From 9dc3f1811096463c7d97ac90c51a6b1843acd813 Mon Sep 17 00:00:00 2001 From: alexgomezlf <99926015+alexgomezlf@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:39:18 -0500 Subject: [PATCH] Alex/update build pipeline (#74) * update nimbus-jose-jw * update changelog, version * trigger build * update pipeline * update publish unit tests * switch to maven central * fix merge * remove comment * update credential setup * update names * update build * update * update server naem * update pw * updat pipeline * update sercret key * update secret key * use test secret key * update key * test scretkey * update key * update import * remove setup java * try this key id * try with new key * update pipeline * update pipeline * pass in as command line * try import * update pom * remove command line * use passphrase * don't set up apache * debug * just don't pass in secret key * update secrets, remove preview * update pipeline --------- Co-authored-by: alexandria.gomez --- .github/workflows/main.yml | 312 +++++++++++++++---------------------- CHANGELOG.md | 6 + pom.xml | 47 +++--- 3 files changed, 161 insertions(+), 204 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b4e5c95..ed85410 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -2,19 +2,18 @@ name: lf-api-client-core-java-CI on: push: - branches: [ '\d+.x' ] + branches: ['\d+.x'] pull_request: - branches: [ '\d+.x' ] + branches: ['\d+.x'] # Allows you to run this workflow manually from the Actions tab workflow_dispatch: env: - VERSION_PREFIX: '2.2.1' + VERSION_PREFIX: '2.2.2' GITHUB_PAGES_BRANCH: 'gh-pages' jobs: build-n-test: - runs-on: ubuntu-latest env: @@ -22,197 +21,144 @@ jobs: SERVICE_PRINCIPAL_KEY: ${{ secrets.DEV_CA_PUBLIC_USE_TESTOAUTHSERVICEPRINCIPAL_SERVICE_PRINCIPAL_KEY }} steps: - - uses: actions/checkout@v3 - - - name: Set up JDK 8 - uses: actions/setup-java@v3 - with: - java-version: '8' - distribution: 'temurin' - - - name: Build with Maven - run: mvn -B package -Dmaven.test.skip=true --file pom.xml - - - name: Run unit tests - run: mvn -Dtest=com.laserfiche.api.client.unit.*Test test - - - name: Publish unit test results - uses: EnricoMi/publish-unit-test-result-action@v1 - if: always() - with: - files: target/surefire-reports/*.xml - check_name: unit-test-results - - - name: Delete test reports - run: rm -rf target/surefire-reports/*.xml - - - name: Run integration tests on cloud - id: integration-test-cloud - run: mvn test -Dgroups=Cloud - - - name: Publish cloud test results - uses: EnricoMi/publish-unit-test-result-action@v1 - if: always() - with: - files: target/surefire-reports/*.xml - check_name: integration-test-results-cloud - - - name: Delete test reports - run: rm -rf target/surefire-reports/*.xml - - - name: Run integration tests on self-hosted - id: integration-test-self-hosted - if: always() && (steps.integration-test-cloud.outcome == 'success' || steps.integration-test-cloud.outcome == 'failure') - env: - REPOSITORY_ID: ${{ secrets.APISERVER_REPOSITORY_ID }} - APISERVER_USERNAME: ${{ secrets.APISERVER_USERNAME }} - APISERVER_PASSWORD: ${{ secrets.APISERVER_PASSWORD }} - APISERVER_REPOSITORY_API_BASE_URL: ${{ secrets.APISERVER_REPOSITORY_API_BASE_URL }} - run: mvn test -Dgroups=SelfHosted - - - name: Publish self-hosted test results - uses: EnricoMi/publish-unit-test-result-action@v1 - if: always() - with: - files: target/surefire-reports/*.xml - check_name: integration-test-results-self-hosted + - name: Checkout + uses: actions/checkout@v4 - build-documentation: + - name: Set up JDK 8 + uses: actions/setup-java@v3 + with: + java-version: '8' + distribution: 'temurin' - runs-on: ubuntu-latest - needs: [ build-n-test ] + - name: Build with Maven + run: mvn -B package -Dmaven.test.skip=true --file pom.xml - steps: - - uses: actions/checkout@v2 - - - name: Set up JDK 8 - uses: actions/setup-java@v3 - with: - java-version: '8' - distribution: 'temurin' - - - name: Create temporary directory - run: mkdir -p ./docs_temp/${{ github.ref_name }} - - - name: Generate Javadoc - run: mvn javadoc:javadoc - - - name: Move javadoc files to temporary directory - run: mv ${{ github.workspace }}/target/site/ ${{ github.workspace }}/docs_temp/${{ github.ref_name }} - - - name: Upload a Build Artifact - uses: actions/upload-artifact@v2.3.1 - with: - name: documentation-artifact - # A file, directory or wildcard pattern that describes what to upload - path: ${{ github.workspace }}/docs_temp/${{ github.ref_name }}/site/apidocs - - - name: Delete temporary directory - run: rm -r ./docs_temp - - publish-preview-package: + - name: Run unit tests + run: mvn -Dtest=com.laserfiche.api.client.unit.*Test test + + - name: Publish unit test results + uses: EnricoMi/publish-unit-test-result-action@v2 + if: always() + with: + files: target/surefire-reports/*.xml + check_name: unit-test-results + + - name: Delete test reports + run: rm -rf target/surefire-reports/*.xml + + - name: Run integration tests on cloud + id: integration-test-cloud + run: mvn test -Dgroups=Cloud + + - name: Publish cloud test results + uses: EnricoMi/publish-unit-test-result-action@v2 + if: always() + with: + files: target/surefire-reports/*.xml + check_name: integration-test-results-cloud + + - name: Delete test reports + run: rm -rf target/surefire-reports/*.xml + + - name: Run integration tests on self-hosted + id: integration-test-self-hosted + if: always() && (steps.integration-test-cloud.outcome == 'success' || steps.integration-test-cloud.outcome == 'failure') + env: + REPOSITORY_ID: ${{ secrets.APISERVER_REPOSITORY_ID }} + APISERVER_USERNAME: ${{ secrets.APISERVER_USERNAME }} + APISERVER_PASSWORD: ${{ secrets.APISERVER_PASSWORD }} + APISERVER_REPOSITORY_API_BASE_URL: ${{ secrets.APISERVER_REPOSITORY_API_BASE_URL }} + run: mvn test -Dgroups=SelfHosted + + - name: Publish self-hosted test results + uses: EnricoMi/publish-unit-test-result-action@v2 + if: always() + with: + files: target/surefire-reports/*.xml + check_name: integration-test-results-self-hosted + + build-documentation: runs-on: ubuntu-latest - environment: preview - if: ${{ github.run_attempt != 1 }} - needs: [ build-n-test, build-documentation ] # wait for build to finish - + needs: [build-n-test] + steps: - - uses: actions/checkout@v2 - - - name: Set up JDK 8 - uses: actions/setup-java@v3 - with: - java-version: '8' - distribution: 'temurin' - - - name: Build with Maven - run: mvn -B package -Dmaven.test.skip=true --file pom.xml - - - name: Set up Apache Maven Central - uses: actions/setup-java@v3 - with: - java-version: '8' - distribution: 'temurin' - server-id: ossrh - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} - gpg-passphrase: MAVEN_GPG_PASSPHRASE - - - name: Set Java Package Version environment - run: echo "PACKAGE_VERSION=${{ env.VERSION_PREFIX }}-preview-${{ github.run_id }}-SNAPSHOT" >> $GITHUB_ENV - - - name: Set Java Package Version - run: mvn versions:set -DnewVersion=${{ env.PACKAGE_VERSION }} - - - name: Publish to Sonatype - run: mvn clean deploy -Dmaven.test.skip=true -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} - env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} - - - name: Tag commit - uses: rickstaa/action-create-tag@v1 - with: - tag: ${{ env.PACKAGE_VERSION }} - commit_sha: ${{ github.sha }} - message: Workflow run ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up JDK 8 + uses: actions/setup-java@v3 + with: + java-version: '8' + distribution: 'temurin' + + - name: Create temporary directory + run: mkdir -p ./docs_temp/${{ github.ref_name }} + + - name: Generate Javadoc + run: mvn javadoc:javadoc + + - name: Move javadoc files to temporary directory + run: mv ${{ github.workspace }}/target/site/ ${{ github.workspace }}/docs_temp/${{ github.ref_name }} + + - name: Upload a Build Artifact + uses: actions/upload-artifact@v4 + with: + name: documentation-artifact + # A file, directory or wildcard pattern that describes what to upload + path: ${{ github.workspace }}/docs_temp/${{ github.ref_name }}/site/apidocs + + - name: Delete temporary directory + run: rm -r ./docs_temp publish-production-package: runs-on: ubuntu-latest environment: production if: ${{ github.run_attempt != 1 }} - needs: [ build-n-test, build-documentation ] # wait for build to finish + needs: [build-n-test, build-documentation] # wait for build to finish steps: - - uses: actions/checkout@v2 - - - name: Set up JDK 8 - uses: actions/setup-java@v3 - with: - java-version: '8' - distribution: 'temurin' - - - name: Build with Maven - run: mvn -B package -Dmaven.test.skip=true --file pom.xml - - - name: Set up Apache Maven Central - uses: actions/setup-java@v3 - with: - java-version: '8' - distribution: 'temurin' - server-id: ossrh - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} - gpg-passphrase: MAVEN_GPG_PASSPHRASE - - - name: Set Java Package Version environment - run: echo "PACKAGE_VERSION=${{ env.VERSION_PREFIX }}" >> $GITHUB_ENV - - - name: Set Java Package Version - run: mvn versions:set -DnewVersion=${{ env.PACKAGE_VERSION }} - - - name: Publish to Maven Central - run: mvn clean deploy -P release -Dmaven.test.skip=true -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} - env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} - - - name: Tag commit - uses: rickstaa/action-create-tag@v1 - with: - tag: ${{ env.PACKAGE_VERSION }} - commit_sha: ${{ github.sha }} - message: Workflow run ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + - name: Checkout + uses: actions/checkout@v4 + + - name: Import GPG Key + run: | + echo "${{ secrets.MAVEN_GPG_SECRET_KEY }}" | gpg --batch --import + + - name: Set up Apache Maven Central + uses: actions/setup-java@v3 + with: + java-version: '8' + distribution: 'temurin' + server-id: central + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + gpg-passphrase: MAVEN_GPG_PASSPHRASE + + - name: Set Java Package Version environment + run: echo "PACKAGE_VERSION=${{ env.VERSION_PREFIX }}" >> $GITHUB_ENV + + - name: Set Java Package Version + run: mvn versions:set -DnewVersion=${{ env.PACKAGE_VERSION }} + + - name: Publish to Sonatype + run: mvn clean deploy -Pdeploy-to-maven -Dmaven.test.skip=true -Dgpg.passphrase=${{ secrets.MAVEN_GPG_SECRET_KEY_PASSPHRASE }} + env: + MAVEN_USERNAME: ${{ secrets.MAVEN_USERTOKEN_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.MAVEN_USERTOKEN_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_SECRET_KEY_PASSPHRASE }} + + - name: Tag commit + uses: rickstaa/action-create-tag@v1 + with: + tag: ${{ env.PACKAGE_VERSION }} + commit_sha: ${{ github.sha }} + message: Workflow run ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} publish-documentation: runs-on: ubuntu-latest timeout-minutes: 10 environment: github-pages - needs: [ publish-production-package ] + needs: [publish-production-package] steps: - name: Set DOCUMENTATION_VERSION environment variable run: | @@ -229,7 +175,7 @@ jobs: run: | echo 'Publishing documentation to ${{ env.GITHUB_PAGES_BRANCH }} for ${{ env.DOCUMENTATION_VERSION }}.' - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: ${{ env.GITHUB_PAGES_BRANCH }} @@ -240,7 +186,7 @@ jobs: run: mkdir -p ./docs/${{ env.DOCUMENTATION_VERSION }} - name: Download documentation build artifact - uses: actions/download-artifact@v3.0.0 + uses: actions/download-artifact@v4 with: name: documentation-artifact path: ./docs/${{ env.DOCUMENTATION_VERSION }} @@ -250,7 +196,7 @@ jobs: with: branch: ${{ env.GITHUB_PAGES_BRANCH }}-${{ env.DOCUMENTATION_VERSION }}-patch delete-branch: true - title: "Automated documentation update for ${{ env.DOCUMENTATION_VERSION }} by action ${{ github.run_id }}" - commit-message: "Automated documentation update for ${{ env.DOCUMENTATION_VERSION }} by action ${{ github.run_id }}" - body: "Automated documentation update for ${{ env.DOCUMENTATION_VERSION }} by action ${{ github.run_id }}" + title: 'Automated documentation update for ${{ env.DOCUMENTATION_VERSION }} by action ${{ github.run_id }}' + commit-message: 'Automated documentation update for ${{ env.DOCUMENTATION_VERSION }} by action ${{ github.run_id }}' + body: 'Automated documentation update for ${{ env.DOCUMENTATION_VERSION }} by action ${{ github.run_id }}' assignees: ${{ github.actor }} diff --git a/CHANGELOG.md b/CHANGELOG.md index c0a579d..3e70fb4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## 2.2.2 + +### Maintenance + +- Update `nimbus-jose-jwt` dependency due to vulnerability + ## 2.2.1 ### Fixes diff --git a/pom.xml b/pom.xml index 49a383d..d641fe9 100644 --- a/pom.xml +++ b/pom.xml @@ -1,5 +1,5 @@ - + 4.0.0 com.laserfiche lf-api-client-core @@ -33,29 +33,14 @@ - - ossrh - https://s01.oss.sonatype.org/content/repositories/snapshots - - ossrh - https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/ + central + https://repo1.maven.org/maven2/ - - org.sonatype.plugins - nexus-staging-maven-plugin - 1.6.7 - true - - ossrh - https://s01.oss.sonatype.org/ - true - - org.apache.maven.plugins maven-surefire-plugin @@ -163,7 +148,7 @@ org.apache.maven.plugins maven-gpg-plugin - 1.6 + 3.2.6 sign-artifacts @@ -196,11 +181,31 @@ + + + deploy-to-maven + + + + org.sonatype.central + central-publishing-maven-plugin + 0.6.0 + true + + central + true + + + + + + + com.nimbusds nimbus-jose-jwt - 9.22 + 9.41.2 com.fasterxml.jackson.core