From 803e4b53dcc1c7b6316b0e5782daaa75597efc8c Mon Sep 17 00:00:00 2001 From: Tomasz Michalak <tomasz.michalak@ds.pl> Date: Thu, 16 May 2024 08:21:25 +0200 Subject: [PATCH] WS-3234 Migrate module to GH and configure GCP artifacts registry for releases --- .github/workflows/ci-release.yaml | 63 ++++++++++++++++ .github/workflows/{ci.yml => ci-verify.yaml} | 30 ++++++-- .github/workflows/release.yml | 77 -------------------- .mvn/extensions.xml | 8 ++ pom.xml | 64 +++++++--------- 5 files changed, 120 insertions(+), 122 deletions(-) create mode 100644 .github/workflows/ci-release.yaml rename .github/workflows/{ci.yml => ci-verify.yaml} (66%) delete mode 100644 .github/workflows/release.yml create mode 100644 .mvn/extensions.xml diff --git a/.github/workflows/ci-release.yaml b/.github/workflows/ci-release.yaml new file mode 100644 index 0000000..ac87687 --- /dev/null +++ b/.github/workflows/ci-release.yaml @@ -0,0 +1,63 @@ +# Copyright (C) 2022 Dynamic Solutions +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: "Release: Release and publish artifacts to GCP Artifacts Registry" + +on: + workflow_dispatch: + +permissions: + id-token: write + contents: read + +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - id: 'auth' + name: 'Authenticate to Google Cloud' + uses: 'google-github-actions/auth@v2' + with: + workload_identity_provider: ${{ secrets.GCP_WEBSIGHT_RELEASES_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ secrets.GCP_WEBSIGHT_RELEASES_RELEASE_DEPLOY_SA }} + + - name: Configure Git + run: | + git remote set-url origin git@github.com:${{ github.repository }}.git + git config --global user.email "github.actions@ds.pl" + git config --global user.name "GitHub Actions" + mkdir -p ~/.ssh + printf '%s\n' "${{ secrets.GIT_SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa + chmod 0600 ~/.ssh/id_rsa + + - name: Set up JDK 8 + uses: actions/setup-java@v3 + with: + java-version: '8' + distribution: 'adopt' + + - name: Cache local Maven repository + uses: actions/cache@v3 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + + - name: Release to GCP Artifacts Registry + run: mvn -B release:prepare release:perform -Darguments="-Dbnd.baseline.skip=true" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci-verify.yaml similarity index 66% rename from .github/workflows/ci.yml rename to .github/workflows/ci-verify.yaml index e332af4..342001c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci-verify.yaml @@ -12,25 +12,40 @@ # See the License for the specific language governing permissions and # limitations under the License. -name: CI +name: "Test: Verify module" on: + workflow_dispatch: pull_request: push: branches: - main - + +permissions: + id-token: write + contents: read + jobs: - build-and-test: + verify: runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - id: 'auth' + name: 'Authenticate to Google Cloud' + uses: 'google-github-actions/auth@v2' + with: + workload_identity_provider: ${{ secrets.GCP_WEBSIGHT_RELEASES_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ secrets.GCP_WEBSIGHT_RELEASES_RELEASE_DEPLOY_SA }} + - name: Set up JDK 8 uses: actions/setup-java@v3 with: java-version: '8' distribution: 'adopt' + - name: Cache local Maven repository uses: actions/cache@v3 with: @@ -38,7 +53,6 @@ jobs: key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- + - name: Verify - run: | - mkdir .maven - mvn -B -DdryRun=true release:prepare + run: mvn -B verify -Dbnd.baseline.skip=true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 64fe2d5..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright (C) 2022 Dynamic Solutions -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -name: Release WebSight Bundle Resource Provider - -on: - workflow_dispatch: - -permissions: - id-token: write - contents: read - -jobs: - release: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - name: Set up JDK 8 - uses: actions/setup-java@v3 - with: - java-version: '8' - distribution: 'adopt' - - name: Cache local Maven repository - uses: actions/cache@v3 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - role-to-assume: ${{ secrets.AWS_CI_ROLE_TO_ASSUME }} - role-session-name: WebsightBundleResourceProviderRelease - aws-region: eu-central-1 - - name: Prepare Code Artifact token - run: | - export CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain websight --domain-owner ${{ secrets.AWS_ACCOUNT_ID }} --query authorizationToken --output text` - echo "CODEARTIFACT_AUTH_TOKEN=${CODEARTIFACT_AUTH_TOKEN}" >> $GITHUB_ENV - - name: Prepare release - env: - AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} - run: | - git config --global user.email "github.actions@ds.pl" - git config --global user.name "GitHub Actions" - mkdir -p ~/.ssh - printf '%s\n' "${{ secrets.SSH_SECRET_KEY }}" > ~/.ssh/id_rsa - chmod 0600 ~/.ssh/id_rsa - ls -al ~/.ssh - mvn -B release:prepare - RELEASED_VERSION=$(git describe --tags --abbrev=0) - echo "RELEASED_VERSION=${RELEASED_VERSION}" >> $GITHUB_ENV - - name: Release to Code Artifact - env: - AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - curl -s https://ws-dev-public.s3.eu-central-1.amazonaws.com/settings-code-artifact-deploy.xml --output ~/.m2/settings-code-artifact-deploy.xml - mvn --batch-mode -s ~/.m2/settings-code-artifact-deploy.xml -P code-artifact-distribution release:perform - - name: Deploy to S3 - run: | - curl -s https://ws-dev-public.s3.eu-central-1.amazonaws.com/settings-s3-publication.xml --output ~/.m2/settings-s3-publication.xml - git checkout tags/${RELEASED_VERSION} - mvn --batch-mode -s ~/.m2/settings-s3-publication.xml -P s3-distribution -Dmaven.install.skip=true -DskipTests=true deploy - diff --git a/.mvn/extensions.xml b/.mvn/extensions.xml new file mode 100644 index 0000000..67a5aea --- /dev/null +++ b/.mvn/extensions.xml @@ -0,0 +1,8 @@ +<extensions xmlns="http://maven.apache.org/EXTENSIONS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/EXTENSIONS/1.0.0 http://maven.apache.org/xsd/core-extensions-1.0.0.xsd"> + <extension> + <groupId>com.google.cloud.artifactregistry</groupId> + <artifactId>artifactregistry-maven-wagon</artifactId> + <version>2.2.1</version> + </extension> +</extensions> \ No newline at end of file diff --git a/pom.xml b/pom.xml index f6faf60..9fddd72 100644 --- a/pom.xml +++ b/pom.xml @@ -38,13 +38,16 @@ </organization> <repositories> - <repository> - <id>websight-repo</id> - <url>https://repo.websight.io/maven/</url> - <snapshots> - <enabled>false</enabled> - </snapshots> - </repository> + <repository> + <id>artifact-registry</id> + <url>artifactregistry://europe-west1-maven.pkg.dev/websight-io/websight-maven-releases</url> + <releases> + <enabled>true</enabled> + </releases> + <snapshots> + <enabled>false</enabled> + </snapshots> + </repository> </repositories> <properties> @@ -89,9 +92,9 @@ </plugins> <extensions> <extension> - <groupId>com.github.seahen</groupId> - <artifactId>maven-s3-wagon</artifactId> - <version>1.3.3</version> + <groupId>com.google.cloud.artifactregistry</groupId> + <artifactId>artifactregistry-maven-wagon</artifactId> + <version>2.2.1</version> </extension> </extensions> </build> @@ -167,31 +170,18 @@ <profiles> <profile> - <id>code-artifact-distribution</id> - <distributionManagement> - <repository> - <id>ws-code-artifact-repo</id> - <name>ws-code-artifact-repo</name> - <url>https://websight-${env.AWS_ACCOUNT_ID}.d.codeartifact.eu-central-1.amazonaws.com/maven/maven-repo/</url> - </repository> - <snapshotRepository> - <id>ws-code-artifact-snapshot-repo</id> - <name>ws-code-artifact-snapshot-repo</name> - <url>https://websight-internal-${env.AWS_ACCOUNT_ID}.d.codeartifact.eu-central-1.amazonaws.com/maven/maven-snapshot-repo/</url> - </snapshotRepository> - </distributionManagement> + <id>baseline</id> + <activation> + <activeByDefault>false</activeByDefault> + </activation> + <build> + <plugins> + <plugin> + <groupId>biz.aQute.bnd</groupId> + <artifactId>bnd-baseline-maven-plugin</artifactId> + </plugin> + </plugins> + </build> </profile> - - <profile> - <id>s3-distribution</id> - <distributionManagement> - <repository> - <id>ws-s3-repo</id> - <name>ws-s3-repo</name> - <url>s3://repo.websight.io/maven</url> - </repository> - </distributionManagement> - </profile> - </profiles> - -</project> \ No newline at end of file + </profiles> +</project>