DAT-18302 DevOps :: Add Dry Run capabilities to liquibase packages (#250

)

* 🔧 (package.yml): Add conditional checks to skip workflow steps if dry_run flag is set to true. This allows for creating a dry-run release without executing certain steps.

* 📝 (package.yml): add dry_run parameter to workflow inputs to support triggering a dry-run release and set default value to false

* 🔧 (package.yml): Add conditional check to upload dry-run deb and rpm packages only if dry_run is true
🔧 (package.yml): Update SDKMAN version only if dry_run is false to avoid updating version in dry-run mode
🔧 (package.yml): Upload liquibase version to S3 only if dry_run is true to simulate dry-run mode

* 🐛 (package.yml): fix conditional statement syntax to correctly check for PR_EXISTS and dry_run values before updating Homebrew formula

* 🔧 (package.yml): Update SDKMAN version for ${{ inputs.artifactId }} with a dry-run option to prevent actual changes when dry_run is true
🔧 (package.yml): Remove unnecessary if condition for upload_windows_package and upload_ansible_role jobs as they are always executed regardless of dry_run value

.github/workflows/package.yml

@@ -13,6 +13,11 @@ on:
       version:
         description: "Value from the version field in pom.xml. i.e 4.23.0"
         type: string
+      dry_run: 
+        description: 'Flag to indicate if the workflow is triggered to create a dry-run release'
+        required: true
+        type: boolean
+        default: false
     secrets:
       GPG_SECRET:
         description: "GPG_SECRET from the caller workflow"
@@ -23,7 +28,7 @@ on:
       GPG_SECRET_KEY_ID:
         description: "GPG_SECRET_KEY_ID from the caller workflow"
         required: true
-
+        
 env:
   MAVEN_VERSION: "3.9.5"
 
@@ -94,6 +99,7 @@ jobs:
         run: gem install deb-s3
 
       - name: Upload ${{ inputs.artifactId }} deb package
+        if: ${{ inputs.dry_run == false }}
         run: |
           sudo apt install pinentry-tty
           echo "2" | sudo update-alternatives --config pinentry
@@ -102,13 +108,24 @@ jobs:
           echo '${{ secrets.GPG_PASSPHRASE }}' > pass.txt
           deb-s3 upload --preserve-versions --sign "${{ secrets.GPG_SECRET_KEY_ID }}" --gpg-options "\-\-pinentry-mode loopback \-\-batch \-\-passphrase\-file pass.txt \-\-yes \-\-quiet" --bucket repo.liquibase.com $PWD/.github/target/${{ inputs.artifactId }}-${{ inputs.version }}.deb
 
+      - name: Upload ${{ inputs.artifactId }} dry-run deb package
+        if: ${{ inputs.dry_run == true }}
+        run: |
+          sudo apt install pinentry-tty
+          echo "2" | sudo update-alternatives --config pinentry
+          echo "${{ secrets.GPG_SECRET }}" | gpg --batch --import --pinentry-mode loopback --passphrase "${{ secrets.GPG_PASSPHRASE }}"
+          export GPG_TTY=$(tty)
+          echo '${{ secrets.GPG_PASSPHRASE }}' > pass.txt
+          deb-s3 upload --preserve-versions --sign "${{ secrets.GPG_SECRET_KEY_ID }}" --gpg-options "\-\-pinentry-mode loopback \-\-batch \-\-passphrase\-file pass.txt \-\-yes \-\-quiet" --bucket repo.liquibase.com.dry.run $PWD/.github/target/${{ inputs.artifactId }}-${{ inputs.version }}.deb
+
       - name: Convert deb to rpm
         run: |
           sudo apt-get update
           sudo apt-get install -y alien
           sudo alien --to-rpm --keep-version $PWD/.github/target/${{ inputs.artifactId }}-${{ inputs.version }}.deb
 
       - name: Upload ${{ inputs.artifactId }} rpm package
+        if: ${{ inputs.dry_run == false }}
         run: |
           sudo apt-get install -y libcurl4-openssl-dev libbz2-dev libxml2-dev libssl-dev zlib1g-dev pkg-config libglib2.0-dev liblzma-dev libsqlite0-dev libsqlite3-dev librpm-dev libzstd-dev python3 cmake
           ./.github/sign_artifact.sh ${{ inputs.artifactId }}-${{ inputs.version }}-1.noarch.rpm
@@ -130,6 +147,29 @@ jobs:
           mv ${{ inputs.artifactId }}-${{ inputs.version }}-1.noarch* $PWD/yum/noarch
           aws s3 sync $PWD/yum s3://repo.liquibase.com/yum
 
+      - name: Upload ${{ inputs.artifactId }} dry-run rpm package
+        if: ${{ inputs.dry_run == true }}
+        run: |
+          sudo apt-get install -y libcurl4-openssl-dev libbz2-dev libxml2-dev libssl-dev zlib1g-dev pkg-config libglib2.0-dev liblzma-dev libsqlite0-dev libsqlite3-dev librpm-dev libzstd-dev python3 cmake
+          ./.github/sign_artifact.sh ${{ inputs.artifactId }}-${{ inputs.version }}-1.noarch.rpm
+          mkdir createrepo_folder
+          cd createrepo_folder
+          git clone https://github.com/rpm-software-management/createrepo_c
+          cd createrepo_c
+          mkdir build
+          cd build
+          cmake .. -DWITH_ZCHUNK=NO -DWITH_LIBMODULEMD=NO
+          make -j
+          cp src/createrepo_c  /opt/createrepo
+          cd ../../..
+          mkdir -p $PWD/yum/noarch
+          aws s3 ls s3://repo.liquibase.com.dry.run/yum/noarch/ | grep -E '\.rpm$' | awk '{print $4}' | xargs -I {} aws s3 cp s3://repo.liquibase.com.dry.run/yum/noarch/{} $PWD/yum/noarch
+          /opt/createrepo -h
+          /opt/createrepo -dp $PWD/yum/noarch
+          ./.github/sign_artifact.sh $PWD/yum/noarch/repodata/repomd.xml
+          mv ${{ inputs.artifactId }}-${{ inputs.version }}-1.noarch* $PWD/yum/noarch
+          aws s3 sync $PWD/yum s3://repo.liquibase.com.dry.run/yum
+
 
       - name: Check for existing Homebrew formula PR for ${{ inputs.artifactId }}
         id: check-brew-pr
@@ -151,7 +191,7 @@ jobs:
           fi
 
       - name: Update Homebrew formula for ${{ inputs.artifactId }}
-        if: env.PR_EXISTS == 'false'
+        if: ${{ env.PR_EXISTS == 'false' && inputs.dry_run == 'false' }}
         uses: mislav/bump-homebrew-formula-action@v3
         with:
           formula-name: liquibase
@@ -167,6 +207,7 @@ jobs:
           COMMITTER_TOKEN: ${{ secrets.BOT_TOKEN }}
 
       - name: Update SDKMAN version for ${{ inputs.artifactId }}
+        if: ${{ inputs.dry_run == false }}
         env:
           SDKMAN_CONSUMER_KEY: ${{ secrets.SDKMAN_CONSUMER_KEY }}
           SDKMAN_CONSUMER_TOKEN: ${{ secrets.SDKMAN_CONSUMER_TOKEN }}
@@ -212,19 +253,42 @@ jobs:
           https://vendors.sdkman.io/announce/struct
           echo "Announced liquibase-$VERSION.zip to SDKMAN"
 
+      - name: Update SDKMAN version for ${{ inputs.artifactId }} dry-run
+        if: ${{ inputs.dry_run == true }}
+        env:
+          SDKMAN_CONSUMER_KEY: ${{ secrets.SDKMAN_CONSUMER_KEY }}
+          SDKMAN_CONSUMER_TOKEN: ${{ secrets.SDKMAN_CONSUMER_TOKEN }}
+          VERSION: ${{ inputs.version }}
+          S3_WEB_URL: https://s3.amazonaws.com/repo.liquibase.com.dry.run/sdkman
+          S3_BUCKET: s3://repo.liquibase.com.dry.run/sdkman/
+        run: |
+          wget -q https://github.com/liquibase/liquibase/releases/download/v$VERSION/liquibase-$VERSION.zip
+          mkdir -p liquibase-$VERSION/bin/internal
+          unzip liquibase-$VERSION.zip -d liquibase-$VERSION
+          rm -rf liquibase-$VERSION.zip
+          mv ./liquibase-$VERSION/liquibase ./liquibase-$VERSION/bin/
+          mv ./liquibase-$VERSION/liquibase.bat ./liquibase-$VERSION/bin/
+          zip -r liquibase-$VERSION.zip ./liquibase-$VERSION
+          # Upload the release to S3
+          aws s3 cp liquibase-$VERSION.zip $S3_BUCKET
+          echo "Uploaded liquibase-$VERSION.zip to s3"
+
       - name: Ensure s3 bucket public access is enabled
         run: |
           aws s3api put-bucket-acl --bucket repo.liquibase.com  --grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers
+          aws s3api put-bucket-acl --bucket repo.liquibase.com.dry.run  --grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers
 
   upload_windows_package:
     uses: liquibase/liquibase-chocolatey/.github/workflows/deploy-package.yml@master
     secrets: inherit
     with:
       version: ${{ inputs.version }}
+      dry_run: ${{ inputs.dry_run }}
 
   upload_ansible_role:
     uses: liquibase/liquibase-ansible/.github/workflows/deploy-role.yml@main
     secrets: inherit
     with:
       version: ${{ inputs.version }}
-
+      dry_run: ${{ inputs.dry_run }}
+