From f97ac99839fcc058f07933d4e5c0206cd6d0ae11 Mon Sep 17 00:00:00 2001 From: Mathieu Gabelle Date: Wed, 12 Feb 2025 11:05:51 +0100 Subject: [PATCH] Revert "chore(cicd): move to reusable workflows on github actions" This reverts commit ae7f6c1c6b2e49690b69d1a9a4ae9716420980f2. --- .github/setup-unit.sh | 27 ------ .github/workflows/main.yml | 186 ++++++++++++++++++++++++++++++++++--- 2 files changed, 171 insertions(+), 42 deletions(-) delete mode 100755 .github/setup-unit.sh diff --git a/.github/setup-unit.sh b/.github/setup-unit.sh deleted file mode 100755 index f14f9e1..0000000 --- a/.github/setup-unit.sh +++ /dev/null @@ -1,27 +0,0 @@ -# mkdir certs -# openssl req -new -x509 -days 365 -nodes -out certs/ca.crt -keyout certs/ca.key -subj "/CN=root-ca" - -# mkdir certs/server -# openssl genrsa -des3 -out certs/server/server.key -passout pass:p4ssphrase 2048 -# openssl rsa -in certs/server/server.key -passin pass:p4ssphrase -out certs/server/server.key -# openssl req -new -nodes -key certs/server/server.key -out certs/server/server.csr -subj "/CN=postgresql" -# openssl x509 -req -in certs/server/server.csr -days 365 -CA certs/ca.crt -CAkey certs/ca.key -CAcreateserial -out certs/server/server.crt -# sudo chmod -R 600 certs/server/ -# sudo chown -R 1001 certs/server/ - -# mkdir certs/client -# openssl genrsa -des3 -out certs/client/client.key -passout pass:p4ssphrase 2048 -# openssl rsa -in certs/client/client.key -passin pass:p4ssphrase -out certs/client/client-no-pass.key -# openssl req -new -nodes -key certs/client/client.key -passin pass:p4ssphrase -out certs/client/client.csr -subj "/CN=postgres" -# openssl x509 -req -in certs/client/client.csr -days 365 -CA certs/ca.crt -CAkey certs/ca.key -CAcreateserial -out certs/client/client.crt - -# mkdir plugin-debezium-postgres/src/test/resources/ssl/ -# cp certs/client/* plugin-debezium-postgres/src/test/resources/ssl/ -# cp certs/ca.crt plugin-debezium-postgres/src/test/resources/ssl/ - -docker compose -f docker-compose-ci.yml up -d mysql -docker compose -f docker-compose-ci.yml up -d -sleep 10 -docker compose -f docker-compose-ci.yml exec mysql sh -c "mysql -u root -pmysql_passwd < /tmp/docker/mysql.sql" -docker compose -f docker-compose-ci.yml exec postgres sh -c "export PGPASSWORD=pg_passwd && psql -d postgres -U postgres -f /tmp/docker/postgres.sql > /dev/null" -docker run -v ${PWD}/data:/tmp/docker --network=plugin-debezium_default mcr.microsoft.com/mssql-tools sh -c "/opt/mssql-tools/bin/sqlcmd -S sqlserver -U sa -P Sqls3rv3r_Pa55word! -i /tmp/docker/sqlserver.sql" diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 941851a..e97c0f3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -2,35 +2,191 @@ name: Main on: schedule: - - cron: '0 4 * * 1,2,3,4,5' + - cron: '0 4 * * 1,3,5' push: branches: - master - - main - - releases/* tags: - v* pull_request: branches: - master - - main - - releases/* workflow_dispatch: inputs: skip-test: description: 'Skip test' - type: choice - required: true - default: 'false' - options: - - "true" - - "false" + required: false + type: string + default: "false" jobs: check: - uses: kestra-io/actions/.github/workflows/plugins.yml@main - with: - skip-test: ${{ github.event.inputs.skip-test == 'true' }} - secrets: inherit + name: Check & Publish + runs-on: ubuntu-latest + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + GOOGLE_SERVICE_ACCOUNT: ${{ secrets.GOOGLE_SERVICE_ACCOUNT }} + steps: + - uses: actions/checkout@v4 + + # Caches + - name: Gradle cache + uses: actions/cache@v4 + with: + path: | + ~/.gradle/caches + ~/.gradle/wrapper + key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle*.properties') }} + restore-keys: | + ${{ runner.os }}-gradle- + + # JDK + - name: Set up JDK + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: 21 + + - name: Validate Gradle wrapper + uses: gradle/actions/wrapper-validation@v4 + + # Services + - name: Build the docker-compose stack + if: ${{ github.event.inputs.skip-test == 'false' || github.event.inputs.skip-test == '' }} + run: | + # mkdir certs + # openssl req -new -x509 -days 365 -nodes -out certs/ca.crt -keyout certs/ca.key -subj "/CN=root-ca" + + # mkdir certs/server + # openssl genrsa -des3 -out certs/server/server.key -passout pass:p4ssphrase 2048 + # openssl rsa -in certs/server/server.key -passin pass:p4ssphrase -out certs/server/server.key + # openssl req -new -nodes -key certs/server/server.key -out certs/server/server.csr -subj "/CN=postgresql" + # openssl x509 -req -in certs/server/server.csr -days 365 -CA certs/ca.crt -CAkey certs/ca.key -CAcreateserial -out certs/server/server.crt + # sudo chmod -R 600 certs/server/ + # sudo chown -R 1001 certs/server/ + + # mkdir certs/client + # openssl genrsa -des3 -out certs/client/client.key -passout pass:p4ssphrase 2048 + # openssl rsa -in certs/client/client.key -passin pass:p4ssphrase -out certs/client/client-no-pass.key + # openssl req -new -nodes -key certs/client/client.key -passin pass:p4ssphrase -out certs/client/client.csr -subj "/CN=postgres" + # openssl x509 -req -in certs/client/client.csr -days 365 -CA certs/ca.crt -CAkey certs/ca.key -CAcreateserial -out certs/client/client.crt + + # mkdir plugin-debezium-postgres/src/test/resources/ssl/ + # cp certs/client/* plugin-debezium-postgres/src/test/resources/ssl/ + # cp certs/ca.crt plugin-debezium-postgres/src/test/resources/ssl/ + + docker compose -f docker-compose-ci.yml up -d mysql + docker compose -f docker-compose-ci.yml up -d + sleep 10 + docker compose -f docker-compose-ci.yml exec mysql sh -c "mysql -u root -pmysql_passwd < /tmp/docker/mysql.sql" + docker compose -f docker-compose-ci.yml exec postgres sh -c "export PGPASSWORD=pg_passwd && psql -d postgres -U postgres -f /tmp/docker/postgres.sql > /dev/null" + docker run -v ${PWD}/data:/tmp/docker --network=plugin-debezium_default mcr.microsoft.com/mssql-tools sh -c "/opt/mssql-tools/bin/sqlcmd -S sqlserver -U sa -P Sqls3rv3r_Pa55word! -i /tmp/docker/sqlserver.sql" + + # Gradle check + - name: Build with Gradle + if: ${{ github.event.inputs.skip-test == 'false' || github.event.inputs.skip-test == '' }} + run: ./gradlew check --refresh-dependencies + + # Allure check + - name: Auth to Google Cloud + id: auth + if: ${{ always() && env.GOOGLE_SERVICE_ACCOUNT != 0 }} + uses: 'google-github-actions/auth@v2' + with: + credentials_json: '${{ secrets.GOOGLE_SERVICE_ACCOUNT }}' + + - uses: rlespinasse/github-slug-action@v5 + + - name: Publish allure report + uses: andrcuns/allure-publish-action@v2.9.0 + if: ${{ always() && env.GOOGLE_SERVICE_ACCOUNT != 0 && (github.event.inputs.skip-test == 'false' || github.event.inputs.skip-test == '') }} + env: + GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + JAVA_HOME: /usr/lib/jvm/default-jvm/ + with: + storageType: gcs + resultsGlob: "**/build/allure-results" + bucket: internal-kestra-host + baseUrl: "https://internal.dev.kestra.io" + prefix: ${{ format('{0}/{1}', github.repository, 'allure/java') }} + copyLatest: true + ignoreMissingResults: true + + # Jacoco + - name: 'Set up Cloud SDK' + if: ${{ env.GOOGLE_SERVICE_ACCOUNT != 0 }} + uses: 'google-github-actions/setup-gcloud@v2' + + - name: 'Copy jacoco files' + if: ${{ env.GOOGLE_SERVICE_ACCOUNT != 0 }} + run: | + mv build/reports/jacoco/testCodeCoverageReport build/reports/jacoco/test/ + mv build/reports/jacoco/test/testCodeCoverageReport.xml build/reports/jacoco/test/jacocoTestReport.xml + gsutil -m rsync -d -r build/reports/jacoco/test/ gs://internal-kestra-host/${{ format('{0}/{1}', github.repository, 'jacoco') }} + + # Publish + - name: Publish package to Sonatype + if: github.ref == 'refs/heads/master' + env: + ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USER }} + ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }} + SONATYPE_GPG_KEYID: ${{ secrets.SONATYPE_GPG_KEYID }} + SONATYPE_GPG_PASSWORD: ${{ secrets.SONATYPE_GPG_PASSWORD }} + SONATYPE_GPG_FILE: ${{ secrets.SONATYPE_GPG_FILE }} + run: | + echo "signing.keyId=${SONATYPE_GPG_KEYID}" > ~/.gradle/gradle.properties + echo "signing.password=${SONATYPE_GPG_PASSWORD}" >> ~/.gradle/gradle.properties + echo "signing.secretKeyRingFile=${HOME}/.gradle/secring.gpg" >> ~/.gradle/gradle.properties + echo ${SONATYPE_GPG_FILE} | base64 -d > ~/.gradle/secring.gpg + ./gradlew publishToSonatype + + # Release + - name: Release package to Maven Central + if: startsWith(github.ref, 'refs/tags/v') + env: + ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USER }} + ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }} + SONATYPE_GPG_KEYID: ${{ secrets.SONATYPE_GPG_KEYID }} + SONATYPE_GPG_PASSWORD: ${{ secrets.SONATYPE_GPG_PASSWORD }} + SONATYPE_GPG_FILE: ${{ secrets.SONATYPE_GPG_FILE }} + run: | + echo "signing.keyId=${SONATYPE_GPG_KEYID}" > ~/.gradle/gradle.properties + echo "signing.password=${SONATYPE_GPG_PASSWORD}" >> ~/.gradle/gradle.properties + echo "signing.secretKeyRingFile=${HOME}/.gradle/secring.gpg" >> ~/.gradle/gradle.properties + echo ${SONATYPE_GPG_FILE} | base64 -d > ~/.gradle/secring.gpg + ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository + + # GitHub Release + - name: Create GitHub release + uses: "marvinpinto/action-automatic-releases@latest" + if: startsWith(github.ref, 'refs/tags/v') + with: + repo_token: "${{ secrets.GITHUB_TOKEN }}" + prerelease: false + files: | + build/libs/*.jar + + # Slack + - name: Slack notification + uses: 8398a7/action-slack@v3 + if: ${{ always() && env.SLACK_WEBHOOK_URL != 0 }} + with: + status: ${{ job.status }} + job_name: Check & Publish + fields: repo,message,commit,author,action,eventName,ref,workflow,job,took + username: Github Actions + icon_emoji: ':github-actions:' + channel: 'C02DQ1A7JLR' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + + - name: Notify failed CI + id: send-ci-failed + if: always() && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main') && job.status != 'success' + uses: kestra-io/actions/.github/actions/send-ci-failed@main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}