GHA-176 Add automated release workflow setup and documentation (#86)

Author: nils-werner-sonarsource

CLAUDE.md

@@ -12,7 +12,7 @@ Related Jira tickets for this project are tracked in the **GHA** (GitHub Automat
 
 ## Branching
 
-**Important:** Changes must always be made on a feature branch, never directly on `master`.
+**Critical:** Changes must always be made on a feature branch, never directly on `master`. Before any commit, verify you are not on `master`.
 - If on `master`, create a new branch using the format: `ab/<feature-name>` (e.g., `ab/add-slack-notifications`)
 - The prefix `ab` represents the developer's initials (first letter of first name + first letter of last name)
 - Adapt `<feature-name>` based on the task/prompt (use lowercase, hyphen-separated)

README.md

@@ -4,24 +4,36 @@ A centralized collection of reusable GitHub Actions designed to streamline and a
 
 ## Available Actions
 
-* [**Check Releasability Status**](check-releasability-status/README.md): Checks the releasability status and extracts the version if successful.
-* [**Create Integration Ticket**](create-integration-ticket/README.md): Creates a Jira integration ticket with a custom summary and links it to another existing ticket.
-* [**Create Jira Release Ticket**](create-jira-release-ticket/README.md): Automates the creation of an "Ask for release" ticket in Jira.
-* [**Create Jira Version**](create-jira-version/README.md): Creates a new version in a Jira project, with the ability to automatically determine the next version number.
-* [**Get Jira Release Notes**](get-jira-release-notes/README.md): Fetches Jira release notes and generates the release notes URL for a given project and version.
-* [**Get Jira Version**](get-jira-version/README.md): Extracts a Jira-compatible version number from a release version by formatting it appropriately for Jira.
-* [**Get Release Version**](get-release-version/README.md): Extracts the release version from the repox status on a specified branch.
-* [**Lock Branch**](lock-branch/README.md): Locks or unlocks a branch by modifying the `lock_branch` setting in branch protection rules.
-* [**Notify Slack on Failure**](notify-slack/README.md): Sends a Slack notification when a job fails.
-* [**Publish GitHub Release**](publish-github-release/README.md): Publishes a GitHub Release with notes fetched from Jira or provided directly.
-* [**Release Jira Version**](release-jira-version/README.md): Releases a Jira version and creates the next one.
-* [**Update Analyzer**](update-analyzer/README.md): Updates an analyzer version in SonarQube or SonarCloud and creates a pull request.
-* [**Update Release Ticket Status**](update-release-ticket-status/README.md): Updates the status of a Jira release ticket and can change its assignee.
-* [**Update Rule Metadata**](update-rule-metadata/README.md): Automates updating rule metadata across all supported languages using the rule-api tooling.
+| Action | Description |
+|--------|-------------|
+| [Check Releasability Status](check-releasability-status/README.md) | Checks the releasability status and extracts the version if successful |
+| [Create Integration Ticket](create-integration-ticket/README.md) | Creates a Jira integration ticket with a custom summary and links it to another existing ticket |
+| [Create Jira Release Ticket](create-jira-release-ticket/README.md) | Automates the creation of an "Ask for release" ticket in Jira |
+| [Create Jira Version](create-jira-version/README.md) | Creates a new version in a Jira project, with the ability to automatically determine the next version number |
+| [Get Jira Release Notes](get-jira-release-notes/README.md) | Fetches Jira release notes and generates the release notes URL for a given project and version |
+| [Get Jira Version](get-jira-version/README.md) | Extracts a Jira-compatible version number from a release version by formatting it appropriately for Jira |
+| [Get Release Version](get-release-version/README.md) | Extracts the release version from the repox status on a specified branch |
+| [Lock Branch](lock-branch/README.md) | Locks or unlocks a branch by modifying the `lock_branch` setting in branch protection rules |
+| [Notify Slack on Failure](notify-slack/README.md) | Sends a Slack notification when a job fails |
+| [Publish GitHub Release](publish-github-release/README.md) | Publishes a GitHub Release with notes fetched from Jira or provided directly |
+| [Release Jira Version](release-jira-version/README.md) | Releases a Jira version and creates the next one |
+| [Update Analyzer](update-analyzer/README.md) | Updates an analyzer version in SonarQube or SonarCloud and creates a pull request |
+| [Update Release Ticket Status](update-release-ticket-status/README.md) | Updates the status of a Jira release ticket and can change its assignee |
+| [Update Rule Metadata](update-rule-metadata/README.md) | Automates updating rule metadata across all supported languages using the rule-api tooling |
 
 ## Available Workflows
 
-* [**Automated Release Workflow**](docs/AUTOMATED_RELEASE.md): Orchestrates the end-to-end release across Jira and GitHub, with optional integration tickets and analyzer PRs.
+| Workflow | Description |
+|----------|-------------|
+| [Automated Release Workflow](docs/AUTOMATED_RELEASE.md) | Orchestrates the end-to-end release across Jira and GitHub, with optional integration tickets and analyzer PRs |
+
+## Claude Code Skills
+
+This repository includes [Claude Code skills](skills/README.md) for automating common tasks related to release workflows.
+
+| Skill | Description |
+|-------|-------------|
+| [automated-release-setup](./skills/automated-release-setup/) | Set up automated release workflow for SonarSource analyzer projects |
 
 ## Development
 

docs/AUTOMATED_RELEASE.md

@@ -2,6 +2,8 @@
 
 This reusable GitHub Actions workflow automates the end-to-end release process across Jira and GitHub, and optionally creates integration tickets and analyzer update PRs. It is designed to be invoked via `workflow_call` from other repositories.
 
+> **Quick Setup**: Use the [automated-release-setup Claude Code skill](../skills/automated-release-setup/) to automatically set up this workflow in your repository. The skill will guide you through prerequisites, create the necessary workflow files, and configure vault permissions.
+
 ## Description
 
 The workflow orchestrates these steps:
@@ -139,9 +141,94 @@ jobs:
   - Each job includes a "Summary" step that writes to `$GITHUB_STEP_SUMMARY` only when `verbose: true`.
 - Permissions and environments are scoped per job to minimize required privileges.
 
+## Setup
+
+To set up this workflow in your repository, you need to complete the following prerequisites and create the necessary workflow files.
+
+### Prerequisites
+
+1. **Jira Configuration**:
+   - Add `Jira Tech User GitHub` as Administrator on your Jira project (Project settings → People → Administrator role)
+   - For dry-run testing, also add the user to the Jira sandbox: https://sonarsource-sandbox-811.atlassian.net/
+
+2. **Vault Permissions**:
+   - Create a PR in `re-terraform-aws-vault` to add the `release-automation` secret
+   - File: `orders/{squad}.yaml` (e.g., `orders/analysis-jvm-squad.yaml`)
+   - Add the `release_automation` anchor if not present:
+     ```yaml
+     release_automation: &release_automation
+       suffix: release-automation
+       description: access to sonar-enterprise and sonarcloud-core repositories to create PRs to update analyzers
+       organization: SonarSource
+       permissions:
+         contents: write
+         pull_requests: write
+     ```
+   - Add to your repository's `github.customs` section:
+     ```yaml
+     - <<: *release_automation
+       repositories: [your-repo-name, sonar-enterprise, sonarcloud-core]
+     ```
+   - Example PR: https://github.com/SonarSource/re-terraform-aws-vault/pull/8406
+
+3. **Release Workflow**:
+   - Update `release.yml` to support `workflow_dispatch` with inputs: `version`, `releaseId`, `dryRun`
+   - Add fallbacks for release events:
+     ```yaml
+     with:
+       version: ${{ inputs.version || github.event.release.tag_name }}
+       releaseId: ${{ inputs.releaseId || github.event.release.id }}
+       dryRun: ${{ inputs.dryRun == true }}
+     ```
+
+### Required Workflow Files
+
+You need to create two workflow files:
+
+1. **`automated-release.yml`**: Main workflow that calls this reusable workflow
+2. **`bump-versions.yaml`**: Bumps version after release (Maven or Gradle)
+
+See the [Usage](#usage) section for examples, or use the [automated-release-setup skill](../skills/automated-release-setup/) for guided setup.
+
+### SonarLint Integration
+
+When your analyzer is used by SonarLint, you can enable integration ticket creation for IDE teams:
+
+| Input | Jira Project | Description |
+|-------|--------------|-------------|
+| `create-slvs-ticket` | SLVS | SonarLint for Visual Studio |
+| `create-slvscode-ticket` | SLVSCODE | SonarLint for VS Code |
+| `create-sle-ticket` | SLE | SonarLint for Eclipse |
+| `create-sli-ticket` | SLI | SonarLint for IntelliJ |
+
+Use `sq-ide-short-description` to describe changes relevant for IDE integrations.
+
 ## Troubleshooting
 
 - Ensure the caller repository has appropriate permissions to use this workflow and to write releases and PRs.
 - Verify that `release-automation-secret-name` exists and grants access for creating analyzer update PRs. If omitted, ensure the default secret (`sonar-{plugin-name}-release-automation`) exists and is configured with the required permissions.
 - Check job logs if the final summary indicates failure; the per-job logs contain detailed outputs even when `verbose` is disabled.
 - Ensure the `Jira Tech User GitHub` is an Administrator on the target Jira project; admin rights are required to release the Jira version and to create a new version.
+
+## Testing
+
+1. **Test with dry-run first**:
+   - Go to Actions → Automated Release → Run workflow
+   - Set `dry-run: true`
+   - Verify Jira tickets in sandbox, draft GitHub release, draft PRs
+
+2. **Production release**:
+   - Set `dry-run: false`
+   - All tickets, releases, and PRs will be created in production
+
+## Post-Release Checklist
+
+- Review and merge the bump-version PR
+- Review and merge the SQS PR in sonar-enterprise
+- Review and merge the SQC PR in sonarcloud-core
+- Update integration ticket statuses in Jira
+- Set fix versions on the SONAR ticket
+
+**If SonarLint integration is enabled:**
+- Monitor the SLVS, SLVSCode, SLE, and/or SLI tickets created in Jira
+- Coordinate with IDE teams for integration timelines