diff --git a/.github/workflows/release-merge.yml b/.github/workflows/release-merge.yml new file mode 100644 index 00000000..bfa9f708 --- /dev/null +++ b/.github/workflows/release-merge.yml @@ -0,0 +1,34 @@ +name: Release PR auto-merge +on: pull_request + +permissions: + contents: write + pull-requests: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'github-actions[bot]'}} + steps: + - name: Check PR Title + run: | + PR_TITLE="${{ github.event.pull_request.title }}" + REQUIRED_PREFIX="Release: Bump version to" + + if [[ ! "$PR_TITLE" == "$REQUIRED_PREFIX"* ]]; then + echo "::error::PR title does not start with \"$REQUIRED_PREFIX\"" + echo "Current PR title: \"$PR_TITLE\"" + exit 1 + fi + echo "PR title check passed." + - name: Approve a PR + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + # Enable for automerge + - name: Enable auto-merge for Dependabot PRs + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..f67eab5a --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,58 @@ +name: Release Workflow + +on: + workflow_dispatch: + inputs: + new_version: + description: 'New version to set (e.g., 1.0-RC1, 1.0)' + default: 2.11 + required: true + type: string + +permissions: + contents: write + pull-requests: write + +jobs: + release: + runs-on: ubuntu-latest + # Protection rules for this environment are set in the repository settings. + environment: maven + steps: + - uses: actions/checkout@v4 + - name: Set up Java and Maven + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'zulu' + server-id: central + server-username: ${{ secrets.MAVEN_USERNAME }} + server-password: ${{ secrets.MAVEN_PASSWORD }} + # GPG Key setup for signing artifacts + gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} + + - name: Maven cache + uses: actions/cache@v4 + env: + cache-name: maven-cache + with: + path: ~/.m2 + key: build-${{ env.cache-name }} + + - name: Bump version in pom.xml + run: mvn versions:set -DnewVersion=${{ github.event.inputs.new_version }} -DgenerateBackupPoms=false + + - name: Deploy JAR to Maven Central + run: mvn clean deploy -Pcentral + + - name: Create Pull Request for Version Bump + uses: peter-evans/create-pull-request@v6 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: "Version ${{ github.event.inputs.new_version }}" + branch: "release/${{ github.event.inputs.new_version }}" + title: "Release: Version ${{ github.event.inputs.new_version }}" + body: | + Release version `${{ github.event.inputs.new_version }}` to be deployed. + base: main