Skip to content

Master/Release branch workflow #1967

Master/Release branch workflow

Master/Release branch workflow #1967

name: Master/Release branch workflow
on:
push:
branches:
- master
- release/**
schedule:
- cron: '0 5 * * 3'
env:
AWS_REGION: eu-west-1
GIT_USERNAME: ${{ secrets.BOT_GITHUB_USERNAME }}
GIT_EMAIL: ${{ secrets.BOT_GITHUB_EMAIL }}
GIT_PASSWORD: ${{ secrets.BOT_GITHUB_TOKEN }}
DOCKERHUB_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }}
QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
GITHUB_ACTIONS_DEPLOY_TIMEOUT: 60
BASE_BUILD_NUMBER: 10000
# Release version has to start with real version (23.2.0-....) for the docker image to build successfully.
RELEASE_VERSION: 25.1.0-A.3
DEVELOPMENT_VERSION: 25.1.0-A.4-SNAPSHOT
jobs:
run_ci:
uses: ./.github/workflows/ci.yml
secrets: inherit
docker_latest:
name: "Update latest and Single Pipeline <acs>-<build> images"
runs-on: ubuntu-latest
needs: [run_ci]
if: >
!(failure() || cancelled()) &&
!contains(github.event.head_commit.message, '[skip docker_latest]') &&
github.ref_name == 'master' && github.event_name != 'pull_request'
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: linux/amd64,linux/arm64
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh -m
- name: Compute final build number
run: |
echo "COMPUTED_BUILD_NUMBER=$(( $BASE_BUILD_NUMBER + $BUILD_NUMBER ))" >> $GITHUB_ENV
- name: "Update images"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: mvn -B -V clean install -ntp -DskipTests -Dmaven.javadoc.skip=true -Dbuild-number=${COMPUTED_BUILD_NUMBER} -Pags -Ppush-docker-images,pipeline
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
release:
name: "Release and Copy to S3 Staging Bucket"
runs-on: ubuntu-latest
needs: [docker_latest]
if: >
!(failure() || cancelled()) &&
contains(github.event.head_commit.message, '[release]') &&
github.event_name != 'pull_request'
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: actions/setup-python@v5
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: linux/amd64,linux/arm64
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh -m
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
username: ${{ env.GIT_USERNAME }}
email: ${{ env.GIT_EMAIL }}
global: true
- name: Compute final build number
run: |
echo "COMPUTED_BUILD_NUMBER=$(( $BASE_BUILD_NUMBER + $BUILD_NUMBER ))" >> $GITHUB_ENV
- name: "Release"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash scripts/ci/verify_release_tag.sh
bash scripts/ci/maven_release.sh $COMPUTED_BUILD_NUMBER
bash scripts/ci/prepare_staging_deploy.sh
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
- name: "Configure AWS credentials"
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_S3_STAGING_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_S3_STAGING_SECRET_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: "Deploy to S3 Staging Bucket"
run: |
aws s3 cp --acl private --recursive ./deploy_dir s3://alfresco-artefacts-staging/alfresco-content-services/release/${BRANCH_NAME}/${COMPUTED_BUILD_NUMBER}
aws s3 cp --acl private --recursive ./deploy_dir_share s3://alfresco-artefacts-staging/share/${RELEASE_VERSION}
aws s3 cp --acl private --recursive ./deploy_dir_ags s3://alfresco-artefacts-staging/enterprise/RM/${RELEASE_VERSION}
bash scripts/ci/copy_share_image_to_docker_hub.sh
echo "Finished release and deployed to https://s3.console.aws.amazon.com/s3/buckets/alfresco-artefacts-staging/alfresco-content-services/release/${BRANCH_NAME}/${COMPUTED_BUILD_NUMBER}"
publish:
name: "Copy to S3 Release Bucket"
runs-on: ubuntu-latest
needs: [release]
if: >
!(failure() || cancelled()) &&
contains(github.event.head_commit.message, '[publish]') &&
github.event_name != 'pull_request'
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
fetch-depth: 0
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Init"
run: bash ./scripts/ci/init.sh
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
username: ${{ env.GIT_USERNAME }}
email: ${{ env.GIT_EMAIL }}
global: true
- name: "Rebuild the artifacts and publish them to enterprise-releases"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: bash scripts/ci/maven_publish.sh
- name: "Configure AWS credentials"
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_S3_RELEASE_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_S3_RELEASE_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Compute final build number
run: |
echo "COMPUTED_BUILD_NUMBER=$(( $BASE_BUILD_NUMBER + $BUILD_NUMBER ))" >> $GITHUB_ENV
- name: "Deploy to S3 Release Bucket"
run: |
bash scripts/ci/copy_to_release_bucket.sh $COMPUTED_BUILD_NUMBER
bash scripts/ci/copy_share_to_release_bucket.sh
bash scripts/ci/copy_ags_to_release_bucket.sh
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
update_downstream:
name: "Update acs-community-packaging (after release)"
runs-on: ubuntu-latest
needs: [publish]
if: >
!(failure() || cancelled()) &&
(contains(github.event.head_commit.message, '[downstream]') || (contains(github.event.head_commit.message, '[release]') &&
!contains(github.event.head_commit.message, '[no downstream]'))) &&
github.event_name != 'pull_request'
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Init"
run: bash ./scripts/ci/init.sh
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
username: ${{ env.GIT_USERNAME }}
email: ${{ env.GIT_EMAIL }}
global: true
- name: "Update downstream"
run: bash ./scripts/ci/update_downstream.sh
env:
COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh