp/[email protected] | |
| with: | |
| url: ${{ secrets.VAULT_ADDR }} | |
| method: approle | |
| roleId: ${{ secrets.VAULT_ROLE_ID }} | |
| secretId: ${{ secrets.VAULT_SECRET_ID }} | |
| exportEnv: false # we rely on step outputs, no need for environment variables | |
| secrets: | | |
| secret/data/products/connectors/ci/common DOCKERHUB_USER; | |
| secret/data/products/connectors/ci/common DOCKERHUB_PASSWORD; | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| platforms: 'arm64,arm' | |
| - name: Set up Docker Build | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} | |
| password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} | |
| # Build & push bundle docker images (with version tag) | |
| - name: Build and Push Docker Image tag ${{ github.event.release.tag_name }} - connector-runtime | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: connector-runtime/connector-runtime-application/ | |
| push: true | |
| tags: camunda/connectors:${{ github.event.release.tag_name }} | |
| platforms: linux/amd64,linux/arm64 | |
| provenance: false | |
| - name: Build and Push Docker Image tag ${{ github.event.release.tag_name }} - bundle-default | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: bundle/default-bundle/ | |
| push: true | |
| tags: camunda/connectors-bundle:${{ github.event.release.tag_name }} | |
| platforms: linux/amd64,linux/arm64 | |
| provenance: false | |
| - name: Build and Push Docker Image tag ${{ github.event.release.tag_name }} - bundle-saas | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: bundle/camunda-saas-bundle/ | |
| push: true | |
| tags: camunda/connectors-bundle-saas:${{ github.event.release.tag_name }} | |
| platforms: linux/amd64,linux/arm64 | |
| provenance: false | |
| # Build & push bundle docker images (with 'latest' tag) | |
| - name: Build and Push Docker Image tag latest - connector-runtime | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: connector-runtime/connector-runtime-application/ | |
| push: true | |
| tags: camunda/connectors:latest | |
| platforms: linux/amd64,linux/arm64 | |
| provenance: false | |
| - name: Build and Push Docker Image tag latest - bundle-default | |
| if: ${{ needs.setup.outputs.tagType == 'NORMAL' }} | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: bundle/default-bundle/ | |
| push: true | |
| tags: camunda/connectors-bundle:latest | |
| platforms: linux/amd64,linux/arm64 | |
| provenance: false | |
| - name: Build and Push Docker Image tag latest - bundle-saas | |
| if: ${{ needs.setup.outputs.tagType == 'NORMAL' }} | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: bundle/camunda-saas-bundle/ | |
| push: true | |
| tags: camunda/connectors-bundle-saas:latest | |
| platforms: linux/amd64,linux/arm64 | |
| provenance: false | |
| # Update README in Dockerhub | |
| - name: Push README to Dockerhub - bundle-default | |
| if: ${{ needs.setup.outputs.tagType == 'NORMAL' }} | |
| uses: christian-korneck/update-container-description-action@v1 | |
| env: | |
| DOCKER_USER: ${{ steps.secrets.outputs.DOCKERHUB_USER }} | |
| DOCKER_PASS: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} | |
| with: | |
| destination_container_repo: camunda/connectors-bundle | |
| provider: dockerhub | |
| readme_file: bundle/README.md | |
| short_description: 'Camunda out-of-the-box Connectors Bundle' | |
| - name: Push README to Dockerhub - bundle-saas | |
| if: ${{ needs.setup.outputs.tagType == 'NORMAL' }} | |
| uses: christian-korneck/update-container-description-action@v1 | |
| env: | |
| DOCKER_USER: ${{ steps.secrets.outputs.DOCKERHUB_USER }} | |
| DOCKER_PASS: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} | |
| with: | |
| destination_container_repo: camunda/connectors-bundle-saas | |
| provider: dockerhub | |
| readme_file: bundle/README.md | |
| short_description: 'Camunda out-of-the-box Connectors Bundle for SaaS' | |
| bundle-and-build-changelog: | |
| needs: [ setup, maven-release, docker-release ] | |
| name: Bundle and generate changelogs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download repository | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: repository | |
| # Update GitHub release | |
| - name: Bundle element templates | |
| run: bash bundle/bundle-templates.sh ${RELEASE_VERSION} | |
| env: | |
| RELEASE_VERSION: ${{ github.event.release.tag_name }} | |
| - name: Build Changelog | |
| id: changelog | |
| uses: Requarks/changelog-action@v1 | |
| with: | |
| token: ${{ github.token }} | |
| fromTag: ${{ github.event.release.tag_name }} | |
| toTag: ${{ needs.setup.outputs.previousTag }} | |
| writeToFile: false | |
| excludeTypes: build,docs,other,style,ci | |
| excludeScopes: deps | |
| - name: Configure git user | |
| run: | | |
| # https://github.com/actions/checkout/issues/13#issuecomment-724415212 | |
| git config user.name "github-actions[bot]" | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| - name: Commit and tag | |
| run: | | |
| git commit -am "ci: release version ${RELEASE_VERSION}" | |
| git push --force-with-lease origin ${RELEASE_BRANCH} | |
| git tag -fa ${RELEASE_VERSION} -m "ci: release version ${RELEASE_VERSION}" | |
| git push --force origin ${RELEASE_VERSION} | |
| env: | |
| RELEASE_VERSION: ${{ github.event.release.tag_name }} | |
| RELEASE_BRANCH: ${{ needs.setup.outputs.releaseBranch }} | |
| - name: Update GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| prerelease: ${{ needs.setup.outputs.tagType != 'NORMAL' }} | |
| body: ${{ steps.changelog.outputs.changes }} | |
| tag_name: ${{ github.event.release.tag_name }} | |
| files: | | |
| bundle/default-bundle/target/connectors-bundle-sbom.json | |
| bundle/default-bundle/target/connectors-bundle-sbom.xml | |
| connectors-bundle-templates-${{ github.event.release.tag_name }}.tar.gz | |
| connectors-bundle-templates-${{ github.event.release.tag_name }}.zip | |
| helm-deploy: | |
| needs: [setup, docker-release] | |
| name: Run Helm Integration Tests | |
| uses: ./.github/workflows/INTEGRATION_TEST.yml | |
| secrets: inherit | |
| with: | |
| connectors-version: ${{ github.event.release.tag_name }} | |
| release-branch: ${{ needs.setup.outputs.releaseBranch }} |