From 51535ac00981248fcfd9f184bf46b7ad5723079b Mon Sep 17 00:00:00 2001
From: Anwesha Das <anwesha@das.community>
Date: Tue, 6 Feb 2024 23:33:41 +0100
Subject: [PATCH] Initial (Github Actions) Workflows for Ansible Community
 Package release   (#265)

* Adds the manual triggering to release

* Adds the name of the GHA as the filename

* Adds inputs section and removes matrix

It enables the user to decide which Ansible Version needs to be built.

* Ignore GHA checkout of  ansible-build-data

* Adds steps for creating PR to ansible-build-data

* Changes working directory to ansible-build-data

* Adds steps to check the current directory

* Adds antsibull/build/ansible-build-data as working dir

* Removes antsibull/build/ansible-build-data directory

* Adds git remote and git push command

* Creating PR on ansible-build-data

* Adds correct working directory

* Corrects the branch name

* Adds initial workflow to upload to PyPI

* Adds the required files in git

* Adds tarball to sdist directory

As the GHA workflow failed since it was expecting to have only wheels
inside the sdist dir.

* Updates the target branch as main

* Updates based on PR feedback

* Uses playbook and adds git tag

* Updates based on the PR feedback

fixes variable name
fixes name of the job

* Cleans up gha workflows

Multiple jobs for better security.
Updates based on review feedback.

* Adds code to create git tag

* Reformats the input

* Cleans up based on feedback

Changes double quote to single quotes.
Changes name to fit UI.
Mentions working directory.
Removes `--upgrade-pip`.
Removes `main` branch name.

* Fixes based on testing

Fixes typos and commands whereever necessary.

* Updates pypi configuration for release

* Edits based on feedback

Fixes name of a job.
Fixes repository url.

* Edits based on the feedback

Fixes the upload url.
Removes Github token from the git `push` step .
Sets `inputs.ansible-version` vars to `ANSIBLE_VERSION` as env variable.

Please enter the commit message for your changes. Lines starting

* Edits based on the Feedback.

Divides from one action into multiple actions.
Rewrites multi-line command into really one-line making it more readable.
Corrects the variable name.

* Edits following the feedback

* Pauses workflow for PR review & then publish

Based on the feedback this PR edits for the following:

Adds a job to pause the workflow till the pr is reviewed and merged.
Adds publish to PyPI job in this worklflow.
Adds git tag job in this workflow.

* Uses pypirelease environment

Updates as suggested in the PR review.

* Removes extra workflow file

* Updates based on the PR review feedback

* Uses pypi environment

* Edits based on the feedback hacking with Felix

* Apply suggestions from code review.

Co-authored-by: Maxwell G <maxwell@gtmx.me>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Maxwell G <maxwell@gtmx.me>
---
 .github/workflows/ansible-release.yml | 150 ++++++++++++++++++++++++++
 1 file changed, 150 insertions(+)
 create mode 100644 .github/workflows/ansible-release.yml

diff --git a/.github/workflows/ansible-release.yml b/.github/workflows/ansible-release.yml
new file mode 100644
index 0000000000..06cd1a56e6
--- /dev/null
+++ b/.github/workflows/ansible-release.yml
@@ -0,0 +1,150 @@
+name: Release Ansible package
+on:
+  workflow_dispatch:
+    inputs:
+      ansible-version:
+        description: >-
+          Release Version. Example: 11.1.0
+        required: true
+      ansible-major-version:
+        description: >-
+          Major Release Version. Example: 11
+        required: true
+env:
+  CI_COMMIT_MESSAGE: >-
+    Ansible ${{ inputs.ansible-version }}:
+    Dependencies, changelog and porting guide
+  ANSIBLE_VERSION: ${{ inputs.ansible-version }}
+
+jobs:
+  build:
+    name: Build Ansible (${{ inputs.ansible-version }})
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: write
+
+    steps:
+      - name: Check out antsibull
+        uses: actions/checkout@v3
+        with:
+          repository: ansible-community/antsibull
+          ref: main
+          path: antsibull
+
+      - name: Pre-create build directory
+        run: mkdir -p antsibull/build
+
+      # This is where the antsibull build-release role expects it by default
+      - name: Check out ansible-build-data under antsibull build directory
+        uses: actions/checkout@v3
+        with:
+          path: antsibull/build/ansible-build-data
+
+      - name: Set up Python 3.11
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.11
+
+      - name: Install dependencies
+        working-directory: antsibull
+        run: |
+          python3 -m pip install ansible-core
+          python3 -m pip install antsibull
+          ansible-galaxy install -r requirements.yml
+
+      - name: Checking out to a new branch
+        working-directory: antsibull/build/ansible-build-data
+        run: |
+          git checkout -b "publish-${ANSIBLE_VERSION}"
+
+      - name: Setting the user details
+        run: |
+          git config --global user.name "Github Actions"
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+
+      # Run the playbook according to the current release process
+
+      - name: Building a release with the defaults
+        working-directory: antsibull
+        run: >-
+          ansible-playbook -vv playbooks/build-single-release.yaml
+          -e antsibull_data_reset=false
+          -e "antsibull_ansible_version=${ANSIBLE_VERSION}"
+        env:
+          # Make result better readable
+          ANSIBLE_CALLBACK_RESULT_FORMAT: yaml
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: sdist-and-wheel
+          path: antsibull/build/ansible-*.*
+
+      - name: Commit ansible-build-data and push the changes to github
+        working-directory: >-
+          antsibull/build/ansible-build-data/${{ inputs.ansible-major-version }}
+        run: |
+         git add .
+         git commit -m "${CI_COMMIT_MESSAGE}"
+         git push origin "publish-${ANSIBLE_VERSION}"
+
+      - name: Create PR to the ansible-build-data
+        working-directory: antsibull/build/ansible-build-data
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: >-
+          gh pr create
+          --base main
+          --head "publish-${ANSIBLE_VERSION}"
+          --title "Release Ansible ${ANSIBLE_VERSION}"
+          --body "${CI_COMMIT_MESSAGE}"
+
+  # publish job downloads the arifacts and publish it to PyPI
+
+  publish:
+    needs: build
+    name: Upload Ansible (${{ inputs.ansible-version }}) to PyPI
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/project/ansible/${{ inputs.ansible-version }}
+    permissions:
+      id-token: write
+
+    steps:
+
+    - name: Download artifact
+      uses: actions/download-artifact@v3
+      with:
+        name: sdist-and-wheel
+        path: dist/
+
+    - name: Upload Ansible sdist and wheel to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
+
+  # git-tag job creates the git tag
+
+  git-tag:
+    needs: publish
+    name: Creates git tag for Ansible (${{ inputs.ansible-version }})
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+
+      - name: Check out ansible-build-data
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.repository.default_branch }}
+
+      - name: Create git tag
+        working-directory: ansible-build-data
+        run: |
+          git config --global user.name "Github Actions"
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git tag -a "${ANSIBLE_VERSION}" -m "Ansible ${ANSIBLE_VERSION}: Changelog, Porting Guide and Dependent Collection Details"
+          git push origin "${ANSIBLE_VERSION}"
+