From 1ab0fbe91a49c9005690e55e8993ffc6d62276e0 Mon Sep 17 00:00:00 2001 From: John Jeffers Date: Fri, 7 Jun 2024 17:19:08 -0600 Subject: [PATCH 1/4] wip --- .github/workflows/deploy.yaml | 92 +++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 .github/workflows/deploy.yaml diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml new file mode 100644 index 00000000..5b58fff3 --- /dev/null +++ b/.github/workflows/deploy.yaml @@ -0,0 +1,92 @@ +# Run locally with act: +# +# act pull_request [--input command=[command]] \ +# --platform fusionauth-builder=[ecr-repo-name]/fusionauth-builder:latest] \ +# --workflows ./.github/workflows/release.yaml \ +# --env-file <(aws configure export-credentials --profile [aws-profile] --format env) + +name: Deploy + +on: + push: + branches: + - main + pull_request: + branches: + - main + workflow_dispatch: + inputs: + command: + type: choice + options: + - build # build only + - publish # build & publish to maven + - release # build & release to svn + default: build + +permissions: + contents: read + +jobs: + build: + if: | + github.event_name == 'pull_request' || + github.event_name == 'push' || + github.event_name == 'workflow_dispatch' && inputs.command == 'build' + runs-on: fusionauth-builder + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: compile + shell: bash -l {0} + run: sb compile + + deploy: + if: | + github.event_name == 'workflow_dispatch' && + (inputs.command == 'release' || inputs.command == 'publish') + runs-on: fusionauth-builder + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: set aws credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: arn:aws:iam::752443094709:role/github-actions + role-session-name: aws-auth-action + aws-region: us-west-2 + + - name: get secret + run: | + while IFS=$'\t' read -r key value; do + echo "::add-mask::${value}" + echo "${key}=${value}" >> $GITHUB_ENV + done < <(aws secretsmanager get-secret-value \ + --region us-west-2 \ + --secret-id platform/maven \ + --query SecretString \ + --output text | \ + jq -r 'to_entries[] | [.key, .value] | @tsv') + + - name: import gpg key + run: | + export GPG_TTY=$(tty) + echo "${{ env.PRIVATE_KEY_B64 }}" | base64 -d > /tmp/key.asc + echo "${{ env.PASSWORD }}" | gpg --batch --yes --passphrase-fd 0 --import /tmp/key.asc + rm /tmp/key.asc + + - name: release to svn + shell: bash -l {0} + run: devsetup -o maven -n + + # - name: release to svn + # if: inputs.command == 'release' + # shell: bash -l {0} + # run: sb release + + # - name: publish to maven + # if: inputs.command == 'publish' + # shell: bash -l {0} + # run: sb publish From c123703862f82c8fdccc272e56df151ae57247a0 Mon Sep 17 00:00:00 2001 From: John Jeffers Date: Fri, 7 Jun 2024 23:26:49 -0600 Subject: [PATCH 2/4] wip --- .github/workflows/deploy.yaml | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 5b58fff3..ab31fa78 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -77,16 +77,23 @@ jobs: echo "${{ env.PASSWORD }}" | gpg --batch --yes --passphrase-fd 0 --import /tmp/key.asc rm /tmp/key.asc - - name: release to svn + - name: setup maven shell: bash -l {0} - run: devsetup -o maven -n + run: | + ~/dev/inversoft/fusionauth/fusionauth-developer/setup.sh -o maven -n + export KEY_NAME="FusionAuth Platform Team" + export PASSPHRASE="${{ env.PASSWORD }}" + export OSSRH_USERNAME="" + export OSSRH_PASSWORD="" + export BREWDIR="/usr" + envsubst < ~/dev/inversoft/fusionauth/fusionauth-developer//setup/modules/files/maven/settings.xml > ~/.m2/settings.xml - # - name: release to svn - # if: inputs.command == 'release' - # shell: bash -l {0} - # run: sb release + - name: release to svn + if: inputs.command == 'release' + shell: bash -l {0} + run: sb release - # - name: publish to maven - # if: inputs.command == 'publish' - # shell: bash -l {0} - # run: sb publish + - name: publish to maven + if: inputs.command == 'publish' + shell: bash -l {0} + run: sb publish From 795042e0c37972e6308c4fcce96758673c01c976 Mon Sep 17 00:00:00 2001 From: John Jeffers Date: Sat, 8 Jun 2024 23:19:36 -0600 Subject: [PATCH 3/4] add release workflow --- .github/workflows/deploy.yaml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index ab31fa78..481ae066 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -73,18 +73,22 @@ jobs: - name: import gpg key run: | export GPG_TTY=$(tty) - echo "${{ env.PRIVATE_KEY_B64 }}" | base64 -d > /tmp/key.asc - echo "${{ env.PASSWORD }}" | gpg --batch --yes --passphrase-fd 0 --import /tmp/key.asc + echo "${{ env.PRIV_KEY_B64 }}" | base64 -d > /tmp/key.asc + echo "${{ env.PRIV_KEY_PASSWORD }}" | gpg --batch --yes --passphrase-fd 0 --import /tmp/key.asc rm /tmp/key.asc + # We need this to prevent 'gpg: signing failed: Timeout' error during 'sb publish' + mkdir -p ~/.gnupg + echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf + - name: setup maven shell: bash -l {0} run: | ~/dev/inversoft/fusionauth/fusionauth-developer/setup.sh -o maven -n export KEY_NAME="FusionAuth Platform Team" - export PASSPHRASE="${{ env.PASSWORD }}" - export OSSRH_USERNAME="" - export OSSRH_PASSWORD="" + export PASSPHRASE="${{ env.PRIV_KEY_PASSWORD }}" + export OSSRH_USERNAME="${{ env.OSSRH_USERNAME }}" + export OSSRH_PASSWORD="${{ env.OSSRH_PASSWORD }}" export BREWDIR="/usr" envsubst < ~/dev/inversoft/fusionauth/fusionauth-developer//setup/modules/files/maven/settings.xml > ~/.m2/settings.xml @@ -96,4 +100,6 @@ jobs: - name: publish to maven if: inputs.command == 'publish' shell: bash -l {0} - run: sb publish + run: | + export GPG_TTY=$(tty) + sb publish From 5e301eb94c44e968ca1f5deada5bfac557da79f7 Mon Sep 17 00:00:00 2001 From: John Jeffers Date: Sun, 9 Jun 2024 11:54:48 -0600 Subject: [PATCH 4/4] remove maven install --- .github/workflows/deploy.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 481ae066..b482b111 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -81,16 +81,15 @@ jobs: mkdir -p ~/.gnupg echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf - - name: setup maven + - name: configure maven settings.xml shell: bash -l {0} run: | - ~/dev/inversoft/fusionauth/fusionauth-developer/setup.sh -o maven -n export KEY_NAME="FusionAuth Platform Team" export PASSPHRASE="${{ env.PRIV_KEY_PASSWORD }}" export OSSRH_USERNAME="${{ env.OSSRH_USERNAME }}" export OSSRH_PASSWORD="${{ env.OSSRH_PASSWORD }}" export BREWDIR="/usr" - envsubst < ~/dev/inversoft/fusionauth/fusionauth-developer//setup/modules/files/maven/settings.xml > ~/.m2/settings.xml + envsubst < ~/dev/inversoft/fusionauth/fusionauth-developer/setup/modules/files/maven/settings.xml > ~/.m2/settings.xml - name: release to svn if: inputs.command == 'release'