Replace Jenkins with GitHub Actions (#105)

* Replace Jenkins with GitHub Actions

* Disable JDK 13 test build
This commit is contained in:
Paul Campbell 2020-03-24 17:13:54 +00:00 committed by GitHub
parent d8ef032eac
commit 66dff8a0de
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 185 additions and 91 deletions

41
.github/GitHub-Actions.org vendored Normal file
View file

@ -0,0 +1,41 @@
* Deploying using Github Actions
** Actions definition: workflow/sonatype-deploy.yml
When a GitHub Release is created, usually from a tag, this action will trigger.
Using JDK8 the software will be packaged, including running any tests.
Then the Deploy script will sign the created artifacts then deploy them according to the distributionManagement configuration in the `pom.xml`.
** Deploy Script
Uses a signing key provided from the GitHub Actions Secrets as an environment variable to sign the artifact(s) before they are then deployed.
*** Inputs
**** DEPLOY_PROJECTS (optional)
An optional list of modules in a multi-module project to be deployed. If this value is not specified, then all projects will be deployed.
** Maven Configuration
Picks up the credentials from Environment variables for authenticating both with GPG and with the target deployment server (e.g. sonatype-nexus).
*** Inputs
**** NEXUS_USERNAME
The username for your account on the deployment server.
**** NEXUS_PASSWORD
The password for your account on the deployement server.
**** GPG_KEYNAME
The key to use when signing.
**** GPG_PASSPHRASE
The passphrase to unlock the key to use when signing.

53
.github/NOTES vendored Normal file
View file

@ -0,0 +1,53 @@
Add subkeys:
????
Publish:
gpg --send-keys --keyserver keyserver.ubuntu.com $KEYID
gpg --send-keys --keyserver pgp.mit.edu $KEYID
gpg --send-keys --keyserver pool.sks-keyservers.net $KEYID
Backup:
gpg --export --armor pcampbell@kemitix.net > gpg-key-backup.asc
gpg --export-secret-keys --armor pcampbell@kemitix.net >> gpg-key-backup.asc
Export sub-keys:
gpg --export-secret-subkeys pcampbell@kemitix.net > subkeys
Remove master keys:
gpg --delete-secret-key pcampbell@kemitix.net
Import sub-keys and clean up:
gpg --import subkeys
shred --remove subkeys
Delete any encryption subkeys:
gpg --edit-key pcampbell@kemitix.net
2
delkey
save
Change passphrase:
gpg --edit-key pcampbell@kemitix.net
passwd
save
Export keys:
gpg --export --armor pcampbell@kemitix.net > codesigning.asc
gpg --export-secret-keys --armor pcampbell@kemitix.net >> codesigning.asc
Encrypt keys:
gpg --symmetric --cipher-algo AES256 codesigning.asc
shred codesigning.asc

BIN
.github/codesigning.asc.gpg vendored Normal file

Binary file not shown.

28
.github/settings.xml vendored Normal file
View file

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8" ?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0">
<servers>
<server>
<id>sonatype-nexus-snapshots</id>
<username>${env.NEXUS_USERNAME}</username>
<password>${env.NEXUS_PASSWORD}</password>
</server>
<server>
<id>sonatype-nexus-staging</id>
<username>${env.NEXUS_USERNAME}</username>
<password>${env.NEXUS_PASSWORD}</password>
</server>
</servers>
<profiles>
<profile>
<id>gpg-sign</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.executable>gpg</gpg.executable>
<gpg.keyname>${env.GPG_KEYNAME}</gpg.keyname>
<gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
</properties>
</profile>
</profiles>
</settings>

25
.github/workflows/maven-build.yml vendored Normal file
View file

@ -0,0 +1,25 @@
# This workflow will build a Java project with Maven
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
name: Java CI with Maven
on:
push:
branches: '*'
pull_request:
branches: '*'
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
java: [ 8, 11 ]
steps:
- uses: actions/checkout@v2
- name: Set up JDK ${{ matrix.java }}
uses: actions/setup-java@v1
with:
java-version: ${{ matrix.java }}
- name: Build with Maven
run: mvn -B install

38
.github/workflows/sonatype-deploy.yml vendored Normal file
View file

@ -0,0 +1,38 @@
name: Deploy to Sonatype Nexus
on:
release:
types: [created]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Build with Maven
run: mvn -B install
- name: Nexus Repo Publish
run: |
gpg --quiet \
--batch \
--yes \
--decrypt \
--passphrase="${{ secrets.GPG_PASSPHRASE }}" \
--output codesigning.asc \
.github/codesigning.asc.gpg
gpg --batch \
--fast-import codesigning.asc
mvn --settings .github/settings.xml \
-Dskip-Tests=true \
-P release \
-B \
deploy
env:
NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }}
NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
GPG_KEYNAME: ${{ secrets.GPG_KEYNAME }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

View file

@ -1,91 +0,0 @@
final String publicRepo = 'https://github.com/kemitix/'
final String mvn = "mvn --batch-mode --update-snapshots --errors"
pipeline {
agent any
stages {
stage('Build & Test') {
steps {
withMaven(maven: 'maven', jdk: 'JDK 1.8') {
sh "${mvn} clean compile checkstyle:checkstyle pmd:pmd test"
// PMD to Jenkins
pmd canComputeNew: false, defaultEncoding: '', healthy: '', pattern: '', unHealthy: ''
}
}
}
stage('Report Coverage') {
steps {
withMaven(maven: 'maven', jdk: 'JDK 1.8') {
// Code Coverage to Jenkins
jacoco exclusionPattern: '**/*{Test|IT|Main|Application|Immutable}.class'
}
}
}
stage('Report Checkstyle') {
steps {
withMaven(maven: 'maven', jdk: 'JDK 1.8') {
// Checkstyle to Jenkins
step([$class: 'hudson.plugins.checkstyle.CheckStylePublisher',
pattern: '**/target/checkstyle-result.xml',
healthy:'20',
unHealthy:'100'])
}
}
}
stage('Verify & Install') {
steps {
withMaven(maven: 'maven', jdk: 'JDK 1.8') {
sh "${mvn} -DskipTests install"
}
}
}
stage('Deploy (published release branch)') {
when {
expression {
(isReleaseBranch() &&
isPublished(publicRepo) &&
notSnapshot())
}
}
steps {
withMaven(maven: 'maven', jdk: 'JDK 1.8') {
sh "${mvn} --activate-profiles release deploy"
}
}
}
stage('Build Java 11') {
steps {
withMaven(maven: 'maven', jdk: 'JDK 11') {
sh "${mvn} clean verify -Djava.version=11"
}
}
}
stage('Build Java 12') {
steps {
withMaven(maven: 'maven', jdk: 'JDK 12') {
sh "${mvn} clean verify -Djava.version=12"
}
}
}
}
}
private boolean isReleaseBranch() {
return branchStartsWith('release/')
}
private boolean branchStartsWith(final String branchName) {
startsWith(env.GIT_BRANCH, branchName)
}
private boolean isPublished(final String repo) {
startsWith(env.GIT_URL, repo)
}
private static boolean startsWith(final String value, final String match) {
value != null && value.startsWith(match)
}
private boolean notSnapshot() {
return !(readMavenPom(file: 'pom.xml').version).contains("SNAPSHOT")
}