Replace Jenkins with GitHub Actions (#105)
* Replace Jenkins with GitHub Actions * Disable JDK 13 test build
This commit is contained in:
parent
d8ef032eac
commit
66dff8a0de
7 changed files with 185 additions and 91 deletions
41
.github/GitHub-Actions.org
vendored
Normal file
41
.github/GitHub-Actions.org
vendored
Normal file
|
@ -0,0 +1,41 @@
|
|||
* Deploying using Github Actions
|
||||
|
||||
** Actions definition: workflow/sonatype-deploy.yml
|
||||
|
||||
When a GitHub Release is created, usually from a tag, this action will trigger.
|
||||
|
||||
Using JDK8 the software will be packaged, including running any tests.
|
||||
|
||||
Then the Deploy script will sign the created artifacts then deploy them according to the distributionManagement configuration in the `pom.xml`.
|
||||
|
||||
** Deploy Script
|
||||
|
||||
Uses a signing key provided from the GitHub Actions Secrets as an environment variable to sign the artifact(s) before they are then deployed.
|
||||
|
||||
*** Inputs
|
||||
|
||||
**** DEPLOY_PROJECTS (optional)
|
||||
|
||||
An optional list of modules in a multi-module project to be deployed. If this value is not specified, then all projects will be deployed.
|
||||
|
||||
** Maven Configuration
|
||||
|
||||
Picks up the credentials from Environment variables for authenticating both with GPG and with the target deployment server (e.g. sonatype-nexus).
|
||||
|
||||
*** Inputs
|
||||
|
||||
**** NEXUS_USERNAME
|
||||
|
||||
The username for your account on the deployment server.
|
||||
|
||||
**** NEXUS_PASSWORD
|
||||
|
||||
The password for your account on the deployement server.
|
||||
|
||||
**** GPG_KEYNAME
|
||||
|
||||
The key to use when signing.
|
||||
|
||||
**** GPG_PASSPHRASE
|
||||
|
||||
The passphrase to unlock the key to use when signing.
|
53
.github/NOTES
vendored
Normal file
53
.github/NOTES
vendored
Normal file
|
@ -0,0 +1,53 @@
|
|||
Add subkeys:
|
||||
|
||||
????
|
||||
|
||||
Publish:
|
||||
|
||||
gpg --send-keys --keyserver keyserver.ubuntu.com $KEYID
|
||||
gpg --send-keys --keyserver pgp.mit.edu $KEYID
|
||||
gpg --send-keys --keyserver pool.sks-keyservers.net $KEYID
|
||||
|
||||
Backup:
|
||||
|
||||
gpg --export --armor pcampbell@kemitix.net > gpg-key-backup.asc
|
||||
gpg --export-secret-keys --armor pcampbell@kemitix.net >> gpg-key-backup.asc
|
||||
|
||||
Export sub-keys:
|
||||
|
||||
gpg --export-secret-subkeys pcampbell@kemitix.net > subkeys
|
||||
|
||||
Remove master keys:
|
||||
|
||||
gpg --delete-secret-key pcampbell@kemitix.net
|
||||
|
||||
Import sub-keys and clean up:
|
||||
|
||||
gpg --import subkeys
|
||||
|
||||
shred --remove subkeys
|
||||
|
||||
Delete any encryption subkeys:
|
||||
|
||||
gpg --edit-key pcampbell@kemitix.net
|
||||
|
||||
2
|
||||
delkey
|
||||
save
|
||||
|
||||
Change passphrase:
|
||||
|
||||
gpg --edit-key pcampbell@kemitix.net
|
||||
passwd
|
||||
save
|
||||
|
||||
Export keys:
|
||||
|
||||
gpg --export --armor pcampbell@kemitix.net > codesigning.asc
|
||||
gpg --export-secret-keys --armor pcampbell@kemitix.net >> codesigning.asc
|
||||
|
||||
Encrypt keys:
|
||||
|
||||
gpg --symmetric --cipher-algo AES256 codesigning.asc
|
||||
|
||||
shred codesigning.asc
|
BIN
.github/codesigning.asc.gpg
vendored
Normal file
BIN
.github/codesigning.asc.gpg
vendored
Normal file
Binary file not shown.
28
.github/settings.xml
vendored
Normal file
28
.github/settings.xml
vendored
Normal file
|
@ -0,0 +1,28 @@
|
|||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0">
|
||||
<servers>
|
||||
<server>
|
||||
<id>sonatype-nexus-snapshots</id>
|
||||
<username>${env.NEXUS_USERNAME}</username>
|
||||
<password>${env.NEXUS_PASSWORD}</password>
|
||||
</server>
|
||||
<server>
|
||||
<id>sonatype-nexus-staging</id>
|
||||
<username>${env.NEXUS_USERNAME}</username>
|
||||
<password>${env.NEXUS_PASSWORD}</password>
|
||||
</server>
|
||||
</servers>
|
||||
<profiles>
|
||||
<profile>
|
||||
<id>gpg-sign</id>
|
||||
<activation>
|
||||
<activeByDefault>true</activeByDefault>
|
||||
</activation>
|
||||
<properties>
|
||||
<gpg.executable>gpg</gpg.executable>
|
||||
<gpg.keyname>${env.GPG_KEYNAME}</gpg.keyname>
|
||||
<gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
|
||||
</properties>
|
||||
</profile>
|
||||
</profiles>
|
||||
</settings>
|
25
.github/workflows/maven-build.yml
vendored
Normal file
25
.github/workflows/maven-build.yml
vendored
Normal file
|
@ -0,0 +1,25 @@
|
|||
# This workflow will build a Java project with Maven
|
||||
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
|
||||
|
||||
name: Java CI with Maven
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: '*'
|
||||
pull_request:
|
||||
branches: '*'
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
java: [ 8, 11 ]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up JDK ${{ matrix.java }}
|
||||
uses: actions/setup-java@v1
|
||||
with:
|
||||
java-version: ${{ matrix.java }}
|
||||
- name: Build with Maven
|
||||
run: mvn -B install
|
38
.github/workflows/sonatype-deploy.yml
vendored
Normal file
38
.github/workflows/sonatype-deploy.yml
vendored
Normal file
|
@ -0,0 +1,38 @@
|
|||
name: Deploy to Sonatype Nexus
|
||||
|
||||
on:
|
||||
release:
|
||||
types: [created]
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up JDK 1.8
|
||||
uses: actions/setup-java@v1
|
||||
with:
|
||||
java-version: 1.8
|
||||
- name: Build with Maven
|
||||
run: mvn -B install
|
||||
- name: Nexus Repo Publish
|
||||
run: |
|
||||
gpg --quiet \
|
||||
--batch \
|
||||
--yes \
|
||||
--decrypt \
|
||||
--passphrase="${{ secrets.GPG_PASSPHRASE }}" \
|
||||
--output codesigning.asc \
|
||||
.github/codesigning.asc.gpg
|
||||
gpg --batch \
|
||||
--fast-import codesigning.asc
|
||||
mvn --settings .github/settings.xml \
|
||||
-Dskip-Tests=true \
|
||||
-P release \
|
||||
-B \
|
||||
deploy
|
||||
env:
|
||||
NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }}
|
||||
NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
|
||||
GPG_KEYNAME: ${{ secrets.GPG_KEYNAME }}
|
||||
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
|
|
@ -1,91 +0,0 @@
|
|||
final String publicRepo = 'https://github.com/kemitix/'
|
||||
final String mvn = "mvn --batch-mode --update-snapshots --errors"
|
||||
|
||||
pipeline {
|
||||
agent any
|
||||
stages {
|
||||
stage('Build & Test') {
|
||||
steps {
|
||||
withMaven(maven: 'maven', jdk: 'JDK 1.8') {
|
||||
sh "${mvn} clean compile checkstyle:checkstyle pmd:pmd test"
|
||||
// PMD to Jenkins
|
||||
pmd canComputeNew: false, defaultEncoding: '', healthy: '', pattern: '', unHealthy: ''
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Report Coverage') {
|
||||
steps {
|
||||
withMaven(maven: 'maven', jdk: 'JDK 1.8') {
|
||||
// Code Coverage to Jenkins
|
||||
jacoco exclusionPattern: '**/*{Test|IT|Main|Application|Immutable}.class'
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Report Checkstyle') {
|
||||
steps {
|
||||
withMaven(maven: 'maven', jdk: 'JDK 1.8') {
|
||||
// Checkstyle to Jenkins
|
||||
step([$class: 'hudson.plugins.checkstyle.CheckStylePublisher',
|
||||
pattern: '**/target/checkstyle-result.xml',
|
||||
healthy:'20',
|
||||
unHealthy:'100'])
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Verify & Install') {
|
||||
steps {
|
||||
withMaven(maven: 'maven', jdk: 'JDK 1.8') {
|
||||
sh "${mvn} -DskipTests install"
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Deploy (published release branch)') {
|
||||
when {
|
||||
expression {
|
||||
(isReleaseBranch() &&
|
||||
isPublished(publicRepo) &&
|
||||
notSnapshot())
|
||||
}
|
||||
}
|
||||
steps {
|
||||
withMaven(maven: 'maven', jdk: 'JDK 1.8') {
|
||||
sh "${mvn} --activate-profiles release deploy"
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Build Java 11') {
|
||||
steps {
|
||||
withMaven(maven: 'maven', jdk: 'JDK 11') {
|
||||
sh "${mvn} clean verify -Djava.version=11"
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Build Java 12') {
|
||||
steps {
|
||||
withMaven(maven: 'maven', jdk: 'JDK 12') {
|
||||
sh "${mvn} clean verify -Djava.version=12"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private boolean isReleaseBranch() {
|
||||
return branchStartsWith('release/')
|
||||
}
|
||||
|
||||
private boolean branchStartsWith(final String branchName) {
|
||||
startsWith(env.GIT_BRANCH, branchName)
|
||||
}
|
||||
|
||||
private boolean isPublished(final String repo) {
|
||||
startsWith(env.GIT_URL, repo)
|
||||
}
|
||||
|
||||
private static boolean startsWith(final String value, final String match) {
|
||||
value != null && value.startsWith(match)
|
||||
}
|
||||
|
||||
private boolean notSnapshot() {
|
||||
return !(readMavenPom(file: 'pom.xml').version).contains("SNAPSHOT")
|
||||
}
|
Loading…
Reference in a new issue