From 6f6710075fef963e9930da7eda6d4c68e130f22d Mon Sep 17 00:00:00 2001
From: Manuel Fuchs <manuel.fuchs@salesforce.com>
Date: Fri, 6 Oct 2023 13:22:37 +0200
Subject: [PATCH 1/2] Make token available to GitHub CLI

---
 .github/workflows/prepare-release.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml
index f4f4c51c..3df098d0 100644
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -3,6 +3,13 @@ name: Prepare release
 on:
   workflow_dispatch:
 
+defaults:
+  run:
+    # Setting an explicit bash shell ensures GitHub Actions enables pipefail mode too, rather
+    # than only error on exit. This is important for UX since this workflow uses pipes. See:
+    # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell
+    shell: bash
+
 jobs:
   prepare-release:
     name: Prepare Release
@@ -27,6 +34,8 @@ jobs:
       - name: Record latest release version
         id: old-version
         run: echo "version=$(gh release view --json tagName | jq -j .tagName)" >> "${GITHUB_OUTPUT}"
+        env:
+          GH_TOKEN: ${{ github.token }}
 
       - name: Drop -SNAPSHOT suffix from version
         run: ./mvnw versions:set -DremoveSnapshot -DgenerateBackupPoms=false

From 9987a2d28669f06565d740cc1ee2be51f3f8d914 Mon Sep 17 00:00:00 2001
From: Manuel Fuchs <manuel.fuchs@salesforce.com>
Date: Fri, 6 Oct 2023 15:58:24 +0200
Subject: [PATCH 2/2] Add release workflow

---
 .github/workflows/prepare-release.yml |   5 +-
 .github/workflows/release.yml         | 107 ++++++++++++++++++++++++++
 2 files changed, 109 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/release.yml

diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml
index 3df098d0..c4f6915d 100644
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -1,7 +1,6 @@
 name: Prepare release
 
-on:
-  workflow_dispatch:
+on: workflow_dispatch
 
 defaults:
   run:
@@ -35,7 +34,7 @@ jobs:
         id: old-version
         run: echo "version=$(gh release view --json tagName | jq -j .tagName)" >> "${GITHUB_OUTPUT}"
         env:
-          GH_TOKEN: ${{ github.token }}
+          GH_TOKEN: ${{ steps.generate-token.outputs.app_token }}
 
       - name: Drop -SNAPSHOT suffix from version
         run: ./mvnw versions:set -DremoveSnapshot -DgenerateBackupPoms=false
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 00000000..862243f5
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,107 @@
+name: Release
+
+on: workflow_dispatch
+
+defaults:
+  run:
+    # Setting an explicit bash shell ensures GitHub Actions enables pipefail mode too, rather
+    # than only error on exit. This is important for UX since this workflow uses pipes. See:
+    # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell
+    shell: bash
+
+jobs:
+  release:
+    name: Release
+    # Prevent accidentally performing a release from a branch other than `main`.
+    if: github.ref == 'refs/heads/main'
+    runs-on: pub-hk-ubuntu-22.04-small
+    steps:
+      - name: Get token for GH application (Linguist)
+        uses: heroku/use-app-token-action@main
+        id: generate-token
+        with:
+          app_id: ${{ vars.LINGUIST_GH_APP_ID }}
+          private_key: ${{ secrets.LINGUIST_GH_PRIVATE_KEY }}
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          # Using the GH application token here will configure the local git config for this repo with credentials
+          # that can be used to make signed commits that are attributed to the GH application user
+          token: ${{ steps.generate-token.outputs.app_token }}
+
+      - name: Set up Java
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: '8'
+          server-id: ossrh
+          server-username: MAVEN_CENTRAL_USERNAME
+          server-password: MAVEN_CENTRAL_TOKEN
+          gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
+
+      - name: Record new version
+        id: new-version
+        run: echo "version=$(./mvnw org.apache.maven.plugins:maven-help-plugin:3.1.0:evaluate -Dexpression=project.version -q -B -DforceStdout)" >> "${GITHUB_OUTPUT}"
+
+      - name: Check GitHub release does not already exist
+        run: |
+          if gh release view '${{ steps.new-version.outputs.version }}' --json url --jq '.url'; then
+            echo "Aborting since a GitHub release already exists for ${{ steps.new-version.outputs.version }}!" >&2
+            echo "If you are sure you want to recreate the release, delete the existing one first." >&2
+            exit 1
+          fi
+        env:
+          GH_TOKEN: ${{ steps.generate-token.outputs.app_token }}
+
+      - name: Extract changelog entry
+        id: changelog-entry
+        # See https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
+        run: |
+          {
+            echo 'content<<CHANGELOG_END'
+            awk '/^## \[${{ steps.new-version.outputs.version }}\]/{flag=1; next} /^## /{flag=0} flag' CHANGELOG.md
+            echo CHANGELOG_END
+          } >> "${GITHUB_OUTPUT}"
+
+      - name: Deploy project
+        run: ./mvnw --batch-mode deploy
+        env:
+          MAVEN_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
+          MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v0.1.15
+        with:
+          token: ${{ steps.generate-token.outputs.app_token }}
+          tag_name: v${{ steps.new-version.outputs.version }}
+          body: ${{ steps.changelog-entry.outputs.content }}
+
+      - name: Record next version
+        id: next-version
+        run: echo "version=$(echo ${{ steps.new-version.outputs.version }} | awk -F. -v OFS=. '{ $NF=sprintf("%d-SNAPSHOT", ($NF+1)); printf $0 }')" >> "${GITHUB_OUTPUT}"
+
+      - name: Update version
+        run: ./mvnw versions:set -DgenerateBackupPoms=false -DnewVersion="${{ steps.next-version.outputs.version }}"
+
+      - name: Create pull request
+        id: pr
+        uses: peter-evans/create-pull-request@v5.0.2
+        with:
+          token: ${{ steps.generate-token.outputs.app_token }}
+          title: Prepare next development iteration ${{ steps.next-version.outputs.version }}
+          body: |
+            Prepare next development iteration `${{ steps.next-version.outputs.version }}`.
+          commit-message: Prepare next development iteration ${{ steps.next-version.outputs.version }}
+          branch: prepare-next
+          delete-branch: true
+          committer: ${{ vars.LINGUIST_GH_APP_USERNAME }} <${{ vars.LINGUIST_GH_APP_EMAIL }}>
+          author: ${{ vars.LINGUIST_GH_APP_USERNAME }} <${{ vars.LINGUIST_GH_APP_EMAIL }}>
+
+      - name: Configure pull request
+        if: steps.pr.outputs.pull-request-operation == 'created'
+        run: gh pr merge --auto --squash "${{ steps.pr.outputs.pull-request-number }}"
+        env:
+          GH_TOKEN: ${{ steps.generate-token.outputs.app_token }}