Client 3872 add ci scripts

.github/actions/get-version/action.yml

@@ -9,6 +9,19 @@ runs:
       id: get-is-snapshot
       shell: bash
       run: |
+        # Check if tagged with release or release candidate
+        TAG=$(git describe --exact-match --tags HEAD 2>/dev/null || echo "")
+
+        if [[ "$TAG" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+          echo "Production release tag detected: $TAG"
+          echo "is-snapshot=false" >> $GITHUB_OUTPUT
+          exit 0
+        elif [[ "$TAG" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+-rc[0-9]+$ ]]; then
+          echo "Release candidate tag detected: $TAG"
+          echo "is-snapshot=false" >> $GITHUB_OUTPUT
+          exit 0
+        fi
+
         # Getting previous commit
         COMMIT_REF="HEAD~1"
 
@@ -20,26 +33,25 @@ runs:
         fi
 
         # Getting previous version
-        OLD_VERSIONS=$(git show "${COMMIT_REF}:pom.xml" |
-          sed -n '/<revision>/ { s/.*<revision>\([^<]*\)<\/revision>.*/\1/p; q }')
+        OLD_VERSIONS=$(git show "${COMMIT_REF}:pom.xml" | sed -n '0,/<version>/ s/.*<version>\([^<]*\)<\/version>.*/\1/p')
 
         # Getting current version
-        NEW_VERSIONS=$(sed -n 's/.*<revision>\([^<]*\)<\/revision>.*/\1/p' pom.xml)
+        NEW_VERSIONS=$(sed -n '0,/<version>/ s/.*<version>\([^<]*\)<\/version>.*/\1/p' pom.xml)
 
         echo "old versions: ${OLD_VERSIONS}, new versions: ${NEW_VERSIONS}"
         # Compare the extracted versions. CI will not commit snapshot version.
         if [[ "${OLD_VERSIONS}" != "${NEW_VERSIONS}" ]]; then
-          echo "is-snapshot='false'" >> $GITHUB_OUTPUT
+          echo "is-snapshot=false" >> $GITHUB_OUTPUT
         else
-          echo "is-snapshot='true'" >> $GITHUB_OUTPUT
+          echo "is-snapshot=true" >> $GITHUB_OUTPUT
         fi
 
     - name: Get release or snapshot-version
       id: get-release-version
       shell: bash
       run: |
         IS_SNAPSHOT=${{ steps.get-is-snapshot.outputs.is-snapshot }}
-        if [ $IS_SNAPSHOT == 'true' ];then
+        if [ $IS_SNAPSHOT == "true" ];then
           echo release-version="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-SNAPSHOT_$GITHUB_SHA" >> $GITHUB_OUTPUT
         else
           echo release-version="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT

.github/actions/publish-build-info-to-jfrog/action.yaml

@@ -0,0 +1,63 @@
+name: Publish build-info to JFrog
+description: "Publishes build-info to JFrog"
+
+inputs:
+  jfrog-platform-url:
+    description: "JFrog platform URL"
+    required: false
+    default: https://aerospike.jfrog.io
+  oidc-provider:
+    description: "OIDC provider name"
+    required: true
+  oidc-audience:
+    description: "ODIC audience"
+    required: true
+  build-path:
+    description: "Path to which build info is to be published"
+    required: true
+  variables:
+    description: "Any additional variables to be published as part of build. The input here should be valid JSON in the form {'env_variable_key': 'env_variable_value'}, .e.g {'SONATYPE_STAGING_BUILD_ID': '070c07e25e937888ed9740ee825afa24bf184722'}"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Debug publish to github
+      shell: bash
+      run: |
+        echo "${{ inputs.jfrog-platform-url }}"
+        echo "${{ inputs.build-path }}"
+
+    - name: Set up JFrog credentials
+      id: setup-jfrog-cli
+      uses: jfrog/setup-jfrog-cli@v4
+      env:
+        JF_URL: ${{ inputs.jfrog-platform-url }}
+        JF_PROJECT: database
+      with:
+        version: 2.72.2
+        oidc-provider-name: ${{ inputs.oidc-provider }}
+        oidc-audience: ${{ inputs.oidc-audience }}
+
+    # Parsing out env variables and values and setting them in the environment
+    - name: Set env variables provided with variables
+      shell: bash
+      run: |
+        ENV_VARIABLES='${{ inputs.variables }}'
+        echo "$ENV_VARIABLES" | jq -r 'to_entries | .[] | "\(.key)=\(.value)"' >> $GITHUB_ENV
+
+    # Pushing build info to JFrog
+    - name: Upload artifacts
+      shell: bash
+      run: |
+        BUILD_ID=$(echo "${{ inputs.build-path }}" | sed 's/.*_\(.*\)\/.*/\1/')
+        BUILD_PATH="promote_${BUILD_ID}"
+
+        # record env variables 
+        jf rt bce ${BUILD_PATH} ${{ github.run_number }}
+
+        # record git info
+        jf rt bag ${BUILD_PATH} ${{ github.run_number }}
+
+        # publish build info
+        jf rt bp ${BUILD_PATH} ${{ github.run_number }}

.github/actions/publish-to-github/action.yaml

@@ -0,0 +1,91 @@
+name: Publish artifacts to github
+description: "Publish artifacts to github"
+
+inputs:
+  staging-folder:
+    description: ""
+    required: false
+    default: staging
+  target-folder:
+    description: ""
+    required: false
+    default: github
+  release-notes:
+    description: "Release notes"
+    required: true
+  github-token:
+    description: "Github auth token"
+    required: true
+  artifact-version:
+    description: "Version of the artifact to release"
+    required: true
+  build-name-number:
+    description: "String containing build name, number and jdk versions"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Debug publish to github
+      shell: bash
+      run: |
+        echo "${{ inputs.staging-folder }}"
+        echo "${{ inputs.target-folder }}"
+        echo "${{ inputs.artifact-version }}"
+        echo "${{ inputs.release-notes }}"
+        echo "${{ inputs.build-name-number }}"
+
+    - id: get-artifact-version
+      shell: bash
+      run: |
+        VERSION="${{ inputs.artifact-version }}"
+        echo "artifact-version=${VERSION}" >> $GITHUB_OUTPUT
+
+    - name: Create upload archive for github
+      id: create-artifact
+      shell: bash
+      run: |
+        src="${{ inputs.staging-folder }}"
+        dest="${{ inputs.target-folder }}"
+
+        find "$src" -type f \
+          -exec cp {} "$dest" \;
+
+    # Listing staged artifacts to be uploaded
+    - id: get-github-release-artifact-names
+      working-directory: ${{ inputs.target-folder }}
+      shell: bash
+      run: |
+        ARTIFACTS=$(ls | sed "s|^|${{ inputs.target-folder }}/|")
+
+        echo "release-artifacts<<EOF" >> $GITHUB_OUTPUT
+        echo "${ARTIFACTS}" >> $GITHUB_OUTPUT
+        echo "EOF" >> $GITHUB_OUTPUT
+
+    - name: Debug show content of the upload archive
+      shell: bash
+      run: |
+        pwd
+        ls ${{ inputs.target-folder }} | sed 's/^//' 
+
+    - name: Debug GitHub publish input
+      shell: bash
+      working-directory: ${{ inputs.target-folder }}
+      run: |
+        echo "working directory: ${{ inputs.target-folder }}"
+        echo "tag name: Release ${{ steps.get-artifact-version.outputs.artifact-version }}"
+        echo "body: Changes for release ${{ steps.get-artifact-version.outputs.artifact-version }}"
+        echo "body: ${{ inputs.release-notes }}"
+        echo "files: ${{ steps.get-github-release-artifact-names.outputs.release-artifacts }}"
+
+    - name: Publish release to github
+      uses: softprops/action-gh-release@v2
+      with:
+        token: ${{ inputs.github-token }}
+        tag_name: ${{ steps.get-artifact-version.outputs.artifact-version }}
+        body: |
+          Changes for release ${{ steps.get-artifact-version.outputs.artifact-version }}
+          ${{ inputs.release-notes }}
+        draft: true
+        prerelease: false
+        files: ${{ steps.get-github-release-artifact-names.outputs.release-artifacts }}

.github/actions/publish-to-sonatype/action.yaml

@@ -0,0 +1,158 @@
+name: Publish artifacts to Sonatype
+description: "Publishes artifacts to Sonatype"
+
+inputs:
+  staging-folder:
+    description: "Folder to which the artifacts are copied"
+    required: false
+    default: staging
+  target-folder:
+    description: "Subfolder in the staging folder where the artifacts are copied"
+    required: false
+    default: sonatype
+  publish-user:
+    description: "Username for publishing to Sonatype"
+    required: true
+  publish-password:
+    description: "Password for publishing to Sonatype"
+    required: true
+  validation-max-number-checks:
+    description: "Number of checks we will conduct to check if the package is validated"
+    required: true
+  sonatype-domain-name:
+    description: "Sonatype domain name"
+    required: true
+  build-name-number:
+    required: true
+    description: "Build name and number"
+  artifact-version:
+    description: "Artifact version"
+    required: true
+
+outputs:
+  maven-central-release-id:
+    description: Maven central id extracted from staging step to maven central
+    value: ${{ steps.get-maven-central-release-id.outputs.maven-central-release-id }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Debug publish to github
+      shell: bash
+      run: |
+        echo "${{ inputs.staging-folder }}"
+        echo "${{ inputs.target-folder }}"
+        echo "${{ inputs.sonatype-domain-name }}"
+        echo "${{ inputs.build-name-number }}"
+        echo "${{ inputs.artifact-version }}"
+
+    # For Maven Central we need to filter out the jar-with-dependencies
+    # as it is not allowed to be uploaded to Maven Central
+    - name: Copy artifacts with filter to sonatype stage folder
+      shell: bash
+      working-directory: ${{ inputs.staging-folder }}
+      run: |
+        src="./"
+        dest=../"${{ inputs.target-folder }}"
+
+        find "$src" -type f \
+          \! \( -name "*jar-with-dependencies*" \) \
+          -exec cp --parents {} "$dest" \;
+
+    - name: Debug target folder contents
+      shell: bash
+      working-directory: ${{ inputs.target-folder }}
+      run: |
+        echo "Current directory: $(pwd)"
+        echo "Contents:"
+        ls -laR
+
+    # Creates uploadable archive
+    - name: Create upload archive for sonatype
+      id: create-artifact
+      shell: bash
+      working-directory: ${{ inputs.target-folder }}
+      run: |
+        # Use the actual artifact version, not parsed from build-name-number
+        RELEASE="${{ inputs.artifact-version }}"
+        # Extract just the build number from build-name-number
+        RELEASE_BUILD_NUMBER=$(echo "${{ inputs.build-name-number }}" | sed -E 's/.*\/([^/]+)$/\1/')
+        ARTIFACT_NAME="${RELEASE}_${RELEASE_BUILD_NUMBER}"
+
+        echo "artifact-name=${ARTIFACT_NAME}" >> $GITHUB_OUTPUT
+        zip -r "${ARTIFACT_NAME}" .
+
+    - name: Debug show content of the upload archive
+      shell: bash
+      working-directory: ${{ inputs.target-folder }}
+      run: |
+        ARTIFACT_NAME='${{ steps.create-artifact.outputs.artifact-name }}'
+        unzip -l "${ARTIFACT_NAME}" | tail -n +4 | sort -k4,4
+
+    # Call to Maven Central to stage the release/artifact
+    - name: Stage artifacts
+      id: stage-release
+      working-directory: ${{ inputs.target-folder }}
+      shell: bash
+      run: |
+        TOKEN=$(printf "${{ inputs.publish-user }}:${{ inputs.publish-password }}" | base64)
+
+        echo "curl --request POST --verbose --header 'Authorization: Bearer ${TOKEN}' --form bundle=@${{ steps.create-artifact.outputs.artifact-name }}.zip ${{ inputs.sonatype-domain-name }}/api/v1/publisher/upload?publishingType=USER_MANAGED"
+        echo stage-release-id=$(curl --request POST --silent --header "Authorization: Bearer ${TOKEN}" --form bundle=@${{ steps.create-artifact.outputs.artifact-name }}.zip ${{ inputs.sonatype-domain-name }}/api/v1/publisher/upload?publishingType=USER_MANAGED) >> $GITHUB_OUTPUT
+
+    # Validation check loop
+    - name: Check validation
+      working-directory: ${{ inputs.target-folder }}
+      shell: bash
+      run: |
+        # Correct: Sonatype Publisher API uses Basic auth, not Bearer
+        TOKEN=$(printf "%s:%s" "${{ inputs.publish-user }}" "${{ inputs.publish-password }}" | base64)
+
+        NUMBER_OF_CHECKS=${{ inputs.validation-max-number-checks }}
+
+        echo "Starting Sonatype validation checks (max: ${NUMBER_OF_CHECKS})"
+
+        for ((i = 1; i <= NUMBER_OF_CHECKS; i++)); do
+          RESPONSE=$(curl --verbose --show-error \
+            --request POST \
+            --header "Authorization: Bearer ${TOKEN}" \
+            "${{ inputs.sonatype-domain-name }}/api/v1/publisher/status?id=${DUMMY_ID}")
+
+          # Validate JSON and extract deploymentState
+          SONATYPE_RESPONSE=$(echo "${RESPONSE}" | jq -r '.deploymentState // "NULL"')
+
+          if [[ "${SONATYPE_RESPONSE}" == "FAILED" ]]; then
+            ERRORS=$(echo "${RESPONSE}" | jq '.errors // "Unknown error"')
+            echo "Package validation failed."
+            echo "Errors: ${ERRORS}"
+            exit 1
+
+          elif [[ "${SONATYPE_RESPONSE}" == "VALIDATING" || "${SONATYPE_RESPONSE}" == "PENDING" ]]; then
+            echo "Package validation is not done. Status: ${SONATYPE_RESPONSE}"
+
+            # Exponential backoff
+            sleep_time=$((2 ** (i - 1)))
+            echo "Next retry in ${sleep_time} seconds..."
+            sleep "${sleep_time}"
+
+          elif [[ "${SONATYPE_RESPONSE}" == "VALIDATED" ]]; then
+            echo "Package successfully validated."
+            exit 0
+
+          else
+            echo "Unknown response from Sonatype: ${SONATYPE_RESPONSE}"
+            echo "Full payload:"
+            echo "${RESPONSE}"
+          fi
+        done
+
+        echo "Validation timed out after ${NUMBER_OF_CHECKS} attempts."
+        exit 1
+
+    # Peculating up the maven central release id
+    - name: Maven Central release id
+      working-directory: ${{ inputs.target-folder }}
+      id: get-maven-central-release-id
+      shell: bash
+      run: |
+        echo "maven-central-release-id=${{ steps.stage-release.outputs.stage-release-id }}" >> $GITHUB_OUTPUT