feat!: support semantic release for Gradle libraries

BREAKING CHANGE: Configuration of Gradle tasks to run now split into two different inputs.
wetransform · Apr 12, 2024 · a30e8de · a30e8de
1 parent 8359b28
commit a30e8de
Show file tree

Hide file tree

Showing 3 changed files with 124 additions and 9 deletions.
diff --git a/.github/workflows/gradle-library-check.yml b/.github/workflows/gradle-library-check.yml
@@ -22,7 +22,7 @@ jobs:
   check:
     uses: ./.github/workflows/gradle-library.yml
     with:
-      gradle-tasks: ${{ inputs.gradle-tasks != '' && inputs.gradle-tasks || 'clean check' }}
+      build-tasks: ${{ inputs.gradle-tasks != '' && inputs.gradle-tasks || 'clean check' }}
       java-version: ${{ inputs.java-version }}
       multi-module: ${{ inputs.multi-module }}
       notify-failure: false

diff --git a/.github/workflows/gradle-library-publish.yml b/.github/workflows/gradle-library-publish.yml
@@ -9,21 +9,38 @@ on:
         description: If this is a multi-module project
         type: boolean
         default: false
-      gradle-tasks:
-        description: Custom Gradle tasks to run
+      build-tasks:
+        description: Custom Gradle tasks to run for building and verification
         required: false
         type: string
         default: ''
+      publish-tasks:
+        description: Custom Gradle tasks to run for publishing
+        required: false
+        type: string
+        default: ''
+      semantic-release:
+        description: State if a release should be created using semantic-release if applicable
+        default: false
+        type: boolean
+      semantic-release-dryrun:
+        description: If semantic release should do a dryrun
+        default: false
+        type: boolean
     secrets:
       WETF_ARTIFACTORY_USER:
       WETF_ARTIFACTORY_PASSWORD:
       SLACK_NOTIFICATIONS_BOT_TOKEN:
+      SEMANTIC_RELEASE_GITHUB_TOKEN:
 
 jobs:
   publish:
     uses: ./.github/workflows/gradle-library.yml
     with:
-      gradle-tasks: ${{ inputs.gradle-tasks != '' && inputs.gradle-tasks || 'clean check publishAllPublicationsToMavenRepository' }}
+      build-tasks: ${{ inputs.build-tasks != '' && inputs.build-tasks || 'clean check' }}
+      publish-tasks: ${{ inputs.publish-tasks != '' && inputs.publish-tasks || 'publishAllPublicationsToMavenRepository' }}
       java-version: ${{ inputs.java-version }}
       multi-module: ${{ inputs.multi-module }}
+      semantic-release: ${{ inputs.semantic-release }}
+      semantic-release-dryrun: ${{ inputs.semantic-release-dryrun }}
     secrets: inherit
diff --git a/.github/workflows/gradle-library.yml b/.github/workflows/gradle-library.yml
@@ -1,10 +1,23 @@
 on:
   workflow_call:
     inputs:
-      gradle-tasks:
-        description: Tasks to run
+      build-tasks:
+        description: Gradle tasks to run for building and verifying the project
         required: true
         type: string
+      publish-tasks:
+        description: Gradle tasks to run for publishing the project
+        required: false
+        default: ''
+        type: string
+      semantic-release:
+        description: State if a release should be created using semantic-release if applicable
+        default: false
+        type: boolean
+      semantic-release-dryrun:
+        description: If semantic release should do a dryrun
+        default: false
+        type: boolean
       java-version:
         description: Java version to use for build
         required: true
@@ -14,7 +27,7 @@ on:
         default: true
         type: boolean
       skip-build:
-        description: Skip build and only scan vulnerabilities
+        description: Skip build/publishing and only scan vulnerabilities
         default: false
         type: boolean
       expect-tests:
@@ -58,13 +71,15 @@ on:
       DOCKER_HUB_PASSWORD:
       DOCKER_HUB_EMAIL:
       SLACK_NOTIFICATIONS_BOT_TOKEN:
+      SEMANTIC_RELEASE_GITHUB_TOKEN:
 
 jobs:
   run:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           submodules: ${{ inputs.submodules }}
 
@@ -121,7 +136,7 @@ jobs:
           ORG_GRADLE_PROJECT_dockerHubPassword: ${{ secrets.DOCKER_HUB_PASSWORD }}
           ORG_GRADLE_PROJECT_dockerHubEmail: ${{ secrets.DOCKER_HUB_EMAIL }}
           ORG_GRADLE_PROJECT_dockerHost: "unix:///var/run/docker.sock"
-        run: ./gradlew ${{ inputs.gradle-tasks }}
+        run: ./gradlew ${{ inputs.build-tasks }}
 
       - name: Upload Gradle test reports
         uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
@@ -144,6 +159,89 @@ jobs:
           junit-test-output: "${{ inputs.multi-module && 'trivy-gha-scan/build/test-results/trivy.xml' || 'build/test-results/trivy.xml' }}" # added to unit test report
           report-retention-days: 30
 
+      #
+      # Publish or release
+      #
+      # This is done before the test report because currently we allow publishing
+      # even if there are open issues from the scan.
+      #
+
+      - name: Install NodeJs
+        if: ${{ !inputs.skip-build && inputs.publish-tasks != '' && inputs.semantic-release }}
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        with:
+          node-version: 20
+
+      - name: Release with semantic-release
+        id: release
+        if: ${{ !inputs.skip-build && inputs.publish-tasks != '' && inputs.semantic-release }}
+        uses: cycjimmy/semantic-release-action@61680d0e9b02ff86f5648ade99e01be17f0260a4 # v4.0.0
+        env:
+          # Permissions needed
+          #   contents: write
+          #   issues: write
+          #   pull-requests: write
+          GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_GITHUB_TOKEN }}
+          GIT_AUTHOR_NAME: wetransform Bot
+          GIT_AUTHOR_EMAIL: 113353961+wetransformer@users.noreply.github.com
+          GIT_COMMITTER_NAME: wetransform Bot
+          GIT_COMMITTER_EMAIL: 113353961+wetransformer@users.noreply.github.com
+          RUNNER_DEBUG: 1
+
+          # Plugin versions
+
+          # renovate: datasource=npm depName=@semantic-release/changelog
+          SEMANTIC_RELEASE_CHANGELOG_VERSION: 6.0.3
+
+          # renovate: datasource=npm depName=@semantic-release/exec
+          SEMANTIC_RELEASE_EXEC_VERSION: 6.0.3
+
+          # renovate: datasource=npm depName=@semantic-release/git
+          SEMANTIC_RELEASE_GIT_VERSION: 10.0.1
+
+          # renovate: datasource=npm depName=conventional-changelog-conventionalcommits
+          CONVENTIONAL_CHANGELOG_CONVENTIONALCOMMITS_VERSION: 7.0.2
+
+          # Tasks as environment variable
+          PUBLISH_TASKS: ${{ inputs.publish-tasks }}
+          # Mark as release despite repo being dirty during build
+          RELEASE: 'true'
+
+          # For Gradle execution
+          ORG_GRADLE_PROJECT_wetfArtifactoryUser: ${{ secrets.WETF_ARTIFACTORY_USER }}
+          ORG_GRADLE_PROJECT_wetfArtifactoryPassword: ${{ secrets.WETF_ARTIFACTORY_PASSWORD }}
+          JAVA_TOOL_OPTIONS: ${{ inputs.java-options }}
+        with:
+          dry_run: ${{ inputs.semantic-release-dryrun }}
+          semantic_version: 23.0.5
+
+          extra_plugins:
+            "@semantic-release/changelog@\
+            ${{ env.SEMANTIC_RELEASE_CHANGELOG_VERSION }} \
+            @semantic-release/exec@\
+            ${{ env.SEMANTIC_RELEASE_EXEC_VERSION }} \
+            @semantic-release/git@\
+            ${{ env.SEMANTIC_RELEASE_GIT_VERSION }} \
+            conventional-changelog-conventionalcommits@\
+            ${{ env.CONVENTIONAL_CHANGELOG_CONVENTIONALCOMMITS_VERSION }} \
+            "
+
+        # Run normal publishing if releasing is not enabled or if no release was created
+      - name: Publish with Gradle
+        if: ${{ !inputs.skip-build && inputs.publish-tasks != '' && (!inputs.semantic-release || steps.release.outputs.new_release_published == 'false' ) }}
+        env:
+          # For Gradle execution
+          ORG_GRADLE_PROJECT_wetfArtifactoryUser: ${{ secrets.WETF_ARTIFACTORY_USER }}
+          ORG_GRADLE_PROJECT_wetfArtifactoryPassword: ${{ secrets.WETF_ARTIFACTORY_PASSWORD }}
+          JAVA_TOOL_OPTIONS: ${{ inputs.java-options }}
+
+          # e.g. for pulling images for testcontainers
+          # ORG_GRADLE_PROJECT_dockerHubUsername: ${{ secrets.DOCKER_HUB_USERNAME }}
+          # ORG_GRADLE_PROJECT_dockerHubPassword: ${{ secrets.DOCKER_HUB_PASSWORD }}
+          # ORG_GRADLE_PROJECT_dockerHubEmail: ${{ secrets.DOCKER_HUB_EMAIL }}
+          # ORG_GRADLE_PROJECT_dockerHost: "unix:///var/run/docker.sock"
+        run: ./gradlew ${{ inputs.publish-tasks }}
+
       #
       # Report on unit tests and critical vulnerabilities
       #