Introduce pre-prod for homebrew [DI-707]

.github/actions/get-homebrew-pr-title/action.yml

@@ -0,0 +1,16 @@
+# To ensure that both setter and getter use the same. format
+name: Get Homebrew PR Title
+
+inputs:
+  hz-version:
+    required: true
+  hz-distribution:
+    required: true
+outputs:
+  title:
+    value: Hazelcast Homebrew Package ${{ inputs.hz-version }} ${{ inputs.hz-distribution }} release
+runs:
+  using: "composite"
+  steps:
+    - shell: bash
+      run: exit 0

.github/workflows/promote-brew-package.yml

@@ -0,0 +1,76 @@
+name: Promote BREW package
+
+on:
+  workflow_call:
+    inputs:
+      HZ_VERSION:
+        description: 'Version of Hazelcast to promote for, this is the Maven version - e.g.: 5.0.2 or 5.1-SNAPSHOT'
+        required: true
+        type: string
+      HZ_DISTRIBUTION:
+        description: 'Distribution to be promote: hazelcast or hazelcast-enterprise'
+        required: true
+        type: string
+      ENVIRONMENT:
+        description: 'Environment to use'
+        required: true
+        type: string
+
+jobs:
+  promote-homebrew:
+    environment: ${{ inputs.ENVIRONMENT }}
+    runs-on: ubuntu-slim
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: aws-actions/configure-aws-credentials@v5
+        with:
+          role-to-assume: ${{ secrets.AWS_DEV_INFRA_OIDC_GITHUB_ACTIONS_ROLE_ARN }}
+          aws-region: 'us-east-1'
+
+      - uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        with:
+          secret-ids: |
+            GITHUB/DEVOPSHAZELCAST
+          parse-json-secrets: true
+
+      - uses: ./.github/actions/get-homebrew-pr-title
+        id: get-homebrew-pr-title
+        with:
+          hz-version: ${{ inputs.HZ_VERSION }}
+          hz-distribution: ${{ inputs.HZ_DISTRIBUTION }}
+
+      - name: Merge PR
+        run: |
+          set -euo pipefail ${RUNNER_DEBUG:+-x}
+
+          source logging.functions.sh
+
+          # Get the username associated with the supplied token
+          USERNAME=$(gh api user --jq ".login")
+
+          # Find corresponding staged PRs
+          PR_URLS=$(
+            gh pr list \
+              --repo "${{ vars.BREW_GIT_REPO_NAME }}" \
+              --search "'${{ steps.get-homebrew-pr-title.outputs.title }}' in:title author:${USERNAME}" \
+              --json url \
+              --jq '.[].url'
+          )
+
+          if [[ -z "${PR_URLS}" ]]; then
+            echoerr "No PRs found to promote"
+            exit 1
+          else
+            while read -r PR_URL; do
+                gh pr merge \
+                  "${PR_URL}" \
+                  --squash
+              done <<< "${PR_URLS}"
+            fi
+        env:
+          GH_TOKEN: ${{ env.GITHUB_DEVOPSHAZELCAST_SECRET }}
+          HZ_VERSION: ${{ inputs.HZ_VERSION }}
+          HZ_DISTRIBUTION: ${{ inputs.HZ_DISTRIBUTION }}

.github/workflows/promote.yml

@@ -0,0 +1,66 @@
+name: Promote from pre-prod to prod
+
+on:
+  workflow_dispatch:
+    inputs:
+      VERSION:
+        description: 'The version to promote'
+        required: true
+      RELEASE_TYPE:
+        description: 'What should be promoted'
+        required: true
+        type: choice
+        options:
+          - ALL
+          - OSS
+          - EE
+      ENVIRONMENT:
+        description: 'Environment to use'
+        required: true
+        type: environment
+      distinct_id:
+        description: 'Required exclusively for automated execution to track status of workflow execution'
+        required: false
+
+jobs:
+  prepare:
+    runs-on: ubuntu-slim
+    outputs:
+      distribution-types: ${{ steps.distribution-type-matrix.outputs.matrix }}
+    steps:
+        # https://github.com/Codex-/return-dispatch#receiving-repository-action
+      - name: Logging distinct ID (${{ github.event.inputs.distinct_id }})
+        run: echo ${{ github.event.inputs.distinct_id }}
+
+      - id: resolve-editions
+        uses: hazelcast/docker-actions/resolve-editions@master
+        with:
+          release-type: ${{ inputs.RELEASE_TYPE }}
+
+      - name: Compute distribution type matrix
+        id: distribution-type-matrix
+        run: |
+          # We expect at least _one_ output distribution type, otherwise will produce an empty array that will break GitHub matrixes
+          entries=()
+
+          if [ "${{ steps.resolve-editions.outputs.should_build_oss }}" = "true" ]; then
+            entries+=('{"distribution":"hazelcast"}')
+          fi
+          if [ "${{ steps.resolve-editions.outputs.should_build_ee }}" = "true" ]; then
+            entries+=('{"distribution":"hazelcast-enterprise"}')
+          fi
+
+          json="[$(IFS=,; echo "${entries[*]}")]"
+          echo "matrix=$json" >> "${GITHUB_OUTPUT}"
+
+  promote:
+    needs: prepare
+    uses: ./.github/workflows/promote-brew-package.yml
+    strategy:
+      matrix:
+        distribution-type: ${{ fromJSON(needs.prepare.outputs.distribution-types) }}
+    with:
+      HZ_VERSION: ${{ inputs.VERSION }}
+      HZ_DISTRIBUTION: ${{ matrix.distribution-type.distribution }}
+      ENVIRONMENT: ${{ inputs.ENVIRONMENT }}
+    secrets: inherit

.github/workflows/publish-brew-package.yml

@@ -32,6 +32,8 @@ jobs:
     runs-on: macos-latest
     permissions:
       id-token: write
+    outputs:
+      pull-request-operation: ${{ steps.create-pull-request.outputs.pull-request-operation }}
     env:
       HZ_VERSION: ${{ inputs.HZ_VERSION }}
       PACKAGE_VERSION: ${{ inputs.PACKAGE_VERSION || inputs.HZ_VERSION }}
@@ -128,19 +130,21 @@ jobs:
           source ./common.sh          
           brew uninstall ${HZ_DISTRIBUTION}@$BREW_PACKAGE_VERSION
 
-      - name: Commit changes & Push to ${{ env.BREW_GIT_REPO_NAME }} repo
-        working-directory: ${{ env.BREW_GIT_REPO_LOCATION }}
-        run: |
-          git config --global user.name "${GITHUB_ACTOR}"
-          git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com"
-          git add *.rb
-          if [[ `git status --porcelain --untracked-files=no` ]]; then
-            git commit -am "Hazelcast Homebrew Package ${PACKAGE_VERSION} release"
-            git pull --rebase
-            git push
-          else
-            echo "No changes, this is probably a re-run."
-          fi
+      - uses: ./.github/actions/get-homebrew-pr-title
+        id: get-homebrew-pr-title
+        with:
+          hz-version: ${{ inputs.HZ_VERSION }}
+          hz-distribution: ${{ inputs.HZ_DISTRIBUTION }}
+
+      - name: Create PR for changes in ${{ vars.BREW_GIT_REPO_NAME }} repo
+        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
+        id: create-pull-request
+        with:
+          token: ${{ env.GITHUB_DEVOPSHAZELCAST_SECRET }}
+          path: ${{ env.BREW_GIT_REPO_LOCATION }}
+          branch: ${{ github.job }}_run_${{ github.run_id }}
+          title: ${{ steps.get-homebrew-pr-title.outputs.title }}
+          body: Generated by ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}.
 
       - name: Store logs as artifact
         if: ${{ always() }}

.github/workflows/publish-packages.yml

@@ -55,6 +55,7 @@ jobs:
       should_build_rpm: ${{ env.PACKAGE_TYPES == 'all' || env.PACKAGE_TYPES == 'rpm' }}
       should_build_homebrew: ${{ env.PACKAGE_TYPES == 'all' || env.PACKAGE_TYPES == 'homebrew' }}
       ENVIRONMENT: ${{ steps.environment.outputs.ENVIRONMENT }}
+      release_channel: ${{ steps.release_channel.outputs.channel }}
       java_version: ${{ steps.jdks.outputs.default-jdk }}
     steps:
       - name: Checkout hazelcast-packaging repo
@@ -94,6 +95,14 @@ jobs:
         with:
           HZ_VERSION: ${{ steps.hz_version_step.outputs.hz_version }}
 
+      - name: Get release channel
+        id: release_channel
+        run: |
+          source common.sh
+          echo "channel=${RELEASE_CHANNEL}" >> ${GITHUB_OUTPUT}
+        env:
+          HZ_VERSION: ${{ steps.hz_version_step.outputs.hz_version }}
+
       - name: Add workflow inputs to summary
         run: |
           echo "### Workflow Setup" >> $GITHUB_STEP_SUMMARY
@@ -104,6 +113,7 @@ jobs:
           echo "| PACKAGE_TYPES | ${PACKAGE_TYPES} |" >> $GITHUB_STEP_SUMMARY
           echo "| RELEASE_TYPE | ${RELEASE_TYPE} |" >> $GITHUB_STEP_SUMMARY
           echo "| ENVIRONMENT | ${{ steps.environment.outputs.ENVIRONMENT }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| RELEASE_CHANNEL | ${{ steps.release_channel.outputs.channel }} |" >> $GITHUB_STEP_SUMMARY
           echo "| JAVA_VERSION | ${{ steps.jdks.outputs.default-jdk }} |" >> $GITHUB_STEP_SUMMARY
 
   # Debian builds
@@ -153,7 +163,7 @@ jobs:
       JAVA_VERSION: ${{ needs.prepare.outputs.java_version }}
 
   # Homebrew builds
-  brew-ee:
+  brew-ee-package:
     if: needs.prepare.outputs.should_build_homebrew == 'true' && needs.prepare.outputs.should_build_ee == 'true'
     needs: prepare
     uses: ./.github/workflows/publish-brew-package.yml
@@ -163,13 +173,42 @@ jobs:
      HZ_DISTRIBUTION: hazelcast-enterprise
      ENVIRONMENT: ${{ needs.prepare.outputs.ENVIRONMENT }}
      JAVA_VERSION: ${{ needs.prepare.outputs.java_version }}
-  brew-oss:
+
+  # Only auto-promote SNAPSHOTs
+  brew-ee-promote:
+    # For SNAPSHOTs, there may not _be_ a PR to promote if there was a recent previous publish
+    if: needs.prepare.outputs.release_channel == 'snapshot' && needs.brew-ee-package.outputs.pull-request-operation == 'created'
+    needs:
+      - prepare
+      - brew-ee-package
+    uses: ./.github/workflows/promote-brew-package.yml
+    secrets: inherit
+    with:
+     HZ_VERSION: ${{ needs.prepare.outputs.hz_version }}
+     HZ_DISTRIBUTION: hazelcast-enterprise
+     ENVIRONMENT: ${{ needs.prepare.outputs.ENVIRONMENT }}
+
+  brew-oss-package:
     needs: prepare
-    if: needs.prepare.outputs.should_build_homebrew == 'true' && needs.prepare.outputs.should_build_oss == 'true' && !contains(needs.prepare.outputs.hz_version, 'SNAPSHOT')
+    if: needs.prepare.outputs.should_build_homebrew == 'true' && needs.prepare.outputs.should_build_oss == 'true' && needs.prepare.outputs.release_channel != 'snapshot'
     uses: ./.github/workflows/publish-brew-package.yml
     secrets: inherit
     with:
       HZ_VERSION: ${{ needs.prepare.outputs.hz_version }}
       HZ_DISTRIBUTION: hazelcast
       ENVIRONMENT: ${{ needs.prepare.outputs.ENVIRONMENT }}
       JAVA_VERSION: ${{ needs.prepare.outputs.java_version }}
+
+  # Only auto-promote SNAPSHOTs
+  brew-oss-promote:
+    # For SNAPSHOTs, there may not _be_ a PR to promote if there was a recent previous publish
+    if: needs.prepare.outputs.release_channel == 'snapshot' && needs.brew-oss-package.outputs.pull-request-operation == 'created'
+    needs:
+      - prepare
+      - brew-oss-package
+    uses: ./.github/workflows/promote-brew-package.yml
+    secrets: inherit
+    with:
+     HZ_VERSION: ${{ needs.prepare.outputs.hz_version }}
+     HZ_DISTRIBUTION: hazelcast
+     ENVIRONMENT: ${{ needs.prepare.outputs.ENVIRONMENT }}