Replace Jenkins with GitHub Actions (#57)
* Replace Jenkins with Github Actions * [changelog] updated
This commit is contained in:
parent
dce470da95
commit
26cb26ed20
9 changed files with 220 additions and 81 deletions
41
.github/GitHub-Actions.org
vendored
Normal file
41
.github/GitHub-Actions.org
vendored
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
* Deploying using Github Actions
|
||||||
|
|
||||||
|
** Actions definition: workflow/sonatype-deploy.yml
|
||||||
|
|
||||||
|
When a GitHub Release is created, usually from a tag, this action will trigger.
|
||||||
|
|
||||||
|
Using JDK8 the software will be packaged, including running any tests.
|
||||||
|
|
||||||
|
Then the Deploy script will sign the created artifacts then deploy them according to the distributionManagement configuration in the `pom.xml`.
|
||||||
|
|
||||||
|
** Deploy Script
|
||||||
|
|
||||||
|
Uses a signing key provided from the GitHub Actions Secrets as an environment variable to sign the artifact(s) before they are then deployed.
|
||||||
|
|
||||||
|
*** Inputs
|
||||||
|
|
||||||
|
**** DEPLOY_PROJECTS (optional)
|
||||||
|
|
||||||
|
An optional list of modules in a multi-module project to be deployed. If this value is not specified, then all projects will be deployed.
|
||||||
|
|
||||||
|
** Maven Configuration
|
||||||
|
|
||||||
|
Picks up the credentials from Environment variables for authenticating both with GPG and with the target deployment server (e.g. sonatype-nexus).
|
||||||
|
|
||||||
|
*** Inputs
|
||||||
|
|
||||||
|
**** NEXUS_USERNAME
|
||||||
|
|
||||||
|
The username for your account on the deployment server.
|
||||||
|
|
||||||
|
**** NEXUS_PASSWORD
|
||||||
|
|
||||||
|
The password for your account on the deployement server.
|
||||||
|
|
||||||
|
**** GPG_KEYNAME
|
||||||
|
|
||||||
|
The key to use when signing.
|
||||||
|
|
||||||
|
**** GPG_PASSPHRASE
|
||||||
|
|
||||||
|
The passphrase to unlock the key to use when signing.
|
53
.github/NOTES
vendored
Normal file
53
.github/NOTES
vendored
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
Add subkeys:
|
||||||
|
|
||||||
|
????
|
||||||
|
|
||||||
|
Publish:
|
||||||
|
|
||||||
|
gpg --send-keys --keyserver keyserver.ubuntu.com $KEYID
|
||||||
|
gpg --send-keys --keyserver pgp.mit.edu $KEYID
|
||||||
|
gpg --send-keys --keyserver pool.sks-keyservers.net $KEYID
|
||||||
|
|
||||||
|
Backup:
|
||||||
|
|
||||||
|
gpg --export --armor pcampbell@kemitix.net > gpg-key-backup.asc
|
||||||
|
gpg --export-secret-keys --armor pcampbell@kemitix.net >> gpg-key-backup.asc
|
||||||
|
|
||||||
|
Export sub-keys:
|
||||||
|
|
||||||
|
gpg --export-secret-subkeys pcampbell@kemitix.net > subkeys
|
||||||
|
|
||||||
|
Remove master keys:
|
||||||
|
|
||||||
|
gpg --delete-secret-key pcampbell@kemitix.net
|
||||||
|
|
||||||
|
Import sub-keys and clean up:
|
||||||
|
|
||||||
|
gpg --import subkeys
|
||||||
|
|
||||||
|
shred --remove subkeys
|
||||||
|
|
||||||
|
Delete any encryption subkeys:
|
||||||
|
|
||||||
|
gpg --edit-key pcampbell@kemitix.net
|
||||||
|
|
||||||
|
2
|
||||||
|
delkey
|
||||||
|
save
|
||||||
|
|
||||||
|
Change passphrase:
|
||||||
|
|
||||||
|
gpg --edit-key pcampbell@kemitix.net
|
||||||
|
passwd
|
||||||
|
save
|
||||||
|
|
||||||
|
Export keys:
|
||||||
|
|
||||||
|
gpg --export --armor pcampbell@kemitix.net > codesigning.asc
|
||||||
|
gpg --export-secret-keys --armor pcampbell@kemitix.net >> codesigning.asc
|
||||||
|
|
||||||
|
Encrypt keys:
|
||||||
|
|
||||||
|
gpg --symmetric --cipher-algo AES256 codesigning.asc
|
||||||
|
|
||||||
|
shred codesigning.asc
|
BIN
.github/codesigning.asc.gpg
vendored
Normal file
BIN
.github/codesigning.asc.gpg
vendored
Normal file
Binary file not shown.
33
.github/deploy.sh
vendored
Normal file
33
.github/deploy.sh
vendored
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# Decrypts the signing key in .github/codesigning.asc.enc
|
||||||
|
# Imports that key
|
||||||
|
# Uses .github/settings.xml and the release profile to deploy
|
||||||
|
|
||||||
|
echo "deploy.sh: Starting..."
|
||||||
|
|
||||||
|
(
|
||||||
|
cd .github
|
||||||
|
|
||||||
|
echo "Retrieving GPG Private KEY"
|
||||||
|
gpg --quiet \
|
||||||
|
--batch \
|
||||||
|
--yes \
|
||||||
|
--decrypt \
|
||||||
|
--passphrase="${GPG_PASSPHRASE}" \
|
||||||
|
--output codesigning.asc \
|
||||||
|
codesigning.asc.gpg
|
||||||
|
|
||||||
|
echo "Loading signing key"
|
||||||
|
gpg --batch \
|
||||||
|
--fast-import codesigning.asc
|
||||||
|
)
|
||||||
|
|
||||||
|
echo "Releasing..."
|
||||||
|
mvn --settings .github/settings.xml \
|
||||||
|
-Dskip-Tests=true \
|
||||||
|
-P release \
|
||||||
|
-B \
|
||||||
|
deploy
|
||||||
|
|
||||||
|
echo "deploy.sh: Done."
|
28
.github/settings.xml
vendored
Normal file
28
.github/settings.xml
vendored
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8" ?>
|
||||||
|
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0">
|
||||||
|
<servers>
|
||||||
|
<server>
|
||||||
|
<id>sonatype-nexus-snapshots</id>
|
||||||
|
<username>${env.NEXUS_USERNAME}</username>
|
||||||
|
<password>${env.NEXUS_PASSWORD}</password>
|
||||||
|
</server>
|
||||||
|
<server>
|
||||||
|
<id>sonatype-nexus-staging</id>
|
||||||
|
<username>${env.NEXUS_USERNAME}</username>
|
||||||
|
<password>${env.NEXUS_PASSWORD}</password>
|
||||||
|
</server>
|
||||||
|
</servers>
|
||||||
|
<profiles>
|
||||||
|
<profile>
|
||||||
|
<id>gpg-sign</id>
|
||||||
|
<activation>
|
||||||
|
<activeByDefault>true</activeByDefault>
|
||||||
|
</activation>
|
||||||
|
<properties>
|
||||||
|
<gpg.executable>gpg</gpg.executable>
|
||||||
|
<gpg.keyname>${env.GPG_KEYNAME}</gpg.keyname>
|
||||||
|
<gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
|
||||||
|
</properties>
|
||||||
|
</profile>
|
||||||
|
</profiles>
|
||||||
|
</settings>
|
25
.github/workflows/maven-build.yml
vendored
Normal file
25
.github/workflows/maven-build.yml
vendored
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
# This workflow will build a Java project with Maven
|
||||||
|
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
|
||||||
|
|
||||||
|
name: Java CI with Maven
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: '*'
|
||||||
|
pull_request:
|
||||||
|
branches: '*'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
java: [ 8, 11, 13 ]
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
- name: Set up JDK ${{ matrix.java }}
|
||||||
|
uses: actions/setup-java@v1
|
||||||
|
with:
|
||||||
|
java-version: ${{ matrix.java }}
|
||||||
|
- name: Build with Maven
|
||||||
|
run: mvn -B install
|
24
.github/workflows/sonatype-deploy.yml
vendored
Normal file
24
.github/workflows/sonatype-deploy.yml
vendored
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
name: Deploy to Sonatype Nexus
|
||||||
|
|
||||||
|
on:
|
||||||
|
release:
|
||||||
|
types: [created]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
deploy:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
- name: Set up JDK 1.8
|
||||||
|
uses: actions/setup-java@v1
|
||||||
|
with:
|
||||||
|
java-version: 1.8
|
||||||
|
- name: Build with Maven
|
||||||
|
run: mvn -B install
|
||||||
|
- name: Nexus Repo Publish
|
||||||
|
run: sh .github/deploy.sh
|
||||||
|
env:
|
||||||
|
NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }}
|
||||||
|
NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
|
||||||
|
GPG_KEYNAME: ${{ secrets.GPG_KEYNAME }}
|
||||||
|
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
|
|
@ -22,11 +22,25 @@ Dependencies
|
||||||
- Bump assertj from 3.11.1
|
- Bump assertj from 3.11.1
|
||||||
- Bump lombok from 1.18.2
|
- Bump lombok from 1.18.2
|
||||||
|
|
||||||
* [0.7.1] - 2019-03-02
|
* 0.8.0
|
||||||
|
|
||||||
|
** Changed
|
||||||
|
|
||||||
|
- Replace Jenkins with Github Actions (#57)
|
||||||
|
|
||||||
** Dependencies
|
** Dependencies
|
||||||
|
|
||||||
- Bump tiles-maven-plugin from 2.12 to 2.13 (#40)
|
* Bump hamcrest-core from 2.1 to 2.2 (#50)
|
||||||
|
* Bump lombok from 1.18.8 to 1.18.10 (#49)
|
||||||
|
* Bump assertj-core from 3.12.2 to 3.13.2 (#48)
|
||||||
|
* Bump tiles-maven-plugin from 2.14 to 2.15 (#45)
|
||||||
|
* Bump lombok from 1.18.6 to 1.18.8 (#44)
|
||||||
|
* Bump tiles-maven-plugin from 2.13 to 2.14 (#43)
|
||||||
|
* Bump assertj-core from 3.12.1 to 3.12.2 (#42)
|
||||||
|
* Bump lombok from 1.18.4 to 1.18.6 (#41)
|
||||||
|
* Bump tiles-maven-plugin from 2.12 to 2.13 (#40)
|
||||||
|
* Bump hamcrest-core from 1.3 to 2.1 (#37)
|
||||||
|
* Clean up changelog and readme, and remove external build dependencies (#38)
|
||||||
|
|
||||||
* [0.7.0] - 2017-02-18
|
* [0.7.0] - 2017-02-18
|
||||||
|
|
||||||
|
|
|
@ -1,79 +0,0 @@
|
||||||
final String publicRepo = 'https://github.com/kemitix/'
|
|
||||||
final String mvn = "mvn --batch-mode --update-snapshots --errors"
|
|
||||||
|
|
||||||
pipeline {
|
|
||||||
agent any
|
|
||||||
stages {
|
|
||||||
stage('Build & Test') {
|
|
||||||
steps {
|
|
||||||
withMaven(maven: 'maven', jdk: 'JDK 1.8') {
|
|
||||||
sh "${mvn} clean compile checkstyle:checkstyle pmd:pmd test"
|
|
||||||
// Code Coverage to Jenkins
|
|
||||||
jacoco exclusionPattern: '**/*{Test|IT|Main|Application|Immutable}.class'
|
|
||||||
// PMD to Jenkins
|
|
||||||
pmd canComputeNew: false, defaultEncoding: '', healthy: '', pattern: '', unHealthy: ''
|
|
||||||
// Checkstyle to Jenkins
|
|
||||||
step([$class: 'hudson.plugins.checkstyle.CheckStylePublisher',
|
|
||||||
pattern: '**/target/checkstyle-result.xml',
|
|
||||||
healthy:'20',
|
|
||||||
unHealthy:'100'])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
stage('Verify & Install') {
|
|
||||||
steps {
|
|
||||||
withMaven(maven: 'maven', jdk: 'JDK 1.8') {
|
|
||||||
sh "${mvn} -DskipTests install"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
stage('Deploy (published release branch)') {
|
|
||||||
when {
|
|
||||||
expression {
|
|
||||||
(isReleaseBranch() &&
|
|
||||||
isPublished(publicRepo) &&
|
|
||||||
notSnapshot())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
steps {
|
|
||||||
withMaven(maven: 'maven', jdk: 'JDK 1.8') {
|
|
||||||
sh "${mvn} --activate-profiles release deploy"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
stage('Build Java 11') {
|
|
||||||
steps {
|
|
||||||
withMaven(maven: 'maven', jdk: 'JDK 11') {
|
|
||||||
sh "${mvn} clean verify -Djava.version=11"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
stage('Build Java 12') {
|
|
||||||
steps {
|
|
||||||
withMaven(maven: 'maven', jdk: 'JDK 12') {
|
|
||||||
sh "${mvn} clean verify -Djava.version=12"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private boolean isReleaseBranch() {
|
|
||||||
return branchStartsWith('release/')
|
|
||||||
}
|
|
||||||
|
|
||||||
private boolean branchStartsWith(final String branchName) {
|
|
||||||
startsWith(env.GIT_BRANCH, branchName)
|
|
||||||
}
|
|
||||||
|
|
||||||
private boolean isPublished(final String repo) {
|
|
||||||
startsWith(env.GIT_URL, repo)
|
|
||||||
}
|
|
||||||
|
|
||||||
private static boolean startsWith(final String value, final String match) {
|
|
||||||
value != null && value.startsWith(match)
|
|
||||||
}
|
|
||||||
|
|
||||||
private boolean notSnapshot() {
|
|
||||||
return !(readMavenPom(file: 'pom.xml').version).contains("SNAPSHOT")
|
|
||||||
}
|
|
Loading…
Reference in a new issue