diff --git a/.github/actions/publish-to-sonatype/action.yaml b/.github/actions/publish-to-sonatype/action.yaml index 456e2414a..7adb676c5 100644 --- a/.github/actions/publish-to-sonatype/action.yaml +++ b/.github/actions/publish-to-sonatype/action.yaml @@ -36,13 +36,11 @@ inputs: runs: using: "composite" steps: - - name: Set up JFrog credentials - id: setup-jfrog-cli + - name: Setup jfrog shell uses: jfrog/setup-jfrog-cli@v4 env: JF_URL: ${{ inputs.jfrog-platform-url }} with: - version: 2.72.2 oidc-provider-name: ${{ inputs.oidc-provider }} oidc-audience: ${{ inputs.oidc-audience }} @@ -80,7 +78,7 @@ runs: working-directory: ${{ inputs.staging-folder }} run: | ls -laR - + - name: Get hashes from build_info and generate files shell: bash working-directory: ${{ inputs.staging-folder }} @@ -88,13 +86,13 @@ runs: BUILD_INFO='${{ steps.get-build-info.outputs.build-info }}' MODULES=$(echo "${BUILD_INFO}" | jq -c '.buildInfo.modules[].artifacts[]') STAGE_DIR="$(find . -type f -name '*.jar' -exec realpath {} \; | head -n 1 | xargs dirname)" - + for MODULE in ${MODULES}; do NAME=$(echo "${MODULE}" | jq -r ".name") SHA1=$(echo "${MODULE}" | jq -r ".sha1") SHA256=$(echo "${MODULE}" | jq -r ".sha256") MD5=$(echo "${MODULE}" | jq -r ".md5") - + FILE_NAME="${STAGE_DIR}/${NAME}" echo "$FILE_NAME" echo "${SHA1}" >"${FILE_NAME}.sha1" @@ -112,13 +110,13 @@ runs: # adding output variable for debug step later echo "artifact-name=${ARTIFACT_NAME}" >> $GITHUB_OUTPUT zip -r "${ARTIFACT_NAME}" . - + - name: Debug show content of the upload archive shell: bash - working-directory: ${{ inputs.staging-folder }} + working-directory: ${{ inputs.staging-folder }} run: | ARTIFACT_NAME='${{ steps.create-artifact.outputs.artifact-name }}' - unzip -l "${ARTIFACT_NAME}" | tail -n +4 | sort -k4,4 + unzip -l "${ARTIFACT_NAME}" | tail -n +4 | sort -k4,4 #- name: Stage artifacts # working-directory: ${{ inputs.staging-folder }} diff --git a/.github/actions/run-ee-server/action.yaml b/.github/actions/run-ee-server/action.yaml index 97b3287c7..b09757790 100644 --- a/.github/actions/run-ee-server/action.yaml +++ b/.github/actions/run-ee-server/action.yaml @@ -1,6 +1,10 @@ name: "Run EE Server" description: "Run EE server. Returns once server is ready. Only tested on Linux and macOS" +permissions: + # This is required for requesting the OIDC token + id-token: write + inputs: # All inputs in composite actions are strings use-server-rc: diff --git a/.github/workflows/aggregate-build.yaml b/.github/workflows/aggregate-build.yaml index cdbd976c0..db4cad3f8 100644 --- a/.github/workflows/aggregate-build.yaml +++ b/.github/workflows/aggregate-build.yaml @@ -13,6 +13,9 @@ on: java-version: type: string required: true + is-snapshot: + type: string + required: true secrets: JFROG_OIDC_PROVIDER: required: true @@ -33,8 +36,15 @@ jobs: oidc-provider-name: ${{ secrets.JFROG_OIDC_PROVIDER }} oidc-audience: ${{ secrets.JFROG_OIDC_AUDIENCE }} + - shell: bash + run: | + echo "IS_SNAPSHOT=${{ inputs.is-snapshot }}" >> $GITHUB_ENV + - name: Aggregate builds run: | + # record env variables + jf rt bce clients-java-push-to-dev ${{ github.run_number }} + jf rt ba clients-java-push-to-dev ${{ github.run_number }} clients-java-push-to-dev_aerospike-client-bc-jdk${{ inputs.java-version }} ${{ github.run_number }} jf rt ba clients-java-push-to-dev ${{ github.run_number }} clients-java-push-to-dev_aerospike-client-jdk${{ inputs.java-version }} ${{ github.run_number }} diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml new file mode 100644 index 000000000..c0132ca7a --- /dev/null +++ b/.github/workflows/create-release.yaml @@ -0,0 +1,21 @@ +name: create-release + +on: + workflow_dispatch: + inputs: + version: + type: string + required: true + description: New version to set + +jobs: + build-stage: + name: Build stage + uses: ./.github/workflows/release-stage.yaml + with: + # This will need to change to point to staging branch + ref: dev/dev-ci-fixes-stage + version: ${{ inputs.version }} + build-number: ${{ github.run_number }} + is-snapshot: false + secrets: inherit diff --git a/.github/workflows/promote-prod.yaml b/.github/workflows/promote-prod.yaml index ae9f22243..dc77ff8bd 100644 --- a/.github/workflows/promote-prod.yaml +++ b/.github/workflows/promote-prod.yaml @@ -11,13 +11,18 @@ on: build-number: type: number description: Build number used to build artifact to be promoted + target-branch: + type: choice + description: Target branch to promote to + options: + - dev-stage jobs: promote-from-stage-to-prod: - name: Promot from stage to prod + name: Promote from stage to prod uses: ./.github/workflows/promote.yaml with: build-number: ${{ inputs.build-number }} target-repository: clients-maven-stage-local - target-branch: dev-stage + target-branch: ${{ inputs.target-branch }} secrets: inherit diff --git a/.github/workflows/promote.yaml b/.github/workflows/promote.yaml index 23301f1b7..3c92e009d 100644 --- a/.github/workflows/promote.yaml +++ b/.github/workflows/promote.yaml @@ -12,6 +12,10 @@ on: target-branch: type: string description: Target branch to promote token + jf-target-build: + type: string + description: Target build name + default: clients-java-push-to-dev secrets: SONATYPE_MAVEN_USER: required: true @@ -39,10 +43,28 @@ jobs: oidc-provider-name: ${{ secrets.JFROG_OIDC_PROVIDER }} oidc-audience: ${{ secrets.JFROG_OIDC_AUDIENCE }} + # Needed since we are using actions which are part of the repository + - name: Checkout + uses: actions/checkout@v4 + with: + # Fetch the whole history to prevent unrelated history errors + fetch-depth: "0" + ref: ${{ inputs.target-branch }} + token: ${{ secrets.CLIENT_BOT_PAT }} + - name: Get info id: get-build-info run: | - echo build-info=$(jf rt curl /api/build/clients-java-push-to-dev/${{ inputs.build-number }}) >> $GITHUB_OUTPUT + echo build-info=$(jf rt curl /api/build/${{ inputs.jf-target-build }}/${{ inputs.build-number }}) >> $GITHUB_OUTPUT + + - name: Check if snapshot build + run: | + IS_SNAPSHOT=$(echo '${{ steps.get-build-info.outputs.build-info }}' | jq -cr '.buildInfo.properties."buildInfo.env.IS_SNAPSHOT"') + if [ $IS_SNAPSHOT == 'true' ];then + echo "Error build ${{ inputs.jf-target-build }} with build number ${{ inputs.build-number }} is a SNAPSHOT build. Snapshots are not promoted to production." + + exit 1 + fi - name: Get commit hash from repo id: get-commit-hash @@ -59,38 +81,13 @@ jobs: echo "commit-hash: '${{ steps.get-commit-hash.outputs.commit-hash }}'" echo "build-names: '${{ steps.get-build-name.outputs.build-names }}'" - # Needed since we are using actions which are part of the repository - - name: Checkout - uses: actions/checkout@v4 - with: - # Fetch the whole history to prevent unrelated history errors - fetch-depth: "0" - ref: ${{ inputs.target-branch }} - token: ${{ secrets.CLIENT_BOT_PAT }} - - - name: Fast forward - shell: bash - run: git merge --ff-only ${{ inputs.ref-to-merge }} - - - name: Add tagging message - uses: stefanzweifel/git-auto-commit-action@v4 - with: - commit_message: "Promote to prod [skip ci]" - commit_author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - tagging_message: Promote to PROD - branch: ${{ inputs.target-branch }} - - - name: Upload changes to remote head branch - shell: bash - run: git push - - name: Promote build shell: bash run: | BUILD_NAMES=(${{ steps.get-build-name.outputs.build-names }}) if [ ${#MODULES[@]} -eq 0 ];then - echo "Missing build names for modules in 'clients-java-push-to-dev'" + echo "Missing build names for modules in '${{ inputs.jf-target-build }}'" fi for BUILD_NAME in "${BUILD_NAMES[@]}"; do @@ -114,6 +111,22 @@ jobs: echo "build-name-number: ${{ steps.get-build-name-number.outputs.build-name-number }}" echo "artifact-version: ${{ steps.get-artifact-version.output.artifact-version }}" + - name: Fast forward + shell: bash + run: git merge --ff-only ${{ inputs.ref-to-merge }} + + - name: Add tagging message + uses: stefanzweifel/git-auto-commit-action@v4 + with: + commit_message: "Promote to prod [skip ci]" + commit_author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + tagging_message: Promote to PROD + branch: ${{ inputs.target-branch }} + + - name: Upload changes to remote head branch + shell: bash + run: git push + publish-to-sonatype: runs-on: ${{ vars.BUILD_CONTAINER_DISTRO_VERSION }} needs: promote diff --git a/.github/workflows/pull-request-open.yaml b/.github/workflows/pull-request-open.yaml index 48690fb02..165ec9a40 100644 --- a/.github/workflows/pull-request-open.yaml +++ b/.github/workflows/pull-request-open.yaml @@ -1,5 +1,9 @@ name: PR open +permissions: + # This is required for requesting the OIDC token + id-token: write + on: pull_request: branches: diff --git a/.github/workflows/push-to-stage.yaml b/.github/workflows/push-to-stage.yaml index 5448b1646..e5c908554 100644 --- a/.github/workflows/push-to-stage.yaml +++ b/.github/workflows/push-to-stage.yaml @@ -11,5 +11,6 @@ jobs: name: Build stage uses: ./.github/workflows/release-stage.yaml with: - branch: ${{ github.ref }} + ref: ${{ github.ref }} + build-number: ${{ github.run_number }} secrets: inherit diff --git a/.github/workflows/release-stage.yaml b/.github/workflows/release-stage.yaml index 7420c2707..9c2592459 100644 --- a/.github/workflows/release-stage.yaml +++ b/.github/workflows/release-stage.yaml @@ -1,7 +1,10 @@ on: workflow_call: inputs: - branch: + ref: + type: string + required: true + build-number: type: string required: true @@ -11,19 +14,21 @@ jobs: steps: - name: debug run: | - echo "${{ inputs.branch }}" + echo "${{ inputs.ref }}" echo "${{ github.base_ref }}" - java-version: + pre-requisites: needs: debug-job runs-on: ${{ vars.BUILD_CONTAINER_DISTRO_VERSION }} outputs: java-version: ${{ steps.get-java-version.outputs.java-version }} + is-snapshot: ${{ steps.get-is-snapshot.outputs.is-snapshot }} steps: - name: Checkout client uses: actions/checkout@v4 with: - ref: ${{ inputs.branch }} + fetch-depth: 0 + ref: ${{ inputs.ref }} - name: Get java version id: get-java-version @@ -34,21 +39,50 @@ jobs: run: | echo ${{ steps.get-java-version.outputs.java-version }} + - name: Detect if snapshot + id: get-is-snapshot + shell: bash + run: | + # Getting previous commit + COMMIT_REF="HEAD~1" + + # Checking if previous commit contains pom.xml. This should always return true + if ! git show "${COMMIT_REF}:pom.xml" &>/dev/null; then + echo "Error: pom.xml not found in commit ${COMMIT_REF}" + exit 1 + fi + + # Getting previous version + OLD_VERSIONS=$(git show "${COMMIT_REF}:pom.xml" | + sed -n 's/.*\([^<]*\)<\/revision>.*/\1/p') + + # Getting current version + NEW_VERSIONS=$(sed -n 's/.*\([^<]*\)<\/revision>.*/\1/p' pom.xml) + + # Compare the extracted versions. CI will not commit snapshot version. + if [[ "${OLD_VERSIONS}" != "${NEW_VERSIONS}" ]]; then + echo "is-snapshot='false'" >> $GITHUB_OUTPUT + else + echo "is-snapshot='true'" >> $GITHUB_OUTPUT + fi + build: uses: ./.github/workflows/release.yaml - needs: java-version + needs: pre-requisites strategy: matrix: crypto-type: [bouncycastle, gnu] with: - java-version: ${{ needs.java-version.outputs.java-version }} - branch: ${{ inputs.branch }} + ref: ${{ inputs.ref }} + java-version: ${{ needs.pre-requisites.outputs.java-version }} crypto-type: ${{ matrix.crypto-type }} + is-snapshot: ${{ needs.pre-requisites.outputs.is-snapshot }} secrets: inherit aggregate-published-artifacts: uses: ./.github/workflows/aggregate-build.yaml - needs: [java-version, build] + needs: [pre-requisites, build] secrets: inherit with: - java-version: ${{ needs.java-version.outputs.java-version }} + java-version: ${{ needs.pre-requisites.outputs.java-version }} + is-snapshot: ${{ needs.pre-requisites.outputs.is-snapshot }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2e6e45c9d..89e6b3036 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -5,7 +5,7 @@ permissions: on: workflow_call: inputs: - branch: + ref: type: string required: true java-version: @@ -14,6 +14,9 @@ on: crypto-type: type: string required: true + is-snapshot: + type: string + required: true secrets: GPG_SECRET_KEY_ORG: required: true @@ -31,7 +34,8 @@ jobs: - name: Checkout code uses: actions/checkout@v4 with: - ref: ${{ inputs.branch }} + fetch-depth: 0 + ref: ${{ inputs.ref }} # Java plugin will setup gpg but we are not using maven to deploy do JFrog. # - jf mvn clean install on publish does not publish POM we would like to publish @@ -43,9 +47,25 @@ jobs: gpg-private-key: ${{ secrets.GPG_SECRET_KEY_ORG }} gpg-passphrase: GPG_PASS + - name: Get release or snapshot-version + id: get-release-version + shell: bash + run: | + IS_SNAPSHOT=${{ inputs.is-snapshot }} + if [ $IS_SNAPSHOT == 'true' ];then + echo release-version="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-SNAPSHOT_$GITHUB_SHA" >> $GITHUB_OUTPUT + else + echo release-version="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT + fi + + - name: Set version + shell: bash + run: | + ./set_version ${{ steps.get-release-version.outputs.release-version }} ${{ inputs.crypto-type }} + - name: Build all modules shell: bash - run: mvn clean install -P ${{ inputs.crypto-type }} # The crypto profile is usually set with set_crypto but since we need to toggle multiple prfiles set_crypto option is not being picked up + run: mvn clean install -P ${{ inputs.crypto-type }} # The crypto profile is usually set with set_crypto but since we need to toggle multiple profiles set_crypto option is not being picked up - name: Stage artifacts for publish working-directory: client diff --git a/set_version b/set_version new file mode 100755 index 000000000..382c87199 --- /dev/null +++ b/set_version @@ -0,0 +1,56 @@ +#!/usr/bin/env bash + +# +# Function definitions +# +function update_version() { + VERSION="$1" + BUILD_TYPE=$2 + PARENT_POM="pom.xml" + PUBLIC_POM="client/deploy-resources/${BUILD_TYPE}_pom.xml" + + # Detecting host type. `sed` on bsd and linux are not the same + if [[ "$(uname)" == "Darwin" ]]; then + sed -i "" "s#[^<]*#${VERSION}#g" "$PARENT_POM" + sed -i "" "1,/[^<]*<\/version>/ s#[^<]*#${VERSION}#" "$PUBLIC_POM" + else + sed -i "s#[^<]*#${VERSION}#g" "$PARENT_POM" + sed -i "0,/[^<]*<\/version>/ s//${VERSION}<\/version>/" "$PUBLIC_POM" + fi +} + +function main() { + VERSION=$1 + BUILD_TYPE=$2 + + # If version has been set using set_crypto we are honoring that setting + if [ -f "bouncycastle.config" ];then + BUILD_TYPE="bouncycastle" + elif [ -f "gnu.config" ];then + BUILD_TYPE="gnu" + fi + + update_version $VERSION $BUILD_TYPE +} + +# +# Main entry +# +VERSION=$1 +BUILD_TYPE=${2:-"gnu"} +REGEX="^[0-9]+\.[0-9]+\.[0-9]+(-SNAPSHOT_[a-zA-Z0-9]+)?$" + +if [ -z $VERSION ];then + printf "Missing version ..." + + exit 1 +elif [[ ! "$1" =~ $REGEX ]];then + printf "Version format not valid. Valid format are [0 - 9].[0 - 9].[0 - 9] | [0 - 9].[0 - 9].[0 - 9]-SNAPSHOT_[git_sha]" + + exit 1 +else + # Call main + main $VERSION $BUILD_TYPE + + exit 0 +fi \ No newline at end of file