Skip to content

Release a new version 8.4.16 #392

Release a new version 8.4.16

Release a new version 8.4.16 #392

Workflow file for this run

name: Release a new version
run-name: Release a new version ${{ github.event.release.tag_name }}
on:
release:
types: [ created ]
jobs:
build-and-push:
name: Build and push Docker images
runs-on: ubuntu-latest
outputs:
releaseBranch: ${{ steps.determine_release_branch.outputs.releaseBranch }}
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.PROTECTED_BRANCH_PAT }}
ref: ${{ github.event.release.target_commitish }}
fetch-depth: 0
- name: Validate release tag and determine previous tag
id: validate_tag
run: |
OUTPUT="$(.github/workflows/scripts/prev_tag.sh ${{ github.event.release.tag_name }})"
if [ $? -ne 0 ]; then
echo "Script failed"
exit 1
fi
echo "type=$( echo $OUTPUT | cut -d ' ' -f1 )" >> $GITHUB_OUTPUT
echo "previousTag=$( echo $OUTPUT | cut -d ' ' -f2 )" >> $GITHUB_OUTPUT
# We will update this branch by setting the new version and pushing it
- name: Determine release branch name
id: determine_release_branch
run: |
releaseBranch=$( git branch --contains ${RELEASE_VERSION} --format='%(refname:short)' )
git checkout "$releaseBranch"
echo "releaseBranch=$releaseBranch" >> $GITHUB_OUTPUT
env:
RELEASE_VERSION: ${{ github.event.release.tag_name }}
- name: Import Secrets
id: secrets
uses: hashicorp/[email protected]
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
exportEnv: false # we rely on step outputs, no need for environment variables
secrets: |
secret/data/products/connectors/ci/common DOCKERHUB_USER;
secret/data/products/connectors/ci/common DOCKERHUB_PASSWORD;
secret/data/products/connectors/ci/common ARTIFACTORY_USR;
secret/data/products/connectors/ci/common ARTIFACTORY_PSW;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_DEPLOYMENT_USR;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_DEPLOYMENT_PSW;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_GPG_SIGNING_KEY_SEC;
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_SEC }}
passphrase: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE }}
- name: Restore cache
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Prepare Java and Maven settings
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'
# Use CI Nexus as co-located pull-through cache for Maven artifacts via ~/.m2/settings.xml
- name: 'Create settings.xml'
uses: s4u/[email protected]
with:
githubServer: false
servers: |
[{
"id": "camunda-nexus",
"username": "${{ steps.secrets.outputs.ARTIFACTORY_USR }}",
"password": "${{ steps.secrets.outputs.ARTIFACTORY_PSW }}"
},
{
"id": "central",
"username": "${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_USR }}",
"password": "${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_PSW }}"
}
]
mirrors: '[{"url": "https://repository.nexus.camunda.cloud/content/groups/internal/", "id": "camunda-nexus", "mirrorOf": "camunda-nexus", "name": "camunda Nexus"}]'
- name: Configure git user
run: |
# https://github.com/actions/checkout/issues/13#issuecomment-724415212
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
- name: Install element templates CLI
run: npm install --global element-templates-cli
# Maven build & version bump
- name: Set Connectors release version
run: mvn -B versions:set -DnewVersion=${RELEASE_VERSION} -DgenerateBackupPoms=false -f parent
env:
RELEASE_VERSION: ${{ github.event.release.tag_name }}
- name: Deploy artifacts to Artifactory and Maven Central
run: mvn -B compile generate-sources source:jar javadoc:jar deploy -PcheckFormat -Psonatype-oss-release
env:
NEXUS_USR: ${{ steps.secrets.outputs.ARTIFACTORY_USR }}
NEXUS_PSW: ${{ steps.secrets.outputs.ARTIFACTORY_PSW }}
MAVEN_USR: ${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_USR }}
MAVEN_PSW: ${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_PSW }}
MAVEN_GPG_PASSPHRASE: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE }}
- name: Generate sbom reports
run: |
mvn cyclonedx:makeAggregateBom -pl bundle/default-bundle
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: 'arm64,arm'
- name: Set up Docker Build
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ steps.secrets.outputs.DOCKERHUB_USER }}
password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }}
# Build & push bundle docker images (with version tag)
- name: Build and Push Docker Image tag ${{ github.event.release.tag_name }} - connector-runtime
uses: docker/build-push-action@v6
with:
context: connector-runtime/connector-runtime-application/
push: true
tags: camunda/connectors:${{ github.event.release.tag_name }}
platforms: linux/amd64,linux/arm64
provenance: false
- name: Build and Push Docker Image tag ${{ github.event.release.tag_name }} - bundle-default
uses: docker/build-push-action@v6
with:
context: bundle/default-bundle/
push: true
tags: camunda/connectors-bundle:${{ github.event.release.tag_name }}
platforms: linux/amd64,linux/arm64
provenance: false
- name: Build and Push Docker Image tag ${{ github.event.release.tag_name }} - bundle-saas
uses: docker/build-push-action@v6
with:
context: bundle/camunda-saas-bundle/
push: true
tags: camunda/connectors-bundle-saas:${{ github.event.release.tag_name }}
platforms: linux/amd64,linux/arm64
provenance: false
# Build & push bundle docker images (with 'latest' tag)
- name: Build and Push Docker Image tag latest - connector-runtime
uses: docker/build-push-action@v6
with:
context: connector-runtime/connector-runtime-application/
push: true
tags: camunda/connectors:latest
platforms: linux/amd64,linux/arm64
provenance: false
- name: Build and Push Docker Image tag latest - bundle-default
if: ${{ steps.validate_tag.outputs.type == 'NORMAL' }}
uses: docker/build-push-action@v6
with:
context: bundle/default-bundle/
push: true
tags: camunda/connectors-bundle:latest
platforms: linux/amd64,linux/arm64
provenance: false
- name: Build and Push Docker Image tag latest - bundle-saas
if: ${{ steps.validate_tag.outputs.type == 'NORMAL' }}
uses: docker/build-push-action@v6
with:
context: bundle/camunda-saas-bundle/
push: true
tags: camunda/connectors-bundle-saas:latest
platforms: linux/amd64,linux/arm64
provenance: false
# Update README in Dockerhub
- name: Push README to Dockerhub - bundle-default
if: ${{ steps.validate_tag.outputs.type == 'NORMAL' }}
uses: christian-korneck/update-container-description-action@v1
env:
DOCKER_USER: ${{ steps.secrets.outputs.DOCKERHUB_USER }}
DOCKER_PASS: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }}
with:
destination_container_repo: camunda/connectors-bundle
provider: dockerhub
readme_file: bundle/README.md
short_description: 'Camunda out-of-the-box Connectors Bundle'
- name: Push README to Dockerhub - bundle-saas
if: ${{ steps.validate_tag.outputs.type == 'NORMAL' }}
uses: christian-korneck/update-container-description-action@v1
env:
DOCKER_USER: ${{ steps.secrets.outputs.DOCKERHUB_USER }}
DOCKER_PASS: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }}
with:
destination_container_repo: camunda/connectors-bundle-saas
provider: dockerhub
readme_file: bundle/README.md
short_description: 'Camunda out-of-the-box Connectors Bundle for SaaS'
# Update GitHub release
- name: Bundle element templates
run: bash bundle/bundle-templates.sh ${RELEASE_VERSION}
env:
RELEASE_VERSION: ${{ github.event.release.tag_name }}
- name: Build Changelog
id: changelog
uses: Requarks/changelog-action@v1
with:
token: ${{ github.token }}
fromTag: ${{ github.event.release.tag_name }}
toTag: ${{ steps.validate_tag.outputs.previousTag }}
writeToFile: false
excludeTypes: build,docs,other,style,ci
excludeScopes: deps
- name: Commit and tag
run: |
git commit -am "ci: release version ${RELEASE_VERSION}"
git push --force-with-lease origin ${RELEASE_BRANCH}
git tag -fa ${RELEASE_VERSION} -m "ci: release version ${RELEASE_VERSION}"
git push --force origin ${RELEASE_VERSION}
env:
RELEASE_VERSION: ${{ github.event.release.tag_name }}
RELEASE_BRANCH: ${{ steps.determine_release_branch.outputs.releaseBranch }}
- name: Update GitHub Release
uses: softprops/action-gh-release@v2
with:
prerelease: ${{ steps.validate_tag.outputs.type != 'NORMAL' }}
body: ${{ steps.changelog.outputs.changes }}
tag_name: ${{ github.event.release.tag_name }}
files: |
bundle/default-bundle/target/connectors-bundle-sbom.json
bundle/default-bundle/target/connectors-bundle-sbom.xml
connectors-bundle-templates-${{ github.event.release.tag_name }}.tar.gz
connectors-bundle-templates-${{ github.event.release.tag_name }}.zip
helm-deploy:
needs: build-and-push
name: Run Helm Integration Tests
uses: ./.github/workflows/INTEGRATION_TEST.yml
secrets: inherit
with:
connectors-version: ${{ github.event.release.tag_name }}
release-branch: ${{ needs.build-and-push.outputs.releaseBranch }}