diff --git a/.github/workflows/deployToAWS.yml b/.github/workflows/deployToAWS.yml index d8068a04..6ef57f8b 100644 --- a/.github/workflows/deployToAWS.yml +++ b/.github/workflows/deployToAWS.yml @@ -1,11 +1,33 @@ name: "Publish to SNS Topic: Triggers Deployment to AWS" on: + workflow_call: + inputs: + DEPLOYMENT_ENVIRONMENT: + description: 'Environment' + type: string + required: true + targetCommitRef: + description: 'Commit ref to deploy' + type: string + default: 'main' + secrets: + AWS_REGION: + required: true + AWS_TOPIC_ARN: + required: true + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true workflow_dispatch: inputs: DEPLOYMENT_ENVIRONMENT: description: 'Environment' required: true + targetCommitRef: + description: 'Commit ref to deploy' + default: 'main' jobs: setup: @@ -29,4 +51,5 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} DEPLOYMENT_ENVIRONMENT: ${{ inputs.DEPLOYMENT_ENVIRONMENT }} + TARGET_COMMIT_REF: ${{ inputs.targetCommitRef }} run: python tools/aws_sns_publish_topic.py diff --git a/.github/workflows/pass-java-release.yml b/.github/workflows/pass-java-release.yml new file mode 100644 index 00000000..8bdb2a3b --- /dev/null +++ b/.github/workflows/pass-java-release.yml @@ -0,0 +1,231 @@ +name: Perform release for PASS Java projects + +# Java project releases are grouped together in this workflow because of their dependency +# hierarchy. Building the projects together in the same workflow (on the same runner) +# allows local dependency resolution, avoiding having to wait for syncing with Maven +# Central. +# +# We avoid having to duplicate secrets with a single workflow as well. + +# TODO: How are we going to get the correct credentials to push to other Java repos? +# For this repo, we can easily use secrets.GITHUB_TOKEN, provided automatically to the +# workflow. This token is assotiated with the user that manually triggers the workflow, +# but is scope-limited to only the repository that hosts the workflow. Manipulation +# other repositories will need credentials to be provided (a username/PAT). +# Should we include documentation for the release manager to create a short-lived PAT +# then update the TOKEN secret? + +on: + workflow_call: + inputs: + repository: + description: 'org/repo name of the repository to release (e.g. eclipse-pass/pass-core)' + type: string + required: true + releaseversion: + description: 'Release version (e.g. 0.7.0)' + type: string + required: true + nextversion: + description: 'Next dev version (e.g. 0.8.0-SNAPSHOT)' + type: string + required: true + secrets: + MAVEN_GPG_KEY: + required: true + MAVEN_GPG_PASSPHRASE: + required: true + OSSRH_USERNAME: + required: true + OSSRH_PASSWORD: + required: true + # GH_PAT: + # description: Token needed for pushing commits to various PASS Java repositories + # required: true + +env: + RELEASE: ${{ inputs.releaseversion }} + NEXT: ${{ inputs.nextversion }} + +jobs: + release: + runs-on: ubuntu-latest + + steps: + # Setup + - name: Config git user + run: | + git config --global user.name ${{ github.actor }} + git config --global user.email "${{ github.actor }}@users.noreply.github.com" + + - name: Setup Java & Maven + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + server-id: ossrh + server-username: MAVEN_USERNAME + server-pasword: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE + + - name: Login to GHCR + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # ============================================================================= + # main + # ============================================================================= + - name: Checkout 'main' + uses: actions/checkout@v3 + with: + repository: eclipse-pass/main + path: main + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish release + run: | # Newlines for readability + mvn -B -U -V -ntp release:prepare \ + -DreleaseVersion=$RELEASE \ + -Dtag=$RELEASE \ + -DdevelopmentVersion=$NEXT \ + -DautoVersionSubmodules=true + mvn -B -U -V -ntp release:perform -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Build and publish new dev version + run: mvn -B -U -V -ntp deploy -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Push release plugin commits + if: github.ref_type == 'branch' && github.ref_protected == false + run: git push origin ${{ github.ref_name }} + + - name: Push new release tag GH + run: git push origin --tags + + # ============================================================================= + # pass-core + # ============================================================================= + - name: Checkout pass-core + uses: actions/checkout@v3 + with: + repository: eclipse-pass/pass-core + path: pass-core + token: ${{ secrets.GITHUB_TOKEN }} + + # Version:update-parent will grab the latest specified release (non-snapshot) + - name: Bump version to release + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$RELEASE + + - name: Commit release version bump + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to release" + + - name: Publish release + run: | + mvn -B -U -V -ntp release:prepare \ + -DreleaseVersion=$RELEASE \ + -Dtag=$RELEASE \ + -DdevelopmentVersion=$NEXT \ + -DautoVersionSubmodules=true + mvn -B -U -V -ntp release:perform -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + # Project & submodule POMs already updated to correct dev version + # But reference to parent POM (eclipse-pass-parent) needs to be updated + - name: Update parent POM to new dev version + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$NEXT -DallowSnapshots=true + + - name: Commit snapshot version bump and push commits + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to next development version" + push: true + + # Will produce a new Docker image for the new dev version + - name: Build and publish new dev version + run: mvn -B -U -V -ntp deploy -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Push new release tag GH + run: git push origin --tags + + - name: Push Docker image to GHCR + run: | + docker push ghcr.io/eclipse-pass/pass-core-main:$RELEASE + docker push ghcr.io/eclipse-pass/pass-core-main:$NEXT + + # ============================================================================= + # pass-support + # ============================================================================= + - name: Checkout pass-support + uses: actions/checkout@v3 + with: + repository: eclipse-pass/pass-support + path: pass-support + token: ${{ secrets.GITHUB_TOKEN }} + + # Version:update-parent will grab the latest specified release (non-snapshot) + - name: Bump version to release + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$RELEASE + + - name: Commit release version bump + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to release" + + - name: Publish release + run: | + mvn -B -U -V -ntp release:prepare \ + -DreleaseVersion=$RELEASE \ + -Dtag=$RELEASE \ + -DdevelopmentVersion=$NEXT \ + -DautoVersionSubmodules=true + mvn -B -U -V -ntp release:perform -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + # Project & submodule POMs already updated to correct dev version + # But reference to parent POM (eclipse-pass-parent) needs to be updated + - name: Update parent POM to new dev version + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$NEXT -DallowSnapshots=true + + - name: Commit snapshot version bump and push commits + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to next development version" + push: true + + # Will produce a new Docker image for the new dev version + - name: Build and publish new dev version + run: mvn -B -U -V -ntp deploy -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Push new release tag GH + run: git push origin --tags diff --git a/tools/aws_sns_publish_topic.py b/tools/aws_sns_publish_topic.py index 1c03075b..b5b8144e 100644 --- a/tools/aws_sns_publish_topic.py +++ b/tools/aws_sns_publish_topic.py @@ -7,8 +7,9 @@ TOPIC_ARN = os.getenv('AWS_TOPIC_ARN') DEPLOYMENT_ENVIRONMENT = os.getenv('DEPLOYMENT_ENVIRONMENT') REGION=os.getenv('AWS_REGION') +COMMIT_REF = os.getenv('TARGET_COMMIT_REF') -MESSAGE = {"action": "DeployStart", "commitRef": "main", "deployEnv": DEPLOYMENT_ENVIRONMENT} +MESSAGE = {"action": "DeployStart", "commitRef": COMMIT_REF, "deployEnv": DEPLOYMENT_ENVIRONMENT} client = boto3.client('sns', region_name=REGION,