ryanjbaxter · elgohr · Dec 22, 2021 · Dec 23, 2021 · Nov 1, 2021 · Dec 23, 2021
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -23,7 +23,7 @@ jobs:
      - name: Verify Format and License
        run: mvn spotless:check
  build:
-    name: Java ${{ matrix.java }} Maven Test
+    name: Java ${{ matrix.java }} Maven Test on ${{ matrix.os }}
    strategy:
      matrix:
        # Test against the LTS Java versions. TODO: add JDK18 when it becomes available.
@@ -50,7 +50,7 @@ jobs:
    name: GraalVM Maven Test
    steps:
      - uses: actions/checkout@v2.4.0
-      - uses: DeLaGuardo/setup-graalvm@48f2bf339ab7d35e31029b1822a213681fdfc42e
+      - uses: DeLaGuardo/setup-graalvm@2ebaf4e808f403090cbecb79873354da5dbd7e09
        with:
          graalvm-version: '19.3.0.java8'
      - name: Build with Maven
@@ -106,17 +106,17 @@ jobs:
          mvn clean install \
          -q \
          -Dmaven.test.skip=true
-      - name: Version 10
+      - name: Version 13
        run: |
-          cd examples/examples-release-10
+          cd examples/examples-release-13
          mvn clean install
-      - name: Version 11
+      - name: Version 14
        run: |
-          cd examples/examples-release-11
+          cd examples/examples-release-14
          mvn clean install
-      - name: Version 12
+      - name: Version 15
        run: |
-          cd examples/examples-release-12
+          cd examples/examples-release-15
          mvn clean install
  codegen:
    runs-on: ubuntu-latest
@@ -129,7 +129,7 @@ jobs:
    steps:
      - uses: actions/checkout@v2.4.0
      - name: Publish to Registry
-        uses: elgohr/Publish-Docker-Github-Action@master
+        uses: elgohr/Publish-Docker-Github-Action@v5
        with:
          name: kubernetes-client/java/crd-model-gen
          tags: gh-action-tmp

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,93 @@
+name: Maven Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      releaseVersion:
+        type: string
+        required: true
+        description: The POM release version of this release. Must be a semantic version of the form X.Y.Z.
+      nextDevelopmentVersion:
+        type: string
+        required: true
+        description: The next POM development version after the release is done. Must be of the form X.Y.${Z+1}-SNAPSHOT
+      dry-run:
+        type: boolean
+        required: true
+        description: Dry run, will not push branches or upload the artifacts.
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate Input
+        run: |
+          echo "${{ github.ref_type }}" | perl -ne 'die unless m/^branch$/'
+          echo "${{ github.ref_name }}" | perl -ne 'die unless m/^release-\d+$/'
+          echo "${{ github.event.inputs.releaseVersion }}" | perl -ne 'die unless m/^\d+\.\d+\.\d+$/'
+          echo "${{ github.event.inputs.nextDevelopmentVersion }}" | perl -ne 'die unless m/^\d+\.\d+\.\d+-SNAPSHOT$/'
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Check Actor
+        run: |
+          # Release actor should be in the OWNER list
+          cat OWNERS | grep ${{ github.actor }}
+      - name: Setup Java
+        uses: actions/setup-java@v2
+        with:
+          distribution: 'temurin'
+          java-version: 8.0.x
+          server-id: ossrh
+          server-username: OSSRH_USERNAME
+          server-password: OSSRH_TOKEN
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg-passphrase: GPG_PASSPHRASE
+      - name: Prepare
+        run: |
+          export GPG_TTY=$(tty)
+          (echo 5; echo y; echo save) | gpg --command-fd 0 --no-tty --pinentry-mode loopback --passphrase ${{ secrets.GPG_PASSWORD }} --no-greeting --edit-key 'Kubernetes Client Publishers' trust
+          (echo 0; echo y; echo save) | gpg --command-fd 0 --no-tty --pinentry-mode loopback --passphrase ${{ secrets.GPG_PASSWORD }} --no-greeting --edit-key 'Kubernetes Client Publishers' expire
+          git config user.email "k8s.ci.robot@gmail.com"
+          git config user.name "Kubernetes Prow Robot"
+      - name: Check Current Version
+        run: |
+          mvn -q \
+            -Dexec.executable=echo \
+            -Dexec.args='${project.version}' \
+            --non-recursive \
+            exec:exec | perl -ne 'die unless m/${{ github.event.inputs.releaseVersion }}-SNAPSHOT/'
+      - name: Release Prepare
+        run: |
+          git checkout -b 'automated-release-${{ github.event.inputs.releaseVersion }}'
+          mvn --batch-mode \
+            release:prepare \
+            -Dtag=v${{ github.event.inputs.releaseVersion }} \
+            -DconnectionUrl=https://${{ github.token }}@github.com/${{ github.repository }}.git \
+            -DreleaseVersion=${{ github.event.inputs.releaseVersion }} \
+            -DdevelopmentVersion=${{ github.event.inputs.nextDevelopmentVersion }} \
+            -DpushChanges=false
+      - name: Release Perform
+        if: ${{ github.event.inputs.dry-run != 'true' }}
+        env:
+          OSSRH_USERNAME: ${{ secrets.SNAPSHOT_UPLOAD_USER }}
+          OSSRH_TOKEN: ${{ secrets.SNAPSHOT_UPLOAD_PASSWORD }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSWORD }}
+        run: |
+          # The tests are already executed in the prepare, skipping
+          mvn -DlocalCheckout=true -Darguments=-DskipTests release:perform
+          git push https://${{ github.token }}@github.com/${{ github.repository }}.git \
+            automated-release-${{ github.event.inputs.releaseVersion }}:automated-release-${{ github.event.inputs.releaseVersion }}
+          git push https://${{ github.token }}@github.com/${{ github.repository }}.git v${{ github.event.inputs.releaseVersion }}
+      - name: Pull Request
+        uses: repo-sync/pull-request@v2
+        with:
+          source_branch: automated-release-${{ github.event.inputs.releaseVersion }}
+          destination_branch: ${{ github.ref_name }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          pr_title: "Automated Release: ${{ github.event.inputs.releaseVersion }}"
+      - name: Publish Release
+        if: ${{ github.event.inputs.dry-run != 'true' }}
+        uses: ncipollo/release-action@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          tag: v${{ github.event.inputs.releaseVersion }}
diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml
@@ -0,0 +1,38 @@
+name: Upload Snapshot
+
+on:
+  push:
+    branches:
+      - master
+  workflow_dispatch: {}
+
+jobs:
+  verify:
+    name: latest-images
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Setup Java
+        uses: actions/setup-java@v2
+        with:
+          distribution: 'temurin'
+          java-version: 8.0.x
+          server-id: ossrh
+          server-username: OSSRH_USERNAME
+          server-password: OSSRH_TOKEN
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg-passphrase: GPG_PASSPHRASE
+      - name: Assert Snapshot Version
+        run: |
+          ./mvnw clean install -Dmaven.test.skip=true
+          ./mvnw -q \
+            -Dexec.executable=echo \
+            -Dexec.args='${project.version}' \
+            exec:exec | perl -ne 'die unless m/.*-SNAPSHOT/'
+      - name: Publish to Apache Maven Central
+        run: ./mvnw deploy
+        env:
+          OSSRH_USERNAME: ${{ secrets.SNAPSHOT_UPLOAD_USER }}
+          OSSRH_TOKEN: ${{ secrets.SNAPSHOT_UPLOAD_PASSWORD }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSWORD }}
diff --git a/OWNERS b/OWNERS
@@ -3,7 +3,7 @@
 approvers:
 - brendandburns 
 - yue9944882
-reviewer:
+reviewers:
 - brendandburns
 - yue9944882
 emeritus_approvers:

diff --git a/README.md b/README.md
@@ -4,6 +4,7 @@
 [![Client Capabilities](https://img.shields.io/badge/Kubernetes%20client-Silver-blue.svg?style=flat&colorB=C0C0C0&colorA=306CE8)](http://bit.ly/kubernetes-client-capabilities-badge)
 [![Client Support Level](https://img.shields.io/badge/kubernetes%20client-beta-green.svg?style=flat&colorA=306CE8)](http://bit.ly/kubernetes-client-support-badge)
 [![Maven Central](https://img.shields.io/maven-central/v/io.kubernetes/client-java.svg?label=Maven%20Central)](https://search.maven.org/search?q=g:%22io.kubernetes%22%20AND%20a:%22client-java%22)
+![Sonatype Nexus (Snapshots)](https://img.shields.io/nexus/s/io.kubernetes/client-java?label=Maven%20Snapshot&server=https%3A%2F%2Foss.sonatype.org)

 Java client for the [kubernetes](http://kubernetes.io/) API.


diff --git a/RELEASES.md b/RELEASES.md
@@ -10,6 +10,55 @@ Releases are done on an as-needed basis, and this doc applies only to
 This does _not_ describe the process of cherry-picking changes onto release
 branches.

+## Release via Github Action
+
+Maintainers meet the following requirements will be able to perform automated
+release to maven central via Github Action job named "Maven Release":
+
+* Has "collaborator" permission or greater access (otherwise the can't run the
+  job manually).
+* Should be in the OWNERS file.
+
+### Steps
+
+#### Make sure the release job runs on the release branch
+
+When cutting the next major release, firstly we need to fork out a new release
+branch named `release-<major>`. So the release job will execute the maven 
+release plugin and push generated releasing commits to the release branch
+if the `release:prepare` process finishes successfully. Note that if we're 
+bumping a new patch version from an existing release branch, this step can be
+omitted.
+
+#### Filling release job input manually
+
+The github action job will require three manual input:
+
+* The POM releasing version, must be a valid semver `X.Y.Z` (without "v" prefix).
+* The next development POM version, conventionally we should bump a patch 
+  version from the current release version and add a `-SNAPSHOT` suffix. i.e.
+  `X.Y.(Z+1)-SNAPSHOT`.
+* Dry-Run: Indicating whether the release job will push the generated release
+  commits to the release branch and actually upload the artifacts.
+
+Filling the inputs, then click "Run" to start the job. 
+
+> Note that during the release process, no commits shall be added the release
+> branch.
+
+#### Release note, announcements
+
+After the release job successfully finishes, we're supposed to see two generated
+commits automatically added to the release branch:
+
+1. Bump the previous development version to the target release version.
+2. Bump the release version to the next development version.
+
+And a git tag `vX.Y.Z` will also be pushed on the commit (1), a GITHUB release
+will also be packed on the tag.
+
+In the end, don't forget to clarify the release notes on the GITHUB release.
+
 ## One time setup

 You will need to have the following in place:

diff --git a/client-java-contrib/admissionreview/pom.xml b/client-java-contrib/admissionreview/pom.xml
@@ -37,7 +37,7 @@
            <plugin>
                <groupId>com.diffplug.spotless</groupId>
                <artifactId>spotless-maven-plugin</artifactId>
-                <version>2.17.2</version>
+                <version>2.20.0</version>
                <configuration>
                    <skip>true</skip>
                </configuration>