From 82ba9581471874e2058b57ec711e987e0eef0a58 Mon Sep 17 00:00:00 2001
From: Ivan Gonzalez <ivgonzalez@beyondtrust.com>
Date: Tue, 7 Jan 2025 15:30:47 -0500
Subject: [PATCH] CI: promotion workflow refactored

---
 .github/workflows/promotion.yml | 38 +++++++++++++++++++++++++++++
 .github/workflows/release.yml   | 43 ++++++++++++++++++++++++++++++---
 2 files changed, 77 insertions(+), 4 deletions(-)
 create mode 100644 .github/workflows/promotion.yml

diff --git a/.github/workflows/promotion.yml b/.github/workflows/promotion.yml
new file mode 100644
index 0000000..da80002
--- /dev/null
+++ b/.github/workflows/promotion.yml
@@ -0,0 +1,38 @@
+name: Build promotion
+
+on:
+  workflow_dispatch:
+
+jobs:
+  promotion:
+    runs-on: ubuntu-latest
+    steps:
+        - name: Jfrog setup
+          uses: jfrog/setup-jfrog-cli@96153976e4e81b3701e9cc0a5b9597e80614af81 # v4.5.1
+          env:
+            JF_ENV_1: ${{ secrets.ARTIFACTORY_DEPLOYER }}
+
+        - name: Extract version
+          uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+          id: version
+          with:
+            script: |
+              const version = context.ref.match(/[\d][\d*\.]*$/)[0];
+              core.setOutput("version", version);
+
+        - name: Promote artifact
+          run: |
+            VERSION="${{ steps.version.outputs.version }}"
+            BUILD_NAME="${{ github.event.repository.name }}"  
+            
+            BUILD_NUMBER="$(jfrog rt curl api/build/${BUILD_NAME} -s | jq -e -r '[.buildsNumbers[] | select(.uri | contains("'$VERSION'"))] | sort_by(.started) | reverse | .[0].uri[1:]')"
+
+            if [ -z "$BUILD_NUMBER" ]; then
+              echo "::error::Error retrieving build from Artifactory. No matching name/version. Name: $BUILD_NAME; Version: $VERSION"
+              exit 1
+            fi
+
+            echo "Promoting generic"
+            jfrog rt build-promote  "$BUILD_NAME" "$BUILD_NUMBER" eng-generic-prod-local --status released --copy=true
+
+
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6b1e338..6869f4f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,7 +1,7 @@
 name: Release
 
 env:
-  JFROG_CLI_BUILD_NAME: ${{ github.repository }}
+  JFROG_CLI_BUILD_NAME: ${{ github.event.repository.name }}
   JFROG_SERVER: eng-generic-dev-local
   SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
 
@@ -19,12 +19,43 @@ permissions:
 jobs:
   build:
     runs-on: ubuntu-latest
+    outputs:
+      full_version: ${{ steps.version.outputs.full_version }}
     steps:
       - name: Checkout code
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           fetch-depth: 0
 
+      - name: Get next version increment
+        id: increment
+        run: |
+          shopt -s nocasematch
+          commit_message=$(git log --format=%B -n 1)
+          if [[ $commit_message == "feat!:"* ]]; then
+            echo "INCREMENT=major" >> "$GITHUB_OUTPUT"
+          elif [[ $commit_message == "feat:"* ]]; then
+            echo "INCREMENT=minor" >> "$GITHUB_OUTPUT"
+          elif [[ $commit_message == "fix:"* ]]; then
+            echo "INCREMENT=patch" >> "$GITHUB_OUTPUT"
+          fi
+      
+      - name: Get next version numbers
+        uses: reecetech/version-increment@2024.10.1
+        id: version_number
+        with:
+          increment: ${{ steps.increment.outputs.increment }}
+
+      - name: Get full version name and version numbers
+        id: version
+        run: |
+          if [[ "${{ github.actor }}" == "beyondtrust-release-app" ]]; then
+            echo "full_version="$(git tag --sort "-committerdate" | cut -d$'\n' -f1)"" >> "$GITHUB_OUTPUT"
+          else
+            version=$(echo ${{ steps.version_number.outputs.version  }} | sed -e 's/-pre.*//g')
+            echo "full_version="${version}.${{ github.run_number }}"" >> "$GITHUB_OUTPUT"
+          fi
+
       - name: Build library
         run: |
           go build
@@ -112,19 +143,23 @@ jobs:
         env:
           JF_ENV_1: ${{ secrets.ARTIFACTORY_DEPLOYER }}
 
+      - name: Configure JFrog CLI build number
+        run: |
+          echo "JFROG_CLI_BUILD_NUMBER=${{ needs.build.outputs.full_version }}" >> $GITHUB_ENV 
+
       - name: Setting up artifactory
         run: |
-          mkdir go-library-passwordsafe
+          mkdir -p go-library-passwordsafe/${{ needs.build.outputs.full_version }}
 
       - name: Download library binary
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: library
-          path: go-library-passwordsafe
+          path: go-library-passwordsafe/${{ needs.build.outputs.full_version }}
 
       - name: Send artifacts to Jfrog
         run: |
-          jfrog rt u "go-library-passwordsafe/*" ${{ env.JFROG_SERVER }}
+          jfrog rt u "go-library-passwordsafe/${{ needs.build.outputs.full_version }}/*" ${{ env.JFROG_SERVER }}
 
       - name: Publish Build Information
         run: |