From 4675c675427e15e7449c93c2d1bed94efcb65df6 Mon Sep 17 00:00:00 2001 From: cshannon2 Date: Fri, 2 Jun 2023 12:31:36 -0400 Subject: [PATCH 01/15] Initial commit to release all Eclipse projects from one action --- .../releaseAllAndDeployToAWSDemo.yml | 57 +++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 .github/workflows/releaseAllAndDeployToAWSDemo.yml diff --git a/.github/workflows/releaseAllAndDeployToAWSDemo.yml b/.github/workflows/releaseAllAndDeployToAWSDemo.yml new file mode 100644 index 00000000..dc569cee --- /dev/null +++ b/.github/workflows/releaseAllAndDeployToAWSDemo.yml @@ -0,0 +1,57 @@ +name: "Publish: Manual Full Release OR Automatic Snapshot for All Eclipse Projects" + +on: + workflow_dispatch: + inputs: + releaseversion: + description: 'Release version' + required: true + nextversion: + description: 'Next dev version' + required: true + runtests: + description: 'Run acceptance tests against release version before pushing images?' + type: boolean + +jobs: + run-main-release: + uses: eclipse-pass/main/.github/workflows/release.yml@main + with: + releaseversion: ${{ inputs.releaseversion }} + nextversion: ${{ inputs.nextversion }} + run-pass-core-release: + uses: eclipse-pass/pass-core/.github/workflows/release.yml@main + with: + releaseversion: ${{ inputs.releaseversion }} + nextversion: ${{ inputs.nextversion }} + run-pass-support-release: + uses: eclipse-pass/pass-support/.github/workflows/release.yml@main + with: + releaseversion: ${{ inputs.releaseversion }} + nextversion: ${{ inputs.nextversion }} + run-pass-ui-release: + uses: eclipse-pass/pass-ui/.github/workflows/release.yml@main + with: + releaseversion: ${{ inputs.releaseversion }} + nextversion: ${{ inputs.nextversion }} + run-pass-auth-release: + uses: eclipse-pass/pass-auth/.github/workflows/release.yml@main + with: + releaseversion: ${{ inputs.releaseversion }} + nextversion: ${{ inputs.nextversion }} + run-pass-acceptance-testing-release: + uses: eclipse-pass/pass-acceptance-testing/.github/workflows/release.yml@main + with: + releaseversion: ${{ inputs.releaseversion }} + nextversion: ${{ inputs.nextversion }} + run-pass-docker-release: + uses: eclipse-pass/pass-docker/.github/workflows/release.yml@main + with: + releaseversion: ${{ inputs.releaseversion }} + nextversion: ${{ inputs.nextversion }} + runtests: ${{ inputs.runtests }} + run-deploy-release-to-aws-demo: + uses: eclipse-pass/main/.github/workflows/deployToAWS.yml@main + with: + DEPLOYMENT_ENVIRONMENT: demo + From a7a5dd2fcf245c1b3edbf33845d86666af92890a Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Fri, 23 Jun 2023 08:54:56 -0400 Subject: [PATCH 02/15] Allow repo commit ref inputs --- .github/workflows/deployToAWS.yml | 23 +++++++++++++++++++++++ tools/aws_sns_publish_topic.py | 3 ++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deployToAWS.yml b/.github/workflows/deployToAWS.yml index d8068a04..6ef57f8b 100644 --- a/.github/workflows/deployToAWS.yml +++ b/.github/workflows/deployToAWS.yml @@ -1,11 +1,33 @@ name: "Publish to SNS Topic: Triggers Deployment to AWS" on: + workflow_call: + inputs: + DEPLOYMENT_ENVIRONMENT: + description: 'Environment' + type: string + required: true + targetCommitRef: + description: 'Commit ref to deploy' + type: string + default: 'main' + secrets: + AWS_REGION: + required: true + AWS_TOPIC_ARN: + required: true + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true workflow_dispatch: inputs: DEPLOYMENT_ENVIRONMENT: description: 'Environment' required: true + targetCommitRef: + description: 'Commit ref to deploy' + default: 'main' jobs: setup: @@ -29,4 +51,5 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} DEPLOYMENT_ENVIRONMENT: ${{ inputs.DEPLOYMENT_ENVIRONMENT }} + TARGET_COMMIT_REF: ${{ inputs.targetCommitRef }} run: python tools/aws_sns_publish_topic.py diff --git a/tools/aws_sns_publish_topic.py b/tools/aws_sns_publish_topic.py index 1c03075b..b5b8144e 100644 --- a/tools/aws_sns_publish_topic.py +++ b/tools/aws_sns_publish_topic.py @@ -7,8 +7,9 @@ TOPIC_ARN = os.getenv('AWS_TOPIC_ARN') DEPLOYMENT_ENVIRONMENT = os.getenv('DEPLOYMENT_ENVIRONMENT') REGION=os.getenv('AWS_REGION') +COMMIT_REF = os.getenv('TARGET_COMMIT_REF') -MESSAGE = {"action": "DeployStart", "commitRef": "main", "deployEnv": DEPLOYMENT_ENVIRONMENT} +MESSAGE = {"action": "DeployStart", "commitRef": COMMIT_REF, "deployEnv": DEPLOYMENT_ENVIRONMENT} client = boto3.client('sns', region_name=REGION, From ea9e4adaa37577f268ed76305934bf6cb8e1d904 Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Mon, 26 Jun 2023 09:48:50 -0400 Subject: [PATCH 03/15] Start consolidating release automations --- .github/actions/pass-java-release/action.yml | 12 ++++ .github/actions/pass-setup-java/action.yml | 20 +++++++ .github/workflows/pass-java-release.yml | 61 ++++++++++++++++++-- 3 files changed, 89 insertions(+), 4 deletions(-) create mode 100644 .github/actions/pass-java-release/action.yml create mode 100644 .github/actions/pass-setup-java/action.yml diff --git a/.github/actions/pass-java-release/action.yml b/.github/actions/pass-java-release/action.yml new file mode 100644 index 00000000..7a60264e --- /dev/null +++ b/.github/actions/pass-java-release/action.yml @@ -0,0 +1,12 @@ +name: "Release PASS Java project" +description: > + Release a PASS Java project. This will tag and release the "release" version + then release the next development (-SNAPSHOT) version. Assumes that the environment + has already been setup + +inputs: + +runs: + using: composite + steps: + diff --git a/.github/actions/pass-setup-java/action.yml b/.github/actions/pass-setup-java/action.yml new file mode 100644 index 00000000..bdfc1f1e --- /dev/null +++ b/.github/actions/pass-setup-java/action.yml @@ -0,0 +1,20 @@ +name: Setup PASS Java project + +runs: + using: composite + steps: + - name: Config git user + run: | + git config user.name ${{ github.actor }} + git config user.email "${{ github.actor }}@users.noreply.github.com" + + - name: Setup Java & Maven + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + server-id: ossrh + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE \ No newline at end of file diff --git a/.github/workflows/pass-java-release.yml b/.github/workflows/pass-java-release.yml index 043edaf4..c353e45e 100644 --- a/.github/workflows/pass-java-release.yml +++ b/.github/workflows/pass-java-release.yml @@ -1,10 +1,63 @@ -name: Placeholder for consolidated Java release +name: PASS Java release on: - workflow_dispatch: + workflow_call: + inputs: + repository: + description: 'org/repo name of the repository to release (e.g. eclipse-pass/pass-core)' + type: string + required: true + releaseversion: + description: 'Release version (e.g. 0.7.0)' + type: string + required: true + nextversion: + description: 'Next dev version (e.g. 0.8.0-SNAPSHOT)' + type: string + required: true + secrets: + MAVEN_GPG_KEY: + required: true + MAVEN_GPG_PASSPHRASE: + required: true + OSSRH_USERNAME: + required: true + OSSRH_PASSWORD: + required: true + GITHUB_TOKEN: + required: true + +env: + RELEASE: ${{ inputs.releaseversion }} + NEXT: ${{ inputs.nextversion }} jobs: - test: + release: runs-on: ubuntu-latest + steps: - - run: echo "Hello Moo!" \ No newline at end of file + - name: Checkout code + uses: actions/checkout@v3 + with: ${{ inputs.repository }} + + # Setup + - name: Config git user + run: | + git config user.name ${{ github.actor }} + git config user.email "${{ github.actor }}@users.noreply.github.com" + + - name: Setup Java & Maven + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + server-id: ossrh + server-username: MAVEN_USERNAME + server-pasword: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE + + # Start work + # Version:update-parent will grab the latest specified release (non-snapshot) + - name: Bump version to release + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$RELEASE From 1d76cd6c5de6026a25950a7a07f34ad31690ab43 Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Mon, 26 Jun 2023 12:33:03 -0400 Subject: [PATCH 04/15] Consolidate Java releases into one callable workflow --- .github/workflows/pass-java-release.yml | 184 ++++++++++++++++++++++-- 1 file changed, 176 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pass-java-release.yml b/.github/workflows/pass-java-release.yml index c353e45e..badef2ce 100644 --- a/.github/workflows/pass-java-release.yml +++ b/.github/workflows/pass-java-release.yml @@ -1,4 +1,19 @@ -name: PASS Java release +name: Perform release for PASS Java projects + +# Java project releases are grouped together in this workflow because of their dependency +# hierarchy. Building the projects together in the same workflow (on the same runner) +# allows local dependency resolution, avoiding having to wait for syncing with Maven +# Central. +# +# We avoid having to duplicate secrets with a single workflow as well. + +# TODO: How are we going to get the correct credentials to push to other Java repos? +# For this repo, we can easily use secrets.GITHUB_TOKEN, provided automatically to the +# workflow. This token is assotiated with the user that manually triggers the workflow, +# but is scope-limited to only the repository that hosts the workflow. Manipulation +# other repositories will need credentials to be provided (a username/PAT). +# Should we include documentation for the release manager to create a short-lived PAT +# then update the TOKEN secret? on: workflow_call: @@ -25,6 +40,7 @@ on: OSSRH_PASSWORD: required: true GITHUB_TOKEN: + description: Token needed for pushing commits to various PASS Java repositories required: true env: @@ -36,15 +52,11 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v3 - with: ${{ inputs.repository }} - # Setup - name: Config git user run: | - git config user.name ${{ github.actor }} - git config user.email "${{ github.actor }}@users.noreply.github.com" + git config --global user.name ${{ github.actor }} + git config --global user.email "${{ github.actor }}@users.noreply.github.com" - name: Setup Java & Maven uses: actions/setup-java@v3 @@ -57,7 +69,163 @@ jobs: gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} gpg-passphrase: MAVEN_GPG_PASSPHRASE - # Start work + - name: Login to GHCR + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # ============================================================================= + # main + # ============================================================================= + - name: Checkout 'main' + uses: actions/checkout@v3 + with: + repository: eclipse-pass/main + path: main + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish release + run: | # Newlines for readability + mvn -B -U -V -ntp release:prepare \ + -DreleaseVersion=$RELEASE \ + -Dtag=$RELEASE \ + -DdevelopmentVersion=$NEXT \ + -DautoVersionSubmodules=true + mvn -B -U -V -ntp release:perform -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Build and publish new dev version + run: mvn -B -U -V -ntp deploy -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Push release plugin commits + if: github.ref_type == 'branch' && github.ref_protected == false + run: git push origin ${{ github.ref_name }} + + - name: Push new release tag GH + run: git push origin --tags + + # ============================================================================= + # pass-core + # ============================================================================= + - name: Checkout pass-core + uses: actions/checkout@v3 + with: + repository: eclipse-pass/pass-core + path: pass-core + token: ${{ secrets.GITHUB_TOKEN }} + # Version:update-parent will grab the latest specified release (non-snapshot) - name: Bump version to release run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$RELEASE + + - name: Commit release version bump + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to release" + + - name: Publish release + run: | + mvn -B -U -V -ntp release:prepare \ + -DreleaseVersion=$RELEASE \ + -Dtag=$RELEASE \ + -DdevelopmentVersion=$NEXT \ + -DautoVersionSubmodules=true + mvn -B -U -V -ntp release:perform -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + # Project & submodule POMs already updated to correct dev version + # But reference to parent POM (eclipse-pass-parent) needs to be updated + - name: Update parent POM to new dev version + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$NEXT -DallowSnapshots=true + + - name: Commit snapshot version bump and push commits + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to next development version" + push: true + + # Will produce a new Docker image for the new dev version + - name: Build and publish new dev version + run: mvn -B -U -V -ntp deploy -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Push new release tag GH + run: git push origin --tags + + - name: Push Docker image to GHCR + run: | + docker push ghcr.io/eclipse-pass/pass-core-main:$RELEASE + docker push ghcr.io/eclipse-pass/pass-core-main:$NEXT + + # ============================================================================= + # pass-support + # ============================================================================= + - name: Checkout pass-support + uses: actions/checkout@v3 + with: + repository: eclipse-pass/pass-support + path: pass-support + token: ${{ secrets.GITHUB_TOKEN }} + + # Version:update-parent will grab the latest specified release (non-snapshot) + - name: Bump version to release + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$RELEASE + + - name: Commit release version bump + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to release" + + - name: Publish release + run: | + mvn -B -U -V -ntp release:prepare \ + -DreleaseVersion=$RELEASE \ + -Dtag=$RELEASE \ + -DdevelopmentVersion=$NEXT \ + -DautoVersionSubmodules=true + mvn -B -U -V -ntp release:perform -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + # Project & submodule POMs already updated to correct dev version + # But reference to parent POM (eclipse-pass-parent) needs to be updated + - name: Update parent POM to new dev version + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$NEXT -DallowSnapshots=true + + - name: Commit snapshot version bump and push commits + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to next development version" + push: true + + # Will produce a new Docker image for the new dev version + - name: Build and publish new dev version + run: mvn -B -U -V -ntp deploy -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Push new release tag GH + run: git push origin --tags From 27880710c77ca3c01636619214609c3e4356526c Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Mon, 26 Jun 2023 12:35:52 -0400 Subject: [PATCH 05/15] Remove unnecessary actions --- .github/actions/pass-java-release/action.yml | 12 ------------ .github/actions/pass-setup-java/action.yml | 20 -------------------- 2 files changed, 32 deletions(-) delete mode 100644 .github/actions/pass-java-release/action.yml delete mode 100644 .github/actions/pass-setup-java/action.yml diff --git a/.github/actions/pass-java-release/action.yml b/.github/actions/pass-java-release/action.yml deleted file mode 100644 index 7a60264e..00000000 --- a/.github/actions/pass-java-release/action.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: "Release PASS Java project" -description: > - Release a PASS Java project. This will tag and release the "release" version - then release the next development (-SNAPSHOT) version. Assumes that the environment - has already been setup - -inputs: - -runs: - using: composite - steps: - diff --git a/.github/actions/pass-setup-java/action.yml b/.github/actions/pass-setup-java/action.yml deleted file mode 100644 index bdfc1f1e..00000000 --- a/.github/actions/pass-setup-java/action.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: Setup PASS Java project - -runs: - using: composite - steps: - - name: Config git user - run: | - git config user.name ${{ github.actor }} - git config user.email "${{ github.actor }}@users.noreply.github.com" - - - name: Setup Java & Maven - uses: actions/setup-java@v3 - with: - java-version: 17 - distribution: 'temurin' - server-id: ossrh - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} - gpg-passphrase: MAVEN_GPG_PASSPHRASE \ No newline at end of file From 53d03c17912e00e1bef8c803fa2d26ec3f371915 Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Mon, 26 Jun 2023 13:28:37 -0400 Subject: [PATCH 06/15] Trial reserved GITHUB_TOKEN across multiple repos --- .github/workflows/pass-java-release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pass-java-release.yml b/.github/workflows/pass-java-release.yml index badef2ce..8bdb2a3b 100644 --- a/.github/workflows/pass-java-release.yml +++ b/.github/workflows/pass-java-release.yml @@ -39,9 +39,9 @@ on: required: true OSSRH_PASSWORD: required: true - GITHUB_TOKEN: - description: Token needed for pushing commits to various PASS Java repositories - required: true + # GH_PAT: + # description: Token needed for pushing commits to various PASS Java repositories + # required: true env: RELEASE: ${{ inputs.releaseversion }} From 4344c9520dbb32beab330d939726b20199e8ca78 Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Wed, 28 Jun 2023 10:18:00 -0400 Subject: [PATCH 07/15] Rename old 'main' release to just handle snapshots --- .github/workflows/release.yml | 118 -------------------------- .github/workflows/update-snapshot.yml | 55 ++++++++++++ 2 files changed, 55 insertions(+), 118 deletions(-) delete mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/update-snapshot.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 580c728c..00000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,118 +0,0 @@ -name: "Publish: manual full release OR automatic snapshot" - -on: - workflow_dispatch: - inputs: - releaseversion: - description: 'Release version' - required: true - nextversion: - description: 'Next dev version' - required: true - push: - branches: - - 'main' - -jobs: - setup: - runs-on: ubuntu-latest - outputs: - # Output project version from the POM to conditionally run dependent steps - project-version: ${{ steps.project_version.outputs.version }} - steps: - - name: Checkout latest code - uses: actions/checkout@v3 - - - name: Setup Java & Maven - uses: actions/setup-java@v3 - with: - java-version: 17 - distribution: 'temurin' - cache: 'maven' - - - name: Get project version from POM - id: project_version - run: echo "VERSION=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout`" >> $GITHUB_OUTPUT - - # Run only if project POM has version ending in "-SNAPSHOT" - snapshot: - needs: setup - if: github.event_name == 'push' && endsWith(needs.setup.outputs.project-version, '-SNAPSHOT') - runs-on: ubuntu-latest - steps: - - name: Checkout latest code - uses: actions/checkout@v3 - - - name: Setup Java & Maven - uses: actions/setup-java@v3 - with: - java-version: 17 - distribution: 'temurin' - cache: 'maven' - server-id: ossrh - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} - gpg-passphrase: MAVEN_GPG_PASSPHRASE - - - name: Publish SNAPSHOT - run: mvn -B --no-transfer-progress clean deploy - env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - - # Run for manual trigger (workflow dispatch), since you'll have release and next dev versions specified - # All commits will have a -SNAPSHOT project version anyway, since the releases will be handled here - release: - needs: setup - if: github.event_name == 'workflow_dispatch' - runs-on: ubuntu-latest - env: - RELEASE: ${{ inputs.releaseversion }} - NEXT: ${{ inputs.nextversion }} - steps: - - name: Checkout latest code - uses: actions/checkout@v3 - - - name: Config git user - run: | - git config user.name ${{ github.actor }} - git config user.email "${{ github.actor }}@users.noreply.github.com" - - - name: Setup Java & Maven - uses: actions/setup-java@v3 - with: - java-version: 17 - distribution: 'temurin' - cache: 'maven' - server-id: ossrh - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} - gpg-passphrase: MAVEN_GPG_PASSPHRASE - # ============================================================================= - # Start the release - # ============================================================================= - - name: Release main POM - run: | - mvn -B -U -V -ntp release:prepare -DreleaseVersion=$RELEASE -Dtag=$RELEASE -DdevelopmentVersion=$NEXT -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn - mvn -B -U -V -ntp release:perform -P release -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn - env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - - - name: Build and publish new dev version - run: mvn -B -U -V -ntp deploy -P release - env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - - - name: Push release plugin commits - if: github.ref_type == 'branch' && github.ref_protected == false - run: git push origin ${{ github.ref_name }} - - - name: Push new release tag GH - run: git push origin --tags diff --git a/.github/workflows/update-snapshot.yml b/.github/workflows/update-snapshot.yml new file mode 100644 index 00000000..24032503 --- /dev/null +++ b/.github/workflows/update-snapshot.yml @@ -0,0 +1,55 @@ +name: "Publish: manual full release OR automatic snapshot" + +on: + push: + branches: + - 'main' + +jobs: + setup: + runs-on: ubuntu-latest + outputs: + # Output project version from the POM to conditionally run dependent steps + project-version: ${{ steps.project_version.outputs.version }} + steps: + - name: Checkout latest code + uses: actions/checkout@v3 + + - name: Setup Java & Maven + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + cache: 'maven' + + - name: Get project version from POM + id: project_version + run: echo "VERSION=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout`" >> $GITHUB_OUTPUT + + # Run only if project POM has version ending in "-SNAPSHOT" + update-snapshot: + needs: setup + if: github.event_name == 'push' && endsWith(needs.setup.outputs.project-version, '-SNAPSHOT') + runs-on: ubuntu-latest + steps: + - name: Checkout latest code + uses: actions/checkout@v3 + + - name: Setup Java & Maven + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + cache: 'maven' + server-id: ossrh + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE + + - name: Publish SNAPSHOT + run: mvn -B --no-transfer-progress clean deploy + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} From 762594c25c19911235cc573294023614669fe05c Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Wed, 28 Jun 2023 10:19:50 -0400 Subject: [PATCH 08/15] Call Java release workflow, add job dependencies --- .github/workflows/pass-java-release.yml | 8 ++-- ...ndDeployToAWSDemo.yml => pass-release.yml} | 43 ++++++++++++------- .github/workflows/update-snapshot.yml | 2 +- 3 files changed, 32 insertions(+), 21 deletions(-) rename .github/workflows/{releaseAllAndDeployToAWSDemo.yml => pass-release.yml} (64%) diff --git a/.github/workflows/pass-java-release.yml b/.github/workflows/pass-java-release.yml index 8bdb2a3b..c139aa31 100644 --- a/.github/workflows/pass-java-release.yml +++ b/.github/workflows/pass-java-release.yml @@ -18,10 +18,6 @@ name: Perform release for PASS Java projects on: workflow_call: inputs: - repository: - description: 'org/repo name of the repository to release (e.g. eclipse-pass/pass-core)' - type: string - required: true releaseversion: description: 'Release version (e.g. 0.7.0)' type: string @@ -43,6 +39,10 @@ on: # description: Token needed for pushing commits to various PASS Java repositories # required: true +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + env: RELEASE: ${{ inputs.releaseversion }} NEXT: ${{ inputs.nextversion }} diff --git a/.github/workflows/releaseAllAndDeployToAWSDemo.yml b/.github/workflows/pass-release.yml similarity index 64% rename from .github/workflows/releaseAllAndDeployToAWSDemo.yml rename to .github/workflows/pass-release.yml index dc569cee..f1638316 100644 --- a/.github/workflows/releaseAllAndDeployToAWSDemo.yml +++ b/.github/workflows/pass-release.yml @@ -1,4 +1,4 @@ -name: "Publish: Manual Full Release OR Automatic Snapshot for All Eclipse Projects" +name: "Publish: Manual Full Release All Eclipse-PASS Projects" on: workflow_dispatch: @@ -12,46 +12,57 @@ on: runtests: description: 'Run acceptance tests against release version before pushing images?' type: boolean - + default: true + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: - run-main-release: - uses: eclipse-pass/main/.github/workflows/release.yml@main - with: - releaseversion: ${{ inputs.releaseversion }} - nextversion: ${{ inputs.nextversion }} - run-pass-core-release: - uses: eclipse-pass/pass-core/.github/workflows/release.yml@main - with: - releaseversion: ${{ inputs.releaseversion }} - nextversion: ${{ inputs.nextversion }} - run-pass-support-release: - uses: eclipse-pass/pass-support/.github/workflows/release.yml@main + run-java-release: + uses: ./github/workflows/pass-java-release.yml # Should version these workflows with: releaseversion: ${{ inputs.releaseversion }} nextversion: ${{ inputs.nextversion }} + secrets: + MAVEN_GPG_KEY: ${{ secrets.MAVEN_GPG_KEY }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} + OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + run-pass-ui-release: uses: eclipse-pass/pass-ui/.github/workflows/release.yml@main with: releaseversion: ${{ inputs.releaseversion }} nextversion: ${{ inputs.nextversion }} + run-pass-auth-release: uses: eclipse-pass/pass-auth/.github/workflows/release.yml@main with: releaseversion: ${{ inputs.releaseversion }} nextversion: ${{ inputs.nextversion }} + run-pass-acceptance-testing-release: uses: eclipse-pass/pass-acceptance-testing/.github/workflows/release.yml@main with: releaseversion: ${{ inputs.releaseversion }} nextversion: ${{ inputs.nextversion }} + run-pass-docker-release: + needs: + - 'run-java-release' + - 'run-pass-ui-release' + - 'run-pass-auth-release' + - 'run-pass-acceptance-testing-release' uses: eclipse-pass/pass-docker/.github/workflows/release.yml@main with: releaseversion: ${{ inputs.releaseversion }} nextversion: ${{ inputs.nextversion }} runtests: ${{ inputs.runtests }} + run-deploy-release-to-aws-demo: - uses: eclipse-pass/main/.github/workflows/deployToAWS.yml@main + needs: + - 'run-pass-docker-release' + uses: .github/workflows/deployToAWS.yml@main with: DEPLOYMENT_ENVIRONMENT: demo - diff --git a/.github/workflows/update-snapshot.yml b/.github/workflows/update-snapshot.yml index 24032503..8e318da3 100644 --- a/.github/workflows/update-snapshot.yml +++ b/.github/workflows/update-snapshot.yml @@ -1,4 +1,4 @@ -name: "Publish: manual full release OR automatic snapshot" +name: "Publish: automatic snapshot" on: push: From 8be1861996e5d3b2d75a0c2f7bdcc457b1d691fc Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Wed, 28 Jun 2023 10:26:07 -0400 Subject: [PATCH 09/15] Pass secrets to child workflow --- .github/workflows/pass-release.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/pass-release.yml b/.github/workflows/pass-release.yml index f1638316..38166560 100644 --- a/.github/workflows/pass-release.yml +++ b/.github/workflows/pass-release.yml @@ -66,3 +66,9 @@ jobs: uses: .github/workflows/deployToAWS.yml@main with: DEPLOYMENT_ENVIRONMENT: demo + targetCommitRef: ${{ inputs.releaseversion }} + secrets: + AWS_REGION: ${{ secrets.AWS_REGION }} + AWS_TOPIC_ARN: ${{ secrets.AWS_TOPIC_ARN }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From e80300d9b83af5620ddaa060d23616773ced2e3d Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Wed, 28 Jun 2023 10:41:54 -0400 Subject: [PATCH 10/15] Update release input descriptions --- .github/workflows/pass-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pass-release.yml b/.github/workflows/pass-release.yml index 38166560..15b0d5da 100644 --- a/.github/workflows/pass-release.yml +++ b/.github/workflows/pass-release.yml @@ -4,10 +4,10 @@ on: workflow_dispatch: inputs: releaseversion: - description: 'Release version' + description: 'Release version (e.g. 0.1.0)' required: true nextversion: - description: 'Next dev version' + description: 'Next dev version (e.g. 0.2.0-SNAPSHOT)' required: true runtests: description: 'Run acceptance tests against release version before pushing images?' From ca9f36a2f217cc0337d826a0a0c92f9ab8e48a75 Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Wed, 5 Jul 2023 11:24:51 -0400 Subject: [PATCH 11/15] Specify 'main' version for pass-java-release --- .github/workflows/pass-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pass-release.yml b/.github/workflows/pass-release.yml index 15b0d5da..3f7e5701 100644 --- a/.github/workflows/pass-release.yml +++ b/.github/workflows/pass-release.yml @@ -20,7 +20,7 @@ concurrency: jobs: run-java-release: - uses: ./github/workflows/pass-java-release.yml # Should version these workflows + uses: ./github/workflows/pass-java-release.yml@main # Should version these workflows with: releaseversion: ${{ inputs.releaseversion }} nextversion: ${{ inputs.nextversion }} From 8f65c4dea6b2c77f926093ab9775d0d2c552f2ac Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Wed, 5 Jul 2023 11:27:02 -0400 Subject: [PATCH 12/15] Fix path typo --- .github/workflows/pass-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pass-release.yml b/.github/workflows/pass-release.yml index 3f7e5701..51b4b606 100644 --- a/.github/workflows/pass-release.yml +++ b/.github/workflows/pass-release.yml @@ -20,7 +20,7 @@ concurrency: jobs: run-java-release: - uses: ./github/workflows/pass-java-release.yml@main # Should version these workflows + uses: .github/workflows/pass-java-release.yml@main # Should version these workflows with: releaseversion: ${{ inputs.releaseversion }} nextversion: ${{ inputs.nextversion }} From 371776d50becdb7ceb233a216f4160b742887e9c Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Wed, 5 Jul 2023 11:30:11 -0400 Subject: [PATCH 13/15] Fix more path nonsense --- .github/workflows/pass-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pass-release.yml b/.github/workflows/pass-release.yml index 51b4b606..4d47f5eb 100644 --- a/.github/workflows/pass-release.yml +++ b/.github/workflows/pass-release.yml @@ -20,7 +20,7 @@ concurrency: jobs: run-java-release: - uses: .github/workflows/pass-java-release.yml@main # Should version these workflows + uses: ./.github/workflows/pass-java-release.yml@main # Should version these workflows with: releaseversion: ${{ inputs.releaseversion }} nextversion: ${{ inputs.nextversion }} @@ -63,7 +63,7 @@ jobs: run-deploy-release-to-aws-demo: needs: - 'run-pass-docker-release' - uses: .github/workflows/deployToAWS.yml@main + uses: ./.github/workflows/deployToAWS.yml@main with: DEPLOYMENT_ENVIRONMENT: demo targetCommitRef: ${{ inputs.releaseversion }} From 6732df1b51af66e7625e9c21c48193de688c73f7 Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Wed, 5 Jul 2023 11:59:21 -0400 Subject: [PATCH 14/15] Can't version local workflows --- .github/workflows/pass-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pass-release.yml b/.github/workflows/pass-release.yml index 4d47f5eb..aa1e182d 100644 --- a/.github/workflows/pass-release.yml +++ b/.github/workflows/pass-release.yml @@ -20,7 +20,7 @@ concurrency: jobs: run-java-release: - uses: ./.github/workflows/pass-java-release.yml@main # Should version these workflows + uses: ./.github/workflows/pass-java-release.yml # Should version these workflows with: releaseversion: ${{ inputs.releaseversion }} nextversion: ${{ inputs.nextversion }} @@ -63,7 +63,7 @@ jobs: run-deploy-release-to-aws-demo: needs: - 'run-pass-docker-release' - uses: ./.github/workflows/deployToAWS.yml@main + uses: ./.github/workflows/deployToAWS.yml with: DEPLOYMENT_ENVIRONMENT: demo targetCommitRef: ${{ inputs.releaseversion }} From 80a99993637d93708ff354c28844ea78ced54b82 Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Wed, 5 Jul 2023 12:25:59 -0400 Subject: [PATCH 15/15] Rename pass-release back to 'release' so we can manually test --- .github/workflows/{pass-release.yml => release.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{pass-release.yml => release.yml} (100%) diff --git a/.github/workflows/pass-release.yml b/.github/workflows/release.yml similarity index 100% rename from .github/workflows/pass-release.yml rename to .github/workflows/release.yml