ci: Enabling workflows for semantic release

hashgraph · Nov 15, 2024 · 4dd189d · 4dd189d
1 parent b6b6018
commit 4dd189d
Show file tree

Hide file tree

Showing 5 changed files with 146 additions and 29 deletions.
diff --git a/.github/workflows/node-flow-deploy-release-artifact.yaml b/.github/workflows/node-flow-deploy-release-artifact.yaml
@@ -51,34 +51,72 @@ jobs:
       prerelease: ${{ steps.tag.outputs.prerelease }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
         with:
           egress-policy: audit
 
-      - name: Install Semantic Version Tools
+      - name: Checkout Code
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        with:
+          token: ${{ secrets.GH_ACCESS_TOKEN }}
+          fetch-depth: 0
+
+
+      - name: Install GnuPG Tools
         run: |
-          echo "::group::Download SemVer Binary"
-          sudo curl -L -o /usr/local/bin/semver https://raw.githubusercontent.com/fsaintjacques/semver-tool/master/src/semver
-          echo "::endgroup::"
-          echo "::group::Change SemVer Binary Permissions"
-          sudo chmod -v +x /usr/local/bin/semver
-          echo "::endgroup::"
-          echo "::group::Show SemVer Binary Version Info"
-          semver --version
-          echo "::endgroup::"
+          if ! command -v gpg2 >/dev/null 2>&1; then
+            echo "::group::Updating APT Repository Indices"
+              sudo apt update
+            echo "::endgroup::"
+            echo "::group::Installing GnuPG Tools"
+              sudo apt install -y gnupg2
+            echo "::endgroup::"
+          fi
+
+      - name: Import GPG key
+        id: gpg_key
+        uses: step-security/ghaction-import-gpg@6c8fe4d0126a59d57c21f87c9ae5dd3451fa3cca # v6.1.0
+        with:
+          gpg_private_key: ${{ secrets.GPG_KEY_CONTENTS }}
+          passphrase: ${{ secrets.GPG_KEY_PASSPHRASE }}
+          git_config_global: true
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+          git_tag_gpgsign: false
+
+      - name: Setup Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version: 20
+
+      - name: Install Semantic Release
+        run: |
+          npm install -g semantic-release@21.0.7 @semantic-release/git@10.0.1 @semantic-release/exec@6.0.3 gradle-semantic-release-plugin@1.7.6
+          npm install -g conventional-changelog-conventionalcommits@6.1.0 @commitlint/cli@17.6.6 @commitlint/config-conventional@17.6.6
+          npm install -g marked-mangle@1.0.1 marked-gfm-heading-id@3.0.4 semantic-release-conventional-commits@3.0.0
+
+      - name: Calculate Next Version
+        env:
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GIT_AUTHOR_NAME: ${{ secrets.GIT_USER_NAME }}
+          GIT_AUTHOR_EMAIL: ${{ secrets.GIT_USER_EMAIL }}
+          GIT_COMMITTER_NAME: ${{ secrets.GIT_USER_NAME }}
+          GIT_COMMITTER_EMAIL: ${{ secrets.GIT_USER_EMAIL }}
+        run: |
+          npx semantic-release --dry-run
+          ls -al
+          cat VERSION
 
       - name: Extract Tag Version
         id: tag
         run: |
-          RELEASE_VERSION="$(semver get release "${{ github.ref_name }}")"
-          PRERELEASE_VERSION="$(semver get prerel "${{ github.ref_name }}")"
-
-          FINAL_VERSION="${RELEASE_VERSION}"
+          cat VERSION
+          RELEASE_VERSION="$(cat VERSION | tr -d '[:space:]')"
           PRERELEASE_FLAG="false"
-          [[ -n "${PRERELEASE_VERSION}" ]] && FINAL_VERSION="${RELEASE_VERSION}-${PRERELEASE_VERSION}"
-          [[ -n "${PRERELEASE_VERSION}" ]] && PRERELEASE_FLAG="true"
+          [[ "${RELEASE_VERSION}" == *"-"* ]] && PRERELEASE_FLAG="true"
 
-          echo "version=${FINAL_VERSION}" >>"${GITHUB_OUTPUT}"
+          echo "version=${RELEASE_VERSION}" >>"${GITHUB_OUTPUT}"
           echo "prerelease=${PRERELEASE_FLAG}" >>"${GITHUB_OUTPUT}"
 
   release-tag:

diff --git a/.github/workflows/node-zxc-build-release-artifact.yaml b/.github/workflows/node-zxc-build-release-artifact.yaml
@@ -146,6 +146,36 @@ jobs:
           semver --version
           echo "::endgroup::"
 
+      - name: Setup Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version: 20
+
+      - name: Install Semantic Release
+        run: |
+          npm install -g semantic-release@21.0.7 @semantic-release/git@10.0.1 @semantic-release/exec@6.0.3 gradle-semantic-release-plugin@1.7.6
+          npm install -g conventional-changelog-conventionalcommits@6.1.0 @commitlint/cli@17.6.6 @commitlint/config-conventional@17.6.6
+          npm install -g marked-mangle@1.0.1 marked-gfm-heading-id@3.0.4 semantic-release-conventional-commits@3.0.0
+
+      - name: Checkout Code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Calculate Next Version
+        if: ${{ inputs.version-policy == 'specified' }}
+        env:
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GIT_AUTHOR_NAME: ${{ secrets.GIT_USER_NAME }}
+          GIT_AUTHOR_EMAIL: ${{ secrets.GIT_USER_EMAIL }}
+          GIT_COMMITTER_NAME: ${{ secrets.GIT_USER_NAME }}
+          GIT_COMMITTER_EMAIL: ${{ secrets.GIT_USER_EMAIL }}
+        run: |
+          npx semantic-release --dry-run
+          ls -al
+          cat VERSION
+
       - name: Verify Workflow Parameters
         id: parameters
         run: |
@@ -174,9 +204,6 @@ jobs:
             exit 2
           fi
 
-      - name: Checkout Code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
       - name: Setup Java
         uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
         with:
@@ -205,7 +232,12 @@ jobs:
       - name: Compute Final Effective Version
         id: effective-version
         run: |
-          EFF_VERSION="$(./gradlew showVersion --quiet | tr -d '[:space:]')"
+          if [[ "${{ inputs.version-policy }}" == "specified" ]]; then
+            EFF_VERSION="${{ inputs.new-version }}"
+          else
+            EFF_VERSION="$(cat VERSION | tr -d '[:space:]')"
+          fi
+
           PRERELEASE_SUFFIX="$(semver get prerel "${EFF_VERSION}")"
           PRERELEASE="false"
           [[ -n "${PRERELEASE_SUFFIX}" ]] && PRERELEASE="true"

diff --git a/.releaserc.json b/.releaserc.json
@@ -0,0 +1,47 @@
+{
+  "branches": ["main", "develop"],
+  "plugins": [
+    ["@semantic-release/commit-analyzer", {
+      "preset": "conventional-commits",
+      "releaseRules": [
+        {"type": "breaking", "release": "minor"},
+        {"type": "feat", "release": "minor"},
+        {"type": "fix", "release": "patch"},
+        {"type": "docs", "release": "patch"},
+        {"type": "style", "release": "patch"},
+        {"type": "refactor", "release": "patch"},
+        {"type": "perf", "release": "patch"},
+        {"type": "test", "release": "patch"},
+        {"type": "ci", "release": "patch"},
+        {"type": "chore", "release": "patch"}
+      ],
+      "parserOpts": {
+        "noteKeywords": ["BREAKING CHANGE", "BREAKING CHANGES", "BREAKING"]
+      }
+    }],
+    ["@semantic-release/release-notes-generator", {
+      "preset": "conventional-commits",
+      "presetConfig": {
+        "types": [
+          {"type": "feat", "section": "Features"},
+          {"type": "fix", "section": "Bug Fixes"},
+          {"type": "docs", "section": "Documentation"},
+          {"type": "style", "section": "Styles"},
+          {"type": "refactor", "section": "Code Refactoring"},
+          {"type": "perf", "section": "Performance Improvements"},
+          {"type": "test", "section": "Tests"},
+          {"type": "ci", "section": "Continuous Integration"},
+          {"type": "chore", "section": "Chores"},
+          {"type": "breaking", "section": "Breaking Changes"}
+        ]
+      }
+    }],
+    "@semantic-release/changelog",
+    "@semantic-release/npm",
+    "@semantic-release/github",
+    ["@semantic-release/git", {
+      "assets": ["package.json", "CHANGELOG.md"],
+      "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+    }]
+  ]
+}
diff --git a/gradle/plugins/src/main/kotlin/com.hedera.gradle.maven-publish.gradle.kts b/gradle/plugins/src/main/kotlin/com.hedera.gradle.maven-publish.gradle.kts
@@ -22,12 +22,12 @@ plugins {
     id("signing")
 }
 
-tasks.withType<PublishToMavenRepository>().configureEach {
-    // Publishing tasks are only enabled if we publish to the matching group.
-    // Otherwise, Nexus configuration and credentials do not fit.
-    val publishingPackageGroup = providers.gradleProperty("publishingPackageGroup").orNull
-    enabled = publishingPackageGroup == project.group
-}
+// tasks.withType<PublishToMavenRepository>().configureEach {
+// Publishing tasks are only enabled if we publish to the matching group.
+// Otherwise, Nexus configuration and credentials do not fit.
+// val publishingPackageGroup = providers.gradleProperty("publishingPackageGroup").orNull
+// enabled = publishingPackageGroup == project.group
+// }
 
 java {
     withJavadocJar()

diff --git a/gradle/plugins/src/main/kotlin/com.hedera.gradle.nexus-publish.gradle.kts b/gradle/plugins/src/main/kotlin/com.hedera.gradle.nexus-publish.gradle.kts
@@ -44,7 +44,7 @@ tasks.named("closeSonatypeStagingRepository") {
 
 tasks.named("releaseMavenCentral") {
     group = "release"
-    dependsOn(tasks.closeAndReleaseStagingRepository)
+    dependsOn(tasks.named("closeSonatypeStagingRepository"))
 }
 
 tasks.register("releaseMavenCentralSnapshot") {