From db67af62fb6187617dbf6fa3ee670de5fad67803 Mon Sep 17 00:00:00 2001 From: Romain Bioteau Date: Tue, 25 Jun 2024 13:24:40 +0200 Subject: [PATCH] chore(gha): use gitflow maven plugin --- ...workflow-build.yml => _reusable_build.yml} | 8 +- .github/workflows/build.yml | 21 +++++ .github/workflows/build_pr.yml | 21 +++++ .github/workflows/publish.yml | 43 +++++++++ .github/workflows/release.yml | 43 +++++++++ .github/workflows/workflow-PR.yml | 78 ---------------- .github/workflows/workflow-release.yml | 91 ------------------- pom.xml | 12 +++ 8 files changed, 146 insertions(+), 171 deletions(-) rename .github/workflows/{workflow-build.yml => _reusable_build.yml} (95%) create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/build_pr.yml create mode 100644 .github/workflows/publish.yml create mode 100644 .github/workflows/release.yml delete mode 100644 .github/workflows/workflow-PR.yml delete mode 100644 .github/workflows/workflow-release.yml diff --git a/.github/workflows/workflow-build.yml b/.github/workflows/_reusable_build.yml similarity index 95% rename from .github/workflows/workflow-build.yml rename to .github/workflows/_reusable_build.yml index 7c3f488d..a9b88629 100644 --- a/.github/workflows/workflow-build.yml +++ b/.github/workflows/_reusable_build.yml @@ -1,8 +1,11 @@ name: workflow-build on: - push: - branches: [ dev ] + workflow_call: + inputs: + ossrh-publication: + type: boolean + default: false jobs: @@ -49,6 +52,7 @@ jobs: # Build and Push snapshots to maven central - name: Deploy snapshots to Maven central + if: ${{ inputs.ossrh-publication }} run: ./mvnw -B -ntp deploy -DskipTests=true -Pdeploy test-supported-versions: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..57fe91a9 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,21 @@ +name: Continuous Integration + +on: + push: + branches: + - develop + - release/* + - support/* + paths-ignore: + - "README.adoc" + - "CHANGELOG.adoc" + - ".github/**" + - "!.github/workflows/build.yml" + - "!.github/workflows/_reusable_build.yml" + +jobs: + build: + uses: ./.github/workflows/_reusable_build.yml + with: + ossrh-publication: true + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/build_pr.yml b/.github/workflows/build_pr.yml new file mode 100644 index 00000000..6e908e42 --- /dev/null +++ b/.github/workflows/build_pr.yml @@ -0,0 +1,21 @@ +name: Build Pull Request + +on: + pull_request: + branches: + - develop + - release/* + - support/* + paths-ignore: + - "README.adoc" + - "CHANGELOG.adoc" + - ".github/**" + - "!.github/workflows/build_pr.yml" + - "!.github/workflows/_reusable_build.yml" + +jobs: + build: + uses: ./.github/workflows/_reusable_build.yml + with: + ossrh-publication: false + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..47de6251 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,43 @@ +name: Publish + +on: + workflow_dispatch: + inputs: + tag: + description: "Tag to publish" + type: string + required: true + default: "x.y.z" + +jobs: + build: + name: Publication pipeline + runs-on: ubuntu-22.04 + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ github.event.inputs.tag }} + + - uses: Keeper-Security/ksm-action@v1 + with: + keeper-secret-config: ${{ secrets.KSM_CONFIG }} + secrets: | + ${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/login > env:MAVEN_USERNAME + ${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/password > env:MAVEN_PASSWORD + ${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/custom_field/gpg-private-key > env:GPG_PRIVATE_KEY + ${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/field/password > env:MAVEN_GPG_PASSPHRASE + + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: "temurin" + java-version: 17 + server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml + server-username: MAVEN_USERNAME # env variable for username in deploy + server-password: MAVEN_PASSWORD + gpg-passphrase: MAVEN_GPG_PASSPHRASE + gpg-private-key: ${{ env.GPG_PRIVATE_KEY }} # Value of the GPG private key to import + + - name: Publish tag + run: ./mvnw -ntp --batch-mode deploy -Pdeploy \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..e90290a8 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,43 @@ +name: Release + +on: + workflow_dispatch: + inputs: + version: + description: Version to release (leave empty to use pom version) + type: string + default: "" + required: false + nextVersion: + description: "Next development version (leave empty to use default version incrementation policy)" + type: string + required: false + default: "" + skipMergeReleaseInMaster: + description: "Skip merge into master (major/minor version only should be merged)" + type: boolean + required: false + default: false + +jobs: + build: + name: Release pipeline + runs-on: ubuntu-22.04 + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: "0" + + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: "temurin" + java-version: 17 + + - uses: bonitasoft/git-setup-action@v1 + with: + keeper-secret-config: ${{ secrets.KSM_CONFIG }} + + - name: Create Release + run: ./mvnw -ntp --batch-mode -Dstyle.color=always gitflow:release -DgitFlowConfig.developmentBranch=${{ github.ref_name }} -DdevelopmentVersion=${{ github.event.inputs.nextVersion }} -DreleaseVersion=${{ github.event.inputs.version }} -DskipReleaseMergeProdBranch=${{ github.event.inputs.skipMergeReleaseInMaster }} -Dverbose \ No newline at end of file diff --git a/.github/workflows/workflow-PR.yml b/.github/workflows/workflow-PR.yml deleted file mode 100644 index 59cff8ae..00000000 --- a/.github/workflows/workflow-PR.yml +++ /dev/null @@ -1,78 +0,0 @@ -name: workflow-pr - -on: - pull_request: - branches: [ master, dev ] - -jobs: - build: - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - - uses: Keeper-Security/ksm-action@v1 - with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: | - ${{ vars.KEEPER_SONARCLOUD_RECORD_ID }}/field/password > env:SONAR_TOKEN - ${{ vars.KEEPER_JFROG_RECORD_ID }}/field/login > env:JFROG_USER - ${{ vars.KEEPER_JFROG_RECORD_ID }}/field/password > env:JFROG_TOKEN - - - name: Cache SonarCloud packages - uses: actions/cache@v4 - with: - path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - - name: Setup Java - uses: actions/setup-java@v4 - with: - java-version: 17 - distribution: temurin - cache: maven - - - uses: docker/login-action@v3 - with: - registry: ${{ vars.BONITASOFT_DOCKER_REGISTRY }} - username: ${{ env.JFROG_USER }} - password: ${{ env.JFROG_TOKEN }} - - - name: Build and test project - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - run: ./mvnw -B -ntp verify sonar:sonar -Dsonar.scanner.force-deprecated-java-version=true -Dbonita.image=${{ vars.BONITASOFT_DOCKER_REGISTRY }}/${{ vars.DOCKER_SNAPSHOTS_REPOSITORY }}/bonita-community:10.2-SNAPSHOT - - test-supported-versions: - runs-on: ubuntu-22.04 - strategy: - matrix: - bonita-version: - - '7.15.0' - - '8.0.0' - - '9.0.0' - - '10.0.0' - - '10.1.0' - steps: - - uses: actions/checkout@v4 - - uses: Keeper-Security/ksm-action@v1 - with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: | - ${{ vars.KEEPER_JFROG_RECORD_ID }}/field/login > env:JFROG_USER - ${{ vars.KEEPER_JFROG_RECORD_ID }}/field/password > env:JFROG_TOKEN - - - name: Setup Java - uses: actions/setup-java@v4 - with: - java-version: 17 - distribution: temurin - cache: maven - - - uses: docker/login-action@v3 - with: - registry: ${{ vars.BONITASOFT_DOCKER_REGISTRY }} - username: ${{ env.JFROG_USER }} - password: ${{ env.JFROG_TOKEN }} - - - name: ${{ matrix.bonita-version }} Integration tests - run: ./mvnw -B -ntp verify -Dbonita.image=${{ vars.BONITASOFT_DOCKER_REGISTRY }}/${{ vars.INTERNAL_DOCKER_REPOSITORY_RELEASE }}/bonita-community:${{ matrix.bonita-version }} \ No newline at end of file diff --git a/.github/workflows/workflow-release.yml b/.github/workflows/workflow-release.yml deleted file mode 100644 index a970cea1..00000000 --- a/.github/workflows/workflow-release.yml +++ /dev/null @@ -1,91 +0,0 @@ -name: workflow-release - -on: - pull_request: - branches: - - master - types: - - closed - -jobs: - build: - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - - - uses: Keeper-Security/ksm-action@v1 - with: - keeper-secret-config: ${{ secrets.KSM_CONFIG }} - secrets: | - ${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/login > env:MAVEN_USERNAME - ${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/password > env:MAVEN_PASSWORD - ${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/field/login > env:GPG_KEYNAME - ${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/custom_field/gpg-private-key > env:GPG_PRIVATE_KEY - ${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/field/password > env:MAVEN_GPG_PASSPHRASE - - - name: Setup Java - uses: actions/setup-java@v4 - with: - java-version: 17 - distribution: temurin - cache: maven - server-id: ossrh - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - gpg-private-key: ${{ env.GPG_PRIVATE_KEY }} - gpg-passphrase: MAVEN_GPG_PASSPHRASE - - # Extract version - - name: Extract version - shell: bash - run: echo "##[set-output name=version;]$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)" - id: extract_version - - # Build and Push release to maven central - - name: Build and Push release to Maven central - run: ./mvnw -B -ntp deploy -DskipTests -Pdeploy - - # Create tag and GitHub release - - name: Create Release - id: create_release - uses: ncipollo/release-action@v1 - with: - tag: ${{ steps.extract_version.outputs.version }} - name: Release ${{ steps.extract_version.outputs.version }} - generateReleaseNotes: true - - # Switch to dev - - uses: actions/checkout@v4 - with: - ref: 'dev' - - # Merge master into dev - - uses: everlytic/branch-merge@1.1.5 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - source_ref: 'master' - target_branch: 'dev' - commit_message_template: 'ci(release): Merge master into dev' - - # Update next dev version - - name: Git pull - run: | - git config pull.rebase false - git pull - - name: Update next version - run: ./mvnw -B versions:set -DnextSnapshot=true - id: update_next_version - - name: Extract next version - shell: bash - run: echo "##[set-output name=next_version;]$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)" - id: extract_next_version - - name: Set next version - run: ./set-version.sh ${{ steps.extract_next_version.outputs.next_version }} - id: set_next_version - - name: Commit next version - run: | - git config user.name github-actions - git config user.email github-actions@github.com - git add --all - git commit -m "ci(release): Set next dev version" - git push diff --git a/pom.xml b/pom.xml index dcfa1653..74f9a304 100644 --- a/pom.xml +++ b/pom.xml @@ -75,6 +75,7 @@ 0.8.12 4.0.0.4121 1.7.0 + 1.21.0 3.7.0 3.3.1 3.2.4 @@ -395,6 +396,17 @@ false + + com.amashchenko.maven.plugin + gitflow-maven-plugin + ${gitflow-maven-plugin.version} + + ${versions-maven-plugin.version} + + 1 + chore(release): + + com.diffplug.spotless spotless-maven-plugin