cecf
/
opentelemetry-java-instrumentation


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235
							name: Release
on:
  workflow_dispatch:

jobs:
  required-jobs:
    uses: ./.github/workflows/build-common.yml

  # test-latest-deps is intentionally not included in the release workflows
  # because any time a new library version is released to maven central
  # it can fail due to test code incompatibility with the new library version,
  # or due to slight changes in emitted telemetry

  # muzzle is intentionally not included in the release workflows
  # because any time a new library version is released to maven central it can fail,
  # and this is not a reason to hold up the release

  release:
    runs-on: ubuntu-latest
    needs:
      - required-jobs
    outputs:
      version: ${{ steps.create-github-release.outputs.version }}
    steps:
      - run: |
          if [[ $GITHUB_REF_NAME != release/* ]]; then
            echo this workflow should only be run against release branches
            exit 1
          fi

      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

      - name: Set environment variables
        run: |
          version=$(.github/scripts/get-version.sh)
          if [[ $version =~ ^([0-9]+)\.([0-9]+)\.([0-9]+) ]]; then
            major="${BASH_REMATCH[1]}"
            minor="${BASH_REMATCH[2]}"
            patch="${BASH_REMATCH[3]}"
          else
            echo "unexpected version: $version"
            exit 1
          fi
          if [[ $patch == 0 ]]; then
            if [[ $minor == 0 ]]; then
              prior_major=$((major - 1))
              prior_minor=$(grep -Po "^## Version $prior_major.\K[0-9]+" CHANGELOG.md | head -1)
              prior_version="$prior_major.$prior_minor"
            else
              prior_version="$major.$((minor - 1)).0"
            fi
          else
            prior_version="$major.$minor.$((patch - 1))"
          fi
          echo "VERSION=$version" >> $GITHUB_ENV
          echo "PRIOR_VERSION=$prior_version" >> $GITHUB_ENV

        # check out main branch to verify there won't be problems with merging the change log
        # at the end of this workflow
      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
        with:
          ref: main

      - name: Check that change log update was merged to main
        run: |
          if [[ $VERSION == *.0 ]]; then
            # not making a patch release
            if ! grep --quiet "^## Version $VERSION " CHANGELOG.md; then
              echo the pull request generated by prepare-release-branch.yml needs to be merged first
              exit 1
            fi
          fi

        # back to the release branch
      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
        with:
          # tags are needed for the generate-release-contributors.sh script
          fetch-depth: 0

      - name: Free disk space
        run: .github/scripts/gha-free-disk-space.sh

      - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
        with:
          distribution: temurin
          java-version-file: .java-version

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2

      - name: Build and publish artifacts
        env:
          SONATYPE_USER: ${{ secrets.SONATYPE_USER }}
          SONATYPE_KEY: ${{ secrets.SONATYPE_KEY }}
          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
          GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
        run: ./gradlew assemble spdxSbom publishToSonatype closeAndReleaseSonatypeStagingRepository

      - name: Build and publish gradle plugins
        env:
          SONATYPE_USER: ${{ secrets.SONATYPE_USER }}
          SONATYPE_KEY: ${{ secrets.SONATYPE_KEY }}
          GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
          GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
          GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
        # Don't use publishToSonatype since we don't want to publish the marker artifact
        run: ./gradlew build publishPlugins publishPluginMavenPublicationToSonatypeRepository closeAndReleaseSonatypeStagingRepository
        working-directory: gradle-plugins

      - name: Collect SBOMs
        run: |
          mkdir sboms
          cp javaagent/build/spdx/*.spdx.json sboms
          zip opentelemetry-java-instrumentation-SBOM.zip sboms/*

      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        name: Upload SBOMs
        with:
          name: opentelemetry-java-instrumentation-SBOM
          path: "sboms/*.json"

      - name: Generate release notes
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          sdk_version=$(grep -Po "val otelSdkVersion = \"\K[0-9]+.[0-9]+.[0-9]+" dependencyManagement/build.gradle.kts)

          # conditional blocks not indented because of the heredoc
          if [[ $VERSION == *.0 ]]; then
          cat > /tmp/release-notes.txt << EOF
          This release targets the OpenTelemetry SDK $sdk_version.

          Note that many artifacts have the \`-alpha\` suffix attached to their version number, reflecting that they are still alpha quality and will continue to have breaking changes. Please see the [VERSIONING.md](https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/main/VERSIONING.md#opentelemetry-java-instrumentation-versioning) for more details.

          EOF
          else
          cat > /tmp/release-notes.txt << EOF
          This is a patch release on the previous $PRIOR_VERSION release, fixing the issue(s) below.

          EOF
          fi

          # CHANGELOG_SECTION.md is also used at the end of the release workflow
          # for copying the change log updates to main
          sed -n "0,/^## Version $VERSION /d;/^## Version /q;p" CHANGELOG.md \
            > /tmp/CHANGELOG_SECTION.md

          # the complex perl regex is needed because markdown docs render newlines as soft wraps
          # while release notes render them as line breaks
          perl -0pe 's/(?<!\n)\n *(?!\n)(?![-*] )(?![1-9]+\. )/ /g' /tmp/CHANGELOG_SECTION.md \
            >> /tmp/release-notes.txt

          # conditional block not indented because of the heredoc
          if [[ $VERSION == *.0 ]]; then
          cat >> /tmp/release-notes.txt << EOF
          ### 🙇 Thank you

          This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

          EOF

          .github/scripts/generate-release-contributors.sh v$PRIOR_VERSION >> /tmp/release-notes.txt
          fi

      - id: create-github-release
        name: Create GitHub release
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          cp javaagent/build/libs/opentelemetry-javaagent-${VERSION}.jar opentelemetry-javaagent.jar
          gh release create --target $GITHUB_REF_NAME \
                            --title "Version $VERSION" \
                            --notes-file /tmp/release-notes.txt \
                            v$VERSION \
                            opentelemetry-javaagent.jar \
                            opentelemetry-java-instrumentation-SBOM.zip

          echo "version=$VERSION" >> $GITHUB_OUTPUT

  merge-change-log-to-main:
    runs-on: ubuntu-latest
    needs:
      - release
    steps:
      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

      - name: Copy change log section from release branch
        env:
          VERSION: ${{ needs.release.outputs.version }}
        run: |
          sed -n "0,/^## Version $VERSION /d;/^## Version /q;p" CHANGELOG.md \
            > /tmp/changelog-section.md

      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
        with:
          ref: main

      - name: Merge change log to main
        env:
          VERSION: ${{ needs.release.outputs.version }}
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          release_date=$(gh release view v$VERSION --json publishedAt --jq .publishedAt | sed 's/T.*//')
          RELEASE_DATE=$release_date .github/scripts/merge-change-log-after-release.sh

      - name: Use CLA approved github bot
        run: .github/scripts/use-cla-approved-github-bot.sh

      - name: Create pull request against main
        env:
          VERSION: ${{ needs.release.outputs.version }}
          # not using secrets.GITHUB_TOKEN since pull requests from that token do not run workflows
          GH_TOKEN: ${{ secrets.OPENTELEMETRYBOT_GITHUB_TOKEN }}
        run: |
          if git diff --quiet; then
            if [[ $VERSION == *.0 ]]; then
              echo there are no updates to merge, not creating pull request
              exit 0 # success
            else
              echo patch release notes did not get applied for some reason
              exit 1 # failure
            fi
          fi

          message="Merge change log updates from $GITHUB_REF_NAME"
          body="Merge change log updates from \`$GITHUB_REF_NAME\`."
          branch="opentelemetrybot/merge-change-log-updates-from-${GITHUB_REF_NAME//\//-}"

          git checkout -b $branch
          git commit -a -m "$message"
          git push --set-upstream origin $branch
          gh pr create --title "$message" \
                       --body "$body" \
                       --base main