From 3ae184c214ec42e3a2df3f007d97dbdf71b30df4 Mon Sep 17 00:00:00 2001 From: Marcos Tischer Vallim Date: Fri, 13 Feb 2026 18:31:45 -0300 Subject: [PATCH] ci: update workflow --- .github/workflows/cd-deploy.yml | 79 +++++++++++++++++++++++++++ .github/workflows/cd-integration.yml | 58 ++++++++++++++++++++ .github/workflows/cd-release.yml | 25 +++++++++ .github/workflows/cd-snapshot.yml | 35 ++++++++++++ .github/workflows/ci-gates.yml | 36 ++++++++++++ .github/workflows/ci-maven.yml | 57 +++++++++++++++++++ .github/workflows/ci-pull-request.yml | 72 ++++++++++++++++++++++++ .github/workflows/ci.yml | 44 +++++++++++++++ .github/workflows/codeql-analysis.yml | 50 ----------------- .github/workflows/maven.yml | 67 ----------------------- 10 files changed, 406 insertions(+), 117 deletions(-) create mode 100644 .github/workflows/cd-deploy.yml create mode 100644 .github/workflows/cd-integration.yml create mode 100644 .github/workflows/cd-release.yml create mode 100644 .github/workflows/cd-snapshot.yml create mode 100644 .github/workflows/ci-gates.yml create mode 100644 .github/workflows/ci-maven.yml create mode 100644 .github/workflows/ci-pull-request.yml create mode 100644 .github/workflows/ci.yml delete mode 100644 .github/workflows/codeql-analysis.yml delete mode 100644 .github/workflows/maven.yml diff --git a/.github/workflows/cd-deploy.yml b/.github/workflows/cd-deploy.yml new file mode 100644 index 0000000..9806012 --- /dev/null +++ b/.github/workflows/cd-deploy.yml @@ -0,0 +1,79 @@ +name: Publish package to the Maven Central Repository + +on: + workflow_call: + inputs: + environment: + description: Environment + type: string + required: true + +jobs: + publish: + environment: ${{ inputs.environment }} + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up JDK + uses: actions/setup-java@v4 + with: + java-version: 8 + distribution: 'corretto' + server-id: sonatype-central + server-username: OSSRH_USERNAME + server-password: OSSRH_TOKEN + gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} + + - name: Cache Maven packages + uses: actions/cache@v4 + with: + path: ~/.m2 + key: ${{ runner.os }}-deploy-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-deploy-${{ hashFiles('**/pom.xml') }} + + - name: Configure Git user + run: | + git config user.email "actions@github.com" + git config user.name "GitHub Actions" + + - name: Publish Snapshot to the Maven Central Repository + if: ${{ inputs.environment == 'snapshot' }} + run: | + mvn deploy -P snapshot + env: + MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} + OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} + + - id: release-vars + if: ${{ inputs.environment == 'release' }} + name: Set output variables + run: | + RELEASE_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout | grep -e '^[^\[]' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+') + RELEASE_TAG=v${RELEASE_VERSION} + + echo "release-version=$RELEASE_VERSION" >> $GITHUB_OUTPUT + echo "release-tag=$RELEASE_TAG" >> $GITHUB_OUTPUT + + - name: Publish Release to the Maven Central Repository + if: ${{ inputs.environment == 'release' }} + run: | + mvn -B release:prepare -P release + git push origin tag $RELEASE_TAG + mvn -B release:perform -P release + env: + MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} + OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} + RELEASE_VERSION: ${{ steps.release-vars.outputs.release-version }} + RELEASE_TAG: ${{ steps.release-vars.outputs.release-tag }} + + - name: Create Release + if: ${{ inputs.environment == 'release' }} + run: | + gh release create ${RELEASE_TAG} --generate-notes + env: + RELEASE_TAG: ${{ steps.release-vars.outputs.release-tag }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/cd-integration.yml b/.github/workflows/cd-integration.yml new file mode 100644 index 0000000..dd77edb --- /dev/null +++ b/.github/workflows/cd-integration.yml @@ -0,0 +1,58 @@ +name: Build, Gates and Pull Request + +on: + pull_request: + branches: + - develop + types: + - closed + +permissions: + contents: write + pull-requests: write + +jobs: + variables: + if: ${{ github.event.pull_request.merged == true }} + runs-on: ubuntu-latest + outputs: + version: ${{ steps.environment.outputs.version }} + target-branch: ${{ steps.environment.outputs.target-branch }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up JDK + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: "corretto" + cache: "maven" + + - id: environment + name: Set output environment passed to the reusable workflow + run: | + VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout | grep -e '^[^\[]' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+') + echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "target-branch=release/$VERSION" >> $GITHUB_OUTPUT + + ci: + needs: variables + uses: ./.github/workflows/ci-maven.yml + secrets: inherit + + gates: + needs: ci + if: success() + uses: ./.github/workflows/ci-gates.yml + secrets: inherit + + pull-request: + needs: [gates, variables] + uses: ./.github/workflows/ci-pull-request.yml + secrets: inherit + with: + type: Snapshot + labels: automatic,snapshot + source-branch: master + target-branch: ${{ needs.variables.outputs.target-branch }} diff --git a/.github/workflows/cd-release.yml b/.github/workflows/cd-release.yml new file mode 100644 index 0000000..83f36da --- /dev/null +++ b/.github/workflows/cd-release.yml @@ -0,0 +1,25 @@ +name: Build and Publish Release + +on: + pull_request: + branches: + - master + types: + - closed + +permissions: + contents: write + pull-requests: write + +jobs: + ci: + if: ${{ github.event.pull_request.merged == true }} + uses: ./.github/workflows/ci-maven.yml + secrets: inherit + + release: + needs: ci + uses: ./.github/workflows/cd-deploy.yml + secrets: inherit + with: + environment: release diff --git a/.github/workflows/cd-snapshot.yml b/.github/workflows/cd-snapshot.yml new file mode 100644 index 0000000..7099eb0 --- /dev/null +++ b/.github/workflows/cd-snapshot.yml @@ -0,0 +1,35 @@ +name: Build, Publish Snapshot and Pull Request + +on: + pull_request: + branches: + - release/** + types: + - closed + +permissions: + contents: write + pull-requests: write + +jobs: + ci: + if: ${{ github.event.pull_request.merged == true }} + uses: ./.github/workflows/ci-maven.yml + secrets: inherit + + snapshot: + needs: ci + uses: ./.github/workflows/cd-deploy.yml + secrets: inherit + with: + environment: snapshot + + pull-request: + needs: snapshot + uses: ./.github/workflows/ci-pull-request.yml + secrets: inherit + with: + type: Release + labels: automatic,release + source-branch: master + target-branch: master \ No newline at end of file diff --git a/.github/workflows/ci-gates.yml b/.github/workflows/ci-gates.yml new file mode 100644 index 0000000..8a8208a --- /dev/null +++ b/.github/workflows/ci-gates.yml @@ -0,0 +1,36 @@ +name: SonarCloud + +on: + workflow_call: + +jobs: + sonarcloud: + environment: sonarcloud + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: "corretto" + cache: "maven" + + - name: Cache Maven packages + uses: actions/cache@v4 + with: + path: | + ~/.sonar/cache + ~/.m2 + key: ${{ runner.os }}-sonar-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-sonar-${{ hashFiles('**/pom.xml') }} + + - name: Build and analyze + run: mvn -B verify sonar:sonar -P sonar + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/ci-maven.yml b/.github/workflows/ci-maven.yml new file mode 100644 index 0000000..849cb9d --- /dev/null +++ b/.github/workflows/ci-maven.yml @@ -0,0 +1,57 @@ +name: Java CI with Maven + +on: + workflow_call: + +jobs: + build: + runs-on: ubuntu-latest + strategy: + matrix: + java-version: [8, 11, 17, 21] + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up JDK + uses: actions/setup-java@v4 + with: + java-version: ${{ matrix.java-version }} + distribution: "corretto" + cache: "maven" + + - name: Cache Maven packages + uses: actions/cache@v4 + with: + path: ~/.m2 + key: ${{ runner.os }}-build-${{ hashFiles('**/pom.xml') }}-${{ matrix.java-version }} + restore-keys: ${{ runner.os }}-build-${{ hashFiles('**/pom.xml') }}-${{ matrix.java-version }} + + - name: Compile with Maven + run: mvn -T 2C clean generate-sources compile --file pom.xml + + test: + runs-on: ubuntu-latest + strategy: + matrix: + java-version: [8, 11, 17, 21] + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up JDK + uses: actions/setup-java@v4 + with: + java-version: ${{ matrix.java-version }} + distribution: "corretto" + cache: "maven" + + - name: Cache Maven packages + uses: actions/cache@v4 + with: + path: ~/.m2 + key: ${{ runner.os }}-test-${{ hashFiles('**/pom.xml') }}-${{ matrix.java-version }} + restore-keys: ${{ runner.os }}-test-${{ hashFiles('**/pom.xml') }}-${{ matrix.java-version }} + + - name: Test with Maven + run: mvn -T 2C test-compile test --file pom.xml \ No newline at end of file diff --git a/.github/workflows/ci-pull-request.yml b/.github/workflows/ci-pull-request.yml new file mode 100644 index 0000000..59d6c21 --- /dev/null +++ b/.github/workflows/ci-pull-request.yml @@ -0,0 +1,72 @@ +name: Create Pull Request + +on: + workflow_call: + inputs: + source-branch: + description: Source branch + type: string + required: true + target-branch: + description: Target branch + type: string + required: true + labels: + description: Labels to PR + type: string + required: true + type: + description: PR Type + type: string + required: true + +jobs: + open-pr: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Create branch + run: | + REPO="${{ github.repository }}" + BRANCH="${{ inputs.target-branch }}" + BASE="${{ inputs.source-branch }}" + + echo "Checking if branch '$BRANCH' exists in repository '$REPO'..." + + if gh api "repos/$REPO/branches/$BRANCH" --silent >/dev/null 2>&1; then + echo "Branch '$BRANCH' already exists." + else + echo "Branch '$BRANCH' does not exist. It will be created from '$BASE'." + + BASE_SHA=$(gh api "repos/$REPO/git/ref/heads/$BASE" --jq .object.sha) + + if [ -z "$BASE_SHA" ]; then + echo "Error: Could not retrieve the SHA of base branch '$BASE'" + exit 1 + fi + + gh api --method POST "repos/$REPO/git/refs" \ + -f ref="refs/heads/$BRANCH" \ + -f sha="$BASE_SHA" + + echo "Branch '$BRANCH' successfully created!" + fi + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Create Pull Request (${{ inputs.type }}) + uses: peter-evans/create-pull-request@v7 + with: + title: Auto-created pull request into `${{ inputs.target-branch }}` from `${{ github.ref_name }}` + token: ${{ secrets.GITHUB_TOKEN }} + committer: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + author: ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com> + commit-message: Auto Pull Request (${{ inputs.type }}) + body: Auto-created Pull Request + branch: ${{ github.ref }} + base: ${{ inputs.target-branch }} + labels: ${{ inputs.labels }} + assignees: ${{ github.actor }} + reviewers: mvallim diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..a1cdadf --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,44 @@ +name: Build and Pull Request + +on: + push: + branches: + - feature/** + - fix/** + +env: + TYPE: ${{ startsWith(github.ref_name, 'feature') && 'Feature' || 'Fix'}} + LABELS: ${{ startsWith(github.ref_name, 'feature') && 'automatic,feature' || 'automatic,fix' }} + +permissions: + contents: write + pull-requests: write + +jobs: + variables: + runs-on: ubuntu-latest + outputs: + type: ${{ steps.environment.outputs.type }} + labels: ${{ steps.environment.outputs.labels }} + steps: + - id: environment + name: Set output environment passed to the reusable workflow + run: | + echo "type=$TYPE" >> $GITHUB_OUTPUT + echo "labels=$LABELS" >> $GITHUB_OUTPUT + + ci: + needs: variables + uses: ./.github/workflows/ci-maven.yml + secrets: inherit + + pull-request: + needs: [ci, variables] + if: success() + uses: ./.github/workflows/ci-pull-request.yml + secrets: inherit + with: + type: ${{ needs.variables.outputs.type }} + labels: ${{ needs.variables.outputs.labels }} + source-branch: ${{ github.ref_name }} + target-branch: develop diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 80111e2..0000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: [ master ] - paths-ignore: - - '**/README.md' - - '**/CONTRIBUTING.md' - - '**/CONTRIBUTORS.txt' - - '**/CODE_OF_CONDUCT.md' - - '**/LICENSE' - pull_request: - branches: [ master ] - paths-ignore: - - '**/README.md' - - '**/CONTRIBUTING.md' - - '**/CONTRIBUTORS.txt' - - '**/CODE_OF_CONDUCT.md' - - '**/LICENSE' - schedule: - - cron: '28 19 * * 5' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'java' ] - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - - - name: Compile with Maven - run: mvn -T 1C clean compile -Pcode-ql --file pom.xml - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml deleted file mode 100644 index f1e3bfe..0000000 --- a/.github/workflows/maven.yml +++ /dev/null @@ -1,67 +0,0 @@ -# This workflow will build a Java project with Maven -# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven - -name: Java CI with Maven - -on: - push: - branches: [ master ] - paths-ignore: - - '**/README.md' - - '**/CONTRIBUTING.md' - - '**/CONTRIBUTORS.txt' - - '**/LICENSE' - pull_request: - branches: [ master ] - paths-ignore: - - '**/README.md' - - '**/CONTRIBUTING.md' - - '**/CONTRIBUTORS.txt' - - '**/LICENSE' - -jobs: - - build: - runs-on: ubuntu-latest - strategy: - matrix: - java-version: [ 8, 11, 15, 16, 17 ] - steps: - - uses: actions/checkout@v2 - - name: Set up JDK - uses: actions/setup-java@v1 - with: - java-version: ${{ matrix.java-version }} - - name: Compile with Maven - run: mvn -T 1C clean generate-sources compile --file pom.xml - - test: - runs-on: ubuntu-latest - strategy: - matrix: - java-version: [ 8, 11, 15, 16, 17 ] - needs: [build] - steps: - - uses: actions/checkout@v2 - - name: Set up JDK - uses: actions/setup-java@v1 - with: - java-version: ${{ matrix.java-version }} - - name: Test with Maven - run: mvn -T 1C test-compile test --file pom.xml - - sonarcloud: - environment: sonarcloud - runs-on: ubuntu-latest - needs: [build, test] - steps: - - uses: actions/checkout@v2 - - name: Set up JDK 11 - uses: actions/setup-java@v1 - with: - java-version: 11 - - name: SonarCloud Scan - run: mvn clean test jacoco:report org.jacoco:jacoco-maven-plugin:prepare-agent sonar:sonar -Dsonar.projectKey=java-fluent-validator -Dsonar.organization=mvallim -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=$SONAR_TOKEN - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}