Attach Artifacts To Draft Release #513

Workflow file for this run

.github/workflows/create-release.yml at 789c5e6

	name: Attach Artifacts To Draft Release
	on:
	workflow_dispatch:
	inputs:
	version:
	description: 'Version (example: 4.8.2)'
	required: true
	branch:
	description: 'Branch to release (Defaults to master)'
	required: false
	default: 'master'
	runId:
	description: 'RunId of liquibase/liquibase artifacts to attach'
	required: true
	standalone_zip:
	description: 'Flag to indicate if the workflow is triggered to create a standalone zip'
	required: false
	type: boolean
	default: false
	dry_run:
	description: 'Flag to indicate if the workflow is triggered to create a dry-run release'
	required: false
	type: boolean
	default: false
	workflow_call:
	inputs:
	version:
	description: 'Version (example: 4.8.2)'
	required: true
	type: string
	branch:
	description: 'Branch to release (Defaults to master)'
	required: false
	default: 'master'
	type: string
	runId:
	description: 'RunId of liquibase/liquibase artifacts to attach'
	required: true
	type: string
	standalone_zip:
	description: 'Flag to indicate if the workflow is triggered to create a standalone zip'
	required: true
	type: boolean
	default: false
	dry_run:
	description: 'Flag to indicate if the workflow is triggered to create a dry-run release'
	required: true
	type: boolean
	default: false
	outputs:
	dry_run_zip_url:
	description: 'The URL of the created zip file'
	value: ${{ jobs.build-installers.outputs.dry_run_zip_url }}
	dry_run_tar_gz_url:
	description: 'The URL of the created tar.gz file'
	value: ${{ jobs.build-installers.outputs.dry_run_tar_gz_url }}

	env:
	DEPENDENCIES: "liquibase-bigquery" # Comma separated list of dependencies to release the extensions list
	EXTENSIONS: "liquibase-commercial-bigquery" # Comma separated list of extensions to release to GPM

	jobs:
	setup:
	name: Setup
	runs-on: ubuntu-22.04
	outputs:
	version: ${{ inputs.version }}
	branch: ${{ inputs.branch }}
	runId: ${{ inputs.runId }}
	uber_jar_runId: ${{ steps.get_run_id.outputs.run_id }}
	dependencies: ${{ env.DEPENDENCIES }}
	extensions: ${{ env.EXTENSIONS }}
	steps:
	- run: \|
	echo "Creating version ${{ inputs.version }} from ${{ inputs.branch }} with artifacts from build ${{ inputs.runId }} "

	owasp-scanner:
	needs: [ setup ]
	uses: liquibase/build-logic/.github/workflows/owasp-scanner.yml@main
	with:
	branch: ${{ needs.setup.outputs.branch }}
	secrets: inherit

	build-azure-uber-jar:
	needs: [ setup, owasp-scanner ]
	uses: liquibase/liquibase/.github/workflows/build-azure-uber-jar.yml@master
	with:
	branch: ${{ needs.setup.outputs.branch }}
	liquibase-version: ${{ needs.setup.outputs.version }}
	secrets: inherit

	build-extension-jars:
	needs: [ setup, owasp-scanner ]
	uses: liquibase/liquibase/.github/workflows/build-extension-jars.yml@master
	with:
	liquibase-version: ${{ needs.setup.outputs.version }}
	dependencies: ${{ needs.setup.outputs.dependencies }}
	extensions: ${{ needs.setup.outputs.extensions }}
	branch: ${{ needs.setup.outputs.branch }}
	secrets: inherit

	reversion:
	needs: [ setup, build-azure-uber-jar, build-extension-jars ]
	name: Re-version artifacts ${{ needs.setup.outputs.version }}
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/checkout@v4

	- uses: actions/checkout@v4
	name: Checkout liquibase-pro
	with:
	repository: liquibase/liquibase-pro
	ref: "${{ needs.setup.outputs.branch }}"
	path: download/repo/liquibase-pro
	token: ${{ secrets.BOT_TOKEN }}

	- name: Download liquibase-artifacts
	uses: liquibase/action-download-artifact@v2-liquibase
	with:
	workflow: run-tests.yml
	run_id: ${{ needs.setup.outputs.runId }}
	name: liquibase-artifacts
	path: download/liquibase-artifacts

	- name: Get Current Run ID
	id: get_run_id
	run: \|
	run_id=${{ github.run_id }}
	echo "uber_jar_runId=${run_id}" >> $GITHUB_OUTPUT

	- name: Download liquibase-pro-azure-artifacts
	uses: actions/download-artifact@v4
	with:
	name: liquibase-pro-azure-artifacts
	path: liquibase-pro/liquibase-azure-deps

	- name: Generate repositories and servers JSON
	id: generate-json
	run: \|
	IFS=',' read -ra EXT <<< "${{ needs.setup.outputs.extensions }}"
	repositories=""
	servers=""
	for i in "${EXT[@]}"; do
	repositories+="{\"id\": \"$i\",\"url\": \"https://maven.pkg.github.com/liquibase/$i\",\"releases\": {\"enabled\": \"true\"},\"snapshots\": {\"enabled\": \"true\",\"updatePolicy\": \"always\"}},"
	servers+="{\"id\": \"$i\",\"username\": \"liquibot\",\"password\": \"${{ secrets.LIQUIBOT_PAT_GPM_ACCESS }}\"},"
	done
	# Remove trailing comma and wrap with brackets
	repositories="["${repositories::-1}"]"
	servers="["${servers::-1}"]"
	echo "REPOSITORIES_JSON=$repositories" >> $GITHUB_ENV
	echo "SERVERS_JSON=$servers" >> $GITHUB_ENV

	- name: maven-settings-xml-action
	uses: whelk-io/maven-settings-xml-action@v22
	with:
	repositories: ${{ env.REPOSITORIES_JSON }}
	servers: ${{ env.SERVERS_JSON }}

	- name: Get extensions artifacts
	run: \|
	IFS=',' read -ra ADDR <<< "${{ needs.setup.outputs.extensions }}"
	for extension in "${ADDR[@]}"; do
	mvn dependency:get -DgroupId=org.liquibase.ext -DartifactId=$extension -Dversion=${{ needs.setup.outputs.version }} -Dtransitive=false \|\| echo "Failed to download $extension artifact"
	done

	- name: Set up JDK
	uses: actions/setup-java@v4
	with:
	java-version: '8'
	distribution: 'adopt'
	gpg-private-key: ${{ secrets.GPG_SECRET }}
	gpg-passphrase: GPG_PASSPHRASE
	env:
	GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }}

	- name: Re-version Artifacts
	env:
	GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }}
	run: \|
	scripts_branch=${{ github.ref }}
	mkdir -p $PWD/.github/util/
	# Download a script (re-version.sh) from a URL and save it to the specified directory
	curl -o $PWD/.github/util/re-version.sh https://raw.githubusercontent.com/liquibase/liquibase/$scripts_branch/.github/util/re-version.sh

	# Download another script (sign-artifacts.sh) from a URL and save it to the specified directory
	curl -o $PWD/.github/util/sign-artifacts.sh https://raw.githubusercontent.com/liquibase/liquibase/$scripts_branch/.github/util/sign-artifacts.sh
	curl -o $PWD/.github/util/ManifestReversion.java https://raw.githubusercontent.com/liquibase/liquibase/$scripts_branch/.github/util/ManifestReversion.java
	chmod +x $PWD/.github/util/re-version.sh
	chmod +x $PWD/.github/util/ManifestReversion.java
	chmod +x $PWD/.github/util/sign-artifacts.sh
	$PWD/.github/util/re-version.sh download/liquibase-artifacts "${{ needs.setup.outputs.version }}" "${{ needs.setup.outputs.branch }}"

	# Execute the sign-artifacts.sh script with specific arguments
	$PWD/.github/util/sign-artifacts.sh download/liquibase-artifacts "${{ needs.setup.outputs.version }}" "${{ needs.setup.outputs.branch }}"

	## Sign Files
	## liquibase-azure-deps and liquibase extensions are already on its correct version. Check reusable workflow: build-azure-uber-jar.yml and build-extension-jars.yml
	mv liquibase-pro/liquibase-azure-deps/* re-version/out

	# Modify the zip file
	unzip re-version/out/liquibase-${{ needs.setup.outputs.version }}.zip -d re-version/out/liquibase-${{ needs.setup.outputs.version }}
	mkdir -p re-version/out/liquibase-${{ needs.setup.outputs.version }}/internal/extensions
	rm -rf re-version/out/liquibase-${{ needs.setup.outputs.version }}.zip
	IFS=',' read -ra EXT <<< "${{ needs.setup.outputs.extensions }}"
	for i in "${EXT[@]}"; do
	cp ~/.m2/repository/org/liquibase/ext/$i/${{ needs.setup.outputs.version }}/$i-${{ needs.setup.outputs.version }}.jar re-version/out/liquibase-${{ needs.setup.outputs.version }}/internal/extensions/$i.jar \|\| echo "Failed to move $i artifact"
	done
	(cd re-version/out/liquibase-${{ needs.setup.outputs.version }} && zip -r ../liquibase-${{ needs.setup.outputs.version }}.zip . && cd .. && rm -rf liquibase-${{ needs.setup.outputs.version }})

	# Modify the tar.gz file
	mkdir -p re-version/out/liquibase-${{ needs.setup.outputs.version }}
	tar -xzvf re-version/out/liquibase-${{ needs.setup.outputs.version }}.tar.gz -C re-version/out/liquibase-${{ needs.setup.outputs.version }}
	rm -rf re-version/out/liquibase-${{ needs.setup.outputs.version }}.tar.gz
	mkdir -p re-version/out/liquibase-${{ needs.setup.outputs.version }}/internal/extensions
	for I in "${EXT[@]}"; do
	cp ~/.m2/repository/org/liquibase/ext/$I/${{ needs.setup.outputs.version }}/$I-${{ needs.setup.outputs.version }}.jar re-version/out/liquibase-${{ needs.setup.outputs.version }}/internal/extensions/$I.jar \|\| echo "Failed to move $I artifact"
	done
	(cd re-version/out/liquibase-${{ needs.setup.outputs.version }} && tar -czvf ../liquibase-${{ needs.setup.outputs.version }}.tar.gz * && cd .. && rm -rf liquibase-${{ needs.setup.outputs.version }})

	$PWD/.github/util/sign-artifacts.sh re-version/out

	# Move files to a specific directory
	mkdir re-version/final
	mv re-version/out/liquibase-core-${{ needs.setup.outputs.version }}.jar re-version/final
	mv re-version/out/liquibase-commercial-${{ needs.setup.outputs.version }}.jar re-version/final
	mv re-version/out/liquibase-${{ needs.setup.outputs.version }}.tar.gz re-version/final
	mv re-version/out/liquibase-${{ needs.setup.outputs.version }}.zip re-version/final
	mv re-version/out/liquibase-azure-deps-${{ needs.setup.outputs.version }}.jar re-version/final/liquibase-azure-deps-${{ needs.setup.outputs.version }}.jar
	(cd re-version/out/ && zip liquibase-additional-${{ needs.setup.outputs.version }}.zip *)
	mv re-version/out/liquibase-additional-${{ needs.setup.outputs.version }}.zip re-version/final

	- name: Cache Completed Artifacts
	uses: actions/[email protected]
	with:
	key: completed-artifacts-${{ github.run_number }}-${{ github.run_attempt }}
	path: re-version/final

	- name: Set repository tags
	if: ${{ inputs.standalone_zip == false && inputs.dry_run == false }}
	run: \|
	git tag -f v${{ needs.setup.outputs.version }}
	git push -f origin v${{ needs.setup.outputs.version }}
	(cd download/repo/liquibase-pro && git tag -f v${{ needs.setup.outputs.version }})
	(cd download/repo/liquibase-pro && git push -f origin v${{ needs.setup.outputs.version }})

	build-installers:
	permissions:
	contents: write # for softprops/action-gh-release to create GitHub release
	needs: [ setup, reversion ]
	name: Build Installers
	runs-on: macos-13 #needs macos for apple notarization
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	outputs:
	dry_run_zip_url: ${{ steps.extract-dry-run-url.outputs.dry_run_zip_url }}
	dry_run_tar_gz_url: ${{ steps.extract-dry-run-url.outputs.dry_run_tar_gz_url }}
	steps:
	- uses: actions/checkout@v4

	- name: Restore Completed Artifacts
	uses: actions/[email protected]
	with:
	key: completed-artifacts-${{ github.run_number }}-${{ github.run_attempt }}
	path: re-version/final

	- name: Set up JDK for GPG
	uses: actions/setup-java@v4
	with:
	java-version: '8'
	distribution: 'adopt'
	gpg-private-key: ${{ secrets.GPG_SECRET }}
	gpg-passphrase: GPG_PASSPHRASE
	env:
	GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }}


	- name: Re-version Installers
	env:
	INSTALL4J_10_LICENSE: ${{ secrets.INSTALL4J_10_LICENSE }}
	INSTALL4J_APPLE_KEY: ${{ secrets.INSTALL4J_APPLE_KEY }}
	INSTALL4J_APPLE_KEY_PASSWORD: ${{ secrets.INSTALL4J_APPLE_KEY_PASSWORD }}
	INSTALL4J_APPLE_ID: ${{ secrets.INSTALL4J_APPLE_ID }}
	INSTALL4J_APPLE_ID_PASSWORD: ${{ secrets.INSTALL4J_APPLE_ID_PASSWORD }}
	INSTALL4J_WINDOWS_KEY: ${{ secrets.INSTALL4J_WINDOWS_KEY }}
	INSTALL4J_WINDOWS_KEY_PASSWORD: ${{ secrets.INSTALL4J_WINDOWS_KEY_PASSWORD }}
	GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }}
	run: \|
	mkdir -p liquibase-dist/target/keys
	echo "Saving apple key"
	echo "$INSTALL4J_APPLE_KEY" \| base64 -d > liquibase-dist/target/keys/datical_apple.p12
	echo "Saving windows key"
	echo "$INSTALL4J_WINDOWS_KEY" \| base64 -d > liquibase-dist/target/keys/datical_windows.pfx
	version="${{ needs.setup.outputs.version }}"

	##### Rebuild installers
	tarFile=$(pwd)/re-version/final/liquibase-$version.tar.gz
	scriptDir=$(pwd)/.github/util/

	mkdir -p liquibase-dist/target/liquibase-$version
	(cd liquibase-dist/target/liquibase-$version && tar xfz $tarFile)
	(cd liquibase-dist && $scriptDir/package-install4j.sh $version)
	mv liquibase-dist/target/liquibase--installer- re-version/final

	##Sign Files
	$PWD/.github/util/sign-artifacts.sh re-version/final

	(cd re-version/final && zip liquibase-additional-$version.zip .asc .md5 *.sha1)
	rm re-version/final/*.asc
	rm re-version/final/*.md5
	rm re-version/final/*.sha1

	- name: Attach Files to Draft Release
	if: ${{ inputs.standalone_zip == false && inputs.dry_run == false }}
	uses: softprops/action-gh-release@v2
	with:
	tag_name: v${{ needs.setup.outputs.version }}
	fail_on_unmatched_files: true
	body: Liquibase ${{ needs.setup.outputs.version }}
	generate_release_notes: true
	draft: true
	files: re-version/final/*
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Attach Files to Dry-Run Draft Release
	id: attach-files-dry-run
	if: ${{ inputs.standalone_zip == false && inputs.dry_run == true }}
	uses: softprops/action-gh-release@v2
	with:
	tag_name: v${{ needs.setup.outputs.version }}
	fail_on_unmatched_files: true
	body: Liquibase ${{ needs.setup.outputs.version }} (Dry-Run)
	generate_release_notes: true
	draft: true
	files: re-version/final/*
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Extract dry-run release URL
	if: ${{ inputs.standalone_zip == false && inputs.dry_run == true }}
	id: extract-dry-run-url
	shell: bash
	run: \|
	assets_json=$(echo '${{ toJson(steps.attach-files-dry-run.outputs) }}' \| jq -r '.assets \| fromjson')
	tar_gz_url=$(echo "$assets_json" \| jq -r '.[] \| select(.name \| test("^liquibase-dry-run-.*\\.tar\\.gz$")) \| .url')
	zip_url=$(echo "$assets_json" \| jq -r '.[] \| select(.name \| test("^liquibase-dry-run-.*\\.zip$")) \| .url')
	echo $tar_gz_url
	echo $zip_url
	echo "dry_run_tar_gz_url=$tar_gz_url" >> $GITHUB_OUTPUT
	echo "dry_run_zip_url=$zip_url" >> $GITHUB_OUTPUT

	- name: Attach standalone zip to Build
	if: ${{ inputs.standalone_zip == true && inputs.dry_run == false }}
	uses: actions/upload-artifact@v4
	with:
	name: liquibase-installers-${{ needs.setup.outputs.version }}
	path: re-version/final/*

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Attach Artifacts To Draft Release #513

Workflow file

Attach Artifacts To Draft Release #513

Jobs

Run details

Workflow file for this run