[Release|CI/CD] Combine branch-off and RC automation flows

.github/workflows/release-10_branchoff-stable.yml

@@ -1,19 +1,31 @@
-name: Release - Branch off stable branch
+# This workflow has combined functionality of branching-off a new stable release branch and tagging an RC.
+# The options to branch-off and/or tag an RC can be chosen independently by ticking the appropriate checkbox in the launching form,
+# as the branch-off happens only ones per quarter and a tagging activity done more frequently for each new RC during the release process.
+name: Release - Branch off stable branch and/or tag rc
 
 on:
   workflow_dispatch:
     inputs:
       stable_version:
-        description: New stable version in the format stableYYMM
+        description: Stable version in the format stableYYMM that will be used as branch name and rc tag base
         required: true
         type: string
 
       node_version:
-        description: Version of the polkadot node in the format X.XX.X (e.g. 1.15.0)
-        required: true
+        description: Version of the polkadot node in the format X.XX.X (e.g. 1.15.0). ℹ️ Node version is needed only for the branch-off
+        type: string
+        required: false
+
+      is_new_stable:
+        description: Check this box if this is a new stable release and the stable branch needs to be created
+        type: boolean
+
+      tag_rc:
+        description: Check this box if the rc tag needs to be created
+        type: boolean
 
 jobs:
-  prepare-tooling:
+  validate-inputs:
     runs-on: ubuntu-latest
     outputs:
       node_version: ${{ steps.validate_inputs.outputs.node_version }}
@@ -28,14 +40,17 @@ jobs:
         run: |
           . ./.github/scripts/common/lib.sh
 
-          node_version=$(filter_version_from_input "${{ inputs.node_version }}")
-          echo "node_version=${node_version}" >> $GITHUB_OUTPUT
+          if [ -n "${{ inputs.node_version }}" ]; then
+            node_version=$(filter_version_from_input "${{ inputs.node_version }}")
+            echo "node_version=${node_version}" >> $GITHUB_OUTPUT
+          fi
 
           stable_version=$(validate_stable_tag ${{ inputs.stable_version }})
           echo "stable_version=${stable_version}" >> $GITHUB_OUTPUT
 
   create-stable-branch:
-    needs: [prepare-tooling]
+    if: ${{ inputs.is_new_stable }}
+    needs: [ validate-inputs ]
     runs-on: ubuntu-latest
     environment: release
     env:
@@ -44,7 +59,7 @@ jobs:
       AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
-      STABLE_BRANCH_NAME: ${{ needs.prepare-tooling.outputs.stable_version }}
+      STABLE_BRANCH_NAME: ${{ needs.validate-inputs.outputs.stable_version }}
 
     steps:
       - name: Install pgpkkms
@@ -54,7 +69,7 @@ jobs:
 
       - name: Generate content write token for the release automation
         id: generate_write_token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@v2
         with:
             app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }}
             private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }}
@@ -91,7 +106,7 @@ jobs:
         run: |
           . ./.github/scripts/release/release_lib.sh
 
-          NODE_VERSION="${{ needs.prepare-tooling.outputs.node_version }}"
+          NODE_VERSION="${{ needs.validate-inputs.outputs.node_version }}"
           NODE_VERSION_PATTERN="\(NODE_VERSION[^=]*= \)\".*\""
           set_version "$NODE_VERSION_PATTERN" $NODE_VERSION "polkadot/node/primitives/src/lib.rs"
           commit_with_message "Bump node version to $NODE_VERSION in polkadot-cli"
@@ -102,12 +117,34 @@ jobs:
           runtimes_list=$(get_filtered_runtimes_list)
           set_spec_versions $SPEC_VERSION "${runtimes_list[@]}"
 
-          # TODO: clarify what to do with the polkadot-parachain binary
-          # Set new version for polkadot-parachain binary to match the polkadot node binary
-          # set_polkadot_parachain_binary_version $NODE_VERSION "cumulus/polkadot-parachain/Cargo.toml"
-
           reorder_prdocs $STABLE_BRANCH_NAME
 
           gh auth setup-git
 
           git push origin "$STABLE_BRANCH_NAME"
+
+      - name: Tag RC after branch off
+        if: ${{ inputs.tag_rc }}
+        env:
+          GH_TOKEN: ${{ steps.generate_write_token.outputs.token }} # or use a PAT with workflow scope
+        run: |
+          stable_tag_base=polkadot-${{ needs.validate-inputs.outputs.stable_version }}
+          gh workflow run release-11_rc-automation.yml \
+            --repo ${{ github.repository }} \
+            --ref ${{ needs.validate-inputs.outputs.stable_version }} \
+            --field version=${stable_tag_base}
+
+  tag-rc-without-branchoff:
+    if: ${{ !inputs.is_new_stable && inputs.tag_rc }}
+    needs: [ validate-inputs ]
+    uses: ./.github/workflows/release-11_rc-automation.yml
+    with:
+      version: polkadot-${{ needs.validate-inputs.outputs.stable_version }}
+    secrets:
+      PGP_KMS_SIGN_COMMITS_KEY:  ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }}
+      PGP_KMS_HASH:  ${{ secrets.PGP_KMS_HASH }}
+      AWS_ACCESS_KEY_ID:  ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      AWS_DEFAULT_REGION:  ${{ secrets.AWS_DEFAULT_REGION }}
+      RELEASE_AUTOMATION_APP_PRIVATE_KEY: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }}
+      RELEASENOTES_MATRIX_V2_ACCESS_TOKEN: ${{ secrets.RELEASENOTES_MATRIX_V2_ACCESS_TOKEN }}

.github/workflows/release-11_rc-automation.yml

@@ -1,18 +1,29 @@
-name: Release - RC automation
+name: Release - RC tagging automation
 on:
-  # TODO: Activate it and delete old branches patterns, when the release process from stable is settled
-  #push:
-    # branches:
-    #   # Catches release-polkadot-v1.2.3, release-v1.2.3-rc1, etc
-    #   - release-v[0-9]+.[0-9]+.[0-9]+*
-    #   - release-cumulus-v[0-9]+*
-    #   - release-polkadot-v[0-9]+*
-    #   - stable
-
   workflow_dispatch:
     inputs:
       version:
         description: Current release/rc version in format polkadot-stableYYMM
+  workflow_call:
+    inputs:
+      version:
+        description: Current release/rc version in format polkadot-stableYYMM
+        type: string
+    secrets:
+      PGP_KMS_SIGN_COMMITS_KEY:
+        required: true
+      PGP_KMS_HASH:
+        required: true
+      AWS_ACCESS_KEY_ID:
+        required: true
+      AWS_SECRET_ACCESS_KEY:
+        required: true
+      AWS_DEFAULT_REGION:
+        required: true
+      RELEASE_AUTOMATION_APP_PRIVATE_KEY:
+        required: true
+      RELEASENOTES_MATRIX_V2_ACCESS_TOKEN:
+        required: true
 
 jobs:
   tag_rc:
@@ -38,7 +49,7 @@ jobs:
 
       - name: Generate content write token for the release automation
         id: generate_write_token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@v2
         with:
             app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }}
             private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }}

docs/BACKPORT.md

@@ -14,7 +14,8 @@ Backports should only be used to fix bugs or security issues - never to introduc
 3. Merge the PR into `master`.
 4. Wait for the bot to open the backport PR.
 5. Ensure the change is audited or does not need audit.
-6. Merge the backport PR.
+6. Merge the backport PR.(ℹ️ for the branches starting from 2412 it can be done automatically
+    if backport PR has at least two reviews and a pipeline is green)
 
 The label can also be added after the PR is merged.
 

docs/RELEASE.md

@@ -141,13 +141,20 @@ utilizes [`cargo-semver-checks`](https://github.com/obi1kenobi/cargo-semver-chec
 
 Cadence: every 3 months for new `stable` releases and monthly for existing `stables`. Responsible: Release Team.
 
-### Steps to execute a new stable release
+### Steps to execute a new stable binary release
 
 From the main Polkadot-sdk repository in the paritytech org:
 
 1. On the cut-off date, create a new branch with the name `satbleYYMM`
-using [Branch-off stable flow](/.github/workflows/release-10_branchoff-stable.yml)
-2. Create a new rc tag from the stable branch using [RC Automation flow](/.github/workflows/release-11_rc-automation.yml)
+  using combined [Branch-off stable/tag rc flow](/.github/workflows/release-10_branchoff-stable.yml)
+2. Create a new rc tag from the stable branch using combined
+   [Branch-off stable/tag rc flow](/.github/workflows/release-10_branchoff-stable.yml)
+
+ℹ️ These first two steps can be done all in one if there are no extra actions (like crates release) are needed
+to be done in between.
+In case of a crates release: when it is done, the changes done by the Parity-Publish needs to be revereted and
+merged back to the stable branch via a PR as the direct pushes are restricted. When this is done,
+the new RC tag can be created using the flow from above.
 
 From the forked Polkadot-sdk repository in the [paritytech-release org](https://github.com/paritytech-release/polkadot-sdk/actions):