Merge pull request #1247 from godaddy/release-workflows

[cicd] updated release workflows
godaddy · Mar 4, 2025 · d2b5c19 · d2b5c19
2 parents 6e5e80d + 0020d66
commit d2b5c19
Show file tree

Hide file tree

Showing 18 changed files with 399 additions and 20 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,10 +1,7 @@
 name: Continuous Integration
 
 on:
-  push:
-    branches:
-      # Push events to branches matching refs/heads/release-
-      - 'release-*'
+  workflow_dispatch:
 
 #### Global environment variables
 env:

diff --git a/.github/workflows/csharp-appencryption-ci.yml b/.github/workflows/csharp-appencryption-ci.yml
@@ -7,8 +7,6 @@ on:
     paths:
       - 'csharp/AppEncryption/**'
       - '.github/workflows/csharp-appencryption-*'
-    branches-ignore:
-      - 'release-*'
 
 permissions:
   contents: read

diff --git a/.github/workflows/csharp-appencryption-release.yml b/.github/workflows/csharp-appencryption-release.yml
@@ -0,0 +1,59 @@
+name: '[C#] AppEncryption Release'
+
+on:
+  workflow_run:
+    workflows:
+      - '[C#] AppEncryption CI'
+    types:
+      - completed
+    branches:
+      - 'release-*'
+
+permissions:
+  contents: write
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  release:
+    if: github.repository == 'godaddy/asherah' && github.event.workflow_run.conclusion == 'success'
+    name: Release C# AppEncryption
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Fetch all tags
+        run: git fetch --prune --unshallow --tags
+
+      - name: Cache dotnet packages
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        with:
+          path: ~/.nuget/packages
+          key: ${{ runner.os }}-nuget-${{ hashFiles('csharp/**/*.csproj') }}-v2
+
+      - name: Download artifact
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: csharp-app-encryption
+          path: |
+            ${{ github.workspace }}/csharp/AppEncryption/AppEncryption
+            ${{ github.workspace }}/csharp/AppEncryption/Crypto
+          run-id: ${{ github.event.workflow_run.id }}
+
+      - name: Initialize Envionment Variables
+        run: |
+          echo "BASE_VERSION=$(grep -o '<Version>.*<.*>' Directory.Build.props | sed 's/<Version>\(.*\)<.*>/\1/')" >> $GITHUB_ENV
+          echo "VERSION_SUFFIX=$(echo ${BASE_VERSION} | cut -f2 -d'-')" >> $GITHUB_ENV
+          echo "BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+
+      - name: Publish C# AppEncryption
+        if: startsWith('release-', github.env.BRANCH) && github.env.VERSION_SUFFIX != 'alpha'
+        run: |
+          ./scripts/release_prod.sh
+        env:
+          NUGET_KEY: ${{ secrets.NUGET_KEY }}
+          NUGET_SOURCE: ${{ secrets.NUGET_SOURCE }}
+        working-directory: csharp/AppEncryption
diff --git a/.github/workflows/csharp-logging-ci.yml b/.github/workflows/csharp-logging-ci.yml
@@ -7,8 +7,6 @@ on:
     paths:
       - 'csharp/Logging/**'
       - '.github/workflows/csharp-logging-*'
-    branches-ignore:
-      - 'release-*'
 
 permissions:
   contents: read

diff --git a/.github/workflows/csharp-logging-release.yml b/.github/workflows/csharp-logging-release.yml
@@ -0,0 +1,57 @@
+name: '[C#] Logging Release'
+
+on:
+  workflow_run:
+    workflows:
+      - '[C#] Logging CI'
+    types:
+      - completed
+    branches:
+      - 'release-*'
+
+permissions:
+  contents: write
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  release:
+    if: github.repository == 'godaddy/asherah' && github.event.workflow_run.conclusion == 'success'
+    name: Release C# Logging
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Fetch all tags
+        run: git fetch --prune --unshallow --tags
+
+      - name: Cache dotnet packages
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        with:
+          path: ~/.nuget/packages
+          key: ${{ runner.os }}-nuget-${{ hashFiles('csharp/**/*.csproj') }}-v2
+
+      - name: Download artifact
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: csharp-logging
+          path: ${{ github.workspace }}/csharp/Logging/Logging
+          run-id: ${{ github.event.workflow_run.id }}
+
+      - name: Initialize Envionment Variables
+        run: |
+          echo "BASE_VERSION=$(grep -o '<Version>.*<.*>' Directory.Build.props | sed 's/<Version>\(.*\)<.*>/\1/')" >> $GITHUB_ENV
+          echo "VERSION_SUFFIX=$(echo ${BASE_VERSION} | cut -f2 -d'-')" >> $GITHUB_ENV
+          echo "BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+
+      - name: Publish C# Logging
+        if: startsWith('release-', github.env.BRANCH) && github.env.VERSION_SUFFIX != 'alpha'
+        run: |
+          ./scripts/release_prod.sh
+        env:
+          NUGET_KEY: ${{ secrets.NUGET_KEY }}
+          NUGET_SOURCE: ${{ secrets.NUGET_SOURCE }}
+        working-directory: csharp/Logging
diff --git a/.github/workflows/csharp-securememory-ci.yml b/.github/workflows/csharp-securememory-ci.yml
@@ -7,8 +7,6 @@ on:
     paths:
       - 'csharp/SecureMemory/**'
       - '.github/workflows/csharp-securememory-*'
-    branches-ignore:
-      - 'release-*'
 
 permissions:
   contents: read

diff --git a/.github/workflows/csharp-securememory-release.yml b/.github/workflows/csharp-securememory-release.yml
@@ -0,0 +1,59 @@
+name: '[C#] SecureMemory Release'
+
+on:
+  workflow_run:
+    workflows:
+      - '[C#] SecureMemory CI'
+    types:
+      - completed
+    branches:
+      - 'release-*'
+
+permissions:
+  contents: write
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  release:
+    if: github.repository == 'godaddy/asherah' && github.event.workflow_run.conclusion == 'success'
+    name: Release C# SecureMemory
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Fetch all tags
+        run: git fetch --prune --unshallow --tags
+
+      - name: Cache dotnet packages
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        with:
+          path: ~/.nuget/packages
+          key: ${{ runner.os }}-nuget-${{ hashFiles('csharp/**/*.csproj') }}-v2
+
+      - name: Download artifact
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: csharp-secure-memory
+          path: |
+            ${{ github.workspace }}/csharp/SecureMemory/SecureMemory
+            ${{ github.workspace }}/csharp/SecureMemory/PlatformNative
+          run-id: ${{ github.event.workflow_run.id }}
+
+      - name: Initialize Envionment Variables
+        run: |
+          echo "BASE_VERSION=$(grep -o '<Version>.*<.*>' Directory.Build.props | sed 's/<Version>\(.*\)<.*>/\1/')" >> $GITHUB_ENV
+          echo "VERSION_SUFFIX=$(echo ${BASE_VERSION} | cut -f2 -d'-')" >> $GITHUB_ENV
+          echo "BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+
+      - name: Publish C# SecureMemory
+        if: startsWith('release-', github.env.BRANCH) && github.env.VERSION_SUFFIX != 'alpha'
+        run: |
+          ./scripts/release_prod.sh
+        env:
+          NUGET_KEY: ${{ secrets.NUGET_KEY }}
+          NUGET_SOURCE: ${{ secrets.NUGET_SOURCE }}
+        working-directory: csharp/SecureMemory
diff --git a/.github/workflows/go-appencryption-ci.yml b/.github/workflows/go-appencryption-ci.yml
@@ -11,8 +11,6 @@ on:
     paths:
       - 'go/appencryption/**'
       - '.github/workflows/go-appencryption-*'
-    branches-ignore:
-      - 'release-*'
 
 permissions:
   contents: read

diff --git a/.github/workflows/go-appencryption-release.yml b/.github/workflows/go-appencryption-release.yml
@@ -0,0 +1,43 @@
+name: '[Go] AppEncryption Release'
+
+on:
+  workflow_run:
+    workflows:
+      - '[Go] AppEncryption CI'
+    types:
+      - completed
+    branches:
+      - 'release-*'
+
+permissions:
+  contents: write
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Fetch all tags
+        run: git fetch --prune --unshallow --tags
+
+      - name: Initialize Envionment Variables
+        run: |
+          echo "BASE_VERSION=$(cat .versionfile)" >> $GITHUB_ENV
+          echo "VERSION_SUFFIX=$(echo ${BASE_VERSION} | cut -f2 -d'-')" >> $GITHUB_ENV
+          echo "BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+
+      - name: Publish Go AppEncryption
+        if: startsWith('release-', github.env.BRANCH) && github.env.VERSION_SUFFIX != 'alpha'
+        run: |
+          ./scripts/release_prod.sh
+        env:
+          NUGET_KEY: ${{ secrets.NUGET_KEY }}
+          NUGET_SOURCE: ${{ secrets.NUGET_SOURCE }}
+        working-directory: go/appencryption
diff --git a/.github/workflows/go-securememory-ci.yml b/.github/workflows/go-securememory-ci.yml
@@ -11,8 +11,6 @@ on:
     paths:
       - 'go/securememory/**'
       - '.github/workflows/go-securememory-*'
-    branches-ignore:
-      - 'release-*'
 
 permissions:
   contents: read

diff --git a/.github/workflows/go-securememory-release.yml b/.github/workflows/go-securememory-release.yml
@@ -0,0 +1,43 @@
+name: '[Go] SecureMemory Release'
+
+on:
+  workflow_run:
+    workflows:
+      - '[Go] SecureMemory CI'
+    types:
+      - completed
+    branches:
+      - 'release-*'
+
+permissions:
+  contents: write
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Fetch all tags
+        run: git fetch --prune --unshallow --tags
+
+      - name: Initialize Envionment Variables
+        run: |
+          echo "BASE_VERSION=$(cat .versionfile)" >> $GITHUB_ENV
+          echo "VERSION_SUFFIX=$(echo ${BASE_VERSION} | cut -f2 -d'-')" >> $GITHUB_ENV
+          echo "BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+
+      - name: Publish Go SecureMemory
+        if: startsWith('release-', github.env.BRANCH) && github.env.VERSION_SUFFIX != 'alpha'
+        run: |
+          ./scripts/release_prod.sh
+        env:
+          NUGET_KEY: ${{ secrets.NUGET_KEY }}
+          NUGET_SOURCE: ${{ secrets.NUGET_SOURCE }}
+        working-directory: go/securememory
diff --git a/.github/workflows/java-appencryption-ci.yml b/.github/workflows/java-appencryption-ci.yml
@@ -12,8 +12,6 @@ on:
     paths:
       - 'java/appencryption/**'
       - '.github/workflows/java-appencryption-*'
-    branches-ignore:
-      - 'release-*'
 
 permissions:
   contents: read

diff --git a/.github/workflows/java-appencryption-release.yml b/.github/workflows/java-appencryption-release.yml
@@ -0,0 +1,57 @@
+name: '[Java] AppEncryption Release'
+
+on:
+  workflow_run:
+    workflows:
+      - '[Java] AppEncryption CI'
+    types:
+      - completed
+    branches:
+      - 'release-*'
+
+permissions:
+  contents: write
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  release:
+    if: github.repository == 'godaddy/asherah' && github.event.workflow_run.conclusion == 'success'
+    name: Release Java AppEncryption
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Fetch all tags
+        run: git fetch --prune --unshallow --tags
+
+      - name: Set up Maven Central Repository
+        uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'maven'
+          server-id: ossrh
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+          gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
+
+      - name: Initialize Envionment Variables
+        run: |
+          echo "BASE_VERSION=$(mvn -q -DforceStdout help:evaluate -Dexpression=project.version)" >> $GITHUB_ENV
+          echo "VERSION_SUFFIX=$(echo ${BASE_VERSION} | cut -f2 -d'-')" >> $GITHUB_ENV
+          echo "BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+
+      - name: Publish Java AppEncryption
+        if: startsWith('release-', github.env.BRANCH) && github.env.VERSION_SUFFIX != 'alpha'
+        run: |
+          ./scripts/release_prod.sh
+        env:
+          MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+        working-directory: java/appencryption
diff --git a/.github/workflows/java-securememory-ci.yml b/.github/workflows/java-securememory-ci.yml
@@ -12,8 +12,6 @@ on:
     paths:
       - 'java/secure-memory/**'
       - '.github/workflows/java-securememory-*'
-    branches-ignore:
-      - 'release-*'
 
 permissions:
   contents: read