From d08deb9aafa43902ae50f4a14349e424f0699a66 Mon Sep 17 00:00:00 2001 From: jandroav Date: Mon, 23 Oct 2023 13:46:07 +0200 Subject: [PATCH 1/2] DAT-16097 --- .github/dependabot.yml | 16 +- .github/release-drafter.yml | 53 +++++ .github/workflows/attach-artifact-release.yml | 12 ++ .github/workflows/build-nightly.yml | 13 ++ .github/workflows/ci-report.yml | 50 ----- .github/workflows/ci.yml | 163 ---------------- .github/workflows/codeql.yml | 18 ++ .github/workflows/create-release.yml | 87 +-------- .github/workflows/label-pr.yml | 19 ++ .github/workflows/release-published.yml | 104 ++++------ .github/workflows/snyk.yml | 62 ------ .github/workflows/test.yml | 54 ++++++ .snyk | 9 - pom.xml | 181 ++++-------------- 14 files changed, 260 insertions(+), 581 deletions(-) create mode 100644 .github/release-drafter.yml create mode 100644 .github/workflows/attach-artifact-release.yml create mode 100644 .github/workflows/build-nightly.yml delete mode 100644 .github/workflows/ci-report.yml delete mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/label-pr.yml delete mode 100644 .github/workflows/snyk.yml create mode 100644 .github/workflows/test.yml delete mode 100644 .snyk diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a217b34..54c9015 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,7 +1,13 @@ version: 2 updates: -- package-ecosystem: maven - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 10 + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + + - package-ecosystem: "maven" + directory: "/" + schedule: + interval: "daily" + diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 0000000..394f795 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,53 @@ + +name-template: 'Support for $OWNER $REPOSITORY Extension v$NEXT_MINOR_VERSION' +tag-template: 'v$NEXT_MINOR_VERSION' +exclude-labels: + - 'skipReleaseNotes' +categories: + - title: ':green_book: Notable Changes' + labels: + - 'notableChanges' + - title: '🚀 New Features' + labels: + - 'TypeEnhancement' + - 'TypeTest' + - title: '🐛 Bug Fixes 🛠' + labels: + - 'TypeBug' + - title: '💥 Breaking Changes' + labels: + - 'breakingChanges' + - title: '🤖 Security Driver and Other Updates' + collapse-after: 5 + labels: + - 'sdou' + - 'dependencies' + - title: '👏 New Contributors' + labels: + - 'newContributors' + + +change-template: '- (#$NUMBER) $TITLE @$AUTHOR ' +change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. +version-resolver: + major: + labels: + - 'major' + minor: + labels: + - 'minor' + patch: + labels: + - 'feature' + - 'enhancement' + - 'patch' + - 'bugfix' + - 'sdou' + default: minor +template: | + ## Changes + + $CHANGES + + **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...$REPOSITORY-$RESOLVED_VERSION + diff --git a/.github/workflows/attach-artifact-release.yml b/.github/workflows/attach-artifact-release.yml new file mode 100644 index 0000000..ea07976 --- /dev/null +++ b/.github/workflows/attach-artifact-release.yml @@ -0,0 +1,12 @@ +name: Attach Artifact to Release + +on: + pull_request: + types: + - closed + +jobs: + + attach-artifact-to-release: + uses: liquibase/build-logic/.github/workflows/extension-attach-artifact-release.yml@v0.5.2 + secrets: inherit diff --git a/.github/workflows/build-nightly.yml b/.github/workflows/build-nightly.yml new file mode 100644 index 0000000..e4c9e89 --- /dev/null +++ b/.github/workflows/build-nightly.yml @@ -0,0 +1,13 @@ +# This workflow will build the extension against the latest Liquibase artifact +name: "Nightly build" + +on: + schedule: + - cron: '0 7 * * 1-5' + +jobs: + nightly-build: + uses: liquibase/build-logic/.github/workflows/os-extension-test.yml@v0.5.2 + with: + nightly: true + secrets: inherit diff --git a/.github/workflows/ci-report.yml b/.github/workflows/ci-report.yml deleted file mode 100644 index 6d8c2e3..0000000 --- a/.github/workflows/ci-report.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: 'Continuous Integration - Report' -on: - workflow_run: - workflows: [Continuous Integration] - types: [completed] - -jobs: - test-report: - name: Report Test Results - runs-on: ubuntu-latest - if: github.event.workflow_run.conclusion != 'skipped' - - steps: - - uses: actions/checkout@v2 - - - name: Download and Extract Artifacts - env: - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - run: | - mvn -B liquibase-sdk:download-snapshot-artifacts \ - -Dliquibase.sdk.repo=${{ github.repository }} \ - -Dliquibase.sdk.runId=${{ github.event.workflow_run.id }} \ - -Dliquibase.sdk.downloadDirectory=artifacts \ - -Dliquibase.sdk.artifactPattern=* \ - -Dliquibase.sdk.unzipArtifacts=true - - - name: Publish Unit Test Results - uses: EnricoMi/publish-unit-test-result-action@v2 - with: - commit: ${{ github.event.workflow_run.head_sha }} - event_file: artifacts/Event File/event.json - event_name: ${{ github.event.workflow_run.event }} - junit_files: "artifacts/test-reports-*/**/*.xml" - - build-testing-comment: - name: Add Build Testing Comment - runs-on: ubuntu-latest - if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch != 'main' - - steps: - - uses: actions/checkout@v2 - - - name: Create "BUILD_TESTING" comment - env: - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - run: | - mvn -B liquibase-sdk:set-pull-request-comment \ - -Dliquibase.sdk.repo=${{ github.repository }} \ - -Dliquibase.sdk.pr.newComment=BUILD_TESTING \ - -Dliquibase.sdk.pr.definition=${{ github.event.workflow_run.head_branch }} \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index e981075..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,163 +0,0 @@ -name: Continuous Integration - -on: - pull_request: - types: - - opened - - reopened - - synchronize - schedule: - - cron: "5 6 * * *" - repository_dispatch: - types: [ liquibase-ci ] - push: - branches: - - main - -jobs: - build: - name: Build & Package - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: Set up JDK 17 - uses: actions/setup-java@v2 - with: - java-version: 17 - distribution: 'temurin' - cache: 'maven' - - - name: Install liquibase-core 0-SNAPSHOT - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: mvn -B clean liquibase-sdk:install-snapshot -Dliquibase.sdk.branchSearch=MATCHING_BRANCHES,master - - - name: Build and Package - run: mvn -B dependency:go-offline clean package -DskipTests=true - - - name: Save Artifacts - uses: actions/upload-artifact@v2 - with: - name: liquibase-maxdb-artifacts - path: | - target/*.jar - - - name: Save Event File - uses: actions/upload-artifact@v3 - with: - name: Event File - path: ${{ github.event_path }} - - - name: Build Cache - uses: actions/cache@v3.0.5 - with: - key: build-${{ github.run_number }}-${{ github.run_attempt }} - path: | - **/target/** - ~/.m2/repository/org/liquibase/ - - unit-test: - name: Test Java ${{ matrix.java }} - runs-on: ubuntu-latest - needs: build - - strategy: - fail-fast: false - matrix: - java: [ 8, 11, 17, 18 ] - - steps: - - uses: actions/checkout@v2 - - - name: Set up JDK ${{ matrix.java }} - uses: actions/setup-java@v2 - with: - java-version: ${{ matrix.java }} - distribution: 'temurin' - cache: 'maven' - - - name: Build Cache - uses: actions/cache@v3.0.5 - with: - key: build-${{ github.run_number }}-${{ github.run_attempt }} - path: | - **/target/** - ~/.m2/repository/org/liquibase/ - - - name: Run Tests - run: mvn -B jacoco:prepare-agent surefire:test - - - name: Archive Test Results - if: ${{ always() }} - uses: actions/upload-artifact@v2 - with: - name: test-reports-jdk-${{ matrix.java }} - path: | - **/target/surefire-reports - **/target/jacoco.exec - -# integration-test: -# name: Test Harness for Maxdb ${{ matrix.maxdb }} -# needs: build -# runs-on: ubuntu-latest -# -# strategy: -# fail-fast: false -# matrix: -# maxdb: [ "" ] -# -# steps: -# - uses: actions/checkout@v2 -# -# - name: Set up JDK -# uses: actions/setup-java@v2 -# with: -# java-version: 17 -# distribution: 'temurin' -# cache: 'maven' -# -# - name: Build Cache -# uses: actions/cache@v3.0.5 -# with: -# key: build-${{ github.run_number }}-${{ github.run_attempt }} -# path: | -# **/target/** -# ~/.m2/repository/org/liquibase/ -# -# - name: Run Tests -# run: mvn -B jacoco:prepare-agent surefire:test -Dmaxdb.version=${{ matrix.maxdb }} -# -# - name: Archive Test Results -# if: ${{ always() }} -# uses: actions/upload-artifact@v2 -# with: -# name: test-reports-maxdb-${{ matrix.maxdb }} -# path: | -# **/target/surefire-reports -# **/target/jacoco.exec - - - dependabot: - name: Merge dependabot - runs-on: ubuntu-latest - needs: unit-test - permissions: - contents: write - pull-requests: write - if: ${{ github.actor == 'dependabot[bot]' }} - - steps: - - name: Dependabot metadata - id: dependabot-metadata - uses: dependabot/fetch-metadata@v1.3.1 - - - name: Approve patch and minor updates - if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}} - run: | - gh pr merge --auto --merge "$PR_URL" - gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..e3fc948 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,18 @@ +name: CodeQL + +on: + workflow_dispatch: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '16 14 * * 4' + +jobs: + codeql: + uses: liquibase/build-logic/.github/workflows/codeql.yml@v0.5.3 + secrets: inherit + with: + languages: '[java]' diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 1dfe0b4..d766640 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -1,85 +1,12 @@ name: Create Release + on: - repository_dispatch: - types: [liquibase-release] workflow_dispatch: - inputs: - liquibaseVersion: - description: 'Liquibase Version' - required: true - extensionVersion: - description: 'Extension Version (Defaults to Liquibase Version)' - required: false + push: + branches: + - main jobs: - setup: - name: Setup - runs-on: ubuntu-latest - outputs: - liquibaseVersion: ${{ steps.collect-data.outputs.liquibaseVersion }} - extensionVersion: ${{ steps.collect-data.outputs.extensionVersion }} - steps: - - name: Collect Data - id: collect-data - uses: actions/github-script@v4 - with: - script: | - if (context.payload.client_payload) { - core.setOutput("liquibaseVersion", context.payload.client_payload.liquibaseVersion); - core.setOutput("extensionVersion", context.payload.client_payload.liquibaseVersion); - } else if (context.payload.inputs) { - core.setOutput("liquibaseVersion", context.payload.inputs.liquibaseVersion); - core.setOutput("extensionVersion", context.payload.inputs.extensionVersion || context.payload.inputs.liquibaseVersion); - } else { - core.setFailed('Unknown event type') - } - - - run: | - echo "Saw Liquibase version ${{ steps.collect-data.outputs.liquibaseVersion }}" - echo "Saw Extension version ${{ steps.collect-data.outputs.extensionVersion }}" - - create-release-artifacts: - name: "Create release artifacts" - runs-on: ubuntu-latest - needs: setup - steps: - - uses: actions/checkout@v2 - with: - persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token - fetch-depth: 0 # otherwise, you will fail to push refs to dest repo - - - name: Set up JDK - uses: actions/setup-java@v2 - with: - java-version: '17' - distribution: 'temurin' - cache: 'maven' - gpg-private-key: ${{ secrets.GPG_SECRET }} - gpg-passphrase: GPG_PASSPHRASE - env: - GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }} - - - name: Download snapshot build - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: mvn -B liquibase-sdk:download-snapshot-artifacts -Dliquibase.sdk.repo=${{ github.repository }} -Dliquibase.sdk.branchSearch=master -Dliquibase.sdk.artifactPattern=liquibase-maxdb-artifacts -Dliquibase.sdk.downloadDirectory=original-artifacts - - - name: Re-version Artifacts - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }} - run: | - (cd original-artifacts && unzip liquibase-maxdb-artifacts.zip && rm liquibase-maxdb-artifacts.zip) - mvn -B liquibase-sdk:create-release-artifacts -Dliquibase.sdk.repo=${{ github.repository }} -Dliquibase.sdk.inputDirectory=original-artifacts -Dliquibase.sdk.outputDirectory=final-artifacts -Dliquibase.sdk.newVersion=${{ needs.setup.outputs.extensionVersion }} -Dliquibase.sdk.gpgExecutable=/usr/bin/gpg -X - - - name: Attach Files to Draft Release - uses: softprops/action-gh-release@v1 - with: - tag_name: v${{ needs.setup.outputs.extensionVersion }} - draft: true - fail_on_unmatched_files: true - body: Support for Liquibase ${{ needs.setup.outputs.liquibaseVersion }}. - generate_release_notes: true - files: final-artifacts/* - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + create-release: + uses: liquibase/build-logic/.github/workflows/create-release.yml@v0.5.2 + secrets: inherit diff --git a/.github/workflows/label-pr.yml b/.github/workflows/label-pr.yml new file mode 100644 index 0000000..a73d55b --- /dev/null +++ b/.github/workflows/label-pr.yml @@ -0,0 +1,19 @@ +name: Pull Request Labels +on: + pull_request: + types: [opened, labeled, unlabeled, synchronize, reopened] +jobs: + label: + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write + steps: + - name: Validate PR Labels + uses: mheap/github-action-required-labels@v5 + with: + mode: minimum + count: 1 + labels: "breakingChanges, newContributors, notableChanges, sdou, skipReleaseNotes, TypeBug, TypeEnhancement, TypeTest" + add_comment: true + message: "Label error: This PR is being prevented from merging because you have not added one of the labels: {{ provided }}. You'll need to add it before this PR can be merged." \ No newline at end of file diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml index 9ddc19b..9e54f92 100644 --- a/.github/workflows/release-published.yml +++ b/.github/workflows/release-published.yml @@ -1,80 +1,52 @@ name: Release Extension to Sonatype on: + workflow_dispatch: release: types: [published] - workflow_dispatch: - inputs: - tag: - description: 'Release Tag' - required: true jobs: - setup: - name: Setup - runs-on: ubuntu-latest - outputs: - tag: ${{ steps.collect-data.outputs.tag }} - version: ${{ steps.collect-data.outputs.version }} - steps: - - name: Collect Data - id: collect-data - uses: actions/github-script@v6 - with: - script: | - let tag; - if (context.payload.inputs) { - tag = context.payload.inputs.tag; - } else { - tag = context.payload.release.tag_name; - } - - let version = tag.replace(/^v/, ""); - - core.setOutput("tag", tag); - core.setOutput("version", version); - - - run: | - echo "Publishing version ${{ steps.collect-data.outputs.version }} from ${{ steps.collect-data.outputs.tag }}" + release: + uses: liquibase/build-logic/.github/workflows/extension-release-published.yml@v0.5.2 + secrets: inherit - deploy_maven: - name: Deploy to Maven - needs: [ setup ] - runs-on: ubuntu-latest + deploy_xsd: + name: Upload xsds + runs-on: ubuntu-20.04 steps: - - name: Download Release Artifacts - uses: robinraju/release-downloader@v1.4 - with: - tag: "${{ needs.setup.outputs.tag }}" - filename: "*" - out-file-path: "." - - - name: Set up Java for publishing to Maven Central Repository - uses: actions/setup-java@v3 + - name: Download liquibase mongodb xsd + uses: actions/checkout@v4 with: - java-version: '17' - distribution: 'temurin' - server-id: sonatype-nexus-staging - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD + # Relative path under $GITHUB_WORKSPACE to place the repository + path: liquibase-mongodb + repository: "liquibase/liquibase-mongodb" - - name: Publish to Maven Central + - name: Upload to s3 env: - MAVEN_USERNAME: ${{ secrets.SONATYPE_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.SONATYPE_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ secrets.LIQUIBASEORIGIN_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.LIQUIBASEORIGIN_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: us-east-1 + # aws s3 sync syncs directories and S3 prefixes. run: | - version=${{ needs.setup.outputs.version }} - - unzip *.zip + aws s3 sync liquibase-mongodb/src/main/resources/www.liquibase.org/xml/ns/mongodb/ s3://liquibaseorg-origin/xml/ns/mongodb/ --content-type application/octet-stream --only-show-errors + - name: Index.htm file upload + env: + AWS_ACCESS_KEY_ID: ${{ secrets.LIQUIBASEORIGIN_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.LIQUIBASEORIGIN_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: us-east-1 + # List all xsd and htm files in repository. Copy index.htm to temporary folder + # Add links for all xsd files to index.htm file (except liquibase-mongodb-latest.xsd and index.htm) + # Sync index.htm with the s3 + run: | + search_dir=liquibase-mongodb/src/main/resources/www.liquibase.org/xml/ns/mongodb + filenames=`ls -1 $search_dir` + mkdir index-file + cp $search_dir/index.htm index-file/ + for entry in $filenames + do + if [[ "$entry" != "liquibase-mongodb-latest.xsd" ]] && [[ "$entry" != "index.htm" ]] ;then + sed -ie "s/<\/ul>/
  • ${entry}<\/a><\/li>\n<\/ul>/" index-file/index.htm + fi + done - mvn -B org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1:deploy-file \ - -Durl=https://oss.sonatype.org/service/local/staging/deploy/maven2/ \ - -DrepositoryId=sonatype-nexus-staging \ - -DpomFile=liquibase-maxdb-${version}.pom \ - -DgeneratePom=false \ - -Dfile=liquibase-maxdb-${version}.jar \ - -Dsources=liquibase-maxdb-${version}-sources.jar \ - -Djavadoc=liquibase-maxdb-${version}-javadoc.jar \ - -Dfiles=liquibase-maxdb-${version}.jar.asc,liquibase-maxdb-${version}-sources.jar.asc,liquibase-maxdb-${version}-javadoc.jar.asc,liquibase-maxdb-${version}.pom.asc \ - -Dtypes=jar.asc,jar.asc,jar.asc,pom.asc \ - -Dclassifiers=,sources,javadoc, + aws s3 sync index-file s3://liquibaseorg-origin/xml/ns/mongodb/ --only-show-errors diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml deleted file mode 100644 index a58f714..0000000 --- a/.github/workflows/snyk.yml +++ /dev/null @@ -1,62 +0,0 @@ -# Run Snyk nightly to scan and report security issues. -name: Snyk Scan - -# Job will run nightly at 02:05 EDT / 01:05 CDT -# Time below is UTC -on: - schedule: - - cron: "5 6 * * *" - workflow_dispatch: - -jobs: - security-scan: - # This workflow only runs on the main liquibase repo, not in forks - if: github.repository == 'liquibase/liquibase-maxdb' - - name: Snyk Security Scan - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - name: Set up JDK - uses: actions/setup-java@v3 - with: - java-version: 17 - distribution: 'temurin' - cache: 'maven' - - ## Need to install the snyk CLI and not use the github action because the action runs snyk in a separate docker container which does not have access to the installed sub-modules. - - name: Install snyk - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - run: | - curl -s https://static.snyk.io/cli/latest/snyk-linux -o snyk - ls -l snyk - chmod 755 snyk - ./snyk config set api="$SNYK_TOKEN" - - ## snyk monitor requires --all-projects because otherwise it only reports on the dependencies of one of the sub-modules. It would be nice if we could have one snyk project which included all the sub-modules in it, but that doesn't seem possible at this point - ## Run monitor before test, so that we report results even if the test step fails - - name: Report snyk status to web UI - run: | - ./snyk monitor --all-projects --org=datical --policy-path=.snyk -- -B -Dscope=compile - - ## snyk test requires --all-projects because otherwise it does not fail the run when a problem is found. It just prints "no direct upgrade or path" and continues on - ## Running with -Dscope=compile in order to report only on shipped modules, not "test" or "provided" scope ones - - name: Run Snyk Test to check for vulnerabilities - run: | - ./snyk test --fail-on=all --all-projects --severity-threshold=low --org=datical --policy-path=.snyk -- -B -Dscope=compile - - - - name: Slack Notification - if: ${{ failure() }} - uses: rtCamp/action-slack-notify@v2 - env: - SLACK_CHANNEL: team-liquibase-community - SLACK_COLOR: ${{ job.status }} # or a specific color like 'good' or '#ff00ff' - SLACK_MESSAGE: "${{ github.job }}: ${{ job.status }} @here" - SLACK_USERNAME: "liquibot" - SLACK_WEBHOOK: ${{ secrets.SNYK_LIQUIBASE_SLACK_WEBHOOK }} - MSG_MINIMAL: actions url - SLACK_ICON_EMOJI: ':liquibase:' - SLACK_LINK_NAMES: true diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..99e8bf2 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,54 @@ +name: Build and Test + +on: + workflow_dispatch: + pull_request: + types: + - opened + - reopened + - synchronize + +jobs: + build: + uses: liquibase/build-logic/.github/workflows/os-extension-test.yml@v0.5.2 + secrets: inherit + +# integration-test: +# name: Test Harness for Maxdb ${{ matrix.maxdb }} +# needs: build +# runs-on: ubuntu-latest +# +# strategy: +# fail-fast: false +# matrix: +# maxdb: [ "" ] +# +# steps: +# - uses: actions/checkout@v2 +# +# - name: Set up JDK +# uses: actions/setup-java@v2 +# with: +# java-version: 17 +# distribution: 'temurin' +# cache: 'maven' +# +# - name: Build Cache +# uses: actions/cache@v3.0.5 +# with: +# key: build-${{ github.run_number }}-${{ github.run_attempt }} +# path: | +# **/target/** +# ~/.m2/repository/org/liquibase/ +# +# - name: Run Tests +# run: mvn -B jacoco:prepare-agent surefire:test -Dmaxdb.version=${{ matrix.maxdb }} +# +# - name: Archive Test Results +# if: ${{ always() }} +# uses: actions/upload-artifact@v2 +# with: +# name: test-reports-maxdb-${{ matrix.maxdb }} +# path: | +# **/target/surefire-reports +# **/target/jacoco.exec \ No newline at end of file diff --git a/.snyk b/.snyk deleted file mode 100644 index 2be28e5..0000000 --- a/.snyk +++ /dev/null @@ -1,9 +0,0 @@ -# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.22.1 -# ignores vulnerabilities until expiry date; change duration by modifying expiry date -ignore: - SNYK-JAVA-ORGLIQUIBASE-2419059: - - '*': - reason: ignore liquibase version - created: 2022-03-07T15:57:03.089Z -patch: {} diff --git a/pom.xml b/pom.xml index 2f097b0..d6e2b13 100644 --- a/pom.xml +++ b/pom.xml @@ -3,73 +3,22 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 + + org.liquibase + liquibase-parent-pom + 0.2.6 + + org.liquibase.ext liquibase-maxdb - 0-SNAPSHOT + 4.24.1-SNAPSHOT Liquibase Extension: SAP MaxDB support Add this Liquibase extension to your project to support SAP MaxDB https://github.com/liquibase/liquibase-maxdb - - Liquibase - http://www.liquibase.com - - - - - http://www.apache.org/licenses/LICENSE-2.0 - Apache License, Version 2.0 - - - - - https://github.com/liquibase/liquibase-maxdb/issues - - - - scm:git:http://github.com/liquibase/liquibase-maxdb.git - https://github.com/liquibase/liquibase-maxdb - HEAD - - - - - liquibase - Liquibase Community - community@liquibase.com - - architect - developer - - -6 - - - nvoxland - Nathan Voxland - nathan.voxland@liquibase.org - - architect - developer - - -6 - - - UTF-8 - UTF-8 - 0-SNAPSHOT - ${env.GITHUB_TOKEN} - - liquibase - ${project.artifactId} - ${project.name} - ${project.description} - https://sonarcloud.io - git - true - - target + 4.24.0 @@ -94,104 +43,44 @@ - - maven-resources-plugin - 3.3.1 - - UTF-8 - - - - maven-compiler-plugin - 3.11.0 - - 8 - true - true - ${project.build.sourceEncoding} - - maven-surefire-plugin - 3.1.2 + ${maven-surefire-plugin.version} true plain + + ${project.build.directory}/spock-reports + + + + + org.apache.maven.surefire + surefire-junit47 + ${maven-surefire-plugin.version} + + - org.codehaus.mojo - build-helper-maven-plugin - 3.4.0 - - - org.apache.maven.plugins - maven-javadoc-plugin - 3.5.0 + maven-failsafe-plugin + ${maven-failsafe-plugin.version} - true - false - Liquibase SAP MaxDB ${project.version} API - true - none - UTF-8 - - false - - - - javadoc-default - - jar - - package - - - - - - org.apache.maven.plugins - maven-source-plugin - 3.3.0 - - - attach-sources - package - - jar - - - - - - - org.jacoco - jacoco-maven-plugin - 0.8.11 - - - - ${jacoco.fileset.directory} - - **/jacoco.exec - - - + true + plain + + ${project.build.directory}/spock-reports + - - - - org.sonarsource.scanner.maven - sonar-maven-plugin - 3.9.1.2184 - - - - org.liquibase.ext - liquibase-sdk-maven-plugin - 0.10.20 + + + + org.apache.maven.surefire + surefire-junit47 + ${maven-surefire-plugin.version} + + - From 4ef323d860b5e52110ddc3a41afa24c9b1cf19f1 Mon Sep 17 00:00:00 2001 From: jandroav Date: Tue, 24 Oct 2023 11:45:25 +0200 Subject: [PATCH 2/2] chore(workflows): update liquibase/build-logic workflows to v0.5.3 The following workflows have been updated to use version v0.5.3 of the `liquibase/build-logic` actions: - `.github/workflows/attach-artifact-release.yml` - `.github/workflows/build-nightly.yml` - `.github/workflows/codeql.yml` - `.github/workflows/create-release.yml` - `.github/workflows/release-published.yml` The updates were made to ensure that the latest version of the actions is being used in the workflows. --- .github/workflows/attach-artifact-release.yml | 2 +- .github/workflows/build-nightly.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/create-release.yml | 2 +- .github/workflows/release-published.yml | 43 +--------- .github/workflows/test.yml | 79 +++++++++---------- 6 files changed, 44 insertions(+), 86 deletions(-) diff --git a/.github/workflows/attach-artifact-release.yml b/.github/workflows/attach-artifact-release.yml index ea07976..54e9a08 100644 --- a/.github/workflows/attach-artifact-release.yml +++ b/.github/workflows/attach-artifact-release.yml @@ -8,5 +8,5 @@ on: jobs: attach-artifact-to-release: - uses: liquibase/build-logic/.github/workflows/extension-attach-artifact-release.yml@v0.5.2 + uses: liquibase/build-logic/.github/workflows/extension-attach-artifact-release.yml@v0.5.3 secrets: inherit diff --git a/.github/workflows/build-nightly.yml b/.github/workflows/build-nightly.yml index e4c9e89..be9dc87 100644 --- a/.github/workflows/build-nightly.yml +++ b/.github/workflows/build-nightly.yml @@ -7,7 +7,7 @@ on: jobs: nightly-build: - uses: liquibase/build-logic/.github/workflows/os-extension-test.yml@v0.5.2 + uses: liquibase/build-logic/.github/workflows/os-extension-test.yml@v0.5.3 with: nightly: true secrets: inherit diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e3fc948..23c249f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -15,4 +15,4 @@ jobs: uses: liquibase/build-logic/.github/workflows/codeql.yml@v0.5.3 secrets: inherit with: - languages: '[java]' + languages: '["java"]' diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index d766640..60efbd2 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -8,5 +8,5 @@ on: jobs: create-release: - uses: liquibase/build-logic/.github/workflows/create-release.yml@v0.5.2 + uses: liquibase/build-logic/.github/workflows/create-release.yml@v0.5.3 secrets: inherit diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml index 9e54f92..66dcba3 100644 --- a/.github/workflows/release-published.yml +++ b/.github/workflows/release-published.yml @@ -7,46 +7,5 @@ on: jobs: release: - uses: liquibase/build-logic/.github/workflows/extension-release-published.yml@v0.5.2 + uses: liquibase/build-logic/.github/workflows/extension-release-published.yml@v0.5.3 secrets: inherit - - deploy_xsd: - name: Upload xsds - runs-on: ubuntu-20.04 - steps: - - name: Download liquibase mongodb xsd - uses: actions/checkout@v4 - with: - # Relative path under $GITHUB_WORKSPACE to place the repository - path: liquibase-mongodb - repository: "liquibase/liquibase-mongodb" - - - name: Upload to s3 - env: - AWS_ACCESS_KEY_ID: ${{ secrets.LIQUIBASEORIGIN_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.LIQUIBASEORIGIN_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: us-east-1 - # aws s3 sync syncs directories and S3 prefixes. - run: | - aws s3 sync liquibase-mongodb/src/main/resources/www.liquibase.org/xml/ns/mongodb/ s3://liquibaseorg-origin/xml/ns/mongodb/ --content-type application/octet-stream --only-show-errors - - name: Index.htm file upload - env: - AWS_ACCESS_KEY_ID: ${{ secrets.LIQUIBASEORIGIN_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.LIQUIBASEORIGIN_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: us-east-1 - # List all xsd and htm files in repository. Copy index.htm to temporary folder - # Add links for all xsd files to index.htm file (except liquibase-mongodb-latest.xsd and index.htm) - # Sync index.htm with the s3 - run: | - search_dir=liquibase-mongodb/src/main/resources/www.liquibase.org/xml/ns/mongodb - filenames=`ls -1 $search_dir` - mkdir index-file - cp $search_dir/index.htm index-file/ - for entry in $filenames - do - if [[ "$entry" != "liquibase-mongodb-latest.xsd" ]] && [[ "$entry" != "index.htm" ]] ;then - sed -ie "s/<\/ul>/
  • ${entry}<\/a><\/li>\n<\/ul>/" index-file/index.htm - fi - done - - aws s3 sync index-file s3://liquibaseorg-origin/xml/ns/mongodb/ --only-show-errors diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 99e8bf2..64bb828 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,45 +10,44 @@ on: jobs: build: - uses: liquibase/build-logic/.github/workflows/os-extension-test.yml@v0.5.2 + uses: liquibase/build-logic/.github/workflows/os-extension-test.yml@v0.5.3 secrets: inherit -# integration-test: -# name: Test Harness for Maxdb ${{ matrix.maxdb }} -# needs: build -# runs-on: ubuntu-latest -# -# strategy: -# fail-fast: false -# matrix: -# maxdb: [ "" ] -# -# steps: -# - uses: actions/checkout@v2 -# -# - name: Set up JDK -# uses: actions/setup-java@v2 -# with: -# java-version: 17 -# distribution: 'temurin' -# cache: 'maven' -# -# - name: Build Cache -# uses: actions/cache@v3.0.5 -# with: -# key: build-${{ github.run_number }}-${{ github.run_attempt }} -# path: | -# **/target/** -# ~/.m2/repository/org/liquibase/ -# -# - name: Run Tests -# run: mvn -B jacoco:prepare-agent surefire:test -Dmaxdb.version=${{ matrix.maxdb }} -# -# - name: Archive Test Results -# if: ${{ always() }} -# uses: actions/upload-artifact@v2 -# with: -# name: test-reports-maxdb-${{ matrix.maxdb }} -# path: | -# **/target/surefire-reports -# **/target/jacoco.exec \ No newline at end of file + integration-test: + name: Test Harness for Maxdb ${{ matrix.maxdb }} + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + maxdb: [ "" ] + + steps: + - uses: actions/checkout@v2 + + - name: Set up JDK + uses: actions/setup-java@v2 + with: + java-version: 17 + distribution: 'temurin' + cache: 'maven' + + - name: Build Cache + uses: actions/cache@v3.0.5 + with: + key: build-${{ github.run_number }}-${{ github.run_attempt }} + path: | + **/target/** + ~/.m2/repository/org/liquibase/ + + - name: Run Tests + run: mvn -B jacoco:prepare-agent surefire:test -Dmaxdb.version=${{ matrix.maxdb }} + + - name: Archive Test Results + if: ${{ always() }} + uses: actions/upload-artifact@v2 + with: + name: test-reports-maxdb-${{ matrix.maxdb }} + path: | + **/target/surefire-reports + **/target/jacoco.exec \ No newline at end of file