pezkuwi-sdk/.github/workflows/release-11_rc-automation.yml

name: Release - RC tagging automation
on:
  workflow_dispatch:
    inputs:
      version:
        description: Current release/rc version in format pezkuwi-stableYYMM
  workflow_call:
    inputs:
      version:
        description: Current release/rc version in format pezkuwi-stableYYMM
        type: string

jobs:
  tag_rc:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        channel:
          - name: "RelEng: Pezkuwi Release Coordination"
            room: '!cqAmzdIcbOFwrdrubV:pezkuwichain.io'
    environment: release
    env:
      PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }}
      PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}

    steps:
      - name: Install pgpkkms
        run: |
          # Install pgpkms that is used to sign commits
          pip install git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151

      - name: Generate content write token for the release automation
        id: generate_write_token
        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
        with:
            app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }}
            private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }}
            owner: pezkuwichain

      - name: Checkout sources
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
        with:
          fetch-depth: 0
          token: ${{ steps.generate_write_token.outputs.token }}

      - name: Import gpg keys
        run: |
          . ./.github/scripts/common/lib.sh

          import_gpg_keys

      - name: Config git
        run: |
          git config --global commit.gpgsign true
          git config --global gpg.program /home/runner/.local/bin/pgpkms-git
          git config --global user.name "ParityReleases"
          git config --global user.email "release-team@pezkuwichain.io"
          git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51"

      - name: Compute next rc tag
        # if: ${{ steps.get_rel_product.outputs.product == 'pezkuwi' }}
        id: compute_tag
        shell: bash
        run: |
          . ./.github/scripts/common/lib.sh

          # Get last rc tag if exists, else set it to {version}-rc1
          if [[ -z "${{ inputs.version }}" ]]; then
            version=v$(get_pezkuwi_node_version_from_code)
          else
            version=$(validate_stable_tag ${{ inputs.version }})
          fi
          echo "$version"
          echo "version=$version" >> $GITHUB_OUTPUT

          last_rc=$(get_latest_rc_tag $version pezkuwi)

          if [ -n "$last_rc" ]; then
            suffix=$(increment_rc_tag $last_rc)
            echo "new_tag=$version-rc$suffix" >> $GITHUB_OUTPUT
            echo "first_rc=false" >> $GITHUB_OUTPUT
          else
            echo "new_tag=$version-rc1" >> $GITHUB_OUTPUT
            echo "first_rc=true" >> $GITHUB_OUTPUT
          fi

      - name: Apply new tag
        env:
          GH_TOKEN: ${{ steps.generate_write_token.outputs.token }}
          RC_TAG: ${{ steps.compute_tag.outputs.new_tag }}
        run: |
         git tag -s $RC_TAG -m "new rc tag $RC_TAG"
         git push origin $RC_TAG

      - name: Send Matrix message to ${{ matrix.channel.name }}
        uses: s3krit/matrix-message-action@70ad3fb812ee0e45ff8999d6af11cafad11a6ecf # v0.0.3
        # if: steps.create-issue.outputs.url != ''
        with:
          room_id: ${{ matrix.channel.room }}
          access_token: ${{ secrets.RELEASENOTES_MATRIX_V2_ACCESS_TOKEN }}
          server: m.pezkuwichain.io
          message: |
            Release process for pezkuwi ${{ steps.compute_tag.outputs.new_tag }} has been started.<br/>