Amazon DocumentDB JDBC Driver #1152
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright <2020> Amazon.com, Inc. or its affiliates. All Rights Reserved. | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"). | |
# You may not use this file except in compliance with the License. | |
# A copy of the License is located at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# or in the "license" file accompanying this file. This file is distributed | |
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either | |
# express or implied. See the License for the specific language governing | |
# permissions and limitations under the License. | |
name: Amazon DocumentDB JDBC Driver | |
on: | |
# Trigger the workflow on pull request, | |
# but only for the master/develop branches | |
pull_request: | |
branches: | |
- master | |
- develop | |
# Trigger on-demand | |
workflow_dispatch: | |
inputs: | |
testWithoutDocumentDB: | |
description: Test without DocumentDB? (1/0) | |
required: false | |
default: '1' | |
mavenFilesPreparation: | |
description: Prepare files to publish in maven repo? (1/0) | |
required: false | |
default: '0' | |
signTacoFile: | |
description: Sign taco file artifact | |
type: boolean | |
required: false | |
default: false | |
jobs: | |
build: | |
env: | |
DOC_DB_KEYPAIR: ${{secrets.DOC_DB_KEYPAIR}} | |
TRUSTSTORE_PASSWORD: ${{secrets.TRUSTSTORE_PASSWORD}} | |
DOC_DB_USER_NAME: ${{secrets.DOC_DB_USER_NAME}} | |
DOC_DB_PASSWORD: ${{secrets.DOC_DB_PASSWORD}} | |
DOC_DB_USER: ${{secrets.DOC_DB_USER}} | |
DOC_DB_HOST: ${{secrets.DOC_DB_HOST}} | |
OMIT_DOCUMENTDB: ${{ github.event.inputs.testWithoutDocumentDB || '0' }} | |
RUN_REMOTE_INTEGRATION_TESTS: ${{ github.event.inputs.testWithoutDocumentDB && 'false' || 'true' }} | |
DOC_DB_LOCAL_PORT: 27019 | |
DOC_DB_REMOTE_PORT: 27017 | |
DOC_DB_PRIV_KEY_FILE: ~/certs/docdb-sshtunnel.pem | |
GPG_SIGN_KEY: ${{secrets.GPG_SIGN_KEY}} | |
GPG_KEY_PASSWORD: ${{secrets.GPG_KEY_PASSWORD}} | |
GPG_KEY_SECRET_KEY_RING: ${{secrets.GPG_KEY_SECRET_KEY_RING}} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: '' | |
- name: Set up JDK 1.8 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 1.8 | |
- name: Extract key-pair into file | |
if: ${{ env.OMIT_DOCUMENTDB == '0' }} | |
run: | | |
mkdir -p ~/certs | |
echo "$DOC_DB_KEYPAIR" > ~/certs/docdb-sshtunnel.pem | |
chmod 400 ~/certs/docdb-sshtunnel.pem | |
- name: Run SSH tunnel to DocumentDB server | |
if: ${{ env.OMIT_DOCUMENTDB == '0' }} | |
run: | | |
ssh -f -N -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ~/certs/docdb-sshtunnel.pem -L $DOC_DB_LOCAL_PORT:${{secrets.DOC_DB_HOST}}:$DOC_DB_REMOTE_PORT ${{secrets.DOC_DB_USER}} | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: Build with Gradle with local and optional remote DocumentDB tests | |
run: | | |
./gradlew build -PrunRemoteIntegrationTests=$RUN_REMOTE_INTEGRATION_TESTS | |
- name: Extract gpg-key-pair into file | |
if: ${{ github.event.inputs.mavenFilesPreparation }} | |
run: | | |
echo "$GPG_KEY_SECRET_KEY_RING" > secring.kbx.b64 | |
base64 -d secring.kbx.b64 > secring.kbx | |
- name: Prepare to publish to Maven | |
if: ${{ github.event.inputs.mavenFilesPreparation }} | |
run: | | |
./gradlew publishToMavenLocal -Psigning.secretKeyRingFile=secring.kbx -Psigning.password=$GPG_KEY_PASSWORD -Psigning.keyId=$GPG_SIGN_KEY -PrunRemoteIntegrationTests=$RUN_REMOTE_INTEGRATION_TESTS | |
- name: Copy Build | |
run: | | |
mkdir output | |
mkdir output/jarfile | |
mkdir output/reports | |
cp build/libs/*.jar output/jarfile | |
cp -R build/reports output/reports | |
- name: Copy Files for Maven | |
if: ${{ github.event.inputs.mavenFilesPreparation }} | |
run: | | |
mkdir -p output/maven | |
name=$(ls build/libs | grep documentdb-jdbc.*-all.jar.asc) | |
vers=$(awk -F- '{print $3}' <<<"$name") | |
src_folder=~/.m2/repository/software/amazon/documentdb/jdbc/documentdb-jdbc/$vers | |
cp $src_folder/documentdb-jdbc-$vers.jar output/maven | |
cp $src_folder/documentdb-jdbc-$vers.jar.asc output/maven | |
cp $src_folder/documentdb-jdbc-$vers-javadoc.jar output/maven | |
cp $src_folder/documentdb-jdbc-$vers-javadoc.jar.asc output/maven | |
cp $src_folder/documentdb-jdbc-$vers-sources.jar output/maven | |
cp $src_folder/documentdb-jdbc-$vers-sources.jar.asc output/maven | |
cp $src_folder/documentdb-jdbc-$vers.pom output/maven | |
cp $src_folder/documentdb-jdbc-$vers.pom.asc output/maven | |
cd output/maven | |
jar -cvf bundle.jar * | |
rm documentdb-jdbc-$vers.jar | |
rm documentdb-jdbc-$vers.jar.asc | |
rm documentdb-jdbc-$vers-javadoc.jar | |
rm documentdb-jdbc-$vers-javadoc.jar.asc | |
rm documentdb-jdbc-$vers-sources.jar | |
rm documentdb-jdbc-$vers-sources.jar.asc | |
rm documentdb-jdbc-$vers.pom | |
rm documentdb-jdbc-$vers.pom.asc | |
- name: Upload Build | |
uses: actions/upload-artifact@v1 | |
with: | |
name: output | |
path: output | |
- name: Upload Raw Test Results | |
uses: actions/upload-artifact@v1 | |
if: always() | |
with: | |
name: raw-test-results | |
path: build/test-results/test/ | |
- name: Publish Summary Test Results | |
uses: EnricoMi/[email protected] | |
if: always() | |
with: | |
files: build/test-results/**/*.xml | |
- name: Publish Detailed Test Report | |
if: always() | |
uses: scacap/action-surefire-report@v1 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
report_paths: '**/build/test-results/test/TEST-*.xml' | |
- name: Generate JaCoCo Badge | |
id: jacoco | |
uses: cicirello/[email protected] | |
with: | |
jacoco-csv-file: 'build/reports/jacoco/test/jacocoTestReport.csv' | |
generate-branches-badge: true | |
- name: Commit Coverage Badge | |
uses: stefanzweifel/git-auto-commit-action@v4 | |
if: ${{ ! github.event.inputs.mavenFilesPreparation }} | |
with: | |
commit_options: '--allow-empty --no-verify' | |
commit_message: Commit Code Coverage Badge | |
file_pattern: '*.svg' | |
skip_fetch: false | |
skip_checkout: false | |
skip_dirty_check: false | |
- name: Upload JaCoCo coverage report | |
uses: actions/upload-artifact@v2 | |
with: | |
name: jacoco-report | |
path: build/reports/jacoco/ | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 11 | |
- name: Cache Gradle packages | |
uses: actions/cache@v1 | |
with: | |
path: ~/.gradle/caches | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} | |
restore-keys: ${{ runner.os }}-gradle | |
build-taco: | |
env: | |
SIGNING_ENABLED: ${{ github.event.inputs.signTacoFile }} | |
name: Assemble Tableau Connector | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v2 | |
- name: Ensure Executable Permissions | |
run: chmod a+x ./tableau-connector/build.sh | |
- name: Assemble Tableau Connector | |
run: ./tableau-connector/build.sh | |
- name: View assembled file | |
run: ls -l tableau-connector/target | |
- name: Add Version to Taco file | |
run: | | |
file="./gradle.properties" | |
MAJOR_VERSION=$(grep "MAJOR_VERSION" ${file} | cut -d'=' -f2) | |
MINOR_VERSION=$(grep "MINOR_VERSION" ${file} | cut -d'=' -f2) | |
PATCH_VERSION=$(grep "PATCH_VERSION" ${file} | cut -d'=' -f2) | |
echo "version=$MAJOR_VERSION.$MINOR_VERSION.$PATCH_VERSION" >> $GITHUB_ENV | |
mv tableau-connector/target/documentdbjdbc.taco tableau-connector/target/documentdbjdbc-$MAJOR_VERSION.$MINOR_VERSION.$PATCH_VERSION.taco | |
- name: "Configure AWS credentials" | |
if: ${{env.SIGNING_ENABLED == 'true'}} | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-west-2 | |
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
role-external-id: ${{ secrets.AWS_ROLE_EXTERNAL_ID }} | |
role-duration-seconds: 3600 | |
- name: Sign Taco File | |
id: sign-taco-file | |
shell: bash | |
run: | | |
echo "Sign is set to ${SIGNING_ENABLED}" | |
if [[ $SIGNING_ENABLED = "true" ]] | |
then | |
echo "Signing is enabled. Will attempt to sign" | |
pwd | |
ls -l tableau-connector/target | |
echo "Installing jq" | |
sudo apt-get install jq | |
# Upload unsigned .taco to S3 Bucket | |
echo "Obtaining version id and uploading unsigned .taco to S3 Bucket" | |
version_id=$( aws s3api put-object --bucket ${{ secrets.AWS_UNSIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }} --body ./tableau-connector/target/documentdbjdbc-${{env.version}}.taco --acl bucket-owner-full-control | jq '.VersionId' ) | |
job_id="" | |
# Attempt to get Job ID from bucket tagging, will retry up to 3 times before exiting with a failure code. | |
# Will sleep for 5 seconds between retries. | |
echo "Attempt to get Job ID from bucket tagging, will retry up to 3 times before exiting with a failure code." | |
for (( i=0; i<3; i++ )) | |
do | |
# Get job ID | |
id=$( aws s3api get-object-tagging --bucket ${{ secrets.AWS_UNSIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }} --version-id ${version_id} | jq -r '.TagSet[0].Value' ) | |
if [ $id != "null" ] | |
then | |
job_id=$id | |
break | |
fi | |
echo "Will sleep for 5 seconds between retries." | |
sleep 5s | |
done | |
if [[ $job_id = "" ]] | |
then | |
echo "Exiting because unable to retrieve job ID" | |
exit 1 | |
fi | |
# Poll signed S3 bucket to see if the signed artifact is there | |
echo "Poll signed S3 bucket to see if the signed artifact is there" | |
for (( i=0; i<3; i++ )) | |
do | |
aws s3api wait object-exists --bucket ${{ secrets.AWS_SIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }}-${job_id}.taco | |
if [ $? -eq 0 ] | |
then | |
break | |
fi | |
echo "Will sleep for 5 seconds between retries." | |
sleep 5s | |
done | |
# Downloading signed taco from S3 | |
echo "Downloading signed .taco from S3" | |
aws s3api get-object --bucket ${{ secrets.AWS_SIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }}-${job_id}.taco ./tableau-connector/target/documentdbjdbc-${{env.version}}-signed.taco | |
echo "Signing completed" | |
ls -l tableau-connector/target | |
else | |
echo "Signing will be skipped" | |
fi | |
- name: Upload Build | |
if: always() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: documentdbjdbc-${{env.version}}-taco | |
path: ./tableau-connector/target/ |