From 803e4b53dcc1c7b6316b0e5782daaa75597efc8c Mon Sep 17 00:00:00 2001
From: Tomasz Michalak <tomasz.michalak@ds.pl>
Date: Thu, 16 May 2024 08:21:25 +0200
Subject: [PATCH] WS-3234 Migrate module to GH and configure GCP artifacts
 registry for releases

---
 .github/workflows/ci-release.yaml            | 63 ++++++++++++++++
 .github/workflows/{ci.yml => ci-verify.yaml} | 30 ++++++--
 .github/workflows/release.yml                | 77 --------------------
 .mvn/extensions.xml                          |  8 ++
 pom.xml                                      | 64 +++++++---------
 5 files changed, 120 insertions(+), 122 deletions(-)
 create mode 100644 .github/workflows/ci-release.yaml
 rename .github/workflows/{ci.yml => ci-verify.yaml} (66%)
 delete mode 100644 .github/workflows/release.yml
 create mode 100644 .mvn/extensions.xml

diff --git a/.github/workflows/ci-release.yaml b/.github/workflows/ci-release.yaml
new file mode 100644
index 0000000..ac87687
--- /dev/null
+++ b/.github/workflows/ci-release.yaml
@@ -0,0 +1,63 @@
+# Copyright (C) 2022 Dynamic Solutions
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "Release: Release and publish artifacts to GCP Artifacts Registry"
+
+on:
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - id: 'auth'
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          workload_identity_provider: ${{ secrets.GCP_WEBSIGHT_RELEASES_WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ secrets.GCP_WEBSIGHT_RELEASES_RELEASE_DEPLOY_SA }}
+
+      - name: Configure Git
+        run: |
+          git remote set-url origin git@github.com:${{ github.repository }}.git
+          git config --global user.email "github.actions@ds.pl"
+          git config --global user.name "GitHub Actions"
+          mkdir -p ~/.ssh
+          printf '%s\n' "${{ secrets.GIT_SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          chmod 0600 ~/.ssh/id_rsa
+
+      - name: Set up JDK 8
+        uses: actions/setup-java@v3
+        with:
+          java-version: '8'
+          distribution: 'adopt'
+
+      - name: Cache local Maven repository
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+
+      - name: Release to GCP Artifacts Registry
+        run: mvn -B release:prepare release:perform -Darguments="-Dbnd.baseline.skip=true"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci-verify.yaml
similarity index 66%
rename from .github/workflows/ci.yml
rename to .github/workflows/ci-verify.yaml
index e332af4..342001c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci-verify.yaml
@@ -12,25 +12,40 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-name: CI
+name: "Test: Verify module"
 
 on:
+  workflow_dispatch:
   pull_request:
   push:
     branches:
       - main
-      
+
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
-  build-and-test:
+  verify:
     runs-on: ubuntu-latest
-
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - id: 'auth'
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          workload_identity_provider: ${{ secrets.GCP_WEBSIGHT_RELEASES_WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ secrets.GCP_WEBSIGHT_RELEASES_RELEASE_DEPLOY_SA }}
+
       - name: Set up JDK 8
         uses: actions/setup-java@v3
         with:
           java-version: '8'
           distribution: 'adopt'
+
       - name: Cache local Maven repository
         uses: actions/cache@v3
         with:
@@ -38,7 +53,6 @@ jobs:
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
           restore-keys: |
             ${{ runner.os }}-maven-
+
       - name: Verify
-        run: |
-          mkdir .maven
-          mvn -B -DdryRun=true release:prepare
+        run: mvn -B verify -Dbnd.baseline.skip=true 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
deleted file mode 100644
index 64fe2d5..0000000
--- a/.github/workflows/release.yml
+++ /dev/null
@@ -1,77 +0,0 @@
-# Copyright (C) 2022 Dynamic Solutions
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-name: Release WebSight Bundle Resource Provider
-
-on:
-  workflow_dispatch:
-      
-permissions:
-  id-token: write
-  contents: read
-  
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up JDK 8
-        uses: actions/setup-java@v3
-        with:
-          java-version: '8'
-          distribution: 'adopt'
-      - name: Cache local Maven repository
-        uses: actions/cache@v3
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          role-to-assume: ${{ secrets.AWS_CI_ROLE_TO_ASSUME }}
-          role-session-name: WebsightBundleResourceProviderRelease
-          aws-region: eu-central-1
-      - name: Prepare Code Artifact token
-        run: |
-          export CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain websight --domain-owner ${{ secrets.AWS_ACCOUNT_ID }} --query authorizationToken --output text`
-          echo "CODEARTIFACT_AUTH_TOKEN=${CODEARTIFACT_AUTH_TOKEN}" >> $GITHUB_ENV
-      - name: Prepare release
-        env:
-          AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
-        run: |
-          git config --global user.email "github.actions@ds.pl"
-          git config --global user.name "GitHub Actions"
-          mkdir -p ~/.ssh
-          printf '%s\n' "${{ secrets.SSH_SECRET_KEY }}" > ~/.ssh/id_rsa
-          chmod 0600 ~/.ssh/id_rsa
-          ls -al ~/.ssh
-          mvn -B release:prepare
-          RELEASED_VERSION=$(git describe --tags --abbrev=0)
-          echo "RELEASED_VERSION=${RELEASED_VERSION}" >> $GITHUB_ENV
-      - name: Release to Code Artifact
-        env:
-          AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          curl -s https://ws-dev-public.s3.eu-central-1.amazonaws.com/settings-code-artifact-deploy.xml --output ~/.m2/settings-code-artifact-deploy.xml
-          mvn --batch-mode -s ~/.m2/settings-code-artifact-deploy.xml -P code-artifact-distribution release:perform
-      - name: Deploy to S3
-        run: |
-          curl -s https://ws-dev-public.s3.eu-central-1.amazonaws.com/settings-s3-publication.xml --output ~/.m2/settings-s3-publication.xml
-          git checkout tags/${RELEASED_VERSION}
-          mvn --batch-mode -s ~/.m2/settings-s3-publication.xml -P s3-distribution -Dmaven.install.skip=true -DskipTests=true deploy
-      
diff --git a/.mvn/extensions.xml b/.mvn/extensions.xml
new file mode 100644
index 0000000..67a5aea
--- /dev/null
+++ b/.mvn/extensions.xml
@@ -0,0 +1,8 @@
+<extensions xmlns="http://maven.apache.org/EXTENSIONS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/EXTENSIONS/1.0.0 http://maven.apache.org/xsd/core-extensions-1.0.0.xsd">
+  <extension>
+    <groupId>com.google.cloud.artifactregistry</groupId>
+    <artifactId>artifactregistry-maven-wagon</artifactId>
+    <version>2.2.1</version>
+  </extension>
+</extensions>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index f6faf60..9fddd72 100644
--- a/pom.xml
+++ b/pom.xml
@@ -38,13 +38,16 @@
     </organization>
 
     <repositories>
-        <repository>
-            <id>websight-repo</id>
-            <url>https://repo.websight.io/maven/</url>
-            <snapshots>
-                <enabled>false</enabled>
-            </snapshots>
-        </repository>
+      <repository>
+          <id>artifact-registry</id>
+          <url>artifactregistry://europe-west1-maven.pkg.dev/websight-io/websight-maven-releases</url>
+          <releases>
+              <enabled>true</enabled>
+          </releases>
+          <snapshots>
+              <enabled>false</enabled>
+          </snapshots>
+      </repository>
     </repositories>
 
     <properties>
@@ -89,9 +92,9 @@
         </plugins>
         <extensions>
             <extension>
-                <groupId>com.github.seahen</groupId>
-                <artifactId>maven-s3-wagon</artifactId>
-                <version>1.3.3</version>
+                <groupId>com.google.cloud.artifactregistry</groupId>
+                <artifactId>artifactregistry-maven-wagon</artifactId>
+                <version>2.2.1</version>
             </extension>
         </extensions>
     </build>
@@ -167,31 +170,18 @@
 
     <profiles>
         <profile>
-          <id>code-artifact-distribution</id>
-          <distributionManagement>
-            <repository>
-              <id>ws-code-artifact-repo</id>
-              <name>ws-code-artifact-repo</name>
-              <url>https://websight-${env.AWS_ACCOUNT_ID}.d.codeartifact.eu-central-1.amazonaws.com/maven/maven-repo/</url>
-            </repository>
-            <snapshotRepository>
-              <id>ws-code-artifact-snapshot-repo</id>
-              <name>ws-code-artifact-snapshot-repo</name>
-              <url>https://websight-internal-${env.AWS_ACCOUNT_ID}.d.codeartifact.eu-central-1.amazonaws.com/maven/maven-snapshot-repo/</url>
-            </snapshotRepository>
-          </distributionManagement>
+            <id>baseline</id>
+            <activation>
+                <activeByDefault>false</activeByDefault>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                    <groupId>biz.aQute.bnd</groupId>
+                    <artifactId>bnd-baseline-maven-plugin</artifactId>
+                    </plugin>
+                </plugins>  
+            </build>
         </profile>
-    
-        <profile>
-          <id>s3-distribution</id>
-          <distributionManagement>
-            <repository>
-              <id>ws-s3-repo</id>
-              <name>ws-s3-repo</name>
-              <url>s3://repo.websight.io/maven</url>
-            </repository>
-          </distributionManagement>
-        </profile>
-      </profiles>
-
-</project>
\ No newline at end of file
+    </profiles>
+</project>