diff --git a/.github/workflows/cache-maven-dependencies.yaml b/.github/workflows/cache-maven-dependencies.yaml index c94fdf1cf..a50b31d3b 100644 --- a/.github/workflows/cache-maven-dependencies.yaml +++ b/.github/workflows/cache-maven-dependencies.yaml @@ -13,6 +13,8 @@ env: jobs: update-cache: runs-on: ubuntu-latest + permissions: + actions: write # needed to delete caches steps: - name: "Checkout" uses: actions/checkout@v6 @@ -36,7 +38,7 @@ jobs: gh cache delete "${CACHE_ID}" done env: - GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: "Cache Dependencies" uses: actions/cache/save@v5 diff --git a/.github/workflows/dependabot-automerge.yaml b/.github/workflows/dependabot-automerge.yaml index 1e9ffe0d4..7b877725c 100644 --- a/.github/workflows/dependabot-automerge.yaml +++ b/.github/workflows/dependabot-automerge.yaml @@ -14,13 +14,21 @@ env: jobs: review-prs: runs-on: ubuntu-latest - permissions: - pull-requests: write - contents: write steps: - name: Checkout uses: actions/checkout@v6 + - name: 'Create GitHub App Token' + id: app-token + uses: actions/create-github-app-token@v3 + with: + client-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }} + private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }} + owner: SAP + repositories: cloud-sdk-java + permission-contents: write + permission-pull-requests: write + - name: Approve and Merge PRs run: | PRS=$(gh pr list --app "dependabot" --state "open" --json number,title) @@ -29,14 +37,14 @@ jobs: if [[ -z "$GROUP" ]]; then continue fi - + MATCHES=$(jq -r --arg group "$GROUP" '.[] | select(.title | contains($group)) | .number' <<< "$PRS") echo "[DEBUG] Found PRs for group '$GROUP': '$MATCHES'" - + PR_NUMBERS="$MATCHES"$'\n'"$PR_NUMBERS" done <<< "${{ env.DEPENDABOT_GROUPS }}" echo "[DEBUG] Approving and Merging following PRs: '$PR_NUMBERS'" - + while IFS= read -r PR_NUMBER; do if [[ -z "$PR_NUMBER" ]]; then continue @@ -47,4 +55,4 @@ jobs: gh pr review "$PR_NUMBER" --approve done <<< "$PR_NUMBERS" env: - GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/javadoc.yaml b/.github/workflows/javadoc.yaml index 96f76edb9..59d03bc6a 100644 --- a/.github/workflows/javadoc.yaml +++ b/.github/workflows/javadoc.yaml @@ -11,60 +11,71 @@ on: env: JAVA_VERSION: 17 DOCS_REPO: SAP/cloud-sdk - PROJECTS: "!:rfc,!:dwc-cf,!:datamodel-metadata-generator,!:odata-generator,!:odata-generator-maven-plugin,!:odata-generator-utility,!:odata-v4-generator,!:odata-v4-generator-maven-plugin,!:s4hana-connectivity,!:soap,!:testutil,!:s4hana-core" + PROJECTS: '!:rfc,!:dwc-cf,!:datamodel-metadata-generator,!:odata-generator,!:odata-generator-maven-plugin,!:odata-generator-utility,!:odata-v4-generator,!:odata-v4-generator-maven-plugin,!:s4hana-connectivity,!:soap,!:testutil,!:s4hana-core' jobs: build: - name: "JavaDoc to Documentation Portal" + name: 'JavaDoc to Documentation Portal' runs-on: ubuntu-latest steps: - - name: "Prepare git" + - name: 'Prepare git' run: | git config --global user.email "cloudsdk@sap.com" git config --global user.name "SAP Cloud SDK Bot" - - name: "Checkout Repository" + - name: 'Checkout Repository' uses: actions/checkout@v6 with: fetch-depth: 0 - - - name: "Switch branch" + + - name: 'Switch branch' run: git checkout "${{ github.event.inputs.branch || 'main' }}" - - name: "Set up JDK 17" + - name: 'Set up JDK 17' uses: actions/setup-java@v5 with: java-version: '17' distribution: 'temurin' cache: 'maven' - - name: "Determine Versions" + - name: 'Determine Versions' id: determine-version run: | echo "MAJOR_VERSION=$(jq -r '.version' latest.json | cut -d '.' -f 1)" >> $GITHUB_OUTPUT echo "CURRENT_VERSION=$(jq -r '.version' latest.json)" >> $GITHUB_OUTPUT - - name: "Install project (skip tests)" + - name: 'Install project (skip tests)' run: mvn install -DskipTests --quiet - - name: "Process sources" + - name: 'Process sources' run: mvn process-sources -Drelease --fail-at-end --projects "${PROJECTS}" --quiet - - name: "Copy delombok sources" + - name: 'Copy delombok sources' run: find . -type d -path "*/target/delombok" -exec sh -c 'cp -r "$1"/* "$(dirname $(dirname "$1"))/src/main/java/"' _ {} \; - - name: "Generate aggregated Javadoc" + - name: 'Generate aggregated Javadoc' run: mvn clean javadoc:aggregate -Drelease -Djava.failOnWarning=false --projects "${PROJECTS}" --quiet - - name: "Checkout Docs Repository" + - name: 'Create GitHub App Token' + id: app-token + uses: actions/create-github-app-token@v3 + with: + client-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }} + private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }} + owner: SAP + repositories: cloud-sdk + permission-contents: write + permission-pull-requests: write + + - name: 'Checkout Docs Repository' uses: actions/checkout@v6 with: repository: ${{ env.DOCS_REPO }} path: .cloud-sdk-docs - token: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + token: ${{ steps.app-token.outputs.token }} - - name: "Replace JavaDoc" + - name: 'Replace JavaDoc' id: replace-javadoc run: | TARGET_DIR=./.cloud-sdk-docs/static/java-api/v${{ steps.determine-version.outputs.MAJOR_VERSION }} @@ -95,7 +106,7 @@ jobs: git push origin $BRANCH_NAME - - name: "Create JavaDoc PR" + - name: 'Create JavaDoc PR' id: create-javadoc-pr if: ${{ steps.replace-javadoc.outputs.CREATE_PR == 'true' }} working-directory: ./.cloud-sdk-docs @@ -107,4 +118,4 @@ jobs: echo "PR_URL=$PR_URL" >> $GITHUB_OUTPUT echo "PR: $PR_URL" >> $GITHUB_STEP_SUMMARY env: - GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/perform-release.yml b/.github/workflows/perform-release.yml index f3d601d4e..d3fa92f68 100644 --- a/.github/workflows/perform-release.yml +++ b/.github/workflows/perform-release.yml @@ -1,13 +1,13 @@ -name: "Perform Release" +name: 'Perform Release' on: workflow_dispatch: inputs: release_pr_number: - description: "The PR number of the release PR" + description: 'The PR number of the release PR' required: true skip-pr-merge: - description: "Whether to skip merging the PRs" + description: 'Whether to skip merging the PRs' required: false default: false type: boolean @@ -19,7 +19,7 @@ env: jobs: prerequisites: - name: "Prerequisites" + name: 'Prerequisites' outputs: code-branch: ${{ steps.determine-branch-names.outputs.CODE_BRANCH_NAME }} docs-branch: ${{ steps.determine-branch-names.outputs.DOCS_BRANCH_NAME }} @@ -30,7 +30,7 @@ jobs: permissions: write-all # contents and push are needed to see the draft release runs-on: ubuntu-latest steps: - - name: "Determine Branch Names" + - name: 'Determine Branch Names' id: determine-branch-names run: | CODE_BRANCH_NAME=$(gh pr view ${{github.event.inputs.release_pr_number}} --repo ${{github.repository}} --json headRefName --jq '.headRefName') @@ -39,22 +39,22 @@ jobs: RELEASE_COMMIT=$(gh release view $RELEASE_TAG --repo ${{github.repository}} --json targetCommitish --jq '.targetCommitish') RELEASE_NOTES_BRANCH_NAME=java/release-notes-$RELEASE_VERSION RELEASE_JAVADOC_BRANCH_NAME=java/release-docs-$RELEASE_VERSION - + echo "CODE_BRANCH_NAME=$CODE_BRANCH_NAME" >> $GITHUB_OUTPUT echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_OUTPUT echo "RELEASE_COMMIT=$RELEASE_COMMIT" >> $GITHUB_OUTPUT echo "RELEASE_NOTES_BRANCH_NAME=$RELEASE_NOTES_BRANCH_NAME" >> $GITHUB_OUTPUT echo "RELEASE_JAVADOC_BRANCH_NAME=$RELEASE_JAVADOC_BRANCH_NAME" >> $GITHUB_OUTPUT - + echo -e "[DEBUG] Current GITHUB_OUTPUT:\n$(cat $GITHUB_OUTPUT)" env: GH_TOKEN: ${{ github.token }} - - name: "Checkout Repository" + - name: 'Checkout Repository' uses: actions/checkout@v6 - - name: "Check Whether Code PR Can Be Merged" + - name: 'Check Whether Code PR Can Be Merged' if: ${{ inputs.skip-pr-merge != 'true' }} uses: ./.github/actions/pr-is-mergeable with: @@ -65,53 +65,72 @@ jobs: \"dependabot merger\": [] } - - name: "Check Code Release Commit Continuous Integration" + - name: 'Check Code Release Commit Continuous Integration' if: ${{ inputs.skip-pr-merge != 'true' }} uses: ./.github/actions/workflow-succeeded with: - workflow: "Continuous Integration" + workflow: 'Continuous Integration' sha: ${{ steps.determine-branch-names.outputs.RELEASE_COMMIT }} - excluded-jobs: "[\"Run BlackDuck Scan\"]" + excluded-jobs: '["Run BlackDuck Scan"]' + + - name: 'Create GitHub App Token' + id: app-token + uses: actions/create-github-app-token@v3 + with: + client-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }} + private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }} + owner: SAP + repositories: cloud-sdk - - name: "Check Whether Release Notes PR Can Be Merged" + - name: 'Check Whether Release Notes PR Can Be Merged' if: ${{ inputs.skip-pr-merge != 'true' }} uses: ./.github/actions/pr-is-mergeable with: pr-ref: ${{ steps.determine-branch-names.outputs.RELEASE_NOTES_BRANCH_NAME }} repo: ${{ env.DOCS_REPO }} - token: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + token: ${{ steps.app-token.outputs.token }} excluded-check-runs: | { \"Build Cloud SDK Documentation\": [\"dependabot\"] } - - name: "Check Whether JavaDoc PR Can Be Merged" + - name: 'Check Whether JavaDoc PR Can Be Merged' if: ${{ inputs.skip-pr-merge != 'true' }} uses: ./.github/actions/pr-is-mergeable with: pr-ref: ${{ steps.determine-branch-names.outputs.RELEASE_JAVADOC_BRANCH_NAME }} repo: ${{ env.DOCS_REPO }} - token: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + token: ${{ steps.app-token.outputs.token }} excluded-check-runs: | { \"Build Cloud SDK Documentation\": [\"dependabot\"] } release: - name: "Release" - needs: [ prerequisites ] + name: 'Release' + needs: [prerequisites] runs-on: ubuntu-latest permissions: contents: write # needed to modify the release draft - pull-requests: write # needed to merge the release PR steps: - - name: "Setup java" + - name: 'Create GitHub App Token' + id: app-token + uses: actions/create-github-app-token@v3 + with: + client-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }} + private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }} + owner: SAP + repositories: cloud-sdk-java,cloud-sdk + permission-contents: write + permission-pull-requests: write # needed to merge the release PR + + - name: 'Setup java' uses: actions/setup-java@v5 with: - distribution: "sapmachine" + distribution: 'sapmachine' java-version: ${{ env.JAVA_VERSION }} - - name: "Download Release Asset" + - name: 'Download Release Asset' id: download-asset run: | gh release download ${{ needs.prerequisites.outputs.release-tag }} --dir ./ --repo "${{ github.repository }}" @@ -120,42 +139,42 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: "Import GPG Key" + - name: 'Import GPG Key' run: | echo "${{ secrets.PGP_PRIVATE_KEY }}" | gpg --batch --passphrase "$MAVEN_GPG_PASSPHRASE" --import env: MAVEN_GPG_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }} - - name: "Create settings.xml" + - name: 'Create settings.xml' run: | echo '${{ secrets.CENTRAL_SONATYPE_SETTINGS_XML }}' > settings.xml - - name: "Deploy" + - name: 'Deploy' run: | MVN_ARGS="${{ env.MVN_CLI_ARGS }} -Drelease -s settings.xml" mvn deploy $MVN_ARGS env: MAVEN_GPG_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }} - - name: "Merge Code PR" + - name: 'Merge Code PR' if: ${{ inputs.skip-pr-merge != 'true' }} run: gh pr merge --squash "${{ needs.prerequisites.outputs.code-branch }}" --delete-branch --repo "${{ github.repository }}" env: - GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} - - name: "Publish the Draft Release" + - name: 'Publish the Draft Release' run: gh release edit ${{ needs.prerequisites.outputs.release-tag }} --draft=false --repo "${{ github.repository }}" env: - GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: "Merge Release Notes PR" + - name: 'Merge Release Notes PR' if: ${{ inputs.skip-pr-merge != 'true' }} run: gh pr merge --squash "${{ needs.prerequisites.outputs.release-notes-branch }}" --delete-branch --repo "${{ env.DOCS_REPO }}" env: - GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} - - name: "Merge JavaDoc PR" + - name: 'Merge JavaDoc PR' if: ${{ inputs.skip-pr-merge != 'true' }} run: gh pr merge --squash "${{ needs.prerequisites.outputs.release-javadoc-branch }}" --delete-branch --repo "${{ env.DOCS_REPO }}" env: - GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} \ No newline at end of file + GH_TOKEN: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/prepare-release.yaml b/.github/workflows/prepare-release.yaml index a5b1ea3ef..64507f3c9 100644 --- a/.github/workflows/prepare-release.yaml +++ b/.github/workflows/prepare-release.yaml @@ -1,26 +1,26 @@ -name: "Prepare Release" +name: 'Prepare Release' on: workflow_dispatch: inputs: branch: - description: "The Branch to Release From" + description: 'The Branch to Release From' required: false - default: "main" + default: 'main' release-version: - description: "The Version to Release" + description: 'The Version to Release' required: false env: - CI_BUILD_WORKFLOW: "continuous-integration.yaml" # Name of the workflow that should be triggered for CI build - RELEASE_ARTIFACT_NAME: "release-artifacts" # Name of the artifact that should be downloaded from the CI workflow - SDK_TARGETS_NAME: "sdk-targets" # Name of the SDK target directories artifact that should be downloaded from the CI workflow + CI_BUILD_WORKFLOW: 'continuous-integration.yaml' # Name of the workflow that should be triggered for CI build + RELEASE_ARTIFACT_NAME: 'release-artifacts' # Name of the artifact that should be downloaded from the CI workflow + SDK_TARGETS_NAME: 'sdk-targets' # Name of the SDK target directories artifact that should be downloaded from the CI workflow JAVA_VERSION: 17 DOCS_REPO: SAP/cloud-sdk jobs: bump-version: - name: "Bump Version" + name: 'Bump Version' outputs: current-version: ${{ steps.determine-versions.outputs.CURRENT_SNAPSHOT }} release-version: ${{ steps.determine-versions.outputs.RELEASE_VERSION }} @@ -30,27 +30,27 @@ jobs: release-tag: ${{ steps.prepare-release.outputs.TAG_NAME }} runs-on: ubuntu-latest steps: - - name: "Checkout Repository" + - name: 'Checkout Repository' uses: actions/checkout@v6 with: ref: ${{ github.event.inputs.branch }} - - name: "Prepare git" + - name: 'Prepare git' run: | git config --global user.email "cloudsdk@sap.com" git config --global user.name "SAP Cloud SDK Bot" - - name: "Determine Versions" + - name: 'Determine Versions' id: determine-versions run: python .pipeline/scripts/get-release-versions.py env: INPUT_VERSION: ${{ github.event.inputs.release-version }} - - run: "echo Release Version: ${{ steps.determine-versions.outputs.RELEASE_VERSION }}" - - run: "echo Current Version: ${{ steps.determine-versions.outputs.CURRENT_SNAPSHOT }}" - - run: "echo New Version: ${{ steps.determine-versions.outputs.NEW_SNAPSHOT }}" + - run: 'echo Release Version: ${{ steps.determine-versions.outputs.RELEASE_VERSION }}' + - run: 'echo Current Version: ${{ steps.determine-versions.outputs.CURRENT_SNAPSHOT }}' + - run: 'echo New Version: ${{ steps.determine-versions.outputs.NEW_SNAPSHOT }}' - - name: "Set Release Version to ${{ steps.determine-versions.outputs.RELEASE_VERSION }}" + - name: 'Set Release Version to ${{ steps.determine-versions.outputs.RELEASE_VERSION }}' id: prepare-release run: | # NOTE: If you change this pattern here, also adjust perform_release.yml: @@ -65,7 +65,7 @@ jobs: # We need to get the commit id, and push the branch so the release tag will point at the right commit afterwards RELEASE_COMMIT_ID=$(git log -1 --pretty=format:"%H") echo "RELEASE_COMMIT_ID=$RELEASE_COMMIT_ID" >> $GITHUB_OUTPUT - + TAG_NAME=rel/${{ steps.determine-versions.outputs.RELEASE_VERSION }} git tag $TAG_NAME $RELEASE_COMMIT_ID echo "TAG_NAME=$TAG_NAME" >> $GITHUB_OUTPUT @@ -74,21 +74,21 @@ jobs: git push origin $TAG_NAME run-ci: - name: "Continuous Integration" + name: 'Continuous Integration' outputs: ci-run-id: ${{ steps.trigger-ci.outputs.run-id }} - needs: [ bump-version ] + needs: [bump-version] runs-on: ubuntu-latest permissions: actions: write # needed to trigger the ci-build workflow statuses: write # needed to update the commit status steps: - - name: "Checkout repository" + - name: 'Checkout repository' uses: actions/checkout@v6 with: ref: ${{ needs.bump-version.outputs.release-branch }} - - name: "Trigger CI Workflow" + - name: 'Trigger CI Workflow' id: trigger-ci uses: ./.github/actions/trigger-workflow with: @@ -102,15 +102,15 @@ jobs: -f run-blackduck-scan=false -f run-security-rating=true - - name: "Await CI Workflow" + - name: 'Await CI Workflow' uses: ./.github/actions/await-workflow with: run-id: ${{ steps.trigger-ci.outputs.run-id }} - commit-status: "Continuous Integration Workflow" + commit-status: 'Continuous Integration Workflow' create-release: - name: "Create GitHub Release" - needs: [ bump-version, run-ci ] + name: 'Create GitHub Release' + needs: [bump-version, run-ci] outputs: release-name: ${{ steps.create-release.outputs.RELEASE_NAME }} release-url: ${{ steps.create-release.outputs.RELEASE_URL }} @@ -119,54 +119,54 @@ jobs: actions: read # needed to download the artifacts from the CI workflow runs-on: ubuntu-latest steps: - - name: "Checkout repository" + - name: 'Checkout repository' uses: actions/checkout@v6 with: ref: ${{ needs.bump-version.outputs.release-branch }} - - name: "Setup java" + - name: 'Setup java' uses: actions/setup-java@v5 with: - distribution: "sapmachine" + distribution: 'sapmachine' java-version: ${{ env.JAVA_VERSION }} cache: 'maven' - - name: "Build SDK" + - name: 'Build SDK' run: | MVN_ARGS="${{ env.MVN_MULTI_THREADED_ARGS }} clean install -DskipTests" mvn $MVN_ARGS - - name: "Create Release" + - name: 'Create Release' id: create-release run: | tar -czf release-${{ needs.bump-version.outputs.release-version }}.tar.gz * RELEASE_NAME="rel/${{ needs.bump-version.outputs.release-version }}" echo "RELEASE_NAME=$RELEASE_NAME" >> $GITHUB_OUTPUT - + RELEASE_URL=$(gh release create "$RELEASE_NAME" \ --target ${{ needs.bump-version.outputs.release-commit }} \ --title "Release ${{ needs.bump-version.outputs.release-version }}" \ --draft --generate-notes \ release-${{ needs.bump-version.outputs.release-version }}.tar.gz) - + echo "RELEASE_URL=$RELEASE_URL" >> $GITHUB_OUTPUT env: GH_TOKEN: ${{ github.token }} create-javadoc-aggregated-pr: - needs: [ create-release ] - name: "Create Aggregated JavaDoc PR on Documentation Portal" + needs: [create-release] + name: 'Create Aggregated JavaDoc PR on Documentation Portal' runs-on: ubuntu-latest permissions: actions: write # needed to trigger the ci-build workflow statuses: write # needed to update the commit status steps: - - name: "Checkout repository" + - name: 'Checkout repository' uses: actions/checkout@v6 with: ref: ${{ needs.create-release.outputs.release-name }} - - name: "Trigger workflow (ignore failures)" + - name: 'Trigger workflow (ignore failures)' uses: ./.github/actions/trigger-workflow continue-on-error: true with: @@ -175,47 +175,58 @@ jobs: parameters: -f branch=${{ needs.create-release.outputs.release-name }} create-release-notes-pr: - name: "Create Release Notes PR" - needs: [ bump-version, run-ci ] + name: 'Create Release Notes PR' + needs: [bump-version, run-ci] outputs: pr-url: ${{ steps.create-release-notes-pr.outputs.PR_URL }} runs-on: ubuntu-latest steps: - - name: "Checkout Code Repository" + - name: 'Create GitHub App Token' + id: app-token + uses: actions/create-github-app-token@v3 + with: + client-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }} + private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }} + owner: SAP + repositories: cloud-sdk-java,cloud-sdk + permission-contents: write + permission-pull-requests: write + + - name: 'Checkout Code Repository' uses: actions/checkout@v6 with: ref: ${{ needs.bump-version.outputs.release-branch }} - token: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} - - name: "Checkout Docs Repository" + token: ${{ steps.app-token.outputs.token }} + - name: 'Checkout Docs Repository' uses: actions/checkout@v6 with: repository: ${{ env.DOCS_REPO }} path: .cloud-sdk-docs - token: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} - - name: "Prepare Git" + token: ${{ steps.app-token.outputs.token }} + - name: 'Prepare Git' working-directory: ./.cloud-sdk-docs run: | git config --global user.email "cloudsdk@sap.com" git config --global user.name "SAP Cloud SDK Bot" - - name: "Create Release Notes Branch" + - name: 'Create Release Notes Branch' working-directory: ./.cloud-sdk-docs run: git checkout -B java/release-notes-${{ needs.bump-version.outputs.release-version }} - - name: "Create Release Notes" + - name: 'Create Release Notes' run: python .pipeline/scripts/release_notes_automation.py --version ${{ needs.bump-version.outputs.release-version }} --folder ".cloud-sdk-docs/docs-java/release-notes" - - name: "Commit Release Notes" + - name: 'Commit Release Notes' working-directory: ./.cloud-sdk-docs run: | git add . git commit -m "Add new release notes" - - name: "Push Release Notes" + - name: 'Push Release Notes' working-directory: ./.cloud-sdk-docs run: git push origin java/release-notes-${{ needs.bump-version.outputs.release-version }} - - name: "Create Release Notes PR" + - name: 'Create Release Notes PR' id: create-release-notes-pr working-directory: ./.cloud-sdk-docs run: | @@ -234,9 +245,9 @@ jobs: PR_URL=$(gh pr create --title "$PR_TITLE" --body "$PR_BODY" --repo "${{ env.DOCS_REPO }}") echo "PR_URL=$PR_URL" >> $GITHUB_OUTPUT env: - GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} - - name: "Reset Release Notes for Next Version" + - name: 'Reset Release Notes for Next Version' run: | rm -rf .cloud-sdk-docs @@ -253,33 +264,44 @@ jobs: git push create-code-pr: - name: "Create Code PR" - needs: [ bump-version, run-ci, create-release, create-release-notes-pr ] + name: 'Create Code PR' + needs: [bump-version, run-ci, create-release, create-release-notes-pr] outputs: pr-url: ${{ steps.create-code-pr.outputs.PR_URL }} runs-on: ubuntu-latest steps: - - name: "Checkout Repository" + - name: 'Create GitHub App Token' + id: app-token + uses: actions/create-github-app-token@v3 + with: + client-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }} + private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }} + owner: SAP + repositories: cloud-sdk-java + permission-contents: write + permission-pull-requests: write + + - name: 'Checkout Repository' uses: actions/checkout@v6 with: ref: ${{ needs.bump-version.outputs.release-branch }} - token: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} # this is needed so that the same token is used when pushing our changes later. Otherwise, our on: push workflows (i.e. our continuous integration) won't be triggered. - - name: "Prepare Git" + token: ${{ steps.app-token.outputs.token }} # this is needed so that the same token is used when pushing our changes later. Otherwise, our on: push workflows (i.e. our continuous integration) won't be triggered. + - name: 'Prepare Git' run: | git config --global user.email "cloudsdk@sap.com" git config --global user.name "SAP Cloud SDK Bot" - - name: "Set New Version" + - name: 'Set New Version' run: | python .pipeline/scripts/set-release-versions.py --version ${{ needs.bump-version.outputs.new-version }} git add . git commit -m "Update to version ${{ needs.bump-version.outputs.new-version }}" git push - - name: "Create Code PR" + - name: 'Create Code PR' run: | COMMIT_URL=${{ github.event.repository.html_url }}/commit/${{ needs.bump-version.outputs.release-commit }} - + PR_URL=$(gh pr create --title "Release ${{ needs.bump-version.outputs.release-version }}" --body "## TODOs - [ ] Review the changes in [the release commit]($COMMIT_URL) - [ ] Review **and approve** the [Release Notes PR](${{ needs.create-release-notes-pr.outputs.pr-url }}) @@ -290,44 +312,61 @@ jobs: - [ ] Once the `Perform Release` workflow is through, head over to [Central Sonatype](https://central.sonatype.com/publishing/deployments) and log in with the credentials in the Team Password Safe. There should be a published release.") echo "PR_URL=$PR_URL" >> $GITHUB_OUTPUT env: - GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} handle-failure: runs-on: ubuntu-latest - needs: [ bump-version, run-ci, create-release, create-release-notes-pr, create-code-pr ] + needs: + [ + bump-version, + run-ci, + create-release, + create-release-notes-pr, + create-code-pr + ] permissions: contents: write # needed to delete the GitHub release if: ${{ failure() }} steps: - - name: "Checkout Repository" + - name: 'Checkout Repository' uses: actions/checkout@v6 with: ref: ${{ github.event.inputs.branch }} - - name: "Delete Release" + - name: 'Delete Release' if: ${{ needs.create-release.outputs.release-url != '' }} run: gh release delete --repo "${{ github.repository }}" ${{ needs.create-release.outputs.release-name }} --yes env: - GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} continue-on-error: true - - name: "Delete Release Branch" + - name: 'Delete Release Branch' if: ${{ needs.bump-version.outputs.release-branch != '' }} run: git push --delete origin ${{ needs.bump-version.outputs.release-branch }} env: - GITHUB_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} continue-on-error: true - - name: "Delete Release Tag" + - name: 'Delete Release Tag' if: ${{ needs.bump-version.outputs.release-tag != '' }} run: git push --delete origin ${{ needs.bump-version.outputs.release-tag }} env: - GITHUB_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} continue-on-error: true - - name: "Delete Release Notes PR" + - name: 'Create GitHub App Token' + id: app-token + uses: actions/create-github-app-token@v3 + with: + client-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }} + private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }} + owner: SAP + repositories: cloud-sdk + permission-pull-requests: write + + - name: 'Delete Release Notes PR' if: ${{ needs.create-release-notes-pr.outputs.pr-url != '' }} run: gh pr close --repo "${{ env.DOCS_REPO }}" ${{ needs.create-release-notes-pr.outputs.pr-url }} --delete-branch env: - GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} continue-on-error: true