Attach Artifacts To Draft Release #512
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Attach Artifacts To Draft Release | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: 'Version (example: 4.8.2)' | |
required: true | |
branch: | |
description: 'Branch to release (Defaults to master)' | |
required: false | |
default: 'master' | |
runId: | |
description: 'RunId of liquibase/liquibase artifacts to attach' | |
required: true | |
standalone_zip: | |
description: 'Flag to indicate if the workflow is triggered to create a standalone zip' | |
required: false | |
type: boolean | |
default: false | |
dry_run: | |
description: 'Flag to indicate if the workflow is triggered to create a dry-run release' | |
required: false | |
type: boolean | |
default: false | |
workflow_call: | |
inputs: | |
version: | |
description: 'Version (example: 4.8.2)' | |
required: true | |
type: string | |
branch: | |
description: 'Branch to release (Defaults to master)' | |
required: false | |
default: 'master' | |
type: string | |
runId: | |
description: 'RunId of liquibase/liquibase artifacts to attach' | |
required: true | |
type: string | |
standalone_zip: | |
description: 'Flag to indicate if the workflow is triggered to create a standalone zip' | |
required: true | |
type: boolean | |
default: false | |
dry_run: | |
description: 'Flag to indicate if the workflow is triggered to create a dry-run release' | |
required: true | |
type: boolean | |
default: false | |
outputs: | |
dry_run_zip_url: | |
description: 'The URL of the created zip file' | |
value: ${{ jobs.build-installers.outputs.dry_run_zip_url }} | |
dry_run_tar_gz_url: | |
description: 'The URL of the created tar.gz file' | |
value: ${{ jobs.build-installers.outputs.dry_run_tar_gz_url }} | |
env: | |
DEPENDENCIES: "liquibase-bigquery" # Comma separated list of dependencies to release the extensions list | |
EXTENSIONS: "liquibase-commercial-bigquery" # Comma separated list of extensions to release to GPM | |
jobs: | |
setup: | |
name: Setup | |
runs-on: ubuntu-22.04 | |
outputs: | |
version: ${{ inputs.version }} | |
branch: ${{ inputs.branch }} | |
runId: ${{ inputs.runId }} | |
uber_jar_runId: ${{ steps.get_run_id.outputs.run_id }} | |
dependencies: ${{ env.DEPENDENCIES }} | |
extensions: ${{ env.EXTENSIONS }} | |
steps: | |
- run: | | |
echo "Creating version ${{ inputs.version }} from ${{ inputs.branch }} with artifacts from build ${{ inputs.runId }} " | |
owasp-scanner: | |
needs: [ setup ] | |
uses: liquibase/build-logic/.github/workflows/owasp-scanner.yml@main | |
with: | |
branch: ${{ needs.setup.outputs.branch }} | |
secrets: inherit | |
build-azure-uber-jar: | |
needs: [ setup, owasp-scanner ] | |
uses: liquibase/liquibase/.github/workflows/build-azure-uber-jar.yml@master | |
with: | |
branch: ${{ needs.setup.outputs.branch }} | |
liquibase-version: ${{ needs.setup.outputs.version }} | |
secrets: inherit | |
build-extension-jars: | |
needs: [ setup, owasp-scanner ] | |
uses: liquibase/liquibase/.github/workflows/build-extension-jars.yml@master | |
with: | |
liquibase-version: ${{ needs.setup.outputs.version }} | |
dependencies: ${{ needs.setup.outputs.dependencies }} | |
extensions: ${{ needs.setup.outputs.extensions }} | |
branch: ${{ needs.setup.outputs.branch }} | |
secrets: inherit | |
reversion: | |
needs: [ setup, build-azure-uber-jar, build-extension-jars ] | |
name: Re-version artifacts ${{ needs.setup.outputs.version }} | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/checkout@v4 | |
name: Checkout liquibase-pro | |
with: | |
repository: liquibase/liquibase-pro | |
ref: "${{ needs.setup.outputs.branch }}" | |
path: download/repo/liquibase-pro | |
token: ${{ secrets.BOT_TOKEN }} | |
- name: Download liquibase-artifacts | |
uses: liquibase/action-download-artifact@v2-liquibase | |
with: | |
workflow: run-tests.yml | |
run_id: ${{ needs.setup.outputs.runId }} | |
name: liquibase-artifacts | |
path: download/liquibase-artifacts | |
- name: Get Current Run ID | |
id: get_run_id | |
run: | | |
run_id=${{ github.run_id }} | |
echo "uber_jar_runId=${run_id}" >> $GITHUB_OUTPUT | |
- name: Download liquibase-pro-azure-artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: liquibase-pro-azure-artifacts | |
path: liquibase-pro/liquibase-azure-deps | |
- name: Generate repositories and servers JSON | |
id: generate-json | |
run: | | |
IFS=',' read -ra EXT <<< "${{ needs.setup.outputs.extensions }}" | |
repositories="" | |
servers="" | |
for i in "${EXT[@]}"; do | |
repositories+="{\"id\": \"$i\",\"url\": \"https://maven.pkg.github.com/liquibase/$i\",\"releases\": {\"enabled\": \"true\"},\"snapshots\": {\"enabled\": \"true\",\"updatePolicy\": \"always\"}}," | |
servers+="{\"id\": \"$i\",\"username\": \"liquibot\",\"password\": \"${{ secrets.LIQUIBOT_PAT_GPM_ACCESS }}\"}," | |
done | |
# Remove trailing comma and wrap with brackets | |
repositories="["${repositories::-1}"]" | |
servers="["${servers::-1}"]" | |
echo "REPOSITORIES_JSON=$repositories" >> $GITHUB_ENV | |
echo "SERVERS_JSON=$servers" >> $GITHUB_ENV | |
- name: maven-settings-xml-action | |
uses: whelk-io/maven-settings-xml-action@v22 | |
with: | |
repositories: ${{ env.REPOSITORIES_JSON }} | |
servers: ${{ env.SERVERS_JSON }} | |
- name: Get extensions artifacts | |
run: | | |
IFS=',' read -ra ADDR <<< "${{ needs.setup.outputs.extensions }}" | |
for extension in "${ADDR[@]}"; do | |
mvn dependency:get -DgroupId=org.liquibase.ext -DartifactId=$extension -Dversion=${{ needs.setup.outputs.version }} -Dtransitive=false || echo "Failed to download $extension artifact" | |
done | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '8' | |
distribution: 'adopt' | |
gpg-private-key: ${{ secrets.GPG_SECRET }} | |
gpg-passphrase: GPG_PASSPHRASE | |
env: | |
GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Re-version Artifacts | |
env: | |
GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }} | |
run: | | |
scripts_branch=${{ github.ref }} | |
mkdir -p $PWD/.github/util/ | |
# Download a script (re-version.sh) from a URL and save it to the specified directory | |
curl -o $PWD/.github/util/re-version.sh https://raw.githubusercontent.com/liquibase/liquibase/$scripts_branch/.github/util/re-version.sh | |
# Download another script (sign-artifacts.sh) from a URL and save it to the specified directory | |
curl -o $PWD/.github/util/sign-artifacts.sh https://raw.githubusercontent.com/liquibase/liquibase/$scripts_branch/.github/util/sign-artifacts.sh | |
curl -o $PWD/.github/util/ManifestReversion.java https://raw.githubusercontent.com/liquibase/liquibase/$scripts_branch/.github/util/ManifestReversion.java | |
chmod +x $PWD/.github/util/re-version.sh | |
chmod +x $PWD/.github/util/ManifestReversion.java | |
chmod +x $PWD/.github/util/sign-artifacts.sh | |
$PWD/.github/util/re-version.sh download/liquibase-artifacts "${{ needs.setup.outputs.version }}" "${{ needs.setup.outputs.branch }}" | |
# Execute the sign-artifacts.sh script with specific arguments | |
$PWD/.github/util/sign-artifacts.sh download/liquibase-artifacts "${{ needs.setup.outputs.version }}" "${{ needs.setup.outputs.branch }}" | |
## Sign Files | |
## liquibase-azure-deps and liquibase extensions are already on its correct version. Check reusable workflow: build-azure-uber-jar.yml and build-extension-jars.yml | |
mv liquibase-pro/liquibase-azure-deps/* re-version/out | |
# Modify the zip file | |
unzip re-version/out/liquibase-${{ needs.setup.outputs.version }}.zip -d re-version/out/liquibase-${{ needs.setup.outputs.version }} | |
mkdir -p re-version/out/liquibase-${{ needs.setup.outputs.version }}/internal/extensions | |
rm -rf re-version/out/liquibase-${{ needs.setup.outputs.version }}.zip | |
IFS=',' read -ra EXT <<< "${{ needs.setup.outputs.extensions }}" | |
for i in "${EXT[@]}"; do | |
cp ~/.m2/repository/org/liquibase/ext/$i/${{ needs.setup.outputs.version }}/$i-${{ needs.setup.outputs.version }}.jar re-version/out/liquibase-${{ needs.setup.outputs.version }}/internal/extensions/$i.jar || echo "Failed to move $i artifact" | |
done | |
(cd re-version/out/liquibase-${{ needs.setup.outputs.version }} && zip -r ../liquibase-${{ needs.setup.outputs.version }}.zip . && cd .. && rm -rf liquibase-${{ needs.setup.outputs.version }}) | |
# Modify the tar.gz file | |
mkdir -p re-version/out/liquibase-${{ needs.setup.outputs.version }} | |
tar -xzvf re-version/out/liquibase-${{ needs.setup.outputs.version }}.tar.gz -C re-version/out/liquibase-${{ needs.setup.outputs.version }} | |
rm -rf re-version/out/liquibase-${{ needs.setup.outputs.version }}.tar.gz | |
mkdir -p re-version/out/liquibase-${{ needs.setup.outputs.version }}/internal/extensions | |
for I in "${EXT[@]}"; do | |
cp ~/.m2/repository/org/liquibase/ext/$I/${{ needs.setup.outputs.version }}/$I-${{ needs.setup.outputs.version }}.jar re-version/out/liquibase-${{ needs.setup.outputs.version }}/internal/extensions/$I.jar || echo "Failed to move $I artifact" | |
done | |
(cd re-version/out/liquibase-${{ needs.setup.outputs.version }} && tar -czvf ../liquibase-${{ needs.setup.outputs.version }}.tar.gz * && cd .. && rm -rf liquibase-${{ needs.setup.outputs.version }}) | |
$PWD/.github/util/sign-artifacts.sh re-version/out | |
# Move files to a specific directory | |
mkdir re-version/final | |
mv re-version/out/liquibase-core-${{ needs.setup.outputs.version }}.jar re-version/final | |
mv re-version/out/liquibase-commercial-${{ needs.setup.outputs.version }}.jar re-version/final | |
mv re-version/out/liquibase-${{ needs.setup.outputs.version }}.tar.gz re-version/final | |
mv re-version/out/liquibase-${{ needs.setup.outputs.version }}.zip re-version/final | |
mv re-version/out/liquibase-azure-deps-${{ needs.setup.outputs.version }}.jar re-version/final/liquibase-azure-deps-${{ needs.setup.outputs.version }}.jar | |
(cd re-version/out/ && zip liquibase-additional-${{ needs.setup.outputs.version }}.zip *) | |
mv re-version/out/liquibase-additional-${{ needs.setup.outputs.version }}.zip re-version/final | |
- name: Cache Completed Artifacts | |
uses: actions/[email protected] | |
with: | |
key: completed-artifacts-${{ github.run_number }}-${{ github.run_attempt }} | |
path: re-version/final | |
- name: Set repository tags | |
if: ${{ inputs.standalone_zip == false && inputs.dry_run == false }} | |
run: | | |
git tag -f v${{ needs.setup.outputs.version }} | |
git push -f origin v${{ needs.setup.outputs.version }} | |
(cd download/repo/liquibase-pro && git tag -f v${{ needs.setup.outputs.version }}) | |
(cd download/repo/liquibase-pro && git push -f origin v${{ needs.setup.outputs.version }}) | |
build-installers: | |
permissions: | |
contents: write # for softprops/action-gh-release to create GitHub release | |
needs: [ setup, reversion ] | |
name: Build Installers | |
runs-on: macos-13 #needs macos for apple notarization | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
outputs: | |
dry_run_zip_url: ${{ steps.extract-dry-run-url.outputs.dry_run_zip_url }} | |
dry_run_tar_gz_url: ${{ steps.extract-dry-run-url.outputs.dry_run_tar_gz_url }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Restore Completed Artifacts | |
uses: actions/[email protected] | |
with: | |
key: completed-artifacts-${{ github.run_number }}-${{ github.run_attempt }} | |
path: re-version/final | |
- name: Set up JDK for GPG | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '8' | |
distribution: 'adopt' | |
gpg-private-key: ${{ secrets.GPG_SECRET }} | |
gpg-passphrase: GPG_PASSPHRASE | |
env: | |
GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Re-version Installers | |
env: | |
INSTALL4J_10_LICENSE: ${{ secrets.INSTALL4J_10_LICENSE }} | |
INSTALL4J_APPLE_KEY: ${{ secrets.INSTALL4J_APPLE_KEY }} | |
INSTALL4J_APPLE_KEY_PASSWORD: ${{ secrets.INSTALL4J_APPLE_KEY_PASSWORD }} | |
INSTALL4J_APPLE_ID: ${{ secrets.INSTALL4J_APPLE_ID }} | |
INSTALL4J_APPLE_ID_PASSWORD: ${{ secrets.INSTALL4J_APPLE_ID_PASSWORD }} | |
INSTALL4J_WINDOWS_KEY: ${{ secrets.INSTALL4J_WINDOWS_KEY }} | |
INSTALL4J_WINDOWS_KEY_PASSWORD: ${{ secrets.INSTALL4J_WINDOWS_KEY_PASSWORD }} | |
GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }} | |
run: | | |
mkdir -p liquibase-dist/target/keys | |
echo "Saving apple key" | |
echo "$INSTALL4J_APPLE_KEY" | base64 -d > liquibase-dist/target/keys/datical_apple.p12 | |
echo "Saving windows key" | |
echo "$INSTALL4J_WINDOWS_KEY" | base64 -d > liquibase-dist/target/keys/datical_windows.pfx | |
version="${{ needs.setup.outputs.version }}" | |
##### Rebuild installers | |
tarFile=$(pwd)/re-version/final/liquibase-$version.tar.gz | |
scriptDir=$(pwd)/.github/util/ | |
mkdir -p liquibase-dist/target/liquibase-$version | |
(cd liquibase-dist/target/liquibase-$version && tar xfz $tarFile) | |
(cd liquibase-dist && $scriptDir/package-install4j.sh $version) | |
mv liquibase-dist/target/liquibase-*-installer-* re-version/final | |
##Sign Files | |
$PWD/.github/util/sign-artifacts.sh re-version/final | |
(cd re-version/final && zip liquibase-additional-$version.zip *.asc *.md5 *.sha1) | |
rm re-version/final/*.asc | |
rm re-version/final/*.md5 | |
rm re-version/final/*.sha1 | |
- name: Attach Files to Draft Release | |
if: ${{ inputs.standalone_zip == false && inputs.dry_run == false }} | |
uses: softprops/action-gh-release@v2 | |
with: | |
tag_name: v${{ needs.setup.outputs.version }} | |
fail_on_unmatched_files: true | |
body: Liquibase ${{ needs.setup.outputs.version }} | |
generate_release_notes: true | |
draft: true | |
files: re-version/final/* | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Attach Files to Dry-Run Draft Release | |
id: attach-files-dry-run | |
if: ${{ inputs.standalone_zip == false && inputs.dry_run == true }} | |
uses: softprops/action-gh-release@v2 | |
with: | |
tag_name: v${{ needs.setup.outputs.version }} | |
fail_on_unmatched_files: true | |
body: Liquibase ${{ needs.setup.outputs.version }} (Dry-Run) | |
generate_release_notes: true | |
draft: true | |
files: re-version/final/* | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract dry-run release URL | |
if: ${{ inputs.standalone_zip == false && inputs.dry_run == true }} | |
id: extract-dry-run-url | |
shell: bash | |
run: | | |
assets_json=$(echo '${{ toJson(steps.attach-files-dry-run.outputs) }}' | jq -r '.assets | fromjson') | |
tar_gz_url=$(echo "$assets_json" | jq -r '.[] | select(.name | test("^liquibase-dry-run-.*\\.tar\\.gz$")) | .url') | |
zip_url=$(echo "$assets_json" | jq -r '.[] | select(.name | test("^liquibase-dry-run-.*\\.zip$")) | .url') | |
echo $tar_gz_url | |
echo $zip_url | |
echo "dry_run_tar_gz_url=$tar_gz_url" >> $GITHUB_OUTPUT | |
echo "dry_run_zip_url=$zip_url" >> $GITHUB_OUTPUT | |
- name: Attach standalone zip to Build | |
if: ${{ inputs.standalone_zip == true && inputs.dry_run == false }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: liquibase-installers-${{ needs.setup.outputs.version }} | |
path: re-version/final/* | |