From 83074255761ae2058c44f1533226d564f47e4e5e Mon Sep 17 00:00:00 2001 From: lojzatran Date: Fri, 21 Mar 2025 15:29:06 +0100 Subject: [PATCH 01/16] fix: test release script --- .github/workflows/cd.yml | 49 +++++++------ .github/workflows/ci.yml | 136 +++++++++++++++++------------------ scripts/setup-signing-key.sh | 50 +++++++++++++ 3 files changed, 145 insertions(+), 90 deletions(-) create mode 100755 scripts/setup-signing-key.sh diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index ad192ae89a..a7ed779adc 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -2,8 +2,8 @@ name: CD on: push: - tags: - - '*.*.*' + branches: + - test-new-release-branch jobs: benchmark_tests: @@ -47,24 +47,29 @@ jobs: with: java-version: 11 distribution: 'zulu' - - name: status - run: echo Build is tagged. Uploading artifact ${{ steps.vars.outputs.tag }} to maven central. - - name: Publish GitHub Pages - run: ./gradlew --info -Dbuild.version="${{ steps.vars.outputs.tag }}" mkdocsPublish - - name: deploy to sonatype and publish to maven central - run: ./gradlew setLibraryVersion -Dbuild.version="${{ steps.vars.outputs.tag }}" publishToSonatype closeAndReleaseSonatypeStagingRepository + - run: scripts/setup-signing-key.sh env: - GITHUB_TAG: ${{ steps.vars.outputs.tag }} - MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} - PGP_KEY: ${{ secrets.PGP_KEY }} - PGP_PASSWORD: ${{ secrets.PGP_PASSWORD }} - - name: Slack notification - if: success() # only when previous step succeeds - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} - SLACK_USERNAME: Github Release Action. - SLACK_CHANNEL: java-sync - uses: Ilshidur/action-slack@master - with: - args: 'Version: of the library has been published to the .' + DECRYPTER: ${{ secrets.DECRYPTER }} + SIGNING_KEY: ${{ secrets.SIGNING_KEY }} + PASSPHRASE: ${{ secrets.PASSPHRASE }} +# - name: status +# run: echo Build is tagged. Uploading artifact ${{ steps.vars.outputs.tag }} to maven central. +# - name: Publish GitHub Pages +# run: ./gradlew --info -Dbuild.version="${{ steps.vars.outputs.tag }}" mkdocsPublish +# - name: deploy to sonatype and publish to maven central +# run: ./gradlew setLibraryVersion -Dbuild.version="${{ steps.vars.outputs.tag }}" publishToSonatype closeAndReleaseSonatypeStagingRepository +# env: +# GITHUB_TAG: ${{ steps.vars.outputs.tag }} +# MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} +# MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} +# PGP_KEY: ${{ secrets.PGP_KEY }} +# PGP_PASSWORD: ${{ secrets.PGP_PASSWORD }} +# - name: Slack notification +# if: success() # only when previous step succeeds +# env: +# SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} +# SLACK_USERNAME: Github Release Action. +# SLACK_CHANNEL: java-sync +# uses: Ilshidur/action-slack@master +# with: +# args: 'Version: of the library has been published to the .' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8ca79e0117..00cbd7d439 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,68 +1,68 @@ -name: CI - -on: [push] - -jobs: - checks: - name: Code Checks - runs-on: ubuntu-latest - steps: - - name: Git Checkout - uses: actions/checkout@v4 - - name: Generate Dependency Updates Report - run: ./gradlew clean dependencyUpdates - - name: Code formatting - run: ./gradlew spotlessCheck - - name: PMD - run: ./gradlew pmdBenchmark pmdIntegrationTest pmdMain pmdTest - - name: Spotbugs - run: ./gradlew spotbugsBenchmark spotbugsIntegrationTest spotbugsMain spotbugsTest - - name: mkdocsBuild - run: ./gradlew mkdocsBuild - tests: - name: Tests - concurrency: tests - needs: checks - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-java@v4 - with: - java-version: 11 - distribution: 'zulu' - - name: Build with Gradle - run: ./gradlew clean setLibraryVersion test integrationTest jacocoTestCoverageVerification jacocoTestReport - env: - SOURCE_PROJECT_KEY: java-sync-source - SOURCE_CLIENT_ID: ${{ secrets.SOURCE_CLIENT_ID }} - SOURCE_CLIENT_SECRET: ${{ secrets.SOURCE_CLIENT_SECRET }} - TARGET_PROJECT_KEY: java-sync-target - TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID }} - TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET }} - - name: Codecov - uses: codecov/codecov-action@v4 - benchmark_tests: - name: benchmark tests - concurrency: benchmark_tests - needs: tests - runs-on: ubuntu-latest - env: - SOURCE_PROJECT_KEY: java-sync-target-dev2 - SOURCE_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} - SOURCE_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} - TARGET_PROJECT_KEY: java-sync-target-dev2 - TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} - TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} - GRGIT_USER: ${{ secrets.GRGIT_USER }} - SUBMIT_BENCHMARK_RESULT: false - steps: - - name: Git Checkout - uses: actions/checkout@v4 - - name: Fetch Library version - id: vars - run: echo ::set-output name=libVersion::${GITHUB_REF#refs/*/} - - name: benchmark test - if: ${{ success() }} - run: ./gradlew clean setLibraryVersion benchmark - env: - GITHUB_TAG: ${{ steps.vars.outputs.libVersion }} +#name: CI +# +#on: [push] +# +#jobs: +# checks: +# name: Code Checks +# runs-on: ubuntu-latest +# steps: +# - name: Git Checkout +# uses: actions/checkout@v4 +# - name: Generate Dependency Updates Report +# run: ./gradlew clean dependencyUpdates +# - name: Code formatting +# run: ./gradlew spotlessCheck +# - name: PMD +# run: ./gradlew pmdBenchmark pmdIntegrationTest pmdMain pmdTest +# - name: Spotbugs +# run: ./gradlew spotbugsBenchmark spotbugsIntegrationTest spotbugsMain spotbugsTest +# - name: mkdocsBuild +# run: ./gradlew mkdocsBuild +# tests: +# name: Tests +# concurrency: tests +# needs: checks +# runs-on: ubuntu-latest +# steps: +# - uses: actions/checkout@v4 +# - uses: actions/setup-java@v4 +# with: +# java-version: 11 +# distribution: 'zulu' +# - name: Build with Gradle +# run: ./gradlew clean setLibraryVersion test integrationTest jacocoTestCoverageVerification jacocoTestReport +# env: +# SOURCE_PROJECT_KEY: java-sync-source +# SOURCE_CLIENT_ID: ${{ secrets.SOURCE_CLIENT_ID }} +# SOURCE_CLIENT_SECRET: ${{ secrets.SOURCE_CLIENT_SECRET }} +# TARGET_PROJECT_KEY: java-sync-target +# TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID }} +# TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET }} +# - name: Codecov +# uses: codecov/codecov-action@v4 +# benchmark_tests: +# name: benchmark tests +# concurrency: benchmark_tests +# needs: tests +# runs-on: ubuntu-latest +# env: +# SOURCE_PROJECT_KEY: java-sync-target-dev2 +# SOURCE_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} +# SOURCE_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} +# TARGET_PROJECT_KEY: java-sync-target-dev2 +# TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} +# TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} +# GRGIT_USER: ${{ secrets.GRGIT_USER }} +# SUBMIT_BENCHMARK_RESULT: false +# steps: +# - name: Git Checkout +# uses: actions/checkout@v4 +# - name: Fetch Library version +# id: vars +# run: echo ::set-output name=libVersion::${GITHUB_REF#refs/*/} +# - name: benchmark test +# if: ${{ success() }} +# run: ./gradlew clean setLibraryVersion benchmark +# env: +# GITHUB_TAG: ${{ steps.vars.outputs.libVersion }} diff --git a/scripts/setup-signing-key.sh b/scripts/setup-signing-key.sh new file mode 100755 index 0000000000..cbf9b62227 --- /dev/null +++ b/scripts/setup-signing-key.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +set -e + +# Decrypt credentials +echo ${DECRYPTER} | base64 --decode > decrypter.json +echo ${SIGNING_KEY} | base64 --decode > signing_key.enc +echo ${PASSPHRASE} | base64 --decode > signing_passphrase.enc + +gcloud auth activate-service-account --key-file decrypter.json + +echo "Decrypt signing secrets" + +gcloud kms decrypt \ + --project=commercetools-platform \ + --location=global \ + --keyring=devtooling \ + --key=java-sdk-v2 \ + --ciphertext-file=signing_key.enc \ + --plaintext-file=signing_key.asc + +gcloud kms decrypt \ + --project=commercetools-platform \ + --location=global \ + --keyring=devtooling \ + --key=java-sdk-v2 \ + --ciphertext-file=signing_passphrase.enc \ + --plaintext-file=signing_passphrase.txt + +# Import the GPG key +set +e +echo "Importing the signing key" +gpg --import --no-tty --batch --yes signing_key.asc +echo " - done" +set -e + +# List available GPG keys +gpg -K + +KEYNAME=`gpg --with-colons --keyid-format long --list-keys devtooling@commercetools.com | grep fpr | cut -d ':' -f 10` + +mkdir -p ~/.gradle +touch ~/.gradle/gradle.properties + +echo "signing.gnupg.executable=gpg" >> ~/.gradle/gradle.properties +echo "signing.gnupg.keyName=$KEYNAME" >> ~/.gradle/gradle.properties +echo "signing.gnupg.passphrase=$(> ~/.gradle/gradle.properties + +rm -rf signing_passphrase.txt signing_passphrase.enc signing_key.enc decrypter.json signing_key.asc + From 4e3b0535f37bc73e986010523582d21d78e965c5 Mon Sep 17 00:00:00 2001 From: lojzatran Date: Fri, 21 Mar 2025 15:36:55 +0100 Subject: [PATCH 02/16] fix: test release script --- .github/workflows/cd.yml | 50 ++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index a7ed779adc..cc279205a4 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -6,33 +6,33 @@ on: - test-new-release-branch jobs: - benchmark_tests: - name: benchmark tests - concurrency: benchmark_tests - runs-on: ubuntu-latest - env: - SOURCE_PROJECT_KEY: java-sync-target-dev2 - SOURCE_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} - SOURCE_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} - TARGET_PROJECT_KEY: java-sync-target-dev2 - TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} - TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} - GRGIT_USER: ${{ secrets.GRGIT_USER }} - SUBMIT_BENCHMARK_RESULT: true - steps: - - name: Git Checkout - uses: actions/checkout@v4 - - name: Fetch Library version - id: vars - run: echo ::set-output name=libVersion::${GITHUB_REF#refs/*/} - - name: benchmark test - if: ${{ success() }} - run: ./gradlew clean setLibraryVersion benchmark - env: - GITHUB_TAG: ${{ steps.vars.outputs.libVersion }} +# benchmark_tests: +# name: benchmark tests +# concurrency: benchmark_tests +# runs-on: ubuntu-latest +# env: +# SOURCE_PROJECT_KEY: java-sync-target-dev2 +# SOURCE_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} +# SOURCE_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} +# TARGET_PROJECT_KEY: java-sync-target-dev2 +# TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} +# TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} +# GRGIT_USER: ${{ secrets.GRGIT_USER }} +# SUBMIT_BENCHMARK_RESULT: true +# steps: +# - name: Git Checkout +# uses: actions/checkout@v4 +# - name: Fetch Library version +# id: vars +# run: echo ::set-output name=libVersion::${GITHUB_REF#refs/*/} +# - name: benchmark test +# if: ${{ success() }} +# run: ./gradlew clean setLibraryVersion benchmark +# env: +# GITHUB_TAG: ${{ steps.vars.outputs.libVersion }} deployment: name: deployment - needs: benchmark_tests +# needs: benchmark_tests runs-on: ubuntu-latest env: GRGIT_USER: ${{ secrets.GRGIT_USER }} From 6ed4a9520cdeafe3edc7ca5a07241e3b04d7b63b Mon Sep 17 00:00:00 2001 From: lojzatran Date: Fri, 21 Mar 2025 16:01:34 +0100 Subject: [PATCH 03/16] fix: add echo --- scripts/setup-signing-key.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/setup-signing-key.sh b/scripts/setup-signing-key.sh index cbf9b62227..d4f2ed3aa9 100755 --- a/scripts/setup-signing-key.sh +++ b/scripts/setup-signing-key.sh @@ -3,8 +3,11 @@ set -e # Decrypt credentials +echo 'Decode decrypter' echo ${DECRYPTER} | base64 --decode > decrypter.json +echo 'Decode signing key' echo ${SIGNING_KEY} | base64 --decode > signing_key.enc +echo 'Decode passphrase' echo ${PASSPHRASE} | base64 --decode > signing_passphrase.enc gcloud auth activate-service-account --key-file decrypter.json From 1cc1656cec385f2f0ed66e87c190e6ce62f3c4a9 Mon Sep 17 00:00:00 2001 From: lojzatran Date: Fri, 21 Mar 2025 16:09:36 +0100 Subject: [PATCH 04/16] fix: remove base64 decrypt --- scripts/setup-signing-key.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/setup-signing-key.sh b/scripts/setup-signing-key.sh index d4f2ed3aa9..e2031271e0 100755 --- a/scripts/setup-signing-key.sh +++ b/scripts/setup-signing-key.sh @@ -4,7 +4,7 @@ set -e # Decrypt credentials echo 'Decode decrypter' -echo ${DECRYPTER} | base64 --decode > decrypter.json +echo ${DECRYPTER} > decrypter.json echo 'Decode signing key' echo ${SIGNING_KEY} | base64 --decode > signing_key.enc echo 'Decode passphrase' From fd813bf25840d905a89cd59dc96977aa3d078290 Mon Sep 17 00:00:00 2001 From: lojzatran Date: Fri, 21 Mar 2025 17:42:37 +0100 Subject: [PATCH 05/16] fix: remove base64 decrypt --- scripts/setup-signing-key.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/setup-signing-key.sh b/scripts/setup-signing-key.sh index e2031271e0..0cab4ee156 100755 --- a/scripts/setup-signing-key.sh +++ b/scripts/setup-signing-key.sh @@ -6,9 +6,9 @@ set -e echo 'Decode decrypter' echo ${DECRYPTER} > decrypter.json echo 'Decode signing key' -echo ${SIGNING_KEY} | base64 --decode > signing_key.enc +echo ${SIGNING_KEY} > signing_key.enc echo 'Decode passphrase' -echo ${PASSPHRASE} | base64 --decode > signing_passphrase.enc +echo ${PASSPHRASE} > signing_passphrase.enc gcloud auth activate-service-account --key-file decrypter.json From c004c424f83fe20de979f95b399fb4f5e0258c56 Mon Sep 17 00:00:00 2001 From: lojzatran Date: Mon, 24 Mar 2025 09:15:22 +0100 Subject: [PATCH 06/16] fix: add base64 decrypt --- scripts/setup-signing-key.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/setup-signing-key.sh b/scripts/setup-signing-key.sh index 0cab4ee156..e2031271e0 100755 --- a/scripts/setup-signing-key.sh +++ b/scripts/setup-signing-key.sh @@ -6,9 +6,9 @@ set -e echo 'Decode decrypter' echo ${DECRYPTER} > decrypter.json echo 'Decode signing key' -echo ${SIGNING_KEY} > signing_key.enc +echo ${SIGNING_KEY} | base64 --decode > signing_key.enc echo 'Decode passphrase' -echo ${PASSPHRASE} > signing_passphrase.enc +echo ${PASSPHRASE} | base64 --decode > signing_passphrase.enc gcloud auth activate-service-account --key-file decrypter.json From 3700ac0ab3a87bd6c86f22a097c551a47bbb12bb Mon Sep 17 00:00:00 2001 From: Jens Schulze Date: Mon, 24 Mar 2025 10:55:10 +0100 Subject: [PATCH 07/16] Update setup-signing-key.sh --- scripts/setup-signing-key.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/scripts/setup-signing-key.sh b/scripts/setup-signing-key.sh index e2031271e0..30051f105c 100755 --- a/scripts/setup-signing-key.sh +++ b/scripts/setup-signing-key.sh @@ -14,21 +14,24 @@ gcloud auth activate-service-account --key-file decrypter.json echo "Decrypt signing secrets" +echo "passphrase" gcloud kms decrypt \ --project=commercetools-platform \ --location=global \ --keyring=devtooling \ --key=java-sdk-v2 \ - --ciphertext-file=signing_key.enc \ - --plaintext-file=signing_key.asc + --ciphertext-file=signing_passphrase.enc \ + --plaintext-file=signing_passphrase.txt +echo "key" gcloud kms decrypt \ --project=commercetools-platform \ --location=global \ --keyring=devtooling \ --key=java-sdk-v2 \ - --ciphertext-file=signing_passphrase.enc \ - --plaintext-file=signing_passphrase.txt + --ciphertext-file=signing_key.enc \ + --plaintext-file=signing_key.asc + # Import the GPG key set +e From 74a8dac85529cd357d2bd545ca3a087268dbd701 Mon Sep 17 00:00:00 2001 From: Jens Schulze Date: Mon, 24 Mar 2025 10:55:43 +0100 Subject: [PATCH 08/16] Update setup-signing-key.sh --- scripts/setup-signing-key.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/setup-signing-key.sh b/scripts/setup-signing-key.sh index 30051f105c..fb4fd688a2 100755 --- a/scripts/setup-signing-key.sh +++ b/scripts/setup-signing-key.sh @@ -4,7 +4,7 @@ set -e # Decrypt credentials echo 'Decode decrypter' -echo ${DECRYPTER} > decrypter.json +echo ${DECRYPTER} | base64 --decode > decrypter.json echo 'Decode signing key' echo ${SIGNING_KEY} | base64 --decode > signing_key.enc echo 'Decode passphrase' From 8cb28b2c56f092f9cb8889fd1dc2b7c13058fd20 Mon Sep 17 00:00:00 2001 From: lojzatran Date: Mon, 24 Mar 2025 11:50:59 +0100 Subject: [PATCH 09/16] fix: update CD release --- .github/workflows/cd.yml | 12 ++++++++++++ gradle-scripts/maven-publish.gradle | 10 ++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index cc279205a4..864657b78d 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -52,6 +52,18 @@ jobs: DECRYPTER: ${{ secrets.DECRYPTER }} SIGNING_KEY: ${{ secrets.SIGNING_KEY }} PASSPHRASE: ${{ secrets.PASSPHRASE }} + - run: ./gradlew -Pversion=$REF_NAME clean publishToSonatype closeAndReleaseSonatypeStagingRepository + env: + GITHUB_TAG: ${{ steps.vars.outputs.tag }} + MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} +# PGP_KEY: ${{ secrets.PGP_KEY }} +# PGP_PASSWORD: ${{ secrets.PGP_PASSWORD }} +# REF_NAME: ${{ github.ref_name }} +# CTP_OSS_USER: ${{ secrets.OSS_USER }} +# CTP_OSS_SECRET: ${{ secrets.OSS_SECRET }} +# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# GITHUB_ACTOR: ${{ secrets.GITHUB_ACTOR }} # - name: status # run: echo Build is tagged. Uploading artifact ${{ steps.vars.outputs.tag }} to maven central. # - name: Publish GitHub Pages diff --git a/gradle-scripts/maven-publish.gradle b/gradle-scripts/maven-publish.gradle index 7754f03c6d..005263d3bb 100644 --- a/gradle-scripts/maven-publish.gradle +++ b/gradle-scripts/maven-publish.gradle @@ -40,10 +40,12 @@ publishing { } signing { - def signingKey = System.getenv("PGP_KEY") - def signingPassword = System.getenv("PGP_PASSWORD") - useInMemoryPgpKeys(signingKey, signingPassword) - sign publishing.publications.mavenJava +// def signingKey = System.getenv("PGP_KEY") +// def signingPassword = System.getenv("PGP_PASSWORD") +// useInMemoryPgpKeys(signingKey, signingPassword) +// sign publishing.publications.mavenJava + useGpgCmd() + sign publishing.publications.Maven } From f2955070e3ec3ef563a30f444694038c0623d979 Mon Sep 17 00:00:00 2001 From: lojzatran Date: Mon, 24 Mar 2025 12:02:08 +0100 Subject: [PATCH 10/16] fix: update CD release --- gradle-scripts/maven-publish.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gradle-scripts/maven-publish.gradle b/gradle-scripts/maven-publish.gradle index 005263d3bb..59d773eef2 100644 --- a/gradle-scripts/maven-publish.gradle +++ b/gradle-scripts/maven-publish.gradle @@ -43,9 +43,9 @@ signing { // def signingKey = System.getenv("PGP_KEY") // def signingPassword = System.getenv("PGP_PASSWORD") // useInMemoryPgpKeys(signingKey, signingPassword) -// sign publishing.publications.mavenJava useGpgCmd() - sign publishing.publications.Maven + sign publishing.publications.mavenJava +// sign publishing.publications.Maven } From 33adc3d0b86ebe341073fc0f502bd6ab61aab19e Mon Sep 17 00:00:00 2001 From: lojzatran Date: Mon, 24 Mar 2025 12:06:27 +0100 Subject: [PATCH 11/16] test: test deployment --- .github/workflows/cd.yml | 3 ++- gradle-scripts/maven-publish.gradle | 1 - 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 864657b78d..a20728d23b 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -54,7 +54,8 @@ jobs: PASSPHRASE: ${{ secrets.PASSPHRASE }} - run: ./gradlew -Pversion=$REF_NAME clean publishToSonatype closeAndReleaseSonatypeStagingRepository env: - GITHUB_TAG: ${{ steps.vars.outputs.tag }} +# GITHUB_TAG: ${{ steps.vars.outputs.tag }} + GITHUB_TAG: 'DEPLOYMENT-TEST' MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} # PGP_KEY: ${{ secrets.PGP_KEY }} diff --git a/gradle-scripts/maven-publish.gradle b/gradle-scripts/maven-publish.gradle index 59d773eef2..3a8ccad8ae 100644 --- a/gradle-scripts/maven-publish.gradle +++ b/gradle-scripts/maven-publish.gradle @@ -45,7 +45,6 @@ signing { // useInMemoryPgpKeys(signingKey, signingPassword) useGpgCmd() sign publishing.publications.mavenJava -// sign publishing.publications.Maven } From 334a255d0703f12ede3063b27a882d9e42fa5e6c Mon Sep 17 00:00:00 2001 From: lojzatran Date: Mon, 24 Mar 2025 12:10:44 +0100 Subject: [PATCH 12/16] test: test deployment --- .github/workflows/cd.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index a20728d23b..e12af5f0cc 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -52,10 +52,10 @@ jobs: DECRYPTER: ${{ secrets.DECRYPTER }} SIGNING_KEY: ${{ secrets.SIGNING_KEY }} PASSPHRASE: ${{ secrets.PASSPHRASE }} - - run: ./gradlew -Pversion=$REF_NAME clean publishToSonatype closeAndReleaseSonatypeStagingRepository + - run: ./gradlew -Pversion=$REF_NAME setLibraryVersion -Dbuild.version="TEST_DEPLOYMENT" clean publishToSonatype closeAndReleaseSonatypeStagingRepository env: -# GITHUB_TAG: ${{ steps.vars.outputs.tag }} - GITHUB_TAG: 'DEPLOYMENT-TEST' +# GITHUB_TAG: TEST_DEPLOYMENT + GITHUB_TAG: TEST_DEPLOYMENT MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} # PGP_KEY: ${{ secrets.PGP_KEY }} From 85fa76f3ff9e861b2d84124244957429aabf0ee0 Mon Sep 17 00:00:00 2001 From: lojzatran Date: Mon, 24 Mar 2025 12:39:15 +0100 Subject: [PATCH 13/16] test: test deployment --- .github/workflows/cd.yml | 97 +++++++++++++++++----------------------- 1 file changed, 41 insertions(+), 56 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index e12af5f0cc..fdd6396498 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -6,33 +6,33 @@ on: - test-new-release-branch jobs: -# benchmark_tests: -# name: benchmark tests -# concurrency: benchmark_tests -# runs-on: ubuntu-latest -# env: -# SOURCE_PROJECT_KEY: java-sync-target-dev2 -# SOURCE_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} -# SOURCE_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} -# TARGET_PROJECT_KEY: java-sync-target-dev2 -# TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} -# TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} -# GRGIT_USER: ${{ secrets.GRGIT_USER }} -# SUBMIT_BENCHMARK_RESULT: true -# steps: -# - name: Git Checkout -# uses: actions/checkout@v4 -# - name: Fetch Library version -# id: vars -# run: echo ::set-output name=libVersion::${GITHUB_REF#refs/*/} -# - name: benchmark test -# if: ${{ success() }} -# run: ./gradlew clean setLibraryVersion benchmark -# env: -# GITHUB_TAG: ${{ steps.vars.outputs.libVersion }} + benchmark_tests: + name: benchmark tests + concurrency: benchmark_tests + runs-on: ubuntu-latest + env: + SOURCE_PROJECT_KEY: java-sync-target-dev2 + SOURCE_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} + SOURCE_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} + TARGET_PROJECT_KEY: java-sync-target-dev2 + TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} + TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} + GRGIT_USER: ${{ secrets.GRGIT_USER }} + SUBMIT_BENCHMARK_RESULT: true + steps: + - name: Git Checkout + uses: actions/checkout@v4 + - name: Fetch Library version + id: vars + run: echo ::set-output name=libVersion::${GITHUB_REF#refs/*/} + - name: benchmark test + if: ${{ success() }} + run: ./gradlew clean setLibraryVersion benchmark + env: + GITHUB_TAG: ${{ steps.vars.outputs.libVersion }} deployment: name: deployment -# needs: benchmark_tests + needs: benchmark_tests runs-on: ubuntu-latest env: GRGIT_USER: ${{ secrets.GRGIT_USER }} @@ -52,37 +52,22 @@ jobs: DECRYPTER: ${{ secrets.DECRYPTER }} SIGNING_KEY: ${{ secrets.SIGNING_KEY }} PASSPHRASE: ${{ secrets.PASSPHRASE }} - - run: ./gradlew -Pversion=$REF_NAME setLibraryVersion -Dbuild.version="TEST_DEPLOYMENT" clean publishToSonatype closeAndReleaseSonatypeStagingRepository + - name: Publish GitHub Pages + run: ./gradlew --info -Dbuild.version="${{ steps.vars.outputs.tag }}" mkdocsPublish + - name: status + run: echo Build is tagged. Uploading artifact ${{ steps.vars.outputs.tag }} to maven central. + - name: deploy to sonatype and publish to maven central + run: ./gradlew -Pversion=$REF_NAME setLibraryVersion -Dbuild.version="${{ steps.vars.outputs.tag }}" clean publishToSonatype closeAndReleaseSonatypeStagingRepository env: -# GITHUB_TAG: TEST_DEPLOYMENT - GITHUB_TAG: TEST_DEPLOYMENT + GITHUB_TAG: ${{ steps.vars.outputs.tag }} MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} -# PGP_KEY: ${{ secrets.PGP_KEY }} -# PGP_PASSWORD: ${{ secrets.PGP_PASSWORD }} -# REF_NAME: ${{ github.ref_name }} -# CTP_OSS_USER: ${{ secrets.OSS_USER }} -# CTP_OSS_SECRET: ${{ secrets.OSS_SECRET }} -# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} -# GITHUB_ACTOR: ${{ secrets.GITHUB_ACTOR }} -# - name: status -# run: echo Build is tagged. Uploading artifact ${{ steps.vars.outputs.tag }} to maven central. -# - name: Publish GitHub Pages -# run: ./gradlew --info -Dbuild.version="${{ steps.vars.outputs.tag }}" mkdocsPublish -# - name: deploy to sonatype and publish to maven central -# run: ./gradlew setLibraryVersion -Dbuild.version="${{ steps.vars.outputs.tag }}" publishToSonatype closeAndReleaseSonatypeStagingRepository -# env: -# GITHUB_TAG: ${{ steps.vars.outputs.tag }} -# MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} -# MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} -# PGP_KEY: ${{ secrets.PGP_KEY }} -# PGP_PASSWORD: ${{ secrets.PGP_PASSWORD }} -# - name: Slack notification -# if: success() # only when previous step succeeds -# env: -# SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} -# SLACK_USERNAME: Github Release Action. -# SLACK_CHANNEL: java-sync -# uses: Ilshidur/action-slack@master -# with: -# args: 'Version: of the library has been published to the .' + - name: Slack notification + if: success() # only when previous step succeeds + env: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + SLACK_USERNAME: Github Release Action. + SLACK_CHANNEL: java-sync + uses: Ilshidur/action-slack@master + with: + args: 'Version: of the library has been published to the .' From ce1339e521b19d7f0d0a8e5d00d1ef909b0d3e1d Mon Sep 17 00:00:00 2001 From: lojzatran Date: Mon, 24 Mar 2025 12:40:44 +0100 Subject: [PATCH 14/16] test: test deployment --- .github/workflows/cd.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index fdd6396498..dc7cb8a876 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -53,13 +53,13 @@ jobs: SIGNING_KEY: ${{ secrets.SIGNING_KEY }} PASSPHRASE: ${{ secrets.PASSPHRASE }} - name: Publish GitHub Pages - run: ./gradlew --info -Dbuild.version="${{ steps.vars.outputs.tag }}" mkdocsPublish + run: ./gradlew --info -Dbuild.version="10.0.6" mkdocsPublish - name: status - run: echo Build is tagged. Uploading artifact ${{ steps.vars.outputs.tag }} to maven central. + run: echo Build is tagged. Uploading artifact 10.0.6 to maven central. - name: deploy to sonatype and publish to maven central - run: ./gradlew -Pversion=$REF_NAME setLibraryVersion -Dbuild.version="${{ steps.vars.outputs.tag }}" clean publishToSonatype closeAndReleaseSonatypeStagingRepository + run: ./gradlew -Pversion=$REF_NAME setLibraryVersion -Dbuild.version="10.0.6" clean publishToSonatype closeAndReleaseSonatypeStagingRepository env: - GITHUB_TAG: ${{ steps.vars.outputs.tag }} + GITHUB_TAG: 10.0.6 MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} - name: Slack notification @@ -70,4 +70,4 @@ jobs: SLACK_CHANNEL: java-sync uses: Ilshidur/action-slack@master with: - args: 'Version: of the library has been published to the .' + args: 'Version: of the library has been published to the .' From 9319a9429bd6d7d508a3a980a61b7592824e1f0f Mon Sep 17 00:00:00 2001 From: lojzatran Date: Mon, 24 Mar 2025 12:51:17 +0100 Subject: [PATCH 15/16] fix: refactor deployment scripts --- .github/workflows/cd.yml | 14 +-- .github/workflows/ci.yml | 136 ++++++++++++++-------------- gradle-scripts/maven-publish.gradle | 3 - 3 files changed, 75 insertions(+), 78 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index dc7cb8a876..c2065b79e9 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -2,8 +2,8 @@ name: CD on: push: - branches: - - test-new-release-branch + tags: + - '*.*.*' jobs: benchmark_tests: @@ -53,13 +53,13 @@ jobs: SIGNING_KEY: ${{ secrets.SIGNING_KEY }} PASSPHRASE: ${{ secrets.PASSPHRASE }} - name: Publish GitHub Pages - run: ./gradlew --info -Dbuild.version="10.0.6" mkdocsPublish + run: ./gradlew --info -Dbuild.version="${{ steps.vars.outputs.tag }}" mkdocsPublish - name: status - run: echo Build is tagged. Uploading artifact 10.0.6 to maven central. + run: echo Build is tagged. Uploading artifact ${{ steps.vars.outputs.tag }} to maven central. - name: deploy to sonatype and publish to maven central - run: ./gradlew -Pversion=$REF_NAME setLibraryVersion -Dbuild.version="10.0.6" clean publishToSonatype closeAndReleaseSonatypeStagingRepository + run: ./gradlew -Pversion=$REF_NAME setLibraryVersion -Dbuild.version="${{ steps.vars.outputs.tag }}" clean publishToSonatype closeAndReleaseSonatypeStagingRepository env: - GITHUB_TAG: 10.0.6 + GITHUB_TAG: ${{ steps.vars.outputs.tag }} MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} - name: Slack notification @@ -70,4 +70,4 @@ jobs: SLACK_CHANNEL: java-sync uses: Ilshidur/action-slack@master with: - args: 'Version: of the library has been published to the .' + args: 'Version: of the library has been published to the .' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 00cbd7d439..8ca79e0117 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,68 +1,68 @@ -#name: CI -# -#on: [push] -# -#jobs: -# checks: -# name: Code Checks -# runs-on: ubuntu-latest -# steps: -# - name: Git Checkout -# uses: actions/checkout@v4 -# - name: Generate Dependency Updates Report -# run: ./gradlew clean dependencyUpdates -# - name: Code formatting -# run: ./gradlew spotlessCheck -# - name: PMD -# run: ./gradlew pmdBenchmark pmdIntegrationTest pmdMain pmdTest -# - name: Spotbugs -# run: ./gradlew spotbugsBenchmark spotbugsIntegrationTest spotbugsMain spotbugsTest -# - name: mkdocsBuild -# run: ./gradlew mkdocsBuild -# tests: -# name: Tests -# concurrency: tests -# needs: checks -# runs-on: ubuntu-latest -# steps: -# - uses: actions/checkout@v4 -# - uses: actions/setup-java@v4 -# with: -# java-version: 11 -# distribution: 'zulu' -# - name: Build with Gradle -# run: ./gradlew clean setLibraryVersion test integrationTest jacocoTestCoverageVerification jacocoTestReport -# env: -# SOURCE_PROJECT_KEY: java-sync-source -# SOURCE_CLIENT_ID: ${{ secrets.SOURCE_CLIENT_ID }} -# SOURCE_CLIENT_SECRET: ${{ secrets.SOURCE_CLIENT_SECRET }} -# TARGET_PROJECT_KEY: java-sync-target -# TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID }} -# TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET }} -# - name: Codecov -# uses: codecov/codecov-action@v4 -# benchmark_tests: -# name: benchmark tests -# concurrency: benchmark_tests -# needs: tests -# runs-on: ubuntu-latest -# env: -# SOURCE_PROJECT_KEY: java-sync-target-dev2 -# SOURCE_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} -# SOURCE_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} -# TARGET_PROJECT_KEY: java-sync-target-dev2 -# TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} -# TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} -# GRGIT_USER: ${{ secrets.GRGIT_USER }} -# SUBMIT_BENCHMARK_RESULT: false -# steps: -# - name: Git Checkout -# uses: actions/checkout@v4 -# - name: Fetch Library version -# id: vars -# run: echo ::set-output name=libVersion::${GITHUB_REF#refs/*/} -# - name: benchmark test -# if: ${{ success() }} -# run: ./gradlew clean setLibraryVersion benchmark -# env: -# GITHUB_TAG: ${{ steps.vars.outputs.libVersion }} +name: CI + +on: [push] + +jobs: + checks: + name: Code Checks + runs-on: ubuntu-latest + steps: + - name: Git Checkout + uses: actions/checkout@v4 + - name: Generate Dependency Updates Report + run: ./gradlew clean dependencyUpdates + - name: Code formatting + run: ./gradlew spotlessCheck + - name: PMD + run: ./gradlew pmdBenchmark pmdIntegrationTest pmdMain pmdTest + - name: Spotbugs + run: ./gradlew spotbugsBenchmark spotbugsIntegrationTest spotbugsMain spotbugsTest + - name: mkdocsBuild + run: ./gradlew mkdocsBuild + tests: + name: Tests + concurrency: tests + needs: checks + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-java@v4 + with: + java-version: 11 + distribution: 'zulu' + - name: Build with Gradle + run: ./gradlew clean setLibraryVersion test integrationTest jacocoTestCoverageVerification jacocoTestReport + env: + SOURCE_PROJECT_KEY: java-sync-source + SOURCE_CLIENT_ID: ${{ secrets.SOURCE_CLIENT_ID }} + SOURCE_CLIENT_SECRET: ${{ secrets.SOURCE_CLIENT_SECRET }} + TARGET_PROJECT_KEY: java-sync-target + TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID }} + TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET }} + - name: Codecov + uses: codecov/codecov-action@v4 + benchmark_tests: + name: benchmark tests + concurrency: benchmark_tests + needs: tests + runs-on: ubuntu-latest + env: + SOURCE_PROJECT_KEY: java-sync-target-dev2 + SOURCE_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} + SOURCE_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} + TARGET_PROJECT_KEY: java-sync-target-dev2 + TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }} + TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }} + GRGIT_USER: ${{ secrets.GRGIT_USER }} + SUBMIT_BENCHMARK_RESULT: false + steps: + - name: Git Checkout + uses: actions/checkout@v4 + - name: Fetch Library version + id: vars + run: echo ::set-output name=libVersion::${GITHUB_REF#refs/*/} + - name: benchmark test + if: ${{ success() }} + run: ./gradlew clean setLibraryVersion benchmark + env: + GITHUB_TAG: ${{ steps.vars.outputs.libVersion }} diff --git a/gradle-scripts/maven-publish.gradle b/gradle-scripts/maven-publish.gradle index 3a8ccad8ae..2d5f1955bb 100644 --- a/gradle-scripts/maven-publish.gradle +++ b/gradle-scripts/maven-publish.gradle @@ -40,9 +40,6 @@ publishing { } signing { -// def signingKey = System.getenv("PGP_KEY") -// def signingPassword = System.getenv("PGP_PASSWORD") -// useInMemoryPgpKeys(signingKey, signingPassword) useGpgCmd() sign publishing.publications.mavenJava } From 2c90b6d1a5d58b05c152b8154492d3a63cd6575e Mon Sep 17 00:00:00 2001 From: lojzatran Date: Mon, 24 Mar 2025 12:53:31 +0100 Subject: [PATCH 16/16] fix: refactor deployment scripts --- .github/workflows/cd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index c2065b79e9..850b310596 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -47,6 +47,8 @@ jobs: with: java-version: 11 distribution: 'zulu' + - name: status + run: echo Build is tagged. Uploading artifact ${{ steps.vars.outputs.tag }} to maven central. - run: scripts/setup-signing-key.sh env: DECRYPTER: ${{ secrets.DECRYPTER }} @@ -54,8 +56,6 @@ jobs: PASSPHRASE: ${{ secrets.PASSPHRASE }} - name: Publish GitHub Pages run: ./gradlew --info -Dbuild.version="${{ steps.vars.outputs.tag }}" mkdocsPublish - - name: status - run: echo Build is tagged. Uploading artifact ${{ steps.vars.outputs.tag }} to maven central. - name: deploy to sonatype and publish to maven central run: ./gradlew -Pversion=$REF_NAME setLibraryVersion -Dbuild.version="${{ steps.vars.outputs.tag }}" clean publishToSonatype closeAndReleaseSonatypeStagingRepository env: