ci(release): create pre-release and release workflow (#75)

* ci(publish): add maven-publish and signing draft * ci(publish): add conventional commits draft with nyx * ci(reviewdog): only run during PR * ci(signing): local key test * build(signing): use in-memory keys * build(signing): use in-memory keys * build(release): update MavenPom properties * ci(espresso): add fusionauth docker compose for E2E testing * ci(e2e-testing-workflow): moved to a different branch * bumping version * docs: add "Release Process" section in README * docs: add quickstart update to the "Release Process" section * ci(release): add initial workflow * ci(pre-release): add initial workflow * refactor(kickstart): use correct styling * ci(release): add nexusPublishing draft * refactor(docker): remove version tag * feat(release): add nexus-actions to github workflow * nexus-actions/create-nexus-staging-repo * nexus-actions/release-nexus-staging-repo * nexus-actions/drop-nexus-staging-repo * ci(release): update NXRM_PROFILE_ID secret --------- Co-authored-by: Dan Moore <dan@fusionauth.io> Co-authored-by: Colin Frick <colin@frick.io>
FusionAuth · May 31, 2024 · adbc993 · adbc993
1 parent ce87629
commit adbc993
Show file tree

Hide file tree

Showing 11 changed files with 540 additions and 220 deletions.
diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml
@@ -0,0 +1,63 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow performs a Maven Pre-Release
+#
+# Scans are triggered:
+# 1. On every push to default and protected branches
+# 2. On every Pull Request targeting the default branch
+# 3. On a weekly schedule
+# 4. Manually, on demand, via the "workflow_dispatch" event
+#
+
+name: Maven Pre-Release
+
+on:
+ # Triggers the workflow on push or pull request events but only for default and protected branches
+ push:
+ tags:
+ - 'v[0-9]+.[0-9]+.[0-9]+-*'
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+ # This workflow contains a single job called "scan"
+ scan:
+ name: Maven Pre-Release
+
+ permissions:
+ # required for all workflows
+ security-events: write
+ # only required for workflows in private repositories
+ actions: read
+ contents: read
+
+ # The type of runner that the job will run on
+ runs-on: ubuntu-latest
+
+ # Steps represent a sequence of tasks that will be executed as part of the job
+ steps:
+ # Sets up JDK as a prerequisite to run Gradle
+ - name: Setup Java
+ uses: actions/setup-java@v4.2.1
+ with:
+ java-version: '17'
+ distribution: 'zulu'
+
+ # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+ - name: Checkout repository
+ uses: actions/checkout@v4.1.2
+
+ # Sets up Gradle as a prerequisite to run Maven Pre-Release
+ - name: Setup Gradle
+ uses: gradle/actions/setup-gradle@v3.1.0
+ with:
+ gradle-home-cache-cleanup: true
+
+ # Performs a Local Maven Pre-Release
+ - name: Run Maven Local Pre-Release
+ env:
+ ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_SIGNING_KEY }}
+ ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_SIGNING_PASSWORD }}
+ run: ./gradlew publishReleasePublicationToMavenLocal
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,109 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow performs a Maven Release
+#
+# Scans are triggered:
+# 1. On every push to default and protected branches
+# 2. On every Pull Request targeting the default branch
+# 3. On a weekly schedule
+# 4. Manually, on demand, via the "workflow_dispatch" event
+#
+
+name: Maven Release
+
+on:
+ # Triggers the workflow on push or pull request events but only for default and protected branches
+ push:
+ branches: [ main ]
+ tags:
+ - 'v[0-9]+.[0-9]+.[0-9]'
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+ # This workflow contains a single job called "scan"
+ create_staging_repository:
+ runs-on: ubuntu-latest
+ name: Create staging repository
+ outputs:
+ repository_id: ${{ steps.create.outputs.repository_id }}
+ steps:
+ - id: create
+ uses: nexus-actions/create-nexus-staging-repo@main
+ with:
+ username: ${{ secrets.NXRM_TOKEN_USERNAME }}
+ password: ${{ secrets.NXRM_TOKEN_PASSWORD }}
+ staging_profile_id: ${{ secrets.NXRM_PROFILE_ID }}
+ description: ${{ github.repository }}/${{ github.workflow }}#${{ github.run_number }}
+
+ publish:
+ name: Maven Release
+
+ permissions:
+ # required for all workflows
+ security-events: write
+ # only required for workflows in private repositories
+ actions: read
+ contents: read
+
+ # The type of runner that the job will run on
+ runs-on: ubuntu-latest
+
+ # Steps represent a sequence of tasks that will be executed as part of the job
+ steps:
+ # Sets up JDK as a prerequisite to run Gradle
+ - name: Setup Java
+ uses: actions/setup-java@v4.2.1
+ with:
+ java-version: '17'
+ distribution: 'zulu'
+
+ # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+ - name: Checkout repository
+ uses: actions/checkout@v4.1.2
+
+ # Sets up Gradle as a prerequisite to run Maven Release
+ - name: Setup Gradle
+ uses: gradle/actions/setup-gradle@v3.1.0
+ with:
+ gradle-home-cache-cleanup: true
+
+ # Performs a Local Maven Release
+ - name: Run Maven Local Release
+ env:
+ ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_SIGNING_KEY }}
+ ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_SIGNING_PASSWORD }}
+ run: ./gradlew publishReleasePublicationToMavenLocal
+
+ # Performs a Maven Release to oss.sonatype.org
+ - name: Run Maven Release to OSSRH
+ env:
+ ossrhUsername: ${{ secrets.NXRM_TOKEN_USERNAME }}
+ ossrhPassword: ${{ secrets.NXRM_TOKEN_PASSWORD }}
+ ORG_GRADLE_PROJECT_ossrhUsername: ${{ secrets.NXRM_TOKEN_USERNAME }}
+ ORG_GRADLE_PROJECT_ossrhPassword: ${{ secrets.NXRM_TOKEN_PASSWORD }}
+ ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_SIGNING_KEY }}
+ ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_SIGNING_PASSWORD }}
+ run: ./gradlew clean publishReleasePublicationToOSSRHRepository
+
+ finalize:
+ runs-on: ubuntu-latest
+ needs: [create_staging_repository,publish]
+ if: ${{ always() && needs.create_staging_repository.result == 'success' }}
+ steps:
+ - name: Discard
+ if: ${{ needs.publish.result != 'success' }}
+ uses: nexus-actions/drop-nexus-staging-repo@main
+ with:
+ username: ${{ secrets.NXRM_TOKEN_USERNAME }}
+ password: ${{ secrets.NXRM_TOKEN_PASSWORD }}
+ staging_repository_id: ${{ needs.create_staging_repository.outputs.repository_id }}
+ - name: Release
+ if: ${{ needs.publish.result == 'success' }}
+ uses: nexus-actions/release-nexus-staging-repo@main
+ with:
+ username: ${{ secrets.NXRM_TOKEN_USERNAME }}
+ password: ${{ secrets.NXRM_TOKEN_PASSWORD }}
+ staging_repository_id: ${{ needs.create_staging_repository.outputs.repository_id }}
diff --git a/.idea/git_toolbox_prj.xml b/.idea/git_toolbox_prj.xml
diff --git a/.idea/misc.xml b/.idea/misc.xml
diff --git a/README.md b/README.md
@@ -262,3 +262,23 @@ This library may periodically receive updates with bug fixes, security patches,
 These releases may also update dependencies, language engines, and operating systems, as we\'ll follow the deprecation and sunsetting policies of the underlying technologies that the libraries use.
 
 This means that after a dependency (e.g. language, framework, or operating system) is deprecated by its maintainer, this library will also be deprecated by us, and may eventually be updated to use a newer version.
+
+## Release Process
+
+The release process is as follows:
+- Update the version in the `library/build.gradle.kts` file according to the [Semantic Versioning](https://semver.org/) guidelines.
+- Update the documentation with `./gradlew dokkaHtml`.
+- Commit the changes with the commit message `chore(release): <version> 🎉`.
+- Create a new tag `v<version>`.
+- Push the changes and the tag to the repository.
+
+A workflow will automatically create a GitHub release, build the library, and publish it to Maven Central.
+
+After the release is published, update the version in the [FusionAuth Android Quickstart Repository](https://github.com/FusionAuth/fusionauth-quickstart-java-android-fusionauth-sdk/):
+- Check out the https://github.com/FusionAuth/fusionauth-quickstart-java-android-fusionauth-sdk/ repository.
+- Replace the `app/src` directory with the `app/src` of this repository.
+- Update `implementation("io.fusionauth:fusionauth-android-sdk:${version}")` in the `app/build.gradle` file.
+- (Optional) If the `app/build.gradle.kts` file was changed, update the `build.gradle.kts` in the quickstart repository accordingly.
+- Commit the changes with the commit message `chore(release): <version> 🎉`.
+- Create a new tag `v<version>`.
+- Push the changes and the tag to the repository.
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -8,6 +8,7 @@ plugins {
  id("com.android.library") version "8.4.1" apply false
  id("io.gitlab.arturbosch.detekt") version "1.23.6"
  id("org.jetbrains.dokka") version "1.9.20"
+ id("io.github.gradle-nexus.publish-plugin") version "1.3.0"
 
  kotlin("jvm") version "2.0.0"
  kotlin("plugin.serialization") version "2.0.0"
@@ -37,3 +38,14 @@ allprojects {
  input.from(tasks.withType<Detekt>().map { it.sarifReportFile })
  }
 }
+
+nexusPublishing {
+ repositories {
+ sonatype {
+ nexusUrl.set(uri("https://your-server.com/staging"))
+ snapshotRepositoryUrl.set(uri("https://your-server.com/snapshots"))
+ username.set("your-username") // defaults to project.properties["myNexusUsername"]
+ password.set("your-password") // defaults to project.properties["myNexusPassword"]
+ }
+ }
+}