Add 2PR approval to release workflow (#383) (#394)

Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>
Signed-off-by: Vacha Shah <vachshah@amazon.com>
Co-authored-by: Sayali Gaikawad <61760125+gaiksaya@users.noreply.github.com>

.github/workflows/release-drafter.yml

@@ -12,6 +12,18 @@ jobs:
  steps:
  - name: Checkout code
  uses: actions/checkout@v3
+ - id: get_data
+ run: |
+ echo "approvers=$(cat .github/CODEOWNERS | grep @ | tr -d '* ' | sed 's/@/,/g' | sed 's/,//1')" >> $GITHUB_OUTPUT
+ echo "version=$(cat gradle.properties | grep "systemProp.version" | cut -d'=' -f2)" >> $GITHUB_OUTPUT
+ - uses: trstringer/manual-approval@v1
+ with:
+ secret: ${{ github.TOKEN }}
+ approvers: ${{ steps.get_data.outputs.approvers }}
+ minimum-approvals: 2
+ issue-title: 'Release opensearch-java : ${{ steps.get_data.outputs.version }}'
+ issue-body: "Please approve or deny the release of opensearch-java. **VERSION**: ${{ steps.get_data.outputs.version }} **TAG**: ${{ github.ref_name }} **COMMIT**: ${{ github.sha }}"
+ exclude-workflow-initiator-as-approver: true
  - name: Set up JDK 11
  uses: actions/setup-java@v1
  with:

CHANGELOG.md

@@ -9,6 +9,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Add support for signing service name in AwsSdk2Transport ([#324](https://github.com/opensearch-project/opensearch-java/pull/324))
 - Add new OpenSearchTransport based on Apache HttpClient 5 ([#328](https://github.com/opensearch-project/opensearch-java/pull/328))
 - Add 1-click release workflows ([#321](https://github.com/opensearch-project/opensearch-java/pull/321))
+- Require two maintainers to approve release ([#383](https://github.com/opensearch-project/opensearch-java/pull/383))
 
 ### Dependencies
 - Bumps `grgit-gradle` from 4.0.1 to 5.0.0

RELEASING.md

@@ -34,5 +34,7 @@ Repositories create consistent release labels, such as `v1.0.0`, `v1.1.0` and `v
 The release process is standard across repositories in this org and is run by a release manager volunteering from amongst [MAINTAINERS](MAINTAINERS.md).
 
 1. Create a tag, e.g. `v2.1.0`, and push it to the GitHub repo.
-2. This creates a draft release which triggers the [opensearch-java-maven-sign-and-release/](https://build.ci.opensearch.org/job/opensearch-java-maven-sign-and-release/) jenkins workflow. The artifacts will be automcatically signed and published to maven.
-3. Increment `systemProp.version` in [gradle.properties](gradle.properties) to the next patch release, e.g. `v2.1.1`, commit and push. 
+1. The [release-drafter.yml](.github/workflows/release-drafter.yml) will be automatically kicked off and is responsible for drafting a new release on GitHub containing release artifacts.
+1. Before creating a draft release, this workflow creates a GitHub issue asking for approval from the [maintainers](MAINTAINERS.md). See sample [issue](https://github.com/gaiksaya/opensearch-java/issues/1). The maintainers need to approve in order to continue the workflow run.
+1. Once a release is drafted [opensearch-java-maven-sign-and-release/](https://build.ci.opensearch.org/job/opensearch-java-maven-sign-and-release/) jenkins workflow is triggered. The artifacts will be automcatically signed and published to maven.
+1. Increment `systemProp.version` in [gradle.properties](gradle.properties) to the next patch release, e.g. `v2.1.1`, commit and push.