Extract generic release workflow (#4)

gpunto · web-flow · commit 6358a34b4eb5 · 2025-11-07T09:57:43.000+01:00
diff --git a/.github/workflows/README.md b/.github/workflows/README.md
@@ -0,0 +1,121 @@
+# Release Workflow
+
+A reusable GitHub Actions workflow for automating releases of Gradle-based projects with semantic
+versioning, Maven publishing, and branch management.
+
+## Overview
+
+The release workflow (`release.yml`) provides:
+
+- **Semantic versioning** - Automatic version bumping (major, minor, patch)
+- **Maven publishing** - Build and publish to Maven Central
+- **Branch management** - Automatic syncing of main, develop, and ci-release branches
+- **GitHub releases** - Automatic release creation with generated notes
+- **Snapshot support** - Optional snapshot releases without branch updates
+- **Signing** - Automatic artifact signing with GPG
+
+## Usage
+
+### In Your Project
+
+Create a workflow file (e.g., `.github/workflows/publish-new-version.yml`) in your project:
+
+```yaml
+name: Publish New Version
+
+on:
+  workflow_dispatch:
+    inputs:
+      bump:
+        description: 'Version bump type (major, minor, patch)'
+        required: true
+        type: choice
+        options:
+          - patch
+          - minor
+          - major
+      snapshot:
+        description: 'Snapshot release'
+        required: false
+        type: boolean
+        default: false
+
+concurrency:
+  group: release
+  cancel-in-progress: false
+
+jobs:
+  release:
+    uses: GetStream/stream-build-conventions-android/.github/workflows/release.yml@develop
+    with:
+      bump: ${{ inputs.bump }}
+      snapshot: ${{ inputs.snapshot }}
+    secrets:
+      github-token: ${{ secrets.STREAM_PUBLIC_BOT_TOKEN }}
+      maven-central-username: ${{ secrets.MAVEN_USERNAME }}
+      maven-central-password: ${{ secrets.MAVEN_PASSWORD }}
+      signing-key: ${{ secrets.SIGNING_KEY }}
+      signing-key-id: ${{ secrets.SIGNING_KEY_ID }}
+      signing-key-password: ${{ secrets.SIGNING_PASSWORD }}
+```
+
+### Requirements
+
+Your project must have:
+
+1. **Branch structure**:
+    - `develop` - Development branch (default branch to release from)
+    - `main` - Production branch
+    - `ci-release` - Created automatically during release
+
+2. **Version file**: A properties file with semantic version (defaults to `gradle.properties`, but
+   can be customized via the `version-properties-file` input):
+   ```properties
+   version=1.2.3
+   ```
+
+3. **Gradle project**: A Gradle project with a `publish` task configured
+
+## Inputs
+
+| Input                     | Required | Default             | Description                                     |
+|---------------------------|----------|---------------------|-------------------------------------------------|
+| `bump`                    | Yes      | -                   | Version bump type: `major`, `minor`, or `patch` |
+| `snapshot`                | No       | `false`             | Whether this is a snapshot release              |
+| `version-properties-file` | No       | `gradle.properties` | Path to file containing version                 |
+
+## Secrets
+
+| Secret                   | Required | Description                                                                         |
+|--------------------------|----------|-------------------------------------------------------------------------------------|
+| `github-token`           | Yes      | GitHub token with repo with write permissions (i.e. able to push to main & develop) |
+| `maven-central-username` | Yes      | Maven Central username for publishing                                               |
+| `maven-central-password` | Yes      | Maven Central password for publishing                                               |
+| `signing-key`            | Yes      | GPG signing key for artifact signing                                                |
+| `signing-key-id`         | Yes      | GPG signing key ID                                                                  |
+| `signing-key-password`   | Yes      | GPG signing key password                                                            |
+
+## Snapshot vs Production Releases
+
+Both release types bump the version and run `./gradlew publish`. The key differences:
+
+| Feature            | Production (`snapshot: false`) | Snapshot (`snapshot: true`) |
+|--------------------|--------------------------------|-----------------------------|
+| Version commit     | Pushed to ci-release           | Local only                  |
+| Branch updates     | main and develop synced        | No branches updated         |
+| GitHub release     | Created with tag               | Not created                 |
+| `SNAPSHOT` env var | `"false"`                      | `"true"`                    |
+
+## Environment Variables
+
+The workflow sets these environment variables during the publish step:
+
+| Variable                                        | Description                                                    |
+|-------------------------------------------------|----------------------------------------------------------------|
+| `SNAPSHOT`                                      | `"true"` or `"false"` - Access via `System.getenv("SNAPSHOT")` |
+| `ORG_GRADLE_PROJECT_RELEASE_SIGNING_ENABLED`    | Always `"true"`                                                |
+| `ORG_GRADLE_PROJECT_mavenCentralUsername`       | From secrets                                                   |
+| `ORG_GRADLE_PROJECT_mavenCentralPassword`       | From secrets                                                   |
+| `ORG_GRADLE_PROJECT_signingInMemoryKey`         | From secrets                                                   |
+| `ORG_GRADLE_PROJECT_signingInMemoryKeyId`       | From secrets                                                   |
+| `ORG_GRADLE_PROJECT_signingInMemoryKeyPassword` | From secrets                                                   |
diff --git a/.github/workflows/publish-new-version.yml b/.github/workflows/publish-new-version.yml
@@ -0,0 +1,45 @@
+name: Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      bump:
+        description: 'Version bump type'
+        required: true
+        type: choice
+        options:
+          - patch
+          - minor
+          - major
+        default: minor
+      version-properties-file:
+        description: 'Path to properties file containing version'
+        required: false
+        type: string
+        default: 'gradle.properties'
+      snapshot:
+        description: 'Snapshot release'
+        required: false
+        type: boolean
+        default: false
+
+concurrency:
+  group: release
+  cancel-in-progress: false
+
+jobs:
+  release:
+    permissions:
+      contents: write
+    uses: ./.github/workflows/release.yml
+    with:
+      bump: ${{ inputs.bump }}
+      version-properties-file: ${{ inputs.version-properties-file }}
+      snapshot: ${{ inputs.snapshot }}
+    secrets:
+      github-token: ${{ secrets.STREAM_PUBLIC_BOT_TOKEN }}
+      maven-central-username: ${{ secrets.OSSRH_USERNAME }}
+      maven-central-password: ${{ secrets.OSSRH_PASSWORD }}
+      signing-key: ${{ secrets.SIGNING_KEY }}
+      signing-key-id: ${{ secrets.SIGNING_KEY_ID }}
+      signing-key-password: ${{ secrets.SIGNING_PASSWORD }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,26 +1,41 @@
-name: Release
+name: Release Workflow
 
 on:
-  workflow_dispatch:
+  workflow_call:
     inputs:
       bump:
-        description: 'Version bump type'
+        description: 'Version bump type (major, minor, patch)'
         required: true
-        type: choice
-        options:
-          - patch
-          - minor
-          - major
-        default: 'minor'
+        type: string
       version-properties-file:
         description: 'Path to properties file containing version'
         required: false
         type: string
         default: 'gradle.properties'
-
-concurrency:
-  group: release
-  cancel-in-progress: false
+      snapshot:
+        description: 'Whether this is a snapshot release'
+        required: false
+        type: boolean
+        default: false
+    secrets:
+      github-token:
+        description: 'GitHub token with repo write permissions'
+        required: true
+      maven-central-username:
+        description: 'Maven Central username'
+        required: true
+      maven-central-password:
+        description: 'Maven Central password'
+        required: true
+      signing-key:
+        description: 'GPG signing key'
+        required: true
+      signing-key-id:
+        description: 'GPG signing key ID'
+        required: true
+      signing-key-password:
+        description: 'GPG signing key password'
+        required: true
 
 jobs:
   publish:
@@ -30,7 +45,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          token: ${{ secrets.STREAM_PUBLIC_BOT_TOKEN }}
+          token: ${{ secrets.github-token }}
           ref: develop
           fetch-depth: 0
 
@@ -56,47 +71,52 @@ jobs:
 
       - name: Bump version
         id: bump
-        uses: ./.github/actions/bump-version
+        uses: GetStream/stream-build-conventions-android/.github/actions/bump-version@develop
         with:
-          bump: ${{ github.event.inputs.bump }}
-          file: ${{ github.event.inputs.version-properties-file }}
+          bump: ${{ inputs.bump }}
+          file: ${{ inputs.version-properties-file }}
 
       - name: Commit version file
         uses: EndBug/add-and-commit@v9.1.4
         with:
-          add: ${{ github.event.inputs.version-properties-file }}
+          add: ${{ inputs.version-properties-file }}
           message: "AUTOMATION: Version Bump"
           default_author: github_actions
           push: false
 
       - name: Push changes to ci-release branch
+        if: ${{ !inputs.snapshot }}
         run: git push origin HEAD:ci-release --force-with-lease
 
       - name: Setup Gradle
-        uses: ./.github/actions/setup-gradle
+        uses: GetStream/stream-build-conventions-android/.github/actions/setup-gradle@develop
         with:
           cache-read-only: false
 
       - name: Build and publish
-        run: ./gradlew build publish --no-configuration-cache
+        run: ./gradlew publish --no-configuration-cache
         env:
-          ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.OSSRH_USERNAME }}
-          ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.OSSRH_PASSWORD }}
-          ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.SIGNING_KEY }}
-          ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.SIGNING_KEY_ID }}
-          ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SIGNING_PASSWORD }}
+          ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.maven-central-username }}
+          ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.maven-central-password }}
+          ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.signing-key }}
+          ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.signing-key-id }}
+          ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.signing-key-password }}
           ORG_GRADLE_PROJECT_RELEASE_SIGNING_ENABLED: true
+          # todo Make it a gradle property instead?
+          SNAPSHOT: ${{ inputs.snapshot }}
 
       - name: Create Github Release
+        if: ${{ !inputs.snapshot }}
         uses: ncipollo/release-action@v1.16.0
         with:
           generateReleaseNotes: true
-          token: ${{ secrets.STREAM_PUBLIC_BOT_TOKEN }}
+          token: ${{ secrets.github-token }}
           tag: v${{ steps.bump.outputs.new-version }}
           commit: ci-release
           makeLatest: true
 
   sync_branches:
+    if: ${{ !inputs.snapshot }}
     needs: publish
     name: Sync main and develop with release
     runs-on: ubuntu-latest
@@ -106,7 +126,7 @@ jobs:
         with:
           ref: main
           fetch-depth: 0
-          token: ${{ secrets.STREAM_PUBLIC_BOT_TOKEN }}
+          token: ${{ secrets.github-token }}
 
       - name: Configure git
         run: |
