Release SDK #343
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Release SDK" | |
| # checkov:skip=CKV_GHA_7: This workflow requires dryRun parameter for release control | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| dryRun: | |
| description: "Do a dry run to preview instead of a real release [true/false]" | |
| required: true | |
| default: "true" | |
| permissions: | |
| contents: write | |
| pull-requests: read | |
| checks: write | |
| jobs: | |
| # SDK release is done from public main branch. | |
| confirm-public-repo-main-branch: | |
| name: "Confirm release is run from public/main branch" | |
| uses: mParticle/mparticle-workflows/.github/workflows/sdk-release-repo-branch-check.yml@main | |
| create-release-branch: | |
| name: "Create Release Branch" | |
| runs-on: ubuntu-latest | |
| needs: confirm-public-repo-main-branch | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }} | |
| GIT_AUTHOR_NAME: mparticle-automation | |
| GIT_AUTHOR_EMAIL: developers@mparticle.com | |
| GIT_COMMITTER_NAME: mparticle-automation | |
| GIT_COMMITTER_EMAIL: developers@mparticle.com | |
| steps: | |
| - name: Checkout main branch | |
| uses: actions/checkout@v6.0.2 | |
| with: | |
| token: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }} | |
| repository: mparticle/mparticle-android-sdk | |
| ref: main | |
| submodules: recursive | |
| - name: "Import GPG Key" | |
| uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec #v6.0 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| - name: "Create and push release branch" | |
| run: | | |
| git checkout -b release/${{ github.run_number }} | |
| git push origin release/${{ github.run_number }} | |
| - name: "Commit Kit Updates" | |
| run: | | |
| git submodule foreach "git fetch; git reset --hard origin/main"; | |
| git add . | |
| git diff-index --quiet HEAD || git commit -m 'chore: Update submodules' | |
| - name: "Push kit updates to release branch" | |
| run: git push origin release/${{ github.run_number }} | |
| regression-check: | |
| needs: create-release-branch | |
| name: "Run regression" | |
| uses: mParticle/mparticle-android-sdk/.github/workflows/daily.yml@main | |
| with: | |
| dryRun: ${{ github.event.inputs.dryRun }} | |
| branch_name: release/${{ github.run_number }} | |
| secrets: inherit | |
| semantic-release: | |
| name: "Semantic Release" | |
| needs: regression-check | |
| runs-on: macos-latest | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }} | |
| GIT_AUTHOR_NAME: mparticle-automation | |
| GIT_AUTHOR_EMAIL: developers@mparticle.com | |
| GIT_COMMITTER_NAME: mparticle-automation | |
| GIT_COMMITTER_EMAIL: developers@mparticle.com | |
| steps: | |
| - name: "Checkout public main branch" | |
| uses: actions/checkout@v6.0.2 | |
| with: | |
| token: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }} | |
| fetch-depth: 0 | |
| ref: main | |
| - name: "Import GPG Key" | |
| uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec #v6.0 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| - name: "Merge release branch into main branch" | |
| run: | | |
| git pull origin release/${{ github.run_number }} | |
| - name: "Semantic Release --dry-run" | |
| if: ${{ github.event.inputs.dryRun == 'true' }} | |
| run: | | |
| npx \ | |
| -p lodash \ | |
| -p semantic-release@17 \ | |
| -p @semantic-release/changelog@5 \ | |
| -p @semantic-release/git@9 \ | |
| -p @semantic-release/exec@5 \ | |
| -p conventional-changelog-conventionalcommits@7 \ | |
| semantic-release --dry-run | |
| - name: "Semantic Release" | |
| if: ${{ github.event.inputs.dryRun == 'false' }} | |
| run: | | |
| npx \ | |
| -p lodash \ | |
| -p semantic-release@17 \ | |
| -p @semantic-release/changelog@5 \ | |
| -p @semantic-release/git@9 \ | |
| -p @semantic-release/exec@5 \ | |
| -p conventional-changelog-conventionalcommits@7 \ | |
| semantic-release | |
| - name: "Push automated release commits to release branch" | |
| if: ${{ github.event.inputs.dryRun == 'false' }} | |
| run: | | |
| git push origin HEAD:release/${{ github.run_number }} | |
| sonatype-release: | |
| name: "Sonatype Release" | |
| needs: semantic-release | |
| runs-on: ubuntu-latest | |
| env: | |
| sonatypeUsername: ${{ secrets.SONATYPE_NEXUS_USERNAME }} | |
| sonatypePassword: ${{ secrets.SONATYPE_NEXUS_PASSWORD }} | |
| mavenSigningKeyId: ${{ secrets.MAVEN_CENTRAL_SIGNING_KEY }} | |
| mavenSigningKeyPassword: ${{ secrets.MAVEN_CENTRAL_SIGNING_KEY_PASSWORD }} | |
| steps: | |
| - name: "Checkout release branch" | |
| uses: actions/checkout@v6.0.2 | |
| with: | |
| repository: mparticle/mparticle-android-sdk | |
| ref: release/${{ github.run_number }} | |
| submodules: recursive | |
| - name: "Install JDK 17" | |
| uses: actions/setup-java@v5 | |
| with: | |
| distribution: "zulu" | |
| java-version: "17" | |
| - name: "Publish Core, KitManager, KitPlugin" | |
| if: ${{ github.event.inputs.dryRun == 'false'}} | |
| run: | | |
| ./gradlew -PisRelease=true publishReleasePublicationToMavenRepository --stacktrace | |
| - name: "Publish Kits" | |
| if: ${{ github.event.inputs.dryRun == 'false'}} | |
| # build kit-plugin locally so kits will compile, then release to sonatype | |
| run: | | |
| ./gradlew -PisRelease=true publishReleasePublicationToMavenLocal | |
| ./gradlew -PisRelease=true publishReleasePublicationToMavenRepository -c settings-kits.gradle --stacktrace | |
| - name: "Get SDK version for isolated kits" | |
| if: ${{ github.event.inputs.dryRun == 'false'}} | |
| id: sdk-version | |
| run: echo "version=$(./gradlew -PisRelease=true -q properties | grep '^version:' | awk '{print $2}')" >> $GITHUB_OUTPUT | |
| - name: "Publish Isolated Kits (urbanairship-kit)" | |
| if: ${{ github.event.inputs.dryRun == 'false'}} | |
| working-directory: kits/urbanairship-kit | |
| run: ./gradlew -PisRelease=true -Pversion=${{ steps.sdk-version.outputs.version }} publishReleasePublicationToMavenRepository --stacktrace | |
| # Temporary workaround: https://central.sonatype.org/publish/publish-portal-ossrh-staging-api/#ensuring-deployment-visibility-in-the-central-publisher-portal | |
| - name: Ensuring Deployment Visibility In The Central Publisher Portal | |
| if: ${{ github.event.inputs.dryRun == 'false'}} | |
| env: | |
| USER: ${{ secrets.SONATYPE_NEXUS_USERNAME }} | |
| PASS: ${{ secrets.SONATYPE_NEXUS_PASSWORD }} | |
| run: | | |
| curl -f -u "$USER:$PASS" -X POST \ | |
| "https://ossrh-staging-api.central.sonatype.com/manual/upload/defaultRepository/com.mparticle?publishing_type=user_managed" \ | |
| -H "Content-Type: application/json" -d '{}' \ | |
| && echo "Success" | |
| sync-repository: | |
| name: "Sync Repository" | |
| needs: sonatype-release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "Checkout main branch" | |
| uses: actions/checkout@v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| repository: ${{ github.repository }} | |
| token: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }} | |
| ref: main | |
| - name: "Merge release branch into main branch" | |
| if: ${{ github.event.inputs.dryRun == 'false' }} | |
| run: | | |
| git pull origin release/${{ github.run_number }} | |
| - name: "Push release commits to main branch" | |
| if: ${{ github.event.inputs.dryRun == 'false'}} | |
| run: | | |
| git push origin HEAD:main | |
| git push -f origin HEAD:chore/dependabot | |
| - name: "Delete release branch" | |
| if: ${{ github.event.inputs.dryRun == 'false' }} | |
| run: | | |
| git push --delete origin release/${{ github.run_number }} |