Added versioning from CI

.github/actions/publish-to-jfrog/action.yaml

@@ -40,6 +40,10 @@ inputs:
     description: ""
     required: false
     default: ~/.m2/repository
+  is-snapshot:
+    description: ""
+    required: false
+    default: 'true'
 
 runs:
   using: "composite"
@@ -88,7 +92,9 @@ runs:
       shell: bash
       working-directory: client
       run: |
+        export IS_SNAPSHOT=${{ inputs.is-snapshot }}
         jf rt upload --spec=${{ inputs.deploy-spec-path }}/publish-spec.json \
+            --target-props="is-snapshot=${{ inputs.is-snapshot }}" \
             --module=${{ inputs.artifact-id }} \
             --build-name=clients-java-push-to-dev_${{ inputs.artifact-id }} \
             --build-number=${{ github.run_number }}

.github/actions/run-ee-server/action.yaml

@@ -1,6 +1,10 @@
 name: "Run EE Server"
 description: "Run EE server. Returns once server is ready. Only tested on Linux and macOS"
 
+permissions:
+  # This is required for requesting the OIDC token
+  id-token: write
+
 inputs:
   # All inputs in composite actions are strings
   use-server-rc:

.github/workflows/create-release.yaml

@@ -0,0 +1,21 @@
+name: create-release
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        required: true
+        description: New version to set 
+
+jobs:
+  build-stage:
+    name: Build stage
+    uses: ./.github/workflows/release-stage.yaml
+    with:
+      # This will need to change to point to staging branch
+      ref: dev/dev-ci-fixes-stage 
+      version: ${{ inputs.version }}
+      build-number: ${{ github.run_number }}
+      is-snapshot: false
+    secrets: inherit

.github/workflows/promote-prod.yaml

@@ -11,13 +11,18 @@ on:
       build-number:
         type: number
         description: Build number used to build artifact to be promoted
+      target-branch:
+        type: choice
+        description: Target branch to promote to
+        options:
+          - dev-stage
 
 jobs:
   promote-from-stage-to-prod:
-    name: Promot from stage to prod
+    name: Promote from stage to prod
     uses: ./.github/workflows/promote.yaml
     with:
       build-number: ${{ inputs.build-number }}
       target-repository: clients-maven-stage-local
-      target-branch: dev-stage
+      target-branch: ${{ inputs.target-branch }}
     secrets: inherit

.github/workflows/promote.yaml

@@ -12,6 +12,10 @@ on:
       target-branch:
         type: string
         description: Target branch to promote token
+      jf-target-build:
+        type: string
+        description: Target build name
+        default: clients-java-push-to-dev
     secrets:
       SONATYPE_MAVEN_USER:
         required: true
@@ -42,7 +46,12 @@ jobs:
       - name: Get info
         id: get-build-info
         run: |
-          echo build-info=$(jf rt curl /api/build/clients-java-push-to-dev/${{ inputs.build-number }}) >> $GITHUB_OUTPUT
+          echo build-info=$(jf rt curl /api/build/${{ inputs.jf-target-build }}/${{ inputs.build-number }}) >> $GITHUB_OUTPUT
+
+      - name: Check if build is a release build
+        id: get-is-snapshot
+        run: |
+          echo build-info=$(jf rt curl /api/build/${{ inputs.jf-target-build }}/${{ inputs.build-number }}) >> $GITHUB_OUTPUT
 
       - name: Get commit hash from repo
         id: get-commit-hash
@@ -90,7 +99,7 @@ jobs:
           BUILD_NAMES=(${{ steps.get-build-name.outputs.build-names }})
 
           if [ ${#MODULES[@]} -eq 0 ];then
-            echo "Missing build names for modules in 'clients-java-push-to-dev'"
+            echo "Missing build names for modules in '${{ inputs.jf-target-build }}'"
           fi
 
           for BUILD_NAME in "${BUILD_NAMES[@]}"; do

.github/workflows/pull-request-open.yaml

@@ -1,5 +1,9 @@
 name: PR open
 
+permissions:
+  # This is required for requesting the OIDC token
+  id-token: write
+
 on:
   pull_request:
     branches:

.github/workflows/push-to-stage.yaml

@@ -11,5 +11,6 @@ jobs:
     name: Build stage
     uses: ./.github/workflows/release-stage.yaml
     with:
-      branch: ${{ github.ref }}
+      ref: ${{ github.ref }}
+      build-number: ${{ github.run_number }}
     secrets: inherit

.github/workflows/release-stage.yaml

@@ -1,7 +1,10 @@
 on:
   workflow_call:
     inputs:
-      branch:
+      ref:
+        type: string
+        required: true
+      build-number:
         type: string
         required: true
 
@@ -11,7 +14,7 @@ jobs:
     steps:
       - name: debug
         run: |
-          echo "${{ inputs.branch }}"
+          echo "${{ inputs.ref }}"
           echo "${{ github.base_ref }}"
 
   java-version:
@@ -23,7 +26,7 @@ jobs:
       - name: Checkout client
         uses: actions/checkout@v4
         with:
-          ref: ${{ inputs.branch }}
+          ref: ${{ inputs.ref }}
 
       - name: Get java version
         id: get-java-version
@@ -41,8 +44,8 @@ jobs:
       matrix:
         crypto-type: [bouncycastle, gnu]
     with:
+      ref: ${{ inputs.ref }}
       java-version: ${{ needs.java-version.outputs.java-version }}
-      branch: ${{ inputs.branch }}
       crypto-type: ${{ matrix.crypto-type }}
     secrets: inherit
 

.github/workflows/release.yaml

@@ -5,7 +5,7 @@ permissions:
 on:
   workflow_call:
     inputs:
-      branch:
+      ref:
         type: string
         required: true
       java-version:
@@ -31,7 +31,8 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
-          ref: ${{ inputs.branch }}
+          fetch-depth: 0
+          ref: ${{ inputs.ref }}
 
       # Java plugin will setup gpg but we are not using maven to deploy do JFrog.
       # - jf mvn clean install on publish does not publish POM we would like to publish
@@ -43,9 +44,57 @@ jobs:
           gpg-private-key: ${{ secrets.GPG_SECRET_KEY_ORG }}
           gpg-passphrase: GPG_PASS
 
+      - name: List checked out repo
+        shell: bash
+        run: |
+          ls -la
+
+      - name: Detect if snapshot
+        id: get-is-snapshot
+        shell: bash
+        run: |
+          # Getting previous commit
+          COMMIT_REF="HEAD~1"
+
+          # Checking if previous commit contains pom.xml. This should always return true
+          if ! git show "${COMMIT_REF}:pom.xml" &>/dev/null; then
+            echo "Error: pom.xml not found in commit ${COMMIT_REF}"
+            exit 1
+          fi
+
+          # Getting previous version
+          OLD_VERSIONS=$(git show "${COMMIT_REF}:pom.xml" |
+            sed -n 's/.*<revision>\([^<]*\)<\/revision>.*/\1/p')
+
+          # Getting current version
+          NEW_VERSIONS=$(sed -n 's/.*<revision>\([^<]*\)<\/revision>.*/\1/p' pom.xml)
+
+          # Compare the extracted versions. CI will not commit snapshot version.
+          if [[ "${OLD_VERSIONS}" != "${NEW_VERSIONS}" ]]; then
+            echo "is-snapshot='false'" >> $GITHUB_OUTPUT
+          else
+            echo "is-snapshot='true'" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Get release or snapshot-version
+        id: get-release-version
+        shell: bash
+        run: |
+          IS_SNAPSHOT=${{ steps.get-is-snapshot.outputs.is-snapshot }}
+          if [ $IS_SNAPSHOT == 'true' ];then
+            echo release-version="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-SNAPSHOT_$GITHUB_SHA" >> $GITHUB_OUTPUT
+          else
+            echo release-version="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Set version
+        shell: bash
+        run: |
+          ./set_version ${{ steps.get-release-version.outputs.release-version }} ${{ inputs.crypto-type }}
+
       - name: Build all modules
         shell: bash
-        run: mvn clean install -P ${{ inputs.crypto-type }} # The crypto profile is usually set with set_crypto but since we need to toggle multiple prfiles set_crypto option is not being picked up
+        run: mvn clean install -P ${{ inputs.crypto-type }} # The crypto profile is usually set with set_crypto but since we need to toggle multiple profiles set_crypto option is not being picked up
 
       - name: Stage artifacts for publish
         working-directory: client
@@ -81,3 +130,4 @@ jobs:
           artifact-name: ${{ steps.get-artifact-name.outputs.artifact-name }}
           artifact-id: ${{ steps.get-artifact-id.outputs.artifact-id }}
           artifact-version: ${{ steps.get-artifact-version.outputs.artifact-version }}
+          is-snapshot: ${{ steps.get-is-snapshot.outputs.is-snapshot }}

set_version

@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+#
+# Function definitions
+#
+function update_version() {
+    VERSION="$1"
+    BUILD_TYPE=$2
+    PARENT_POM="pom.xml"
+    PUBLIC_POM="client/deploy-resources/${BUILD_TYPE}_pom.xml"
+
+    # Detecting host type. `sed` on bsd and linux are not the same
+    if [[ "$(uname)" == "Darwin" ]]; then
+        sed -i "" "s#<revision>[^<]*</revision>#<revision>${VERSION}</revision>#g" "$PARENT_POM"
+        sed -i "" "1,/<version>[^<]*<\/version>/ s#<version>[^<]*</version>#<version>${VERSION}</version>#" "$PUBLIC_POM"
+    else
+        sed -i "s#<revision>[^<]*</revision>#<revision>${VERSION}</revision>#g" "$PARENT_POM"
+        sed -i "0,/<version>[^<]*<\/version>/ s//<version>${VERSION}<\/version>/" "$PUBLIC_POM"
+    fi
+}
+
+function main() {
+    VERSION=$1
+    BUILD_TYPE=$2
+
+    # If version has been set using set_crypto we are honoring that setting
+    if [ -f "bouncycastle.config" ];then
+        BUILD_TYPE="bouncycastle"
+    elif [ -f "gnu.config" ];then
+        BUILD_TYPE="gnu"
+    fi
+
+    update_version $VERSION $BUILD_TYPE
+}
+
+#
+# Main entry
+#
+VERSION=$1
+BUILD_TYPE=${2:-"gnu"}
+REGEX="^[0-9]+\.[0-9]+\.[0-9]+(-SNAPSHOT_[a-zA-Z0-9]+)?$"
+
+if [ -z $VERSION ];then
+    printf "Missing version ..."
+
+    exit 1
+elif [[ ! "$1" =~ $REGEX ]];then
+    printf "Version format not valid. Valid format are [0 - 9].[0 - 9].[0 - 9] | [0 - 9].[0 - 9].[0 - 9]-SNAPSHOT_[git_sha]"
+
+    exit 1
+else 
+    # Call main
+    main $VERSION $BUILD_TYPE
+
+    exit 0
+fi