Skip to content

Attach Artifacts To Draft Release #512

Attach Artifacts To Draft Release

Attach Artifacts To Draft Release #512

name: Attach Artifacts To Draft Release
on:
workflow_dispatch:
inputs:
version:
description: 'Version (example: 4.8.2)'
required: true
branch:
description: 'Branch to release (Defaults to master)'
required: false
default: 'master'
runId:
description: 'RunId of liquibase/liquibase artifacts to attach'
required: true
standalone_zip:
description: 'Flag to indicate if the workflow is triggered to create a standalone zip'
required: false
type: boolean
default: false
dry_run:
description: 'Flag to indicate if the workflow is triggered to create a dry-run release'
required: false
type: boolean
default: false
workflow_call:
inputs:
version:
description: 'Version (example: 4.8.2)'
required: true
type: string
branch:
description: 'Branch to release (Defaults to master)'
required: false
default: 'master'
type: string
runId:
description: 'RunId of liquibase/liquibase artifacts to attach'
required: true
type: string
standalone_zip:
description: 'Flag to indicate if the workflow is triggered to create a standalone zip'
required: true
type: boolean
default: false
dry_run:
description: 'Flag to indicate if the workflow is triggered to create a dry-run release'
required: true
type: boolean
default: false
outputs:
dry_run_zip_url:
description: 'The URL of the created zip file'
value: ${{ jobs.build-installers.outputs.dry_run_zip_url }}
dry_run_tar_gz_url:
description: 'The URL of the created tar.gz file'
value: ${{ jobs.build-installers.outputs.dry_run_tar_gz_url }}
env:
DEPENDENCIES: "liquibase-bigquery" # Comma separated list of dependencies to release the extensions list
EXTENSIONS: "liquibase-commercial-bigquery" # Comma separated list of extensions to release to GPM
jobs:
setup:
name: Setup
runs-on: ubuntu-22.04
outputs:
version: ${{ inputs.version }}
branch: ${{ inputs.branch }}
runId: ${{ inputs.runId }}
uber_jar_runId: ${{ steps.get_run_id.outputs.run_id }}
dependencies: ${{ env.DEPENDENCIES }}
extensions: ${{ env.EXTENSIONS }}
steps:
- run: |
echo "Creating version ${{ inputs.version }} from ${{ inputs.branch }} with artifacts from build ${{ inputs.runId }} "
owasp-scanner:
needs: [ setup ]
uses: liquibase/build-logic/.github/workflows/owasp-scanner.yml@main
with:
branch: ${{ needs.setup.outputs.branch }}
secrets: inherit
build-azure-uber-jar:
needs: [ setup, owasp-scanner ]
uses: liquibase/liquibase/.github/workflows/build-azure-uber-jar.yml@master
with:
branch: ${{ needs.setup.outputs.branch }}
liquibase-version: ${{ needs.setup.outputs.version }}
secrets: inherit
build-extension-jars:
needs: [ setup, owasp-scanner ]
uses: liquibase/liquibase/.github/workflows/build-extension-jars.yml@master
with:
liquibase-version: ${{ needs.setup.outputs.version }}
dependencies: ${{ needs.setup.outputs.dependencies }}
extensions: ${{ needs.setup.outputs.extensions }}
branch: ${{ needs.setup.outputs.branch }}
secrets: inherit
reversion:
needs: [ setup, build-azure-uber-jar, build-extension-jars ]
name: Re-version artifacts ${{ needs.setup.outputs.version }}
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4
name: Checkout liquibase-pro
with:
repository: liquibase/liquibase-pro
ref: "${{ needs.setup.outputs.branch }}"
path: download/repo/liquibase-pro
token: ${{ secrets.BOT_TOKEN }}
- name: Download liquibase-artifacts
uses: liquibase/action-download-artifact@v2-liquibase
with:
workflow: run-tests.yml
run_id: ${{ needs.setup.outputs.runId }}
name: liquibase-artifacts
path: download/liquibase-artifacts
- name: Get Current Run ID
id: get_run_id
run: |
run_id=${{ github.run_id }}
echo "uber_jar_runId=${run_id}" >> $GITHUB_OUTPUT
- name: Download liquibase-pro-azure-artifacts
uses: actions/download-artifact@v4
with:
name: liquibase-pro-azure-artifacts
path: liquibase-pro/liquibase-azure-deps
- name: Generate repositories and servers JSON
id: generate-json
run: |
IFS=',' read -ra EXT <<< "${{ needs.setup.outputs.extensions }}"
repositories=""
servers=""
for i in "${EXT[@]}"; do
repositories+="{\"id\": \"$i\",\"url\": \"https://maven.pkg.github.com/liquibase/$i\",\"releases\": {\"enabled\": \"true\"},\"snapshots\": {\"enabled\": \"true\",\"updatePolicy\": \"always\"}},"
servers+="{\"id\": \"$i\",\"username\": \"liquibot\",\"password\": \"${{ secrets.LIQUIBOT_PAT_GPM_ACCESS }}\"},"
done
# Remove trailing comma and wrap with brackets
repositories="["${repositories::-1}"]"
servers="["${servers::-1}"]"
echo "REPOSITORIES_JSON=$repositories" >> $GITHUB_ENV
echo "SERVERS_JSON=$servers" >> $GITHUB_ENV
- name: maven-settings-xml-action
uses: whelk-io/maven-settings-xml-action@v22
with:
repositories: ${{ env.REPOSITORIES_JSON }}
servers: ${{ env.SERVERS_JSON }}
- name: Get extensions artifacts
run: |
IFS=',' read -ra ADDR <<< "${{ needs.setup.outputs.extensions }}"
for extension in "${ADDR[@]}"; do
mvn dependency:get -DgroupId=org.liquibase.ext -DartifactId=$extension -Dversion=${{ needs.setup.outputs.version }} -Dtransitive=false || echo "Failed to download $extension artifact"
done
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '8'
distribution: 'adopt'
gpg-private-key: ${{ secrets.GPG_SECRET }}
gpg-passphrase: GPG_PASSPHRASE
env:
GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }}
- name: Re-version Artifacts
env:
GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }}
run: |
scripts_branch=${{ github.ref }}
mkdir -p $PWD/.github/util/
# Download a script (re-version.sh) from a URL and save it to the specified directory
curl -o $PWD/.github/util/re-version.sh https://raw.githubusercontent.com/liquibase/liquibase/$scripts_branch/.github/util/re-version.sh
# Download another script (sign-artifacts.sh) from a URL and save it to the specified directory
curl -o $PWD/.github/util/sign-artifacts.sh https://raw.githubusercontent.com/liquibase/liquibase/$scripts_branch/.github/util/sign-artifacts.sh
curl -o $PWD/.github/util/ManifestReversion.java https://raw.githubusercontent.com/liquibase/liquibase/$scripts_branch/.github/util/ManifestReversion.java
chmod +x $PWD/.github/util/re-version.sh
chmod +x $PWD/.github/util/ManifestReversion.java
chmod +x $PWD/.github/util/sign-artifacts.sh
$PWD/.github/util/re-version.sh download/liquibase-artifacts "${{ needs.setup.outputs.version }}" "${{ needs.setup.outputs.branch }}"
# Execute the sign-artifacts.sh script with specific arguments
$PWD/.github/util/sign-artifacts.sh download/liquibase-artifacts "${{ needs.setup.outputs.version }}" "${{ needs.setup.outputs.branch }}"
## Sign Files
## liquibase-azure-deps and liquibase extensions are already on its correct version. Check reusable workflow: build-azure-uber-jar.yml and build-extension-jars.yml
mv liquibase-pro/liquibase-azure-deps/* re-version/out
# Modify the zip file
unzip re-version/out/liquibase-${{ needs.setup.outputs.version }}.zip -d re-version/out/liquibase-${{ needs.setup.outputs.version }}
mkdir -p re-version/out/liquibase-${{ needs.setup.outputs.version }}/internal/extensions
rm -rf re-version/out/liquibase-${{ needs.setup.outputs.version }}.zip
IFS=',' read -ra EXT <<< "${{ needs.setup.outputs.extensions }}"
for i in "${EXT[@]}"; do
cp ~/.m2/repository/org/liquibase/ext/$i/${{ needs.setup.outputs.version }}/$i-${{ needs.setup.outputs.version }}.jar re-version/out/liquibase-${{ needs.setup.outputs.version }}/internal/extensions/$i.jar || echo "Failed to move $i artifact"
done
(cd re-version/out/liquibase-${{ needs.setup.outputs.version }} && zip -r ../liquibase-${{ needs.setup.outputs.version }}.zip . && cd .. && rm -rf liquibase-${{ needs.setup.outputs.version }})
# Modify the tar.gz file
mkdir -p re-version/out/liquibase-${{ needs.setup.outputs.version }}
tar -xzvf re-version/out/liquibase-${{ needs.setup.outputs.version }}.tar.gz -C re-version/out/liquibase-${{ needs.setup.outputs.version }}
rm -rf re-version/out/liquibase-${{ needs.setup.outputs.version }}.tar.gz
mkdir -p re-version/out/liquibase-${{ needs.setup.outputs.version }}/internal/extensions
for I in "${EXT[@]}"; do
cp ~/.m2/repository/org/liquibase/ext/$I/${{ needs.setup.outputs.version }}/$I-${{ needs.setup.outputs.version }}.jar re-version/out/liquibase-${{ needs.setup.outputs.version }}/internal/extensions/$I.jar || echo "Failed to move $I artifact"
done
(cd re-version/out/liquibase-${{ needs.setup.outputs.version }} && tar -czvf ../liquibase-${{ needs.setup.outputs.version }}.tar.gz * && cd .. && rm -rf liquibase-${{ needs.setup.outputs.version }})
$PWD/.github/util/sign-artifacts.sh re-version/out
# Move files to a specific directory
mkdir re-version/final
mv re-version/out/liquibase-core-${{ needs.setup.outputs.version }}.jar re-version/final
mv re-version/out/liquibase-commercial-${{ needs.setup.outputs.version }}.jar re-version/final
mv re-version/out/liquibase-${{ needs.setup.outputs.version }}.tar.gz re-version/final
mv re-version/out/liquibase-${{ needs.setup.outputs.version }}.zip re-version/final
mv re-version/out/liquibase-azure-deps-${{ needs.setup.outputs.version }}.jar re-version/final/liquibase-azure-deps-${{ needs.setup.outputs.version }}.jar
(cd re-version/out/ && zip liquibase-additional-${{ needs.setup.outputs.version }}.zip *)
mv re-version/out/liquibase-additional-${{ needs.setup.outputs.version }}.zip re-version/final
- name: Cache Completed Artifacts
uses: actions/[email protected]
with:
key: completed-artifacts-${{ github.run_number }}-${{ github.run_attempt }}
path: re-version/final
- name: Set repository tags
if: ${{ inputs.standalone_zip == false && inputs.dry_run == false }}
run: |
git tag -f v${{ needs.setup.outputs.version }}
git push -f origin v${{ needs.setup.outputs.version }}
(cd download/repo/liquibase-pro && git tag -f v${{ needs.setup.outputs.version }})
(cd download/repo/liquibase-pro && git push -f origin v${{ needs.setup.outputs.version }})
build-installers:
permissions:
contents: write # for softprops/action-gh-release to create GitHub release
needs: [ setup, reversion ]
name: Build Installers
runs-on: macos-13 #needs macos for apple notarization
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
outputs:
dry_run_zip_url: ${{ steps.extract-dry-run-url.outputs.dry_run_zip_url }}
dry_run_tar_gz_url: ${{ steps.extract-dry-run-url.outputs.dry_run_tar_gz_url }}
steps:
- uses: actions/checkout@v4
- name: Restore Completed Artifacts
uses: actions/[email protected]
with:
key: completed-artifacts-${{ github.run_number }}-${{ github.run_attempt }}
path: re-version/final
- name: Set up JDK for GPG
uses: actions/setup-java@v4
with:
java-version: '8'
distribution: 'adopt'
gpg-private-key: ${{ secrets.GPG_SECRET }}
gpg-passphrase: GPG_PASSPHRASE
env:
GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }}
- name: Re-version Installers
env:
INSTALL4J_10_LICENSE: ${{ secrets.INSTALL4J_10_LICENSE }}
INSTALL4J_APPLE_KEY: ${{ secrets.INSTALL4J_APPLE_KEY }}
INSTALL4J_APPLE_KEY_PASSWORD: ${{ secrets.INSTALL4J_APPLE_KEY_PASSWORD }}
INSTALL4J_APPLE_ID: ${{ secrets.INSTALL4J_APPLE_ID }}
INSTALL4J_APPLE_ID_PASSWORD: ${{ secrets.INSTALL4J_APPLE_ID_PASSWORD }}
INSTALL4J_WINDOWS_KEY: ${{ secrets.INSTALL4J_WINDOWS_KEY }}
INSTALL4J_WINDOWS_KEY_PASSWORD: ${{ secrets.INSTALL4J_WINDOWS_KEY_PASSWORD }}
GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }}
run: |
mkdir -p liquibase-dist/target/keys
echo "Saving apple key"
echo "$INSTALL4J_APPLE_KEY" | base64 -d > liquibase-dist/target/keys/datical_apple.p12
echo "Saving windows key"
echo "$INSTALL4J_WINDOWS_KEY" | base64 -d > liquibase-dist/target/keys/datical_windows.pfx
version="${{ needs.setup.outputs.version }}"
##### Rebuild installers
tarFile=$(pwd)/re-version/final/liquibase-$version.tar.gz
scriptDir=$(pwd)/.github/util/
mkdir -p liquibase-dist/target/liquibase-$version
(cd liquibase-dist/target/liquibase-$version && tar xfz $tarFile)
(cd liquibase-dist && $scriptDir/package-install4j.sh $version)
mv liquibase-dist/target/liquibase-*-installer-* re-version/final
##Sign Files
$PWD/.github/util/sign-artifacts.sh re-version/final
(cd re-version/final && zip liquibase-additional-$version.zip *.asc *.md5 *.sha1)
rm re-version/final/*.asc
rm re-version/final/*.md5
rm re-version/final/*.sha1
- name: Attach Files to Draft Release
if: ${{ inputs.standalone_zip == false && inputs.dry_run == false }}
uses: softprops/action-gh-release@v2
with:
tag_name: v${{ needs.setup.outputs.version }}
fail_on_unmatched_files: true
body: Liquibase ${{ needs.setup.outputs.version }}
generate_release_notes: true
draft: true
files: re-version/final/*
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Attach Files to Dry-Run Draft Release
id: attach-files-dry-run
if: ${{ inputs.standalone_zip == false && inputs.dry_run == true }}
uses: softprops/action-gh-release@v2
with:
tag_name: v${{ needs.setup.outputs.version }}
fail_on_unmatched_files: true
body: Liquibase ${{ needs.setup.outputs.version }} (Dry-Run)
generate_release_notes: true
draft: true
files: re-version/final/*
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Extract dry-run release URL
if: ${{ inputs.standalone_zip == false && inputs.dry_run == true }}
id: extract-dry-run-url
shell: bash
run: |
assets_json=$(echo '${{ toJson(steps.attach-files-dry-run.outputs) }}' | jq -r '.assets | fromjson')
tar_gz_url=$(echo "$assets_json" | jq -r '.[] | select(.name | test("^liquibase-dry-run-.*\\.tar\\.gz$")) | .url')
zip_url=$(echo "$assets_json" | jq -r '.[] | select(.name | test("^liquibase-dry-run-.*\\.zip$")) | .url')
echo $tar_gz_url
echo $zip_url
echo "dry_run_tar_gz_url=$tar_gz_url" >> $GITHUB_OUTPUT
echo "dry_run_zip_url=$zip_url" >> $GITHUB_OUTPUT
- name: Attach standalone zip to Build
if: ${{ inputs.standalone_zip == true && inputs.dry_run == false }}
uses: actions/upload-artifact@v4
with:
name: liquibase-installers-${{ needs.setup.outputs.version }}
path: re-version/final/*