RUMM-1667 Enhance release automation

[ncreated]

What and why?

📦 This PR proposes enhancement to our release automation model. Compared to previous model:

• It no longer creates Datadog-x.y.z.zip archive in current directory, instead it clones the repo to temporary folder which ensures clean state for building XCFrameworks. It removes the need for prepare() and cleanup() operations and guarantees that no dirty artefacts will be included in the .zip (in 1.7.0, 1.7.1 and 1.8.0-beta1 we accidentally included HTTPServerMock.xcframework).
• It runs integrity checks to ensure that sdk_version and spec.version match the git tag and validates the content of produced Datadog-x.y.z.zip archive.
• It supports --dry-run mode for testing and debugging locally and on CI (with DD_RELEASE_DRY_RUN=1 ENV).
• It allows selective run for particular release tags (also on CI) which will be necessary for fixing 1.7.0, 1.7.1 and 1.8.0-beta1 GH assets.

How?

Updated Bitrise pipelnie

I reshaped our Bitrise CI pipeline to spin off two distinct jobs, one for publishing GH Release asset, one for pushing pods:

tagged_commit:               --- (tests) ---> ✅
publish_github_asset:                       ↘ --(make .zip + validate + upload)--> ✅
publish_cocoapods_podspecs:                 ↘ --(lint specs + push specs)-----------------------> ✅

I used the official Bitrise Start Build step instead of calling Bitrise API with curl (it gives us ENV propagation from tagged_commit to child jobs for free). It is possible to support Github Check by making the tagged_commit await child jobs completion, but in our case this will always end up with a CI timeout (90min) as Cocoapods specs push might take ~1h. Instead, eventual failure from child jobs is reported to our Slack channel.

New CLI tooling

I replaced Bash scripts with more flexible Python CLI tool:

❯ ./tools/distribution/release.py -h
usage: release.py [-h] [--only-github] [--only-cocoapods] [--overwrite-github] [--dry-run] git_tag

positional arguments:
  git_tag             Git tag name.

optional arguments:
  -h, --help          show this help message and exit
  --only-github       Only publish GH Release asset.
  --only-cocoapods    Only publish Cocoapods podspecs.
  --overwrite-github  Overwrite existing GH Release asset.
  --dry-run           Run validation but skip publishing.

It uses python3 and no pip dependencies. The --dry-run option allows for local and remote (DD_RELEASE_DRY_RUN=1) debugging. All options have their ENV counterpart, meaning that it can be run for any release tag locally and on CI.

The tool itself is simple: it makes, validates and publishes GH Release asset and / or Cocoapod specs, e.g.:

gh_asset = GHAsset()  # make the `.zip`
gh_asset.validate(git_tag=git_tag)  # validate it
gh_asset.publish(git_tag=git_tag, overwrite_existing=overwrite_github, dry_run=dry_run)  # upload to GH

Example CI logs for --dry-run: publishing GH Asset, publishing CP specs.

Review checklist

• Feature or bugfix MUST have appropriate tests (unit, integration)
• Make sure each commit and the PR mention the Issue number or JIRA reference

[maxep]

I think pod trunk push performs the same validation as pod spec lint.

[maxep]

Yes they both perform this validator. So you could just call pod trunk push.

[ncreated]

Agree 👍 , however I was trying to optimize for the CI log clarity here. Note, that we're calling pod spec lint with the --silent option and only calling verbose pod trunk push once after we know pushing will pass. Given that we know pod spec lint will fail for dozen of times, this should give us minimal log with maximum verbosity:

attempt 1: `pod spec lint` verbose failure 
attempt 2: `pod spec lint` silent failure 
attempt 3: `pod spec lint` silent failure 
...
attempt N: `pod spec lint` silent pass
attempt N+1: `pod trunk push` verbose pass 

I don't think we can use only pod trunk push to achieve the same, hence the question is if we want to optimize for CI speed (one redundant pod spec lint) or CI log clarity. WDYT?

[ncreated]

Well, actually we can have both by adding a bit more complexity to this tool and capturing shell('') output along with its result. Then we will control which output to print in the log. So this is a third option to consider.

[maxep]

Ah I see, I didn't catch the logic at first glance! I'm all for simplicity, if we are not too concern about build time I'm good with it 👍

[maxep]

🐍 ⭐

[ncreated]

I added an improvement to always build our dependencies from source, which leads to producing minimal GH Asset (with only the architecture slices we need):

- shell('carthage bootstrap --no-build')
- shell('carthage build --platform iOS --use-xcframeworks --no-skip-current')
+ shell('carthage bootstrap --platform iOS --no-build')
+ shell('carthage build --platform iOS --use-xcframeworks --no-use-binaries --no-skip-current')

Also, added additional log on the XCFrameworks details. I tried with 1.7.1 and --dry-run:

→ details on bundled `XCFrameworks`:
   - /Kronos.xcframework/ios-arm64_i386_x86_64-simulator
   - /Kronos.xcframework/Info.plist
   - /Kronos.xcframework/ios-arm64_armv7
   - /DatadogCrashReporting.xcframework/ios-x86_64-simulator
   - /DatadogCrashReporting.xcframework/ios-arm64
   - /DatadogCrashReporting.xcframework/Info.plist
   - /DatadogObjc.xcframework/ios-arm64_x86_64-simulator
   - /DatadogObjc.xcframework/ios-arm64
   - /DatadogObjc.xcframework/Info.plist
   - /Datadog.xcframework/ios-arm64_x86_64-simulator
   - /Datadog.xcframework/ios-arm64
   - /Datadog.xcframework/Info.plist
   - /CrashReporter.xcframework/ios-arm64_i386_x86_64-simulator
   - /CrashReporter.xcframework/ios-arm64_arm64e_armv7_armv7s
   - /CrashReporter.xcframework/Info.plist

[maxep]

perfect 👌