From b71ec1085d4a4216480a2b0d8d8d407b389b899c Mon Sep 17 00:00:00 2001 From: Sayali Gaikawad <61760125+gaiksaya@users.noreply.github.com> Date: Mon, 6 Mar 2023 13:48:28 -0800 Subject: [PATCH] Add 2PR approval to release workflow (#383) Signed-off-by: Sayali Gaikawad --- .github/workflows/release-drafter.yml | 12 ++++++++++++ CHANGELOG.md | 1 + RELEASING.md | 6 ++++-- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 6e8fb0c948..72bc8a69ca 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -12,6 +12,18 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v3 + - id: get_data + run: | + echo "approvers=$(cat .github/CODEOWNERS | grep @ | tr -d '* ' | sed 's/@/,/g' | sed 's/,//1')" >> $GITHUB_OUTPUT + echo "version=$(cat gradle.properties | grep "systemProp.version" | cut -d'=' -f2)" >> $GITHUB_OUTPUT + - uses: trstringer/manual-approval@v1 + with: + secret: ${{ github.TOKEN }} + approvers: ${{ steps.get_data.outputs.approvers }} + minimum-approvals: 2 + issue-title: 'Release opensearch-java : ${{ steps.get_data.outputs.version }}' + issue-body: "Please approve or deny the release of opensearch-java. **VERSION**: ${{ steps.get_data.outputs.version }} **TAG**: ${{ github.ref_name }} **COMMIT**: ${{ github.sha }}" + exclude-workflow-initiator-as-approver: true - name: Set up JDK 11 uses: actions/setup-java@v1 with: diff --git a/CHANGELOG.md b/CHANGELOG.md index 4814395ae6..eb40a0639c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - Add support for signing service name in AwsSdk2Transport ([#324](https://github.com/opensearch-project/opensearch-java/pull/324)) - Add new OpenSearchTransport based on Apache HttpClient 5 ([#328](https://github.com/opensearch-project/opensearch-java/pull/328)) - Add 1-click release workflows ([#321](https://github.com/opensearch-project/opensearch-java/pull/321)) +- Require two maintainers to approve release ([#383](https://github.com/opensearch-project/opensearch-java/pull/383)) ### Dependencies - Bumps `grgit-gradle` from 4.0.1 to 5.0.0 diff --git a/RELEASING.md b/RELEASING.md index 0d0729e578..b19130399b 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -34,5 +34,7 @@ Repositories create consistent release labels, such as `v1.0.0`, `v1.1.0` and `v The release process is standard across repositories in this org and is run by a release manager volunteering from amongst [MAINTAINERS](MAINTAINERS.md). 1. Create a tag, e.g. `v2.1.0`, and push it to the GitHub repo. -2. This creates a draft release which triggers the [opensearch-java-maven-sign-and-release/](https://build.ci.opensearch.org/job/opensearch-java-maven-sign-and-release/) jenkins workflow. The artifacts will be automcatically signed and published to maven. -3. Increment `systemProp.version` in [gradle.properties](gradle.properties) to the next patch release, e.g. `v2.1.1`, commit and push. \ No newline at end of file +1. The [release-drafter.yml](.github/workflows/release-drafter.yml) will be automatically kicked off and is responsible for drafting a new release on GitHub containing release artifacts. +1. Before creating a draft release, this workflow creates a GitHub issue asking for approval from the [maintainers](MAINTAINERS.md). See sample [issue](https://github.com/gaiksaya/opensearch-java/issues/1). The maintainers need to approve in order to continue the workflow run. +1. Once a release is drafted [opensearch-java-maven-sign-and-release/](https://build.ci.opensearch.org/job/opensearch-java-maven-sign-and-release/) jenkins workflow is triggered. The artifacts will be automcatically signed and published to maven. +1. Increment `systemProp.version` in [gradle.properties](gradle.properties) to the next patch release, e.g. `v2.1.1`, commit and push. \ No newline at end of file