Adopt GHA Scala Library Release Workflow #416
Conversation
rtyley
force-pushed
the
adopt-GHA-Scala-Library-Release-Workflow
branch
2 times, most recently
from
7a333e7 to
0345b7f
Compare
This is the second library, after https://github.com/guardian/etag-caching, to adopt https://github.com/guardian/gha-scala-library-release-workflow/blob/main/README.md . The changes required to adopt the automated workflow: * No need to set `sonatypeProfileName` or `ThisBuild / publishTo`, that's now done by the workflow. * Remove the sign, publish, release & push steps of sbt-release's `releaseProcess` configuration, because the workflow does those now, and the workflow only wants `sbt release` to create the versioning commits, and tag them appropriately. The workflow does the rest itself. * Remove `sbt-pgp` plugin because it's no longer used - the workflow does the signing using `gpg` directly. Additionally, we add **automatic version numbering** based on compatibility assessment performed by `sbt-version-policy`: * Add the `sbt-version-policy` plugin, to allow it to do the compatibility assessment. This also sets the `versionScheme` for this library to `early-semver`, which is the recommended versioning for Scala libraries, and `sbt-version-policy` and correct sbt-eviction-issue-detection pretty much depend on the `versionScheme` being `early-semver`. Thus we also need to switch to using a new semver version number for our library version! * Add the `releaseVersion := fromAggregatedAssessedCompatibilityWithLatestRelease().value` sbt setting, which will intelligently set the release version based on `sbt-version-policy`'s compatibility assessment, thanks to scalacenter/sbt-version-policy#187 . * Use `publish / skip := true`, rather than other hacks like `publish := {}` or `publishArtifact := false`, to tell sbt not to publish modules that we don't want published (typically, the 'root' module) - this is important because `sbt-version-policy` won't understand those hacks, but _will_ understand `publish / skip := true` means that it doesn't need to assess compatibility there.
rtyley
force-pushed
the
adopt-GHA-Scala-Library-Release-Workflow
branch
from
0345b7f to
058d62a
Compare
| @@ -1 +1 @@ | |||
| ThisBuild / version := "0.41-SNAPSHOT" | |||
| ThisBuild / version := "1.0.0-SNAPSHOT" | |||
There was a problem hiding this comment.
Are we saying that, when we merge this change, we can run the release workflow and it will build/deploy version 1.0.0? I suppose this means that, in the case where we're using this new plugin, the version.sbt file is the source of truth for the next version?
There was a problem hiding this comment.
Also, I created this project, should I be updating it to use this new plugin? (it's configured with my own sonatype username and password at the moment....)
There was a problem hiding this comment.
we can run the release workflow and it will build/deploy version
1.0.0? I suppose this means that, in the case where we're using this new plugin, the version.sbt file is the source of truth for the next version?
That's right! Actually, I don't think that's a change from the existing behaviour for version numbers - the workflow hasn't changed things here. You can think of '-SNAPSHOT' as meaning '-SNAPSHOT-PREVIEW', so 1.0.0-SNAPSHOT is actually a 'preview' release of 1.0.0 before it's actually finished and released. This is standard Maven release versioning - we always work with the version number set to a snapshot of what the next release will be.
I created this project, should I be updating it to use this new plugin? (it's configured with my own sonatype username and password at the moment....)
Well, at the moment, gha-scala-library-release-workflow is in an early-feedback phase - I'd like it tried out on just a small number of repositories, so people can give me feedback to incorporate before we update all the Scala library repos at the Guardian!
If you'd like to try out updating https://github.com/guardian/mobile-apps-api-models to work with the new flow, that would be absolutely wonderful, you'd be being an awesome beta-tester!
There was a problem hiding this comment.
Thanks for the explanation - in the mapi-models project I discarded the use of version.sbt (in favour of the user defining this via the github release UI) so it's good to see how the release process can integrate with this file (which is a mechanism that feels neater).
There was a problem hiding this comment.
Yeah, it's an interesting choice to make, whether to initiate by creating a GitHub release, which is beautiful and elegant, but requires there to already be a tag, with some random human-chosen version number, or to initiate by running the workflow with workflow-dispatch, which is not quite as beautiful, but doesn't require there to be an already-existing tag... I've gone with the second one!
Yeah! Though those credentials should only be used with |
|
This did successfully do a release for this library!
However, it took a few attempts, because of two things I'd forgotten were also required:
|
This is the 3rd library to adopt https://github.com/guardian/gha-scala-library-release-workflow, a new automated library release process that allows releases to be published to Maven Central with the click of a button. The changes in here are similar to the ones in guardian/play-secret-rotation#416, with the addition that sbt settings that provide the pom metadata required by Maven Central ( https://central.sonatype.org/publish/requirements/#project-name-description-and-url ) can be simplified thanks to the functionality provided by xerial/sbt-sonatype#58 - setting `sonatypeProjectHosting` takes care of a lot the fields!
Following [the example from play-secret-rotation](guardian/play-secret-rotation#416), rather than set up a new developer credential to release the next version of this library, this commit sets up [guardian/gha-scala-library-release-workflow](https://github.com/guardian/gha-scala-library-release-workflow).
Following [the example from play-secret-rotation](guardian/play-secret-rotation#416), rather than set up a new developer credential to release the next version of this library, this commit sets up [guardian/gha-scala-library-release-workflow](https://github.com/guardian/gha-scala-library-release-workflow).
- Adopt scala library release GHA workflow Following [the example from play-secret-rotation](guardian/play-secret-rotation#416), rather than set up a new developer credential to release the next version of this library, this commit sets up [guardian/gha-scala-library-release-workflow](https://github.com/guardian/gha-scala-library-release-workflow). - Further `gha-scala-library-release-workflow` tweaks Further to #102 (comment), these are a few more tweaks: * Delete the entire `sonatype.sbt` file that was providing these keys that `gha-scala-library-release-workflow` now takes care of for us: * `sonatypeProfileName` - see https://github.com/guardian/gha-scala-library-release-workflow/blob/7d278d4d44e30b4b4c0f6791053bdeb40b8159cb/.github/workflows/reusable-release.yml#L258 * `publishTo` - see guardian/facia-scala-client#299 (comment) * `scmInfo` & `pomExtra` - see guardian/facia-scala-client#299 (review) * `homepage` - https://github.com/xerial/sbt-sonatype/blob/da75ed2efe29e7d674a6d6af5103b4aa1cecefb8/src/main/scala/xerial/sbt/Sonatype.scala#L368 * Specify Java 11-compatible bytecode - see https://github.com/guardian/facia-scala-client/pull/299/files#r1425630691 As part of some of these changes, I've also removed the vestiges of the build-configuration that adapted the build for Scala 2.11 & 2.12 (eg the `versionDependent()` helper method) - these are no longer need since #78 removed support for Scala 2.12 in January 2023. Co-authored-by: Roberto Tyley <[email protected]>
- Adopt scala library release GHA workflow Following [the example from play-secret-rotation](guardian/play-secret-rotation#416), rather than set up a new developer credential to release the next version of this library, this commit sets up [guardian/gha-scala-library-release-workflow](https://github.com/guardian/gha-scala-library-release-workflow). - Further `gha-scala-library-release-workflow` tweaks Further to #102 (comment), these are a few more tweaks: * Delete the entire `sonatype.sbt` file that was providing these keys that `gha-scala-library-release-workflow` now takes care of for us: * `sonatypeProfileName` - see https://github.com/guardian/gha-scala-library-release-workflow/blob/7d278d4d44e30b4b4c0f6791053bdeb40b8159cb/.github/workflows/reusable-release.yml#L258 * `publishTo` - see guardian/facia-scala-client#299 (comment) * `scmInfo` & `pomExtra` - see guardian/facia-scala-client#299 (review) * `homepage` - https://github.com/xerial/sbt-sonatype/blob/da75ed2efe29e7d674a6d6af5103b4aa1cecefb8/src/main/scala/xerial/sbt/Sonatype.scala#L368 * Specify Java 11-compatible bytecode - see https://github.com/guardian/facia-scala-client/pull/299/files#r1425630691 As part of some of these changes, I've also removed the vestiges of the build-configuration that adapted the build for Scala 2.11 & 2.12 (eg the `versionDependent()` helper method) - these are no longer need since #78 removed support for Scala 2.12 in January 2023. Co-authored-by: Roberto Tyley <[email protected]>
This is the second library (after
etag-caching), to adoptguardian/gha-scala-library-release-workflow. This is a new automated library release process, which means that a new library release can be published to Maven Central with the click of a button:This replaces the old release process which had developers manually running
sbt releaseon their own laptops - each developer had to obtain their own PGP key and Sonatype credentials, which was an elaborate setup process. Now, there is one single set of credentials, available through GitHub Organisation Secrets, like we already do with NPM.Required changes
The changes required to adopt the automated workflow:
sonatypeProfileNameorThisBuild / publishTo, that's now done by the workflow.releaseProcessconfiguration, because the workflow does those now, and the workflow only wantssbt releaseto create the versioning commits, and tag them appropriately. The workflow does the rest itself.sbt-pgpplugin because it's no longer used - the workflow does the signing usinggpgdirectly.play-secret-rotation) access to these two GitHub Organisation Secrets (probably requires Organisation Owner privileges):AUTOMATED_MAVEN_RELEASE_PGP_SECRET&AUTOMATED_MAVEN_RELEASE_SONATYPE_PASSWORD:Additionally, we add automatic version numbering based on compatibility assessment performed by
sbt-version-policy:sbt-version-policyplugin, to allow it to do the compatibility assessment. This also sets theversionSchemefor this library toearly-semver, which is the recommended versioning for Scala libraries, andsbt-version-policyand correct sbt-eviction-issue-detection pretty much depend on theversionSchemebeingearly-semver. Thus we also need to switch to using a new semver version number for our library version!releaseVersion := fromAggregatedAssessedCompatibilityWithLatestRelease().valuesbt setting, which will intelligently set the release version based onsbt-version-policy's compatibility assessment, thanks to Simplify integration with sbt-release scalacenter/sbt-version-policy#187 .publish / skip := true, rather than other hacks likepublish := {}orpublishArtifact := false, to tell sbt not to publish modules that we don't want published (typically, the 'root' module) - this is important becausesbt-version-policywon't understand those hacks, but will understandpublish / skip := truemeans that it doesn't need to assess compatibility there.