From 10c54de1f67461ee357641c680af9f7b9fc074b6 Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Fri, 23 Jun 2023 08:54:56 -0400 Subject: [PATCH 1/5] Allow repo commit ref inputs --- .github/workflows/deployToAWS.yml | 23 +++++++++++++++++++++++ tools/aws_sns_publish_topic.py | 3 ++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deployToAWS.yml b/.github/workflows/deployToAWS.yml index d8068a04..6ef57f8b 100644 --- a/.github/workflows/deployToAWS.yml +++ b/.github/workflows/deployToAWS.yml @@ -1,11 +1,33 @@ name: "Publish to SNS Topic: Triggers Deployment to AWS" on: + workflow_call: + inputs: + DEPLOYMENT_ENVIRONMENT: + description: 'Environment' + type: string + required: true + targetCommitRef: + description: 'Commit ref to deploy' + type: string + default: 'main' + secrets: + AWS_REGION: + required: true + AWS_TOPIC_ARN: + required: true + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true workflow_dispatch: inputs: DEPLOYMENT_ENVIRONMENT: description: 'Environment' required: true + targetCommitRef: + description: 'Commit ref to deploy' + default: 'main' jobs: setup: @@ -29,4 +51,5 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} DEPLOYMENT_ENVIRONMENT: ${{ inputs.DEPLOYMENT_ENVIRONMENT }} + TARGET_COMMIT_REF: ${{ inputs.targetCommitRef }} run: python tools/aws_sns_publish_topic.py diff --git a/tools/aws_sns_publish_topic.py b/tools/aws_sns_publish_topic.py index 1c03075b..b5b8144e 100644 --- a/tools/aws_sns_publish_topic.py +++ b/tools/aws_sns_publish_topic.py @@ -7,8 +7,9 @@ TOPIC_ARN = os.getenv('AWS_TOPIC_ARN') DEPLOYMENT_ENVIRONMENT = os.getenv('DEPLOYMENT_ENVIRONMENT') REGION=os.getenv('AWS_REGION') +COMMIT_REF = os.getenv('TARGET_COMMIT_REF') -MESSAGE = {"action": "DeployStart", "commitRef": "main", "deployEnv": DEPLOYMENT_ENVIRONMENT} +MESSAGE = {"action": "DeployStart", "commitRef": COMMIT_REF, "deployEnv": DEPLOYMENT_ENVIRONMENT} client = boto3.client('sns', region_name=REGION, From ea0c1c61cc697731ec5806f109874d8506c00758 Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Mon, 26 Jun 2023 09:48:50 -0400 Subject: [PATCH 2/5] Start consolidating release automations --- .github/actions/pass-java-release/action.yml | 12 ++++ .github/actions/pass-setup-java/action.yml | 20 +++++++ .github/workflows/pass-java-release.yml | 63 ++++++++++++++++++++ 3 files changed, 95 insertions(+) create mode 100644 .github/actions/pass-java-release/action.yml create mode 100644 .github/actions/pass-setup-java/action.yml create mode 100644 .github/workflows/pass-java-release.yml diff --git a/.github/actions/pass-java-release/action.yml b/.github/actions/pass-java-release/action.yml new file mode 100644 index 00000000..7a60264e --- /dev/null +++ b/.github/actions/pass-java-release/action.yml @@ -0,0 +1,12 @@ +name: "Release PASS Java project" +description: > + Release a PASS Java project. This will tag and release the "release" version + then release the next development (-SNAPSHOT) version. Assumes that the environment + has already been setup + +inputs: + +runs: + using: composite + steps: + diff --git a/.github/actions/pass-setup-java/action.yml b/.github/actions/pass-setup-java/action.yml new file mode 100644 index 00000000..bdfc1f1e --- /dev/null +++ b/.github/actions/pass-setup-java/action.yml @@ -0,0 +1,20 @@ +name: Setup PASS Java project + +runs: + using: composite + steps: + - name: Config git user + run: | + git config user.name ${{ github.actor }} + git config user.email "${{ github.actor }}@users.noreply.github.com" + + - name: Setup Java & Maven + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + server-id: ossrh + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE \ No newline at end of file diff --git a/.github/workflows/pass-java-release.yml b/.github/workflows/pass-java-release.yml new file mode 100644 index 00000000..c353e45e --- /dev/null +++ b/.github/workflows/pass-java-release.yml @@ -0,0 +1,63 @@ +name: PASS Java release + +on: + workflow_call: + inputs: + repository: + description: 'org/repo name of the repository to release (e.g. eclipse-pass/pass-core)' + type: string + required: true + releaseversion: + description: 'Release version (e.g. 0.7.0)' + type: string + required: true + nextversion: + description: 'Next dev version (e.g. 0.8.0-SNAPSHOT)' + type: string + required: true + secrets: + MAVEN_GPG_KEY: + required: true + MAVEN_GPG_PASSPHRASE: + required: true + OSSRH_USERNAME: + required: true + OSSRH_PASSWORD: + required: true + GITHUB_TOKEN: + required: true + +env: + RELEASE: ${{ inputs.releaseversion }} + NEXT: ${{ inputs.nextversion }} + +jobs: + release: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: ${{ inputs.repository }} + + # Setup + - name: Config git user + run: | + git config user.name ${{ github.actor }} + git config user.email "${{ github.actor }}@users.noreply.github.com" + + - name: Setup Java & Maven + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + server-id: ossrh + server-username: MAVEN_USERNAME + server-pasword: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE + + # Start work + # Version:update-parent will grab the latest specified release (non-snapshot) + - name: Bump version to release + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$RELEASE From 8d75acaa328e048abdca5a9c23522e0a793f8acc Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Mon, 26 Jun 2023 12:33:03 -0400 Subject: [PATCH 3/5] Consolidate Java releases into one callable workflow --- .github/workflows/pass-java-release.yml | 184 ++++++++++++++++++++++-- 1 file changed, 176 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pass-java-release.yml b/.github/workflows/pass-java-release.yml index c353e45e..badef2ce 100644 --- a/.github/workflows/pass-java-release.yml +++ b/.github/workflows/pass-java-release.yml @@ -1,4 +1,19 @@ -name: PASS Java release +name: Perform release for PASS Java projects + +# Java project releases are grouped together in this workflow because of their dependency +# hierarchy. Building the projects together in the same workflow (on the same runner) +# allows local dependency resolution, avoiding having to wait for syncing with Maven +# Central. +# +# We avoid having to duplicate secrets with a single workflow as well. + +# TODO: How are we going to get the correct credentials to push to other Java repos? +# For this repo, we can easily use secrets.GITHUB_TOKEN, provided automatically to the +# workflow. This token is assotiated with the user that manually triggers the workflow, +# but is scope-limited to only the repository that hosts the workflow. Manipulation +# other repositories will need credentials to be provided (a username/PAT). +# Should we include documentation for the release manager to create a short-lived PAT +# then update the TOKEN secret? on: workflow_call: @@ -25,6 +40,7 @@ on: OSSRH_PASSWORD: required: true GITHUB_TOKEN: + description: Token needed for pushing commits to various PASS Java repositories required: true env: @@ -36,15 +52,11 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v3 - with: ${{ inputs.repository }} - # Setup - name: Config git user run: | - git config user.name ${{ github.actor }} - git config user.email "${{ github.actor }}@users.noreply.github.com" + git config --global user.name ${{ github.actor }} + git config --global user.email "${{ github.actor }}@users.noreply.github.com" - name: Setup Java & Maven uses: actions/setup-java@v3 @@ -57,7 +69,163 @@ jobs: gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} gpg-passphrase: MAVEN_GPG_PASSPHRASE - # Start work + - name: Login to GHCR + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # ============================================================================= + # main + # ============================================================================= + - name: Checkout 'main' + uses: actions/checkout@v3 + with: + repository: eclipse-pass/main + path: main + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish release + run: | # Newlines for readability + mvn -B -U -V -ntp release:prepare \ + -DreleaseVersion=$RELEASE \ + -Dtag=$RELEASE \ + -DdevelopmentVersion=$NEXT \ + -DautoVersionSubmodules=true + mvn -B -U -V -ntp release:perform -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Build and publish new dev version + run: mvn -B -U -V -ntp deploy -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Push release plugin commits + if: github.ref_type == 'branch' && github.ref_protected == false + run: git push origin ${{ github.ref_name }} + + - name: Push new release tag GH + run: git push origin --tags + + # ============================================================================= + # pass-core + # ============================================================================= + - name: Checkout pass-core + uses: actions/checkout@v3 + with: + repository: eclipse-pass/pass-core + path: pass-core + token: ${{ secrets.GITHUB_TOKEN }} + # Version:update-parent will grab the latest specified release (non-snapshot) - name: Bump version to release run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$RELEASE + + - name: Commit release version bump + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to release" + + - name: Publish release + run: | + mvn -B -U -V -ntp release:prepare \ + -DreleaseVersion=$RELEASE \ + -Dtag=$RELEASE \ + -DdevelopmentVersion=$NEXT \ + -DautoVersionSubmodules=true + mvn -B -U -V -ntp release:perform -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + # Project & submodule POMs already updated to correct dev version + # But reference to parent POM (eclipse-pass-parent) needs to be updated + - name: Update parent POM to new dev version + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$NEXT -DallowSnapshots=true + + - name: Commit snapshot version bump and push commits + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to next development version" + push: true + + # Will produce a new Docker image for the new dev version + - name: Build and publish new dev version + run: mvn -B -U -V -ntp deploy -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Push new release tag GH + run: git push origin --tags + + - name: Push Docker image to GHCR + run: | + docker push ghcr.io/eclipse-pass/pass-core-main:$RELEASE + docker push ghcr.io/eclipse-pass/pass-core-main:$NEXT + + # ============================================================================= + # pass-support + # ============================================================================= + - name: Checkout pass-support + uses: actions/checkout@v3 + with: + repository: eclipse-pass/pass-support + path: pass-support + token: ${{ secrets.GITHUB_TOKEN }} + + # Version:update-parent will grab the latest specified release (non-snapshot) + - name: Bump version to release + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$RELEASE + + - name: Commit release version bump + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to release" + + - name: Publish release + run: | + mvn -B -U -V -ntp release:prepare \ + -DreleaseVersion=$RELEASE \ + -Dtag=$RELEASE \ + -DdevelopmentVersion=$NEXT \ + -DautoVersionSubmodules=true + mvn -B -U -V -ntp release:perform -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + # Project & submodule POMs already updated to correct dev version + # But reference to parent POM (eclipse-pass-parent) needs to be updated + - name: Update parent POM to new dev version + run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$NEXT -DallowSnapshots=true + + - name: Commit snapshot version bump and push commits + uses: EndBug/add-and-commit@v9 + with: + add: pom.xml **/pom.xml + message: "Update parent version to next development version" + push: true + + # Will produce a new Docker image for the new dev version + - name: Build and publish new dev version + run: mvn -B -U -V -ntp deploy -P release + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Push new release tag GH + run: git push origin --tags From b3e33a99bcc62dbeb019ca06914d01b00adae7ad Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Mon, 26 Jun 2023 12:35:52 -0400 Subject: [PATCH 4/5] Remove unnecessary actions --- .github/actions/pass-java-release/action.yml | 12 ------------ .github/actions/pass-setup-java/action.yml | 20 -------------------- 2 files changed, 32 deletions(-) delete mode 100644 .github/actions/pass-java-release/action.yml delete mode 100644 .github/actions/pass-setup-java/action.yml diff --git a/.github/actions/pass-java-release/action.yml b/.github/actions/pass-java-release/action.yml deleted file mode 100644 index 7a60264e..00000000 --- a/.github/actions/pass-java-release/action.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: "Release PASS Java project" -description: > - Release a PASS Java project. This will tag and release the "release" version - then release the next development (-SNAPSHOT) version. Assumes that the environment - has already been setup - -inputs: - -runs: - using: composite - steps: - diff --git a/.github/actions/pass-setup-java/action.yml b/.github/actions/pass-setup-java/action.yml deleted file mode 100644 index bdfc1f1e..00000000 --- a/.github/actions/pass-setup-java/action.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: Setup PASS Java project - -runs: - using: composite - steps: - - name: Config git user - run: | - git config user.name ${{ github.actor }} - git config user.email "${{ github.actor }}@users.noreply.github.com" - - - name: Setup Java & Maven - uses: actions/setup-java@v3 - with: - java-version: 17 - distribution: 'temurin' - server-id: ossrh - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} - gpg-passphrase: MAVEN_GPG_PASSPHRASE \ No newline at end of file From 0d9371d35755e0a0553335db0612535404b8eeef Mon Sep 17 00:00:00 2001 From: John Abrahams Date: Mon, 26 Jun 2023 13:28:37 -0400 Subject: [PATCH 5/5] Trial reserved GITHUB_TOKEN across multiple repos --- .github/workflows/pass-java-release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pass-java-release.yml b/.github/workflows/pass-java-release.yml index badef2ce..8bdb2a3b 100644 --- a/.github/workflows/pass-java-release.yml +++ b/.github/workflows/pass-java-release.yml @@ -39,9 +39,9 @@ on: required: true OSSRH_PASSWORD: required: true - GITHUB_TOKEN: - description: Token needed for pushing commits to various PASS Java repositories - required: true + # GH_PAT: + # description: Token needed for pushing commits to various PASS Java repositories + # required: true env: RELEASE: ${{ inputs.releaseversion }}