PB-24575: release notes automations

Author: Tecnobutrul

.github/workflows/release.yaml

@@ -0,0 +1,17 @@
+name: Create Release
+
+on:
+    push:
+        tags:
+            - 'v[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+    build:
+        name: Create release
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v3
+            - env:
+                  GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+              name: Create Release
+              run: gh release create "${GITHUB_REF#refs/*/}" --notes-file RELEASE_NOTES.md

.github/workflows/release_candidate.yaml

@@ -0,0 +1,17 @@
+name: Create Release Candidate
+
+on:
+    push:
+        tags:
+            - 'v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+'
+
+jobs:
+    build:
+        name: Create release candidate
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v3
+            - env:
+                  GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+              name: Create Release candidate
+              run: gh release create "${GITHUB_REF#refs/*/}" -p --notes-file RELEASE_NOTES.md

.gitignore

@@ -132,3 +132,5 @@ tilt_modules*
 
 # PHPUNIT generated file
 .phpunit.result.cache
+# Vim filems
+*.vim

.gitlab-ci.yml

@@ -18,14 +18,17 @@ stages:
   - unit-test
   - unit-test-parallel
   - packaging-trigger
+  - release
 
 include:
   - template: Code-Quality.gitlab-ci.yml
-  #  - local: "/.gitlab-ci/jobs/php_unit_tests/runner.yml"
+  # - local: "/.gitlab-ci/jobs/php_unit_tests/runner.yml"
   - local: "/.gitlab-ci/jobs/php_unit_tests/sequential/php_unit_tests.yml"
   - local: "/.gitlab-ci/jobs/style_check.yml"
   - local: "/.gitlab-ci/jobs/security_check.yml"
   - local: ".gitlab-ci/jobs/packaging_trigger/package_trigger.yml"
+  - local: ".gitlab-ci/jobs/release.yml"
+  - local: ".gitlab-ci/jobs/help_site_notes.yml"
 
 code_quality:
   stage: unit-test

.gitlab-ci/jobs/help_site_notes.yml

@@ -0,0 +1,21 @@
+help_site_notes:
+  stage: release
+  variables:
+    GPG_KEY_PATH: "/tmp/gpg-key"
+    GPG_PASSPHRASE: $HELP_SITE_GPG_KEY_PASS
+    GPG_KEY_GRIP: $HELP_SITE_GPG_KEYGRIP
+  image: debian
+  script: |
+    source .gitlab-ci/scripts/bin/set-env.sh "$CI_COMMIT_TAG"
+    if is_release_candidate "$tag"; then
+      echo "The tag is for a release candidate. Skipping release notes creation..."
+      exit 0
+    fi
+    apt update && apt install -y git curl gpg
+    curl -L https://gitlab.com/gitlab-org/cli/-/releases/v1.30.0/downloads/glab_1.30.0_Linux_x86_64.deb  --output glab.deb
+    dpkg -i glab.deb
+    cat "$HELP_SITE_GPG_KEY" > "$GPG_KEY_PATH"
+    bash .gitlab-ci/scripts/bin/help_site.sh
+  rules:
+    - if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+$/'
+      when: on_success

.gitlab-ci/jobs/packaging_trigger/package_trigger.yml

@@ -3,10 +3,10 @@ packaging-trigger:
   variables:
     PACKAGING_TRIGGER_BRANCH: "main"
     DOWNSTREAM_PROJECT_ID: "$PACKAGING_PROJECT_ID"
-  image: registry.gitlab.com/passbolt/passbolt-ci-docker-images/debian-bullseye-11-slim:latest
+  image: debian:bullseye-slim
   script:
     - apt update && apt install -y curl
-    - bash .gitlab-ci/scripts/packaging-trigger.sh "$CI_COMMIT_TAG" "$PACKAGING_TRIGGER_BRANCH"
+    - bash .gitlab-ci/scripts/bin/packaging-trigger.sh "$CI_COMMIT_TAG" "$PACKAGING_TRIGGER_BRANCH"
   rules:
     - if: $CI_COMMIT_TAG
       when: on_success

.gitlab-ci/jobs/release.yml

@@ -0,0 +1,21 @@
+release_notes:
+  image: registry.gitlab.com/gitlab-org/release-cli:latest
+  release:
+    description: './RELEASE_NOTES.md'
+    tag_name: $CI_COMMIT_TAG
+  rules:
+    - if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+$/'
+      when: on_success
+  script: echo "Creating relase notes for $CI_COMMIT_TAG"
+  stage: release
+
+release_notes_candidate:
+  image: registry.gitlab.com/gitlab-org/release-cli:latest
+  release:
+    tag_name: $CI_COMMIT_TAG
+    description: $CI_COMMIT_TAG
+  rules:
+    - if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/'
+      when: on_success
+  script: echo "Creating relase notes for $CI_COMMIT_TAG"
+  stage: release

.gitlab-ci/scripts/bin/help_site.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+#
+
+set -euo pipefail
+
+CI_SCRIPTS_DIR=$(dirname "$0")/..
+
+# shellcheck source=.gitlab-ci/scripts/lib/git-helpers.sh
+source "$CI_SCRIPTS_DIR"/lib/git-helpers.sh
+
+PASSBOLT_HELP_DIR="passbolt_help"
+GITLAB_USER_EMAIL="[email protected]"
+GIT_CI_TOKEN_NAME=${GIT_CI_TOKEN_NAME:-gitlab-ci-token}
+ACCESS_TOKEN_NAME="help-site-bot"
+HELP_SITE_REPO="gitlab.com/passbolt/passbolt-help.git"
+RELEASE_NOTES_PATH="../RELEASE_NOTES.md"
+
+
+function create_release_notes() {
+    title="$(grep name ../config/version.php | awk -F "'" '{print $4}')"
+    slug="$(grep name ../config/version.php | awk -F "'" '{print $4}' | tr ' ' '_' | tr '[:upper:]' '[:lower:]')"
+    categories="releases $PASSBOLT_FLAVOUR"
+    song="$(grep 'Release song:' $RELEASE_NOTES_PATH | awk '{print $3}')"
+    quote="$(grep name ../config/version.php | awk -F "'" '{print $4}')"
+    permalink="/releases/$PASSBOLT_FLAVOUR/$(grep name ../config/version.php | awk -F "'" '{print $4}' | tr ' ' '_' | tr '[:upper:]' '[:lower:]')"
+    date="$(date +'%Y-%m-%d')"
+
+    cat << EOF >> _releases/"$PASSBOLT_FLAVOUR"/"$CI_COMMIT_TAG".md
+---
+title: $title
+slug: $slug
+layout: release
+categories: $categories
+version: $CI_COMMIT_TAG
+product: $PASSBOLT_FLAVOUR
+song: $song
+quote: $quote
+permalink: $permalink
+date: $date
+---
+EOF
+
+    cat $RELEASE_NOTES_PATH >> _releases/"$PASSBOLT_FLAVOUR"/"$CI_COMMIT_TAG".md
+}
+
+setup_gpg_key "$GPG_KEY_PATH" "$GPG_PASSPHRASE" "$GPG_KEY_GRIP"
+setup_git_user "$GITLAB_USER_EMAIL" "$ACCESS_TOKEN_NAME"
+
+git clone -b master https://"$HELPSITE_TOKEN_NAME":"$HELPSITE_TOKEN"@"$HELP_SITE_REPO" "$PASSBOLT_HELP_DIR"
+
+cd "$PASSBOLT_HELP_DIR"
+
+create_release_notes
+git checkout -b release_notes_"$CI_COMMIT_TAG"
+git add _releases/"$PASSBOLT_FLAVOUR"/"$CI_COMMIT_TAG".md
+git commit -m ":robot: Automatically added release notes for version $CI_COMMIT_TAG $PASSBOLT_FLAVOUR"
+glab auth login --token "$HELPSITE_TOKEN"
+mr_url=$(glab mr create -s release_notes_"$CI_COMMIT_TAG" -b master -d ":robot: Release notes for $CI_COMMIT_TAG $PASSBOLT_FLAVOUR" -t "Release notes for $CI_COMMIT_TAG" --push --repo "passbolt/passbolt-help" | grep 'https://gitlab.com/passbolt/passbolt-help/-/merge_requests/')
+cd -
+bash .gitlab-ci/scripts/bin/slack-status-messages.sh ":notebook: New helpsite release notes created for $CI_COMMIT_TAG $PASSBOLT_FLAVOUR" "$mr_url"

.gitlab-ci/scripts/packaging-trigger.sh renamed to .gitlab-ci/scripts/bin/packaging-trigger.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# shellcheck disable=SC1091
+
+CI_SCRIPTS_DIR=$(dirname "$BASH_SOURCE")/..
+
+source "$CI_SCRIPTS_DIR"/lib/version-check.sh
+source "$CI_SCRIPTS_DIR"/lib/set-env.sh
+
+declare -a version_config
+tag="$1"
+
+if [[ $tag == "" ]]; then
+  # If we don't have a tag we check for specific commit message to set
+  # parse_commit_message returns by default: release pro all testing
+  # branch and flavour
+  read -r -a version_config <<< "$(parse_commit_message "$CI_COMMIT_MESSAGE")"
+else
+  # This line doesn't work on zsh shell
+  read -r -a version_config <<< "$(parse_tag "$tag")"
+fi
+
+echo "Exporting the following variables"
+echo "================================="
+echo "API_CLONE_BRANCH=${version_config[0]}"
+echo "PASSBOLT_FLAVOUR=${version_config[1]}"
+echo "FILTER=${version_config[2]}"
+echo "PASSBOLT_COMPONENT=${version_config[3]}"
+
+export API_CLONE_BRANCH="${version_config[0]}"
+export PASSBOLT_FLAVOUR="${version_config[1]}"
+export FILTER="${version_config[2]}"
+export PASSBOLT_COMPONENT="${version_config[3]}"

.gitlab-ci/scripts/bin/set-env.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# Variables required
+# CI_PROJECT_NAME
+# CI_PIPELINE_ID
+# SLACK_CHANNEL_ID
+# SLACK_WEBHOOK
+
+title="$1"
+url="$2"
+
+curl -X POST -H 'Content-type: application/json' $SLACK_WEBHOOK \
+--data-binary @- <<EOF
+{
+  "channel": "$SLACK_CHANNEL_ID",
+  "attachments": [
+    {
+      "color": "#36A64F",
+      "title": "$title",
+      "attachment_type": "default",
+      "actions": [
+        {
+          "name": "Check it!",
+          "text": "Check it!",
+          "type": "button",
+          "style": "primary",
+          "url": "$url"
+        }
+      ]
+    }
+  ]
+}
+EOF

.gitlab-ci/scripts/bin/slack-status-messages.sh

@@ -0,0 +1,29 @@
+function setup_gpg_key() {
+  key_path="$1"
+  passphrase="$2"
+  grip="$3"
+
+  mkdir -p ~/.gnupg
+  echo "allow-preset-passphrase" > ~/.gnupg/gpg-agent.conf
+  gpg-agent --homedir ~/.gnupg --use-standard-socket --daemon
+  /usr/lib/gnupg2/gpg-preset-passphrase -c "$grip" <<< "$passphrase"
+  gpg --pinentry-mode loopback --passphrase "$passphrase" --import "$key_path"
+}
+
+function setup_git_user() {
+  local email="$1"
+  local name="$2"
+  git config --global user.email "$email"
+  git config --global user.name "$name"
+  git config --global commit.gpgsign true
+  git config --global user.signingkey "$email"
+}
+
+function create_git_tag() {
+  local passbolt_version="$1"
+  local passbolt_flavour="$2"
+  local filter="$3"
+  local component="$4"
+  local tag="$passbolt_version-$passbolt_flavour-$filter"
+  git tag -a "$tag" -m "Release $tag version for $component package" > /dev/null
+}

.gitlab-ci/scripts/lib/git-helpers.sh

@@ -0,0 +1,48 @@
+# This function parses a tag in the form of:
+# v3.11.0-rc.1-pro-all
+#
+# All of the fields are mandatory:
+# Version: v3.11.0-rc.1|v3.11.0
+# Passbolt flavour: pro|ce
+# Per package filter: all|rpm|debian
+#
+# It also provides the component based on if it is RC: testing|stable
+function parse_tag() {
+  local tag=$1
+
+  if is_release_candidate "$tag"; then
+    echo "$tag" | awk -F '-' '{print $1"-"$2,$3,$4,"testing"}'
+  else
+    echo "$tag" | awk -F '-' '{print $1,$2,$3,"stable"}'
+  fi
+}
+
+# Example [branch: develop] # points to pro flavour
+# Example [flavour: ce] # points to release branch
+# Example [branch: develop, flavour: ce]
+#
+# If the commit message does not contain any of the above patterns
+# We default to clone: pro api release branch
+function parse_commit_message() {
+  local message="$1"
+  local branch
+  local flavour
+  local component
+  local filter
+
+  branch=$(calculate_regex "$message" "release" "branch")
+  component=$(calculate_regex "$message" "testing" "component")
+  filter=$(calculate_regex "$message" "all" "filter")
+  flavour=$(calculate_regex "$message" "pro" "flavour")
+
+  echo "$branch" "$flavour" "$filter" "$component"
+}
+
+function calculate_regex() {
+  local message="$1"
+  local default_value="$2"
+  local pattern="$3"
+
+  result="$(echo "$message" | sed -nE "s/.*\[.*($pattern: *)([^]|^ |^,]+).*\]/\\2/p")"
+  echo "${result:-$default_value}"
+}

.gitlab-ci/scripts/lib/set-env.sh

@@ -0,0 +1,26 @@
+function is_valid_api_tag () {
+  if [[ ! $PASSBOLT_VERSION =~ [0-9]+\.[0-9]+\.[0-9]+ ]]; then
+    echo "Invalid version format: $PASSBOLT_VERSION"
+    return 1
+  fi
+}
+
+function is_release_candidate () {
+  local version=$1
+  if [[ ! $version =~ [0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+ ]];then
+    return 1
+  fi
+  return 0
+}
+
+function validate_config_version_and_api_tag () {
+  local version_file="$1"
+  local version
+  version=$(echo "$PASSBOLT_VERSION" | tr -d 'v')
+
+  if ! grep -q "$version" "$version_file"; then
+    echo "Version number in version.php does not match the tag: $PASSBOLT_VERSION"
+    return 1
+  fi
+}
+