diff --git a/.github/workflows/deployToAWS.yml b/.github/workflows/deployToAWS.yml index d8068a04..6ef57f8b 100644 --- a/.github/workflows/deployToAWS.yml +++ b/.github/workflows/deployToAWS.yml @@ -1,11 +1,33 @@ name: "Publish to SNS Topic: Triggers Deployment to AWS" on: + workflow_call: + inputs: + DEPLOYMENT_ENVIRONMENT: + description: 'Environment' + type: string + required: true + targetCommitRef: + description: 'Commit ref to deploy' + type: string + default: 'main' + secrets: + AWS_REGION: + required: true + AWS_TOPIC_ARN: + required: true + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true workflow_dispatch: inputs: DEPLOYMENT_ENVIRONMENT: description: 'Environment' required: true + targetCommitRef: + description: 'Commit ref to deploy' + default: 'main' jobs: setup: @@ -29,4 +51,5 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} DEPLOYMENT_ENVIRONMENT: ${{ inputs.DEPLOYMENT_ENVIRONMENT }} + TARGET_COMMIT_REF: ${{ inputs.targetCommitRef }} run: python tools/aws_sns_publish_topic.py diff --git a/.github/workflows/pass-java-release.yml b/.github/workflows/pass-java-release.yml index 043edaf4..c139aa31 100644 --- a/.github/workflows/pass-java-release.yml +++ b/.github/workflows/pass-java-release.yml @@ -1,10 +1,231 @@ -name: Placeholder for consolidated Java release +name: Perform release for PASS Java projects + +# Java project releases are grouped together in this workflow because of their dependency +# hierarchy. Building the projects together in the same workflow (on the same runner) +# allows local dependency resolution, avoiding having to wait for syncing with Maven +# Central. +# +# We avoid having to duplicate secrets with a single workflow as well. + +# TODO: How are we going to get the correct credentials to push to other Java repos? +# For this repo, we can easily use secrets.GITHUB_TOKEN, provided automatically to the +# workflow. This token is assotiated with the user that manually triggers the workflow, +# but is scope-limited to only the repository that hosts the workflow. Manipulation +# other repositories will need credentials to be provided (a username/PAT). +# Should we include documentation for the release manager to create a short-lived PAT +# then update the TOKEN secret? on: - workflow_dispatch: + workflow_call: + inputs: + releaseversion: + description: 'Release version (e.g. 0.7.0)' + type: string + required: true + nextversion: + description: 'Next dev version (e.g. 0.8.0-SNAPSHOT)' + type: string + required: true + secrets: + MAVEN_GPG_KEY: + required: true + MAVEN_GPG_PASSPHRASE: + required: true + OSSRH_USERNAME: + required: true + OSSRH_PASSWORD: + required: true + # GH_PAT: + # description: Token needed for pushing commits to various PASS Java repositories + # required: true + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +env: + RELEASE: ${{ inputs.releaseversion }} + NEXT: ${{ inputs.nextversion }} jobs: - test: + release: runs-on: ubuntu-latest + steps: - - run: echo "Hello Moo!" \ No newline at end of file + # Setup + - name: Config git user + run: | + git config --global user.name ${{ github.actor }} + git config --global user.email "${{ github.actor }}@users.noreply.github.com" + + - name: Setup Java & Maven + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + server-id: ossrh + server-username: MAVEN_USERNAME + server-pasword: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE + + - name: Login to GHCR + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # ============================================================================= + # main + # ============================================================================= + - name: Checkout 'main' + uses: actions/checkout@v3 + with: + repository: eclipse-pass/main + path: main + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish release + run: | # Newlines for readability + mvn -B -U -V -ntp release:prepare \ + -DreleaseVersion=$RELEASE \ + -Dtag=$RELEASE \ + -DdevelopmentVersion=$NEXT \ + -DautoVersionSubmodules=true + mvn -B -U -V -ntp release:perform -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Build and publish new dev version + run: mvn -B -U -V -ntp deploy -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Push release plugin commits + if: github.ref_type == 'branch' && github.ref_protected == false + run: git push origin ${{ github.ref_name }} + + - name: Push new release tag GH + run: git push origin --tags + + # ============================================================================= + # pass-core + # ============================================================================= + - name: Checkout pass-core + uses: actions/checkout@v3 + with: + repository: eclipse-pass/pass-core + path: pass-core + token: ${{ secrets.GITHUB_TOKEN }} + + # Version:update-parent will grab the latest specified release (non-snapshot) + - name: Bump version to release + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$RELEASE + + - name: Commit release version bump + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to release" + + - name: Publish release + run: | + mvn -B -U -V -ntp release:prepare \ + -DreleaseVersion=$RELEASE \ + -Dtag=$RELEASE \ + -DdevelopmentVersion=$NEXT \ + -DautoVersionSubmodules=true + mvn -B -U -V -ntp release:perform -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + # Project & submodule POMs already updated to correct dev version + # But reference to parent POM (eclipse-pass-parent) needs to be updated + - name: Update parent POM to new dev version + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$NEXT -DallowSnapshots=true + + - name: Commit snapshot version bump and push commits + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to next development version" + push: true + + # Will produce a new Docker image for the new dev version + - name: Build and publish new dev version + run: mvn -B -U -V -ntp deploy -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Push new release tag GH + run: git push origin --tags + + - name: Push Docker image to GHCR + run: | + docker push ghcr.io/eclipse-pass/pass-core-main:$RELEASE + docker push ghcr.io/eclipse-pass/pass-core-main:$NEXT + + # ============================================================================= + # pass-support + # ============================================================================= + - name: Checkout pass-support + uses: actions/checkout@v3 + with: + repository: eclipse-pass/pass-support + path: pass-support + token: ${{ secrets.GITHUB_TOKEN }} + + # Version:update-parent will grab the latest specified release (non-snapshot) + - name: Bump version to release + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$RELEASE + + - name: Commit release version bump + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to release" + + - name: Publish release + run: | + mvn -B -U -V -ntp release:prepare \ + -DreleaseVersion=$RELEASE \ + -Dtag=$RELEASE \ + -DdevelopmentVersion=$NEXT \ + -DautoVersionSubmodules=true + mvn -B -U -V -ntp release:perform -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + # Project & submodule POMs already updated to correct dev version + # But reference to parent POM (eclipse-pass-parent) needs to be updated + - name: Update parent POM to new dev version + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$NEXT -DallowSnapshots=true + + - name: Commit snapshot version bump and push commits + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to next development version" + push: true + + # Will produce a new Docker image for the new dev version + - name: Build and publish new dev version + run: mvn -B -U -V -ntp deploy -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Push new release tag GH + run: git push origin --tags diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 580c728c..aa1e182d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,118 +1,74 @@ -name: "Publish: manual full release OR automatic snapshot" +name: "Publish: Manual Full Release All Eclipse-PASS Projects" on: workflow_dispatch: inputs: releaseversion: - description: 'Release version' + description: 'Release version (e.g. 0.1.0)' required: true nextversion: - description: 'Next dev version' + description: 'Next dev version (e.g. 0.2.0-SNAPSHOT)' required: true - push: - branches: - - 'main' + runtests: + description: 'Run acceptance tests against release version before pushing images?' + type: boolean + default: true -jobs: - setup: - runs-on: ubuntu-latest - outputs: - # Output project version from the POM to conditionally run dependent steps - project-version: ${{ steps.project_version.outputs.version }} - steps: - - name: Checkout latest code - uses: actions/checkout@v3 - - - name: Setup Java & Maven - uses: actions/setup-java@v3 - with: - java-version: 17 - distribution: 'temurin' - cache: 'maven' - - - name: Get project version from POM - id: project_version - run: echo "VERSION=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout`" >> $GITHUB_OUTPUT - - # Run only if project POM has version ending in "-SNAPSHOT" - snapshot: - needs: setup - if: github.event_name == 'push' && endsWith(needs.setup.outputs.project-version, '-SNAPSHOT') - runs-on: ubuntu-latest - steps: - - name: Checkout latest code - uses: actions/checkout@v3 +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true - - name: Setup Java & Maven - uses: actions/setup-java@v3 - with: - java-version: 17 - distribution: 'temurin' - cache: 'maven' - server-id: ossrh - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} - gpg-passphrase: MAVEN_GPG_PASSPHRASE - - - name: Publish SNAPSHOT - run: mvn -B --no-transfer-progress clean deploy - env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - - # Run for manual trigger (workflow dispatch), since you'll have release and next dev versions specified - # All commits will have a -SNAPSHOT project version anyway, since the releases will be handled here - release: - needs: setup - if: github.event_name == 'workflow_dispatch' - runs-on: ubuntu-latest - env: - RELEASE: ${{ inputs.releaseversion }} - NEXT: ${{ inputs.nextversion }} - steps: - - name: Checkout latest code - uses: actions/checkout@v3 +jobs: + run-java-release: + uses: ./.github/workflows/pass-java-release.yml # Should version these workflows + with: + releaseversion: ${{ inputs.releaseversion }} + nextversion: ${{ inputs.nextversion }} + secrets: + MAVEN_GPG_KEY: ${{ secrets.MAVEN_GPG_KEY }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} + OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - - name: Config git user - run: | - git config user.name ${{ github.actor }} - git config user.email "${{ github.actor }}@users.noreply.github.com" + run-pass-ui-release: + uses: eclipse-pass/pass-ui/.github/workflows/release.yml@main + with: + releaseversion: ${{ inputs.releaseversion }} + nextversion: ${{ inputs.nextversion }} - - name: Setup Java & Maven - uses: actions/setup-java@v3 - with: - java-version: 17 - distribution: 'temurin' - cache: 'maven' - server-id: ossrh - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} - gpg-passphrase: MAVEN_GPG_PASSPHRASE - # ============================================================================= - # Start the release - # ============================================================================= - - name: Release main POM - run: | - mvn -B -U -V -ntp release:prepare -DreleaseVersion=$RELEASE -Dtag=$RELEASE -DdevelopmentVersion=$NEXT -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn - mvn -B -U -V -ntp release:perform -P release -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn - env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + run-pass-auth-release: + uses: eclipse-pass/pass-auth/.github/workflows/release.yml@main + with: + releaseversion: ${{ inputs.releaseversion }} + nextversion: ${{ inputs.nextversion }} - - name: Build and publish new dev version - run: mvn -B -U -V -ntp deploy -P release - env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + run-pass-acceptance-testing-release: + uses: eclipse-pass/pass-acceptance-testing/.github/workflows/release.yml@main + with: + releaseversion: ${{ inputs.releaseversion }} + nextversion: ${{ inputs.nextversion }} - - name: Push release plugin commits - if: github.ref_type == 'branch' && github.ref_protected == false - run: git push origin ${{ github.ref_name }} + run-pass-docker-release: + needs: + - 'run-java-release' + - 'run-pass-ui-release' + - 'run-pass-auth-release' + - 'run-pass-acceptance-testing-release' + uses: eclipse-pass/pass-docker/.github/workflows/release.yml@main + with: + releaseversion: ${{ inputs.releaseversion }} + nextversion: ${{ inputs.nextversion }} + runtests: ${{ inputs.runtests }} - - name: Push new release tag GH - run: git push origin --tags + run-deploy-release-to-aws-demo: + needs: + - 'run-pass-docker-release' + uses: ./.github/workflows/deployToAWS.yml + with: + DEPLOYMENT_ENVIRONMENT: demo + targetCommitRef: ${{ inputs.releaseversion }} + secrets: + AWS_REGION: ${{ secrets.AWS_REGION }} + AWS_TOPIC_ARN: ${{ secrets.AWS_TOPIC_ARN }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/update-snapshot.yml b/.github/workflows/update-snapshot.yml new file mode 100644 index 00000000..8e318da3 --- /dev/null +++ b/.github/workflows/update-snapshot.yml @@ -0,0 +1,55 @@ +name: "Publish: automatic snapshot" + +on: + push: + branches: + - 'main' + +jobs: + setup: + runs-on: ubuntu-latest + outputs: + # Output project version from the POM to conditionally run dependent steps + project-version: ${{ steps.project_version.outputs.version }} + steps: + - name: Checkout latest code + uses: actions/checkout@v3 + + - name: Setup Java & Maven + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + cache: 'maven' + + - name: Get project version from POM + id: project_version + run: echo "VERSION=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout`" >> $GITHUB_OUTPUT + + # Run only if project POM has version ending in "-SNAPSHOT" + update-snapshot: + needs: setup + if: github.event_name == 'push' && endsWith(needs.setup.outputs.project-version, '-SNAPSHOT') + runs-on: ubuntu-latest + steps: + - name: Checkout latest code + uses: actions/checkout@v3 + + - name: Setup Java & Maven + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + cache: 'maven' + server-id: ossrh + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE + + - name: Publish SNAPSHOT + run: mvn -B --no-transfer-progress clean deploy + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} diff --git a/tools/aws_sns_publish_topic.py b/tools/aws_sns_publish_topic.py index 1c03075b..b5b8144e 100644 --- a/tools/aws_sns_publish_topic.py +++ b/tools/aws_sns_publish_topic.py @@ -7,8 +7,9 @@ TOPIC_ARN = os.getenv('AWS_TOPIC_ARN') DEPLOYMENT_ENVIRONMENT = os.getenv('DEPLOYMENT_ENVIRONMENT') REGION=os.getenv('AWS_REGION') +COMMIT_REF = os.getenv('TARGET_COMMIT_REF') -MESSAGE = {"action": "DeployStart", "commitRef": "main", "deployEnv": DEPLOYMENT_ENVIRONMENT} +MESSAGE = {"action": "DeployStart", "commitRef": COMMIT_REF, "deployEnv": DEPLOYMENT_ENVIRONMENT} client = boto3.client('sns', region_name=REGION,