release.yml

name: Release

on:
  push:
    tags:
      - 'v*'

permissions:
  contents: write

env:
  DO_NOT_TRACK: '1'

jobs:
  # Preflight: validate CHANGELOG has a section for the tag being released
  # BEFORE Maven Central deploy happens. Maven Central is immutable —
  # you cannot re-publish the same version — so a missing CHANGELOG section
  # must fail the workflow cleanly instead of leaving a successfully-deployed
  # artifact and a failed GitHub release with no recovery path.
  preflight:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Extract CHANGELOG section
        run: |
          VERSION="${GITHUB_REF#refs/tags/v}"
          awk -v ver="$VERSION" '$0 ~ "^## \\["ver"\\]" {p=1; next} p && /^## \[/ {exit} p {print}' CHANGELOG.md > /tmp/release-body.md
          if [ ! -s /tmp/release-body.md ]; then
            echo "::error::No CHANGELOG.md section found for version $VERSION — refusing to publish."
            echo "::error::Add a '## [$VERSION] - YYYY-MM-DD' section to CHANGELOG.md and re-tag."
            exit 1
          fi
          {
            echo "## AxonFlow Java SDK v${VERSION}"
            echo ""
            echo "### Installation"
            echo ""
            echo "**Maven:**"
            echo '```xml'
            echo "<dependency>"
            echo "    <groupId>com.getaxonflow</groupId>"
            echo "    <artifactId>axonflow-sdk</artifactId>"
            echo "    <version>${VERSION}</version>"
            echo "</dependency>"
            echo '```'
            echo ""
            echo "**Gradle:**"
            echo '```groovy'
            echo "implementation 'com.getaxonflow:axonflow-sdk:${VERSION}'"
            echo '```'
            echo ""
            cat /tmp/release-body.md
          } > /tmp/release-body-final.md
          echo "Release body: $(wc -l < /tmp/release-body-final.md) lines"

      - name: Upload release body artifact
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
        with:
          name: release-body
          path: /tmp/release-body-final.md
          retention-days: 1

  release:
    needs: preflight
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'
          cache: 'maven'
          server-id: central
          server-username: MAVEN_USERNAME
          server-password: MAVEN_PASSWORD
          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
          gpg-passphrase: GPG_PASSPHRASE

      - name: Configure GPG for headless operation
        run: |
          echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
          echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
          gpg-connect-agent reloadagent /bye || true

      - name: Configure Maven settings with mirror
        run: |
          mkdir -p ~/.m2
          cat > ~/.m2/settings.xml << 'EOF'
          <?xml version="1.0" encoding="UTF-8"?>
          <settings>
            <servers>
              <server>
                <id>central</id>
                <username>${env.MAVEN_USERNAME}</username>
                <password>${env.MAVEN_PASSWORD}</password>
              </server>
            </servers>
            <mirrors>
              <mirror>
                <id>central-mirror</id>
                <name>Maven Central Mirror (repo1)</name>
                <url>https://repo1.maven.org/maven2</url>
                <mirrorOf>central</mirrorOf>
              </mirror>
            </mirrors>
          </settings>
          EOF

      - name: Extract version from tag
        id: version
        run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT

      - name: Update version in pom.xml
        run: |
          # Retry logic for Maven Central 403 errors
          for i in 1 2 3; do
            echo "Attempt $i: Updating version..."
            if mvn versions:set -DnewVersion=${{ steps.version.outputs.VERSION }} -B -U; then
              echo "Version update successful"
              break
            fi
            echo "Attempt $i failed, waiting 30 seconds..."
            sleep 30
          done

      - name: Run tests
        run: |
          for i in 1 2 3; do
            echo "Attempt $i: Running tests..."
            if mvn test -B -U; then
              echo "Tests passed"
              break
            fi
            if [ $i -eq 3 ]; then
              echo "Tests failed after 3 attempts"
              exit 1
            fi
            echo "Attempt $i failed, waiting 30 seconds..."
            sleep 30
          done

      - name: Build and deploy to Maven Central
        env:
          MAVEN_USERNAME: ${{ secrets.CENTRAL_USERNAME }}
          MAVEN_PASSWORD: ${{ secrets.CENTRAL_TOKEN }}
          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
        run: |
          for i in 1 2 3; do
            echo "Attempt $i: Deploying to Maven Central..."
            if mvn clean deploy -Prelease -DskipTests -B -U -Dgpg.passphrase="${GPG_PASSPHRASE}"; then
              echo "Deploy successful"
              break
            fi
            if [ $i -eq 3 ]; then
              echo "Deploy failed after 3 attempts"
              exit 1
            fi
            echo "Attempt $i failed, waiting 60 seconds..."
            sleep 60
          done

      - name: Download release body artifact
        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
        with:
          name: release-body
          path: /tmp/release-body

      - name: Create GitHub Release
        uses: softprops/action-gh-release@v1
        with:
          name: Release ${{ steps.version.outputs.VERSION }}
          body_path: /tmp/release-body/release-body-final.md
          files: |
            target/*.jar
          draft: false
          prerelease: false
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}