From a57ea33819727e72baebff8c9deb6da509896950 Mon Sep 17 00:00:00 2001
From: Drew Bollinger <drew.bollinger@gsa.gov>
Date: Fri, 21 Jun 2024 13:12:46 -0700
Subject: [PATCH] chore: add release workflow, wait for certain passes

---
 .cz.json                   | 47 ++++++++++++++++++++++++++++++++++++++
 ci/pipeline-production.yml | 12 +++++++++-
 ci/pipeline-staging.yml    | 17 ++++++++++++--
 3 files changed, 73 insertions(+), 3 deletions(-)
 create mode 100644 .cz.json

diff --git a/.cz.json b/.cz.json
new file mode 100644
index 0000000..bdd3d75
--- /dev/null
+++ b/.cz.json
@@ -0,0 +1,47 @@
+{
+  "commitizen": {
+    "name": "cz_customize",
+    "version_scheme": "semver",
+    "version_provider": "scm",
+    "update_changelog_on_bump": true,
+    "major_version_zero": false,
+    "bump_message": "chore: release $new_version",
+    "gpg_sign": true,
+    "changelog_incremental": true,
+    "customize": {
+      "message_template": "{{change_type}}:{% if show_message %} {{message}}{% endif %}",
+      "example": "feat: this feature enable customize through config file",
+      "schema": "<type>: <body>",
+      "schema_pattern": "^(build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test){1}(\\([\\w\\-\\.]+\\))?(!)?: ([\\w \\-'])+([\\s\\S]*)",
+      "bump_pattern": "^(.+!|BREAKING CHANGE|chore|docs|feat|fix|perf|refactor|revert|style|test)(\\([\\w\\-\\.]+\\))?:",
+      "bump_map": {
+          ".+!": "MAJOR",
+          "BREAKING CHANGE": "MAJOR",
+          "feat": "MINOR",
+          "fix": "PATCH",
+          "chore": "PATCH",
+          "docs": "PATCH",
+          "perf": "PATCH",
+          "refactor": "PATCH",
+          "revert": "MINOR",
+          "style": "PATCH",
+          "test": "PATCH"
+      },
+      "change_type_order": ["Breaking Changes", "Added", "Fixed", "Performance", "Reverted", "Maintenance", "Documentation"],
+      "commit_parser": "^((?P<change_type>chore|docs|feat|fix|perf|refactor|revert|style|test|BREAKING CHANGE)(?:\\((?P<scope>[^()\r\n]*)\\)|\\()?(?P<breaking>!)?|\\w+!):\\s(?P<message>.*)?",
+      "changelog_pattern": "^(.+!|BREAKING CHANGE|chore|docs|feat|fix|perf|refactor|revert|style|test)(\\([\\w\\-\\.]+\\))?:",
+      "change_type_map": {
+        "BREAKING CHANGE": "Breaking Changes",
+        "chore": "Maintenance",
+        "docs": "Documentation",
+        "feat": "Added",
+        "fix": "Fixed",
+        "perf": "Performance",
+        "refactor": "Maintenance",
+        "revert": "Reverted",
+        "style": "Maintenance",
+        "test": "Maintenance"
+      }
+    }
+  }
+}
diff --git a/ci/pipeline-production.yml b/ci/pipeline-production.yml
index 9a701ff..8f1523a 100644
--- a/ci/pipeline-production.yml
+++ b/ci/pipeline-production.yml
@@ -30,6 +30,7 @@ jobs:
         resource: src-((deploy-env))-tagged
         trigger: true
         params: { depth: 1 }
+        passed: [set-pipeline]
       - get: python
       - task: test
         image: python
@@ -43,7 +44,7 @@ jobs:
         resource: src-((deploy-env))-tagged
         trigger: true
         params: { depth: 1 }
-        passed: [test-((deploy-env))]
+        passed: [test-((deploy-env)), audit-dependencies]
       - get: general-task
       - get: oci-build-task
       - task: build
@@ -84,6 +85,15 @@ jobs:
     on_failure: #@ slack_hook("failure", "dependency audit")
     on_success: #@ slack_hook("success", "dependency audit")
 
+  - name: release
+    plan:
+      - get: src
+        resource: src-((deploy-env))-tagged
+        params: { depth: 1 }
+        trigger: true
+        passed: [deploy-((deploy-env))]
+      -  #@ template.replace(data.values.release_steps)
+
 #!  RESOURCES
 
 resources:
diff --git a/ci/pipeline-staging.yml b/ci/pipeline-staging.yml
index 919f683..dfa5715 100644
--- a/ci/pipeline-staging.yml
+++ b/ci/pipeline-staging.yml
@@ -24,12 +24,24 @@ jobs:
         instance_vars:
           deploy-env: ((deploy-env))
 
+  - name: update-release-branch
+    plan:
+      - get: src
+        resource: src-((deploy-env))
+        trigger: true
+      - get: general-task
+      - get: pipeline-tasks
+      - task: update-release-branch
+        image: general-task
+        file: pipeline-tasks/tasks/update-release-branch.yml
+
   - name: test-((deploy-env))
     plan:
       - get: src
         resource: src-((deploy-env))
         trigger: true
         params: { depth: 1 }
+        passed: [set-pipeline]
       - get: python
       - task: test
         image: python
@@ -43,7 +55,7 @@ jobs:
         resource: src-((deploy-env))
         trigger: true
         params: { depth: 1 }
-        passed: [test-((deploy-env))]
+        passed: [test-((deploy-env)), audit-dependencies]
       - get: general-task
       - get: oci-build-task
       - task: build
@@ -91,9 +103,10 @@ resources:
     type: git
     icon: github
     source:
-      uri: ((git-base-url))/((build-container-repository-path))
+      uri: git@github.com:/((build-container-repository-path))
       branch: main
       commit_verification_keys: ((cloud-gov-pages-gpg-keys))
+      private_key: ((pages-gpg-operations-github-sshkey.private_key))
 
   - name: image-repository
     type: registry-image