feature: add release automation workflows (oauth2-proxy#2224)

* feature: add release automation workflows

* deactivate provenancee because of behaviour change with buildx v0.10.0

* add changelog section extraction for github release notes

* fix registry path; fix EOF

* use correct version of golangci-lint; add additional workflow step for fetching all dependencies

.github/workflows/create-release.yml

@@ -0,0 +1,117 @@
+name: Create Release
+run-name: Create release ${{ inputs.version }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version for new release'
+        required: true
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v3
+      with:
+        ref: master
+        fetch-depth: 0
+        fetch-tags: true
+
+    - name: Validate version
+      id: validate
+      run: |
+        function ver { printf "%03d%03d%03d%03d" $(echo "$1" | tr '.' ' '); }
+
+        NEW_VERSION=${{ inputs.version }}
+        NEW_VERSION=${NEW_VERSION#v} # Remove v prefix
+
+        LATEST_VERSION=$(git describe --abbrev=0 --tags)
+        LATEST_VERSION=${LATEST_VERSION#v} # Remove v prefix
+
+        # check that new version can be parsed
+        if [ ! $(ver $NEW_VERSION ) -gt $(ver 0) ]; then
+          echo "::error::Entered version '${{ inputs.version }}' cannot be parsed"
+          exit 1
+        fi
+
+        # check version continuity
+        if [ ! $(ver $LATEST_VERSION) -lt $(ver $NEW_VERSION) ]; then
+          echo "::error::Entered version '${{ inputs.version }}' is smaller then latest version $LATEST_VERSION"
+          exit 1
+        fi
+
+        echo "version=${NEW_VERSION}" >> "$GITHUB_OUTPUT"
+
+    - name: Prepare Github Actions Bot
+      run: |
+        git config --local user.name "github-actions[bot]"
+        git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
+    
+    - name: Setup node
+      uses: actions/setup-node@v3
+      with:
+        node-version: latest
+
+    - name: Update documentation
+      run: |
+        cd docs
+
+        FULL_VERSION=${{ steps.validate.outputs.version }}
+        VERSION=${FULL_VERSION%.*}.x
+
+        if [ ! -d "versioned_docs/version-${VERSION}" ]; then
+          npm ci
+          npm run docusaurus docs:version ${VERSION}
+
+          git add .
+          git commit -m "add new docs version ${VERSION}"
+        fi
+
+        sed -i "s/(current release is .*)/(current release is \`v${FULL_VERSION}\`)/g" docs/installation.md
+        sed -i "s/(current release is .*)/(current release is \`v${FULL_VERSION}\`)/g" versioned_docs/version-${VERSION}/installation.md
+    
+    - name: Update Changelog
+      run: |
+        VERSION=${{ steps.validate.outputs.version }}
+
+        sed -i "s/#.*(Pre-release)/# V${VERSION}/g" CHANGELOG.md
+
+        cat << EOF > /tmp/CHANGELOG.prepend
+        # Vx.x.x (Pre-release)
+
+        ## Release Highlights
+
+        ## Important Notes
+
+        ## Breaking Changes
+        EOF
+
+        echo -e "$(cat /tmp/CHANGELOG.prepend)\n\n$(cat CHANGELOG.md)" > CHANGELOG.md
+    
+    - name: Update development files
+      run: |
+        VERSION=${{ steps.validate.outputs.version }}
+        cd contrib
+        grep -rl "quay.io/oauth2-proxy/oauth2-proxy:" | \
+          xargs sed -i "s#quay.io/oauth2-proxy/oauth2-proxy:v[0-9]\+\.[0-9]\+\.[0-9]\+#quay.io/oauth2-proxy/oauth2-proxy:v${VERSION}#g"
+
+    - name: Commit and push
+      run: |
+        VERSION=${{ steps.validate.outputs.version }}
+
+        git checkout -b release/v${VERSION}
+        git commit -am "update to release version v${VERSION}"
+        git push -u origin release/v${VERSION}
+    
+    - name: Create PR
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        VERSION=v${{ steps.validate.outputs.version }}
+        gh pr create -B master -H release/${VERSION} --title "release ${VERSION}" --body "Release branch and changes created by GitHub Actions. This PR should include changes to the docs, CHANGELOG and local environment files."

.github/workflows/publish-release.yml

@@ -0,0 +1,126 @@
+name: Publish Release
+run-name: ${{ github.event.pull_request.head.ref }}
+
+on:
+  pull_request_target:
+    branches:
+      - master
+    types:
+      - closed
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  publish:
+    if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.tag.outputs.version }}
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v3
+      with:
+        ref: ${{ github.event.pull_request.merge_commit_sha }}
+        fetch-depth: 0
+        fetch-tags: true
+
+    - name: Tag release
+      run: |
+        # Set up github-actions[bot] user
+        git config --local user.name "github-actions[bot]"
+        git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
+
+        # Get the version from the branch name
+        branch="${{ github.event.pull_request.head.ref }}"
+        version="${branch#release/}"
+        echo ${version}
+
+        # Tag and create release
+        git tag -a "${version}" -m "Release ${version}"
+        echo "version=${version}" >> $GITHUB_OUTPUT
+      id: tag
+
+    - name: Set up go
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.19
+
+    - name: Get dependencies
+      run: |
+        curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.50.0
+        curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
+        chmod +x ./cc-test-reporter
+
+        # Install go depedencies
+        go mod download
+
+    - name: Build Artifacts
+      run: make release
+
+    # Upload artifacts in case of workflow failure
+    - name: Upload Artifacts
+      uses: actions/upload-artifact@v3
+      with:
+        name: oauth2-proxy-artifacts
+        path: |
+          release/*.tar.gz
+          release/*.txt
+
+    - name: Create release
+      env:
+        GH_TOKEN: ${{ github.token }}
+      run: |
+        # Get version from tag
+        version=$(git describe --tags --abbrev=0)
+
+        # Extract CHANGELOG
+        numericVersion="${version#v}"
+        notes=$(sed -E "/^# (v|V)$numericVersion$/,/^# (v|V)/!d;//d" CHANGELOG.md)
+
+        # Publish release tag
+        git push origin "${version}"
+
+        # Create github release
+        gh release create "${version}" \
+          --title "${version}" \
+          --notes "${notes}" \
+          --prerelease
+        
+        # Upload artifacts
+        gh release upload "${version}" release/*.tar.gz
+        gh release upload "${version}" release/*.txt
+  
+  docker:
+    needs: publish
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v3
+      with:
+        ref: ${{ needs.publish.outputs.tag }}
+        fetch-depth: 0
+        fetch-tags: true
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v2
+
+    - name: Login to quay.io
+      uses: docker/login-action@v2
+      with:
+        registry: quay.io/oauth2-proxy
+        username: ${{ secrets.REGISTRY_USERNAME }}
+        password: ${{ secrets.REGISTRY_PASSWORD }}
+
+    - name: Build images
+      run: |
+        make docker-all
+    
+    - name: Push images
+      run: |
+        make docker-push-all

RELEASE.md

@@ -1,5 +1,7 @@
 # Release
 
+The is a legacy document to explain the manual process of creating and publishing a new release of oauth2-proxy. As of now the release process has been automated with GitHub Actions workflows. For more information have a look at the workflows `create-release.yml` and `publish-release.yml`.
+
 Here's how OAuth2 Proxy releases are created.
 
 ## Schedule