-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add Github Action workflows from Nodes
- Loading branch information
Showing
8 changed files
with
691 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,116 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<settings xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd" | ||
xmlns="http://maven.apache.org/SETTINGS/1.1.0" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | ||
<!-- Settings to build with IST repository and deploy to IST repository. --> | ||
|
||
<servers> | ||
<server> | ||
<id>istrepo</id> | ||
<username>${env.NEXUS_BUILD_USER}</username> | ||
<password>${env.NEXUS_BUILD_PASSWD}</password> | ||
</server> | ||
<server> | ||
<id>istrepo-internal</id> | ||
<username>${env.NEXUS_BUILD_USER}</username> | ||
<password>${env.NEXUS_BUILD_PASSWD}</password> | ||
</server> | ||
<server> | ||
<id>istrepo-snapshots</id> | ||
<username>${env.NEXUS_BUILD_USER}</username> | ||
<password>${env.NEXUS_BUILD_PASSWD}</password> | ||
</server> | ||
<server> | ||
<id>ossrh</id> | ||
<username>${env.OSSRH_USER}</username> | ||
<password>${env.OSSRH_PASSWD}</password> | ||
</server> | ||
<server> | ||
<id>gpg.passphrase</id> | ||
<passphrase>${env.GPG_PASSPHRASE}</passphrase> | ||
</server> | ||
</servers> | ||
|
||
<mirrors> | ||
<!-- --> | ||
<mirror> | ||
<id>istrepo</id> | ||
<name>istrepo</name> | ||
<mirrorOf>*</mirrorOf> | ||
<url>https://repo.ist-software.com/repository/maven-public</url> | ||
</mirror> | ||
<!-- --> | ||
</mirrors> | ||
|
||
<profiles> | ||
|
||
<!-- | ||
* deployment profiles for each branch | ||
* starts the deployment for a branch if deployment configuration is present | ||
* only one branch should have a working deployment configuration for one target | ||
--> | ||
<profile> | ||
<id>master</id> | ||
</profile> | ||
|
||
<profile> | ||
<id>develop</id> | ||
<properties> | ||
<deploy.package>true</deploy.package> | ||
<sling.scheme>https</sling.scheme> | ||
<sling.secure>true</sling.secure> | ||
<sling.host>test.composum.com</sling.host> | ||
<sling.port>443</sling.port> | ||
<sling.context></sling.context> | ||
<sling.password>${env.NEXUS_BUILD_PASSWD}</sling.password> | ||
</properties> | ||
</profile> | ||
|
||
<!-- | ||
* default repository profiles | ||
--> | ||
<profile> | ||
<id>istrepo</id> | ||
<activation> | ||
<activeByDefault>true</activeByDefault> | ||
</activation> | ||
<repositories> | ||
<repository> | ||
<id>istrepo-internal</id> | ||
<name>istrepo</name> | ||
<url>https://repo.ist-software.com/repository/maven-releases</url> | ||
<snapshots> | ||
<enabled>false</enabled> | ||
</snapshots> | ||
</repository> | ||
<repository> | ||
<id>istrepo-snapshots</id> | ||
<name>istrepo</name> | ||
<url>https://repo.ist-software.com/repository/maven-snapshots</url> | ||
<snapshots> | ||
<enabled>true</enabled> | ||
</snapshots> | ||
</repository> | ||
</repositories> | ||
<pluginRepositories> | ||
<pluginRepository> | ||
<id>istrepo-internal</id> | ||
<name>istrepo</name> | ||
<url>https://repo.ist-software.com/repository/maven-releases</url> | ||
<snapshots> | ||
<enabled>false</enabled> | ||
</snapshots> | ||
</pluginRepository> | ||
<pluginRepository> | ||
<id>istrepo-snapshots</id> | ||
<name>istrepo</name> | ||
<url>https://repo.ist-software.com/repository/maven-snapshots</url> | ||
<snapshots> | ||
<enabled>true</enabled> | ||
</snapshots> | ||
</pluginRepository> | ||
</pluginRepositories> | ||
</profile> | ||
|
||
</profiles> | ||
</settings> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<settings xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd" | ||
xmlns="http://maven.apache.org/SETTINGS/1.1.0" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | ||
<!-- Try building with only the public repositories --> | ||
|
||
<profiles> | ||
|
||
<!-- https://repo.adobe.com/index.html | ||
According to https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/not-able-to-access-repo-adobe-com/td-p/386197 | ||
the adobe public repo is to be migrated to maven central, but as of 20/04/11 at least the | ||
com.day.jcr.vault:content-package-maven-plugin-parent:pom:0.0.24 is missing for the | ||
com.day.jcr.vault:content-package-maven-plugin:jar:0.0.24 . | ||
TODO: remove this ASAP and just use normal settings provided by Github Actions. | ||
--> | ||
<profile> | ||
<id>adobe-public</id> | ||
<activation> | ||
<activeByDefault>true</activeByDefault> | ||
</activation> | ||
<pluginRepositories> | ||
<pluginRepository> | ||
<!-- prefer maven central plugin repo --> | ||
<id>central</id> | ||
<name>Central Repository</name> | ||
<releases> | ||
<updatePolicy>never</updatePolicy> | ||
</releases> | ||
<snapshots> | ||
<enabled>false</enabled> | ||
</snapshots> | ||
<url>https://repo.maven.apache.org/maven2</url> | ||
</pluginRepository> | ||
|
||
<pluginRepository> | ||
<!-- But fall back to adobe repo for the missing things. :-( --> | ||
<id>adobe-public-releases</id> | ||
<name>Adobe Public Repository</name> | ||
<url>https://repo.adobe.com/nexus/content/groups/public</url> | ||
<releases> | ||
<updatePolicy>never</updatePolicy> | ||
</releases> | ||
<snapshots> | ||
<enabled>false</enabled> | ||
</snapshots> | ||
</pluginRepository> | ||
</pluginRepositories> | ||
</profile> | ||
|
||
</profiles> | ||
</settings> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
# Composum Github Action Setup | ||
|
||
This directory contains the setup for the Github Actions normally used in the Composum repositories. | ||
|
||
(For IST users: See also the more extensive discussion | ||
[in the internal Composum documents](https://cloud.composum.com/content/ist/composum/home/internaldocumentatio/releasingWithGithub.html) | ||
with some non public detail.) | ||
|
||
## Updating the workflows | ||
|
||
The "master" of this directory is in composum-nodes - to keep maintenance simple, please change the files here and | ||
then copy the changes to the other repositories, but by using diff in the IDE or reviewing the changes before committing - | ||
there are some differences in some cases, especially in master.yml and in project composum-meta. | ||
|
||
## Workflows and usage | ||
|
||
### pullrequest.yml | ||
As a sanity check, this workflow is triggered on every pull request. It does a build and test, but does not deploy. | ||
|
||
### develop.yml | ||
Does a build and test on every push to the develop branch. This also deploys to the IST testserver. | ||
|
||
### master.yml | ||
Does a build and test after something is merged to the master branch, and creates the site and deploys that to | ||
Github pages. | ||
|
||
### setversion.yml | ||
This workflow is triggered manually, and updates the version in the pom.xml files. Can be applied to every branch. | ||
|
||
### createrelease.yml | ||
This workflow is triggered manually, and creates a release on the branch it is triggered from. (Possibly you might | ||
want to use setversion.yml, if it's not the immediately next action). It is done in a way that failures shouldn't leave | ||
any traces in the repository, so it can just be restarted after fixing the problem. | ||
|
||
It's possible to do a dryRun. Please be aware that this does everything, including the upload to OSSRH, but does not | ||
"release" the upload but drop it from there. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,188 @@ | ||
# Creates a release and uploads that. We don't upload the site - that's done in the master.yml workflow once it's merged. | ||
# Since our build sometimes fails (because some tests occasionally fail for reasons not in our code) we make this robust: | ||
# the irreversible actions are done only after all builds are done. That is the git push and the release to maven central. | ||
# The copy to the Sonatype staging area is likely repeatable. That way you just have to restart the job if it fails, | ||
# with no harm done and no traces in git. | ||
|
||
name: Create Release | ||
run-name: Create Release of ${{ github.ref_name }} , dryrun=${{ inputs.dryrun }} | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
dryrun: | ||
type: boolean | ||
description: 'Dry run? If given, the release will be built but dropped afterwards from OSSRH, and the git changes will not be pushed.' | ||
default: false | ||
|
||
jobs: | ||
createrelease: | ||
runs-on: ubuntu-latest | ||
|
||
env: | ||
SUBDIR: ${{ github.event.inputs.subdir }} | ||
MVNCMD: mvn -B -ntp -s ${{ github.workspace }}/.github/settings-istrepo.xml -P nexus-staging | ||
|
||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 3 | ||
|
||
- name: print configuration | ||
run: | | ||
echo "MVNCMD: $MVNCMD" | ||
echo "dryrun: ${{ github.event.inputs.dryrun }}" | ||
- name: Set up JDK 11 | ||
uses: actions/setup-java@v3 | ||
with: | ||
java-version: '11' | ||
distribution: 'temurin' | ||
maven-version: 3.8.7 | ||
# deliberately not: cache: maven | ||
|
||
- name: Dump event context for debugging | ||
continue-on-error: true # Debugging output only, and this annoyingly fails when the commit messge has a ( | ||
run: | | ||
echo '${{ github.event_name }} for ${{ github.ref_type }} ${{ github.ref_name }} or ${{ github.event.ref }}' | ||
# https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push | ||
echo 'github.event:' | ||
echo '${{ toJSON(github.event) }}' | ||
- name: Dump github context for debugging | ||
continue-on-error: true # Debugging output only, and this annoyingly fails when the commit message has a ( | ||
run: | | ||
echo '${{ toJSON(github) }}' | ||
- name: Try to set a master password | ||
run: | | ||
MASTERPWD=$(openssl rand -base64 25) | ||
echo "<settingsSecurity> <master>$(mvn --encrypt-master-password "$MASTERPWD")</master></settingsSecurity>" > $HOME/.m2/settings-security.xml | ||
# echo "MASTERPWD=\"$MASTERPWD\"" >> $GITHUB_ENV | ||
# The master password isn't actually used, but the maven-gpg-plugin complains otherwise. | ||
- name: Git & Maven Status | ||
run: | | ||
$MVNCMD -version | ||
git remote -v | ||
git status --untracked-files --ignored | ||
git log -3 --no-color --decorate | ||
- name: Mvn Effective POM | ||
run: $MVNCMD -N help:effective-pom | ||
|
||
- name: Mvn Effective Settings | ||
run: $MVNCMD -N help:effective-settings | ||
|
||
- name: Import GPG key | ||
env: | ||
GPG_SECRET_KEYS: ${{ secrets.GPG_SECRET_KEYS }} | ||
GPG_OWNERTRUST: ${{ secrets.GPG_OWNERTRUST }} | ||
run: | | ||
echo $GPG_SECRET_KEYS | base64 --decode | gpg --import --no-tty --batch --yes | ||
echo $GPG_OWNERTRUST | base64 --decode | gpg --import-ownertrust --no-tty --batch --yes | ||
gpg -v --refresh-keys | ||
gpg --list-secret-keys --keyid-format LONG | ||
- name: Configure git user for release commits | ||
# specific to repository - we don't want that to be the same thing in a fork. | ||
env: | ||
X_RELEASE_USERNAME: ${{ vars.RELEASE_USERNAME }} | ||
X_RELEASE_USEREMAIL: ${{ vars.RELEASE_USEREMAIL }} | ||
run: | | ||
git config --global user.email "${X_RELEASE_USERNAME}" | ||
git config --global user.name "${X_RELEASE_USEREMAIL}" | ||
- name: Check that we are on snapshot branch before creating the release | ||
run: | | ||
echo "Version: " | ||
$MVNCMD help:evaluate -Dexpression=project.version -q -DforceStdout | ||
$MVNCMD help:evaluate -Dexpression=project.version -q -DforceStdout | egrep -- '-SNAPSHOT$' > /dev/null || exit 1 | ||
# unfortunately, this would require a snapshot parent if just called from the command line, so we cannot use it: :-( | ||
# mvn org.apache.maven.plugins:maven-enforcer-plugin:3.2.1:enforce -Drules=requireSnapshotVersion | ||
- name: Dry run of release goals | ||
env: | ||
GPG_PASSPHRASE : ${{ secrets.GPG_PASSPHRASE }} | ||
run: | | ||
# export GPG_PASSPHRASE=$(mvn --encrypt-password "$(echo $GPG_PASSPHRASE_RAW | base64 --decode)") | ||
$MVNCMD clean release:clean | ||
$MVNCMD release:prepare -DdryRun=true -DpushChanges=false | ||
$MVNCMD release:perform -DdryRun=true -DlocalCheckout=true -DdeployAtEnd=true | ||
$MVNCMD clean release:clean | ||
git clean -f -d -x | ||
- name: Verify git is clean | ||
run: | | ||
git status --untracked-files --ignored | ||
git log -3 --no-color --decorate | ||
git clean -f -d | ||
- name: Prepare release | ||
env: | ||
GPG_PASSPHRASE : ${{ secrets.GPG_PASSPHRASE }} | ||
run: | | ||
git clean -f -d -x | ||
# we use -P allmodules to set the new versions here even in the modules that we want not pushed to maven central | ||
# That is not done during mvn release:perform, so they aren't uploaded to maven central. | ||
$MVNCMD -P allmodules clean release:clean release:prepare -DpushChanges=false | ||
- name: Git status after prepare | ||
run: | | ||
git status --untracked-files --ignored | ||
git log -3 --no-color --decorate | ||
cat release.properties || true | ||
- name: Perform release | ||
env: | ||
OSSRH_USER: ${{ secrets.OSSRH_USER }} | ||
OSSRH_PASSWD: ${{ secrets.OSSRH_PASSWD }} | ||
GPG_PASSPHRASE : ${{ secrets.GPG_PASSPHRASE }} | ||
run: | | ||
$MVNCMD release:perform -DlocalCheckout=true -DdeployAtEnd=true "-Dgoals=clean install package source:jar javadoc:jar deploy" "-Darguments=-DdeployAtEnd=true" | ||
- name: Git Status after perform | ||
if: always() | ||
run: | | ||
git status | ||
git log -3 --no-color --decorate | ||
- name: Git Status after perform, long | ||
if: always() | ||
run: | | ||
git status --untracked-files --ignored | ||
- name: Push changes | ||
if: ${{ github.event.inputs.dryrun == 'false' }} | ||
run: | | ||
git push origin --follow-tags -v | ||
- name: Release to maven central repository | ||
if: ${{ github.event.inputs.dryrun == 'false' }} | ||
env: | ||
OSSRH_USER: ${{ secrets.OSSRH_USER }} | ||
OSSRH_PASSWD: ${{ secrets.OSSRH_PASSWD }} | ||
run: | | ||
cd target/checkout | ||
pwd | ||
$MVNCMD nexus-staging:release | ||
- name: Drop from OSSRH on dryrun | ||
if: ${{ github.event.inputs.dryrun != 'false' }} | ||
env: | ||
OSSRH_USER: ${{ secrets.OSSRH_USER }} | ||
OSSRH_PASSWD: ${{ secrets.OSSRH_PASSWD }} | ||
run: | | ||
cd target/checkout | ||
pwd | ||
$MVNCMD nexus-staging:drop | ||
- name: List target files even if recipe fails | ||
if: always() | ||
run: | | ||
pwd | ||
ls -ld | ||
ls -ld target | ||
find . -type d -name target | ||
ls -l ./target/checkout/target || true | ||
ls -l ./target/checkout/commons/target || true |
Oops, something went wrong.