diff --git a/.github/workflows/attach-artifact-release.yml b/.github/workflows/attach-artifact-release.yml
index 91fe1681..6726d9b3 100644
--- a/.github/workflows/attach-artifact-release.yml
+++ b/.github/workflows/attach-artifact-release.yml
@@ -8,5 +8,5 @@ on:
jobs:
attach-artifact-to-release:
- uses: liquibase/build-logic/.github/workflows/extension-attach-artifact-release.yml@v0.4.6
+ uses: liquibase/build-logic/.github/workflows/extension-attach-artifact-release.yml@v0.5.5
secrets: inherit
\ No newline at end of file
diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
index f38bf13b..2b91d640 100644
--- a/.github/workflows/create-release.yml
+++ b/.github/workflows/create-release.yml
@@ -11,5 +11,5 @@ permissions:
jobs:
create-release:
- uses: liquibase/build-logic/.github/workflows/create-release.yml@v0.4.6
+ uses: liquibase/build-logic/.github/workflows/create-release.yml@v0.5.5
secrets: inherit
\ No newline at end of file
diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml
index d6e1843c..8351d21e 100644
--- a/.github/workflows/release-published.yml
+++ b/.github/workflows/release-published.yml
@@ -10,14 +10,89 @@ permissions:
pull-requests: write
jobs:
- release-hibernate6:
- uses: liquibase/build-logic/.github/workflows/extension-release-published.yml@DAT-16025
- with:
- branch: 'main'
- secrets: inherit
-
- release-hibernate5:
- uses: liquibase/build-logic/.github/workflows/extension-release-published.yml@DAT-16025
- with:
- branch: 'hibernate5'
- secrets: inherit
\ No newline at end of file
+ release:
+ name: "Release ${{ matrix.artifact.name }}"
+ strategy:
+ fail-fast: false
+ matrix:
+ artifact: [
+ {name: hibernate6, branch: main},
+ {name: hibernate5, branch: hibernate5},
+ ]
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ ref: ${{ matrix.artifact.branch }}
+
+ - name: Set up Java for publishing to Maven Central Repository
+ uses: actions/setup-java@v3
+ with:
+ java-version: '17'
+ distribution: 'temurin'
+ cache: 'maven'
+ server-id: sonatype-nexus-staging
+ server-username: MAVEN_USERNAME
+ server-password: MAVEN_PASSWORD
+
+ - name: Configure Git
+ run: |
+ git config user.name "liquibot"
+ git config user.email "liquibot@liquibase.org"
+
+ - name: Build release artifacts
+ id: build-release-artifacts
+ run: |
+ mvn -B release:clean release:prepare -Dusername=liquibot -Dpassword=$GITHUB_TOKEN -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DreleaseVersion=${{ github.event.inputs.liquibaseVersion }} -DpushChanges=false
+ git reset --hard HEAD~1
+
+ - name: Get Artifact ID
+ id: get-artifact-id
+ run: echo "artifact_id=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)" >> $GITHUB_ENV
+
+ - name: Download Release Artifacts
+ uses: robinraju/release-downloader@v1.8
+ with:
+ tag: "${{ github.event.release.tag_name }}"
+ filename: "liquibase-${{ matrix.artifact.name }}-*"
+ out-file-path: "."
+
+ - name: Publish to Maven Central
+ env:
+ MAVEN_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+ MAVEN_PASSWORD: ${{ secrets.SONATYPE_TOKEN }}
+ run: |
+ version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+ mvn -B org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1:deploy-file \
+ -Durl=https://oss.sonatype.org/service/local/staging/deploy/maven2/ \
+ -DrepositoryId=sonatype-nexus-staging \
+ -DpomFile=${{ env.artifact_id }}-${version}.pom \
+ -DgeneratePom=false \
+ -Dfile=${{ env.artifact_id }}-${version}.jar \
+ -Dsources=${{ env.artifact_id }}-${version}-sources.jar \
+ -Djavadoc=${{ env.artifact_id }}-${version}-javadoc.jar \
+ -Dfiles=${{ env.artifact_id }}-${version}.jar.asc,${{ env.artifact_id }}-${version}-sources.jar.asc,${{ env.artifact_id }}-${version}-javadoc.jar.asc,${{ env.artifact_id }}-${version}.pom.asc \
+ -Dtypes=jar.asc,jar.asc,jar.asc,pom.asc \
+ -Dclassifiers=,sources,javadoc,
+
+ - name: Prepare Maven Release
+ run: |
+ version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+ git reset --hard HEAD~1
+ git tag -d liquibase-${{ matrix.artifact.name }}-${version}
+ mvn -B build-helper:parse-version versions:set release:clean release:prepare \
+ -Dusername=liquibot -Dpassword=$GITHUB_TOKEN \
+ -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" \
+ -DdevelopmentVersion=\${parsedVersion.majorVersion}.\${parsedVersion.nextMinorVersion}.0-SNAPSHOT -DnewVersion=\${parsedVersion.majorVersion}.\${parsedVersion.nextMinorVersion}.\${parsedVersion.incrementalVersion} \
+ -DcheckModificationExcludeList=pom.xml
+
+ - name: Release Rollback
+ if: failure()
+ run: |
+ mvn -B release:rollback \
+ -Dusername=liquibot -Dpassword=$GITHUB_TOKEN \
+ -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" \
+ -DdevelopmentVersion=\${parsedVersion.majorVersion}.\${parsedVersion.nextMinorVersion}.\${parsedVersion.incrementalVersion}-SNAPSHOT -DnewVersion=\${parsedVersion.majorVersion}.\${parsedVersion.nextMinorVersion}.\${parsedVersion.incrementalVersion} \
+ -DconnectionUrl=scm:git:https://github.com/${{ github.repository }}.git -Dtag=\${parsedVersion.majorVersion}.\${parsedVersion.nextMinorVersion}.\${parsedVersion.incrementalVersion} \
+ -DcheckModificationExcludeList=pom.xml
+
diff --git a/.github/workflows/snyk-nightly.yml b/.github/workflows/snyk-nightly.yml
deleted file mode 100644
index 44dbefa5..00000000
--- a/.github/workflows/snyk-nightly.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-# Run Snyk nightly to scan and report security issues on staging.
-name: Nightly Snyk Scan
-
-# Job will run nightly at 02:05 EDT / 01:05 CDT
-# Time below is UTC
-on:
- schedule:
- - cron: "5 6 * * *"
- workflow_dispatch:
-
-jobs:
- security-scan:
- uses: liquibase/build-logic/.github/workflows/synk-nightly.yml@v0.4.6
- secrets: inherit
\ No newline at end of file
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
deleted file mode 100644
index 176790bc..00000000
--- a/.github/workflows/snyk.yml
+++ /dev/null
@@ -1,67 +0,0 @@
-# Run Snyk nightly to scan and report security issues.
-name: Snyk Scan
-
-# Job will run nightly at 02:05 EDT / 01:05 CDT
-# Time below is UTC
-on:
- schedule:
- - cron: "5 6 * * *"
- workflow_dispatch:
-
-jobs:
- security-scan:
- # This workflow only runs on the main liquibase repo, not in forks
- if: github.repository == 'liquibase/liquibase-hibernate'
-
- name: Snyk Security Scan
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v3
-
- - name: Set up JDK
- uses: actions/setup-java@v3
- with:
- java-version: 17
- distribution: 'temurin'
- cache: 'maven'
-
- - name: Install liquibase-core 0-SNAPSHOT
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: mvn -B clean liquibase-sdk:install-snapshot -Dliquibase.sdk.branchSearch=master
-
- ## Need to install the snyk CLI and not use the github action because the action runs snyk in a separate docker container which does not have access to the installed sub-modules.
- - name: Install snyk
- env:
- SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- run: |
- curl -s https://static.snyk.io/cli/latest/snyk-linux -o snyk
- ls -l snyk
- chmod 755 snyk
- ./snyk config set api="$SNYK_TOKEN"
-
- ## snyk monitor requires --all-projects because otherwise it only reports on the dependencies of one of the sub-modules. It would be nice if we could have one snyk project which included all the sub-modules in it, but that doesn't seem possible at this point
- ## Run monitor before test, so that we report results even if the test step fails
- - name: Report snyk status to web UI
- run: |
- ./snyk monitor --all-projects --org=datical --policy-path=.snyk -- -B -Dscope=compile
-
- ## snyk test requires --all-projects because otherwise it does not fail the run when a problem is found. It just prints "no direct upgrade or path" and continues on
- ## Running with -Dscope=compile in order to report only on shipped modules, not "test" or "provided" scope ones
- - name: Run Snyk Test to check for vulnerabilities
- run: |
- ./snyk test --fail-on=all --all-projects --severity-threshold=low --org=datical --policy-path=.snyk -- -B -Dscope=compile
-
-
- - name: Slack Notification
- if: ${{ failure() }}
- uses: rtCamp/action-slack-notify@v2
- env:
- SLACK_CHANNEL: team-liquibase-community
- SLACK_COLOR: ${{ job.status }} # or a specific color like 'good' or '#ff00ff'
- SLACK_MESSAGE: "${{ github.job }}: ${{ job.status }} @here"
- SLACK_USERNAME: "liquibot"
- SLACK_WEBHOOK: ${{ secrets.SNYK_LIQUIBASE_SLACK_WEBHOOK }}
- MSG_MINIMAL: actions url
- SLACK_ICON_EMOJI: ':liquibase:'
- SLACK_LINK_NAMES: true
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 73cc7585..9487453e 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -14,7 +14,7 @@ permissions:
jobs:
build-test:
- uses: liquibase/build-logic/.github/workflows/os-extension-test.yml@v0.4.6
+ uses: liquibase/build-logic/.github/workflows/os-extension-test.yml@v0.5.5
secrets: inherit
with:
java: '[17, 18]'
diff --git a/pom.xml b/pom.xml
index 112dfb2c..ed315dd5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
org.liquibase
liquibase-parent-pom
- 0.2.4
+ 0.3.1
org.liquibase.ext
@@ -120,5 +120,73 @@
+
+ com.h2database
+ h2
+ test
+
+
+ org.hsqldb
+ hsqldb
+ test
+
+
+ com.microsoft.sqlserver
+ mssql-jdbc
+ test
+
+
+ com.oracle.database.jdbc
+ ojdbc8
+ test
+
+
+ org.postgresql
+ postgresql
+ test
+
+
+
+
+
+ maven-surefire-plugin
+ ${maven-surefire-plugin.version}
+
+ true
+ plain
+
+ ${project.build.directory}/spock-reports
+
+
+
+
+
+ org.apache.maven.surefire
+ surefire-junit47
+ ${maven-surefire-plugin.version}
+
+
+
+
+ maven-failsafe-plugin
+ ${maven-failsafe-plugin.version}
+
+ true
+ plain
+
+ ${project.build.directory}/spock-reports
+
+
+
+
+
+ org.apache.maven.surefire
+ surefire-junit47
+ ${maven-surefire-plugin.version}
+
+
+
+
+