From c598087caa5a251f62652289471d6579b41bb3ac Mon Sep 17 00:00:00 2001 From: Mirza Karacic Date: Wed, 11 Dec 2024 14:37:58 -0800 Subject: [PATCH] Integration fixes --- .github/actions/build-and-test/action.yaml | 16 ++-- .../actions/fast-forward-merge/action.yaml | 36 -------- .github/actions/github-release/action.yaml | 51 ++++++++++++ .github/actions/publish-to-jfrog/action.yaml | 68 ++++++++++++--- .../actions/publish-to-sonatype/action.yaml | 66 +++++++++++++++ .github/workflows/aggregate-build.yaml | 41 +++++++++ .github/workflows/build-dev.yaml | 2 +- .github/workflows/build.yaml | 28 ++++--- .github/workflows/promote-prod.yaml | 5 +- .github/workflows/promote-to-stage.yaml | 17 +++- .github/workflows/promote.yaml | 77 +++++++++++++---- .../{push-to-dev.yaml => push-to-stage.yaml} | 3 +- .github/workflows/release-stage.yaml | 52 ++++++++++++ .github/workflows/release.yaml | 83 +++++++++++++++++++ benchmarks/pom.xml | 2 +- client/config.json | 12 +++ client/config.template | 12 +++ .../bouncycastle_pom.xml} | 2 +- .../gnu_pom.xml | 2 +- .../publish-spec.json.template | 16 ++++ client/pom.xml | 52 +++++++++--- examples/pom.xml | 2 +- pom.xml | 29 ++++++- test/pom.xml | 2 +- 24 files changed, 570 insertions(+), 106 deletions(-) delete mode 100644 .github/actions/fast-forward-merge/action.yaml create mode 100644 .github/actions/github-release/action.yaml create mode 100644 .github/actions/publish-to-sonatype/action.yaml create mode 100644 .github/workflows/aggregate-build.yaml rename .github/workflows/{push-to-dev.yaml => push-to-stage.yaml} (72%) create mode 100644 .github/workflows/release-stage.yaml create mode 100644 .github/workflows/release.yaml create mode 100644 client/config.json create mode 100644 client/config.template rename client/{src/resources/bouncy_pom.xml => deploy-resources/bouncycastle_pom.xml} (98%) rename client/{src/resources => deploy-resources}/gnu_pom.xml (98%) create mode 100644 client/deploy-resources/publish-spec.json.template diff --git a/.github/actions/build-and-test/action.yaml b/.github/actions/build-and-test/action.yaml index f9ab2d19b..ca46c4302 100644 --- a/.github/actions/build-and-test/action.yaml +++ b/.github/actions/build-and-test/action.yaml @@ -14,10 +14,10 @@ inputs: required: false default: "latest" description: "Server docker image tag" - jfrog_docker_username: + jfrog-docker-username: required: true description: "" - jfrog_docker_token: + jfrog-docker-token: required: true description: "" run-tests: @@ -28,14 +28,16 @@ inputs: runs: using: "composite" steps: + # Using script to set profile since we would like to have the sticky effect. Set it once and have it + # remain for remainder of the job - name: Stage crypto shell: bash run: | - ./set_cypto ${{ inputs.crypto-type }} + ./set_crypto ${{ inputs.crypto-type }} - name: Build shell: bash - run: mvn clean install -P ${{ inputs.crypto-type }} + run: mvn clean install - name: Run EE server if: ${{ inputs.run-tests == 'true' }} @@ -43,10 +45,10 @@ runs: with: use-server-rc: ${{ inputs.use-server-rc }} server-tag: ${{ inputs.server-tag }} - docker-hub-username: ${{ inputs.jfrog_docker_username }} - docker-hub-password: ${{ inputs.jfrog_docker_token }} + docker-hub-username: ${{ inputs.jfrog-docker-username }} + docker-hub-password: ${{ inputs.jfrog-docker-token }} - - name: Test + - name: Run tests shell: bash if: ${{ inputs.run-tests == true }} working-directory: test diff --git a/.github/actions/fast-forward-merge/action.yaml b/.github/actions/fast-forward-merge/action.yaml deleted file mode 100644 index d917069b5..000000000 --- a/.github/actions/fast-forward-merge/action.yaml +++ /dev/null @@ -1,36 +0,0 @@ -name: "Fast forward merge" -description: Fast forward target branch to given commit hash - -inputs: - ref_to_merge: - description: Branch to merge into base - required: true - base_branch: - description: Base branch - required: true - git-bot-token: - description: Git bot token - required: true - -runs: - using: composite - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - # Fetch the whole history to prevent unrelated history errors - fetch-depth: "0" - ref: ${{ inputs.base_branch }} - token: ${{ inputs.git-bot-token }} - - - name: Debug stuff - shell: bash - run: | - git remote -vvv - - name: Fast forward - shell: bash - run: git merge --ff-only ${{ inputs.ref_to_merge }} - - - name: Upload changes to remote head branch - shell: bash - run: git push diff --git a/.github/actions/github-release/action.yaml b/.github/actions/github-release/action.yaml new file mode 100644 index 000000000..7b5c5df4c --- /dev/null +++ b/.github/actions/github-release/action.yaml @@ -0,0 +1,51 @@ +name: Create github release +description: Creates a github release + +inputs: + artifact-version: + description: "" + required: true + github-token: + description: "" + required: true + +runs: + using: composite + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Get previous tag + shell: bash + id: get-prev-tag + run: | + # Fetch all tags + git fetch --tags + echo "previous-tag=$(git tag --sort=-creatordate | sed -n '1p')" >> $GITHUB_OUTPUT + + # Extract commit messages between previous tag and the current tag. + - name: Get release notes + shell: bash + id: release-notes + run: | + notes=$(git log "${{ steps.get-previous-tag.outputs.previous-tag }}..HEAD" --pretty=format:"%s" --no-merges) + + # GitHub Actions requires that multiline output is escaped: + notes="${notes//'%'/'%25'}" + notes="${notes//$'\n'/'%0A'}" + notes="${notes//$'\r'/'%0D'}" + + echo "notes=$notes" >> $GITHUB_OUTPUT + + - name: Debug + shell: bash + run: | + echo "artifact-version: ${{ inputs.artifact-version }}" + echo "body: ${{ steps.release-notes.outputs.notes }}" + + - uses: rickstaa/action-create-tag@v1 + id: "tag_create" + with: + tag: ${{ inputs.artifact-version }} + tag_exists_error: false + message: "Latest release" diff --git a/.github/actions/publish-to-jfrog/action.yaml b/.github/actions/publish-to-jfrog/action.yaml index 68f8a7654..fff3f05db 100644 --- a/.github/actions/publish-to-jfrog/action.yaml +++ b/.github/actions/publish-to-jfrog/action.yaml @@ -13,40 +13,84 @@ inputs: jfrog-platform-url: description: "" required: false - default: https://aerospike.jfrog.io/ + default: https://aerospike.jfrog.io oidc-provider: description: "" - required: false - default: gh-aerospike-clients + required: true oidc-audience: description: "" - required: false - default: aerospike/clients + required: true crypto-type: description: "" required: false - default: gnu + artifact-name: + description: "" + required: true + artifact-id: + description: "" + required: true + artifact-version: + description: "" + required: true + deploy-spec-path: + description: "" + required: false + default: deploy-resources runs: using: "composite" steps: - name: Set up JFrog credentials + id: setup-jfrog-cli uses: jfrog/setup-jfrog-cli@v4 env: JF_URL: ${{ inputs.jfrog-platform-url }} with: + version: 2.72.2 oidc-provider-name: ${{ inputs.oidc-provider }} oidc-audience: ${{ inputs.oidc-audience }} - - name: Set crypto dependency + - name: Configure jf cli + shell: bash + run: | + jf mvn-config \ + --repo-deploy-releases=${{ inputs.jfrog-releases-repo-name }} \ + --repo-deploy-snapshots=${{ inputs.jfrog-snapshots-repo-name }} + + - name: Generate deploy spec shell: bash + working-directory: client run: | - ./set_crypto ${{ inputs.crypto-type }} + jq --arg targetPattern "${{ inputs.jfrog-releases-repo-name }}/com/aerospike/${{ inputs.artifact-id }}/${{ inputs.artifact-version }}/" \ + --arg publicPomPattern "deploy-resources/${{ inputs.crypto-type }}_pom.xml" \ + --arg publicPomTarget "${{ inputs.jfrog-releases-repo-name }}/com/aerospike/${{ inputs.artifact-id }}/${{ inputs.artifact-version }}/${{ inputs.artifact-name }}.pom" \ + ' + .files[0].target = $targetPattern | + .files[1].target = $targetPattern | + .files[2].pattern = $publicPomPattern | + .files[2].target = $publicPomTarget + ' ${{ inputs.deploy-spec-path }}/publish-spec.json.template > ${{ inputs.deploy-spec-path }}/publish-spec.json - - name: Deploy release + - name: Debug deploy spec shell: bash working-directory: client run: | - jf mvn-config --repo-deploy-releases=${{ inputs.jfrog-releases-repo-name }} --repo-deploy-snapshots=${{ inputs.jfrog-snapshots-repo-name }} - jf mvn source:jar javadoc:jar deploy -Dusername=${{ steps.setup-jfrog-cli.outputs.oidc-user }} ${{ steps.setup-jfrog-cli.outputs.oidc-token }} - jf rt bp + cat ${{ inputs.deploy-spec-path }}/publish-spec.json + + - name: Upload artifacts + shell: bash + working-directory: client + run: | + jf rt upload --spec=${{ inputs.deploy-spec-path }}/publish-spec.json \ + --module=${{ inputs.artifact-id }} \ + --build-name=clients-java-push-to-dev_${{ inputs.artifact-id }} \ + --build-number=${{ github.run_number }} + + # record env variables + jf rt bce clients-java-push-to-dev_${{ inputs.artifact-id }} ${{ github.run_number }} + + # record git info + jf rt bag clients-java-push-to-dev_${{ inputs.artifact-id }} ${{ github.run_number }} + + # publish build info + jf rt bp clients-java-push-to-dev_${{ inputs.artifact-id }} ${{ github.run_number }} diff --git a/.github/actions/publish-to-sonatype/action.yaml b/.github/actions/publish-to-sonatype/action.yaml new file mode 100644 index 000000000..634b7e4e8 --- /dev/null +++ b/.github/actions/publish-to-sonatype/action.yaml @@ -0,0 +1,66 @@ +name: Publish artifacts to Sonatype +description: "Publishes artifacts to Sonatype" + +inputs: + jfrog-releases-repo-name: + description: "" + required: false + default: clients-maven-dev-local + jfrog-snapshots-repo-name: + description: "" + required: false + default: clients-maven-dev-local + jfrog-platform-url: + description: "" + required: false + default: https://aerospike.jfrog.io + oidc-provider: + description: "" + required: true + oidc-audience: + description: "" + required: true + artifact-name: + description: "" + required: true + artifact-version: + description: "" + required: true + staging-folder: + description: "" + required: false + default: staging + target-repository: + description: "" + required: false + default: clients-maven-stage-local + +runs: + using: "composite" + steps: + - name: Set up JFrog credentials + id: setup-jfrog-cli + uses: jfrog/setup-jfrog-cli@v4 + env: + JF_URL: ${{ inputs.jfrog-platform-url }} + with: + version: 2.72.2 + oidc-provider-name: ${{ inputs.oidc-provider }} + oidc-audience: ${{ inputs.oidc-audience }} + + - name: Create staging folder + shell: bash + run: | + mkdir -p ${{ inputs.staging-folder }} + + - name: Download artifacts from JFrog + shell: bash + working-directory: ${{ inputs.staging-folder }} + run: | + jf rt dl "${{ inputs.target-repository }}/com/aerospike/${{ inputs.artifact-name }}/${{ inputs.artifact-version }}/*" . + + - name: Debug list downloaded content + shell: bash + working-directory: ${{ inputs.staging-folder }} + run: | + ls -la diff --git a/.github/workflows/aggregate-build.yaml b/.github/workflows/aggregate-build.yaml new file mode 100644 index 000000000..7834533f8 --- /dev/null +++ b/.github/workflows/aggregate-build.yaml @@ -0,0 +1,41 @@ +permissions: + # This is required for requesting the OIDC token + id-token: write + +on: + workflow_call: + inputs: + jfrog-platform-url: + type: string + description: "" + required: false + default: https://aerospike.jfrog.io + secrets: + GPG_SECRET_KEY: + required: true + GPG_PASS: + required: true + JFROG_OIDC_PROVIDER: + required: true + JFROG_OIDC_AUDIENCE: + required: true + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Set up JFrog credentials l + id: setup-jfrog-cli + uses: jfrog/setup-jfrog-cli@v4 + env: + JF_URL: ${{ inputs.jfrog-platform-url }} + with: + version: 2.72.2 + oidc-provider-name: ${{ secrets.JFROG_OIDC_PROVIDER }} + oidc-audience: ${{ secrets.JFROG_OIDC_AUDIENCE }} + + - name: Aggregate builds + run: | + jf rt ba clients-java-push-to-dev ${{ github.run_number }} clients-java-push-to-dev_aerospike-client-bc-jdk21 ${{ github.run_number }} + jf rt ba clients-java-push-to-dev ${{ github.run_number }} clients-java-push-to-dev_aerospike-client-jdk21 ${{ github.run_number }} + jf rt bp clients-java-push-to-dev ${{ github.run_number }} diff --git a/.github/workflows/build-dev.yaml b/.github/workflows/build-dev.yaml index 2a47beab5..1ca17a63e 100644 --- a/.github/workflows/build-dev.yaml +++ b/.github/workflows/build-dev.yaml @@ -75,7 +75,7 @@ jobs: needs: java-version strategy: matrix: - crypto-type: ["bouncycastle", "gnu"] + crypto-type: [bouncycastle, gnu] with: java-version: ${{ needs.java-version.outputs.java-version }} branch: ${{ inputs.branch }} diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index f422b6b87..34eaf7728 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,4 +1,5 @@ name: Build artifacts +run-name: Build artifact for ${{ inputs.crypto-type }} ${{ inputs.java-version }} permissions: # This is required for requesting the OIDC token @@ -37,16 +38,16 @@ on: type: string required: true secrets: - GPG_SECRET_KEY: + JFROG_OIDC_PROVIDER: required: true - GPG_PASS: + JFROG_OIDC_AUDIENCE: required: true jobs: build: runs-on: ubuntu-latest steps: - - name: Checkout client + - name: Checkout code uses: actions/checkout@v4 with: ref: ${{ inputs.branch }} @@ -56,8 +57,17 @@ jobs: with: distribution: "semeru" # See 'Supported distributions' for available options java-version: ${{ inputs.java-version }} - gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} - gpg-passphrase: ${{ secrets.GPG_PASS }} + + # This is needed so we can authenticate and get the credentials to be able to pull AE RC from JFrog + - name: Set up JFrog credentials + id: setup-jfrog-cli + uses: jfrog/setup-jfrog-cli@v4 + env: + JF_URL: ${{ inputs.jfrog-platform-url }} + with: + version: 2.72.2 + oidc-provider-name: ${{ inputs.oidc-provider }} + oidc-audience: ${{ inputs.oidc-audience }} - name: Build and test uses: ./.github/actions/build-and-test @@ -65,9 +75,5 @@ jobs: crypto-type: ${{ inputs.crypto-type }} server-tag: ${{ inputs.server-tag }} use-server-rc: ${{ inputs.use-server-rc }} - - - name: Publish to JFrog - if: ${{ !cancelled() && inputs.upload-artifacts == true }} - uses: ./.github/actions/publish-to-jfrog - with: - crypto-type: ${{ inputs.crypto-type }} + jfrog-docker-username: ${{ steps.setup-jfrog-cli.outputs.oidc-user }} + jfrog-docker-token: ${{ steps.setup-jfrog-cli.outputs.oidc-token }} diff --git a/.github/workflows/promote-prod.yaml b/.github/workflows/promote-prod.yaml index 63f03a009..c724cf4aa 100644 --- a/.github/workflows/promote-prod.yaml +++ b/.github/workflows/promote-prod.yaml @@ -16,6 +16,7 @@ jobs: name: Promot from stage to prod uses: ./.github/workflows/promote.yaml with: - build-number: ${{ inputs.build-number }} - target-repository: client-maven-stage-local + build-number: ${{ inputs.build-number }} + target-repository: clients-maven-stage-local target-branch: dev-stage + secrets: inherit diff --git a/.github/workflows/promote-to-stage.yaml b/.github/workflows/promote-to-stage.yaml index fe52abdf9..6e01bd65a 100644 --- a/.github/workflows/promote-to-stage.yaml +++ b/.github/workflows/promote-to-stage.yaml @@ -20,14 +20,25 @@ jobs: env: JF_URL: ${{ vars.JFROG_PLATFORM_URL }} with: - oidc-provider-name: ${{ inputs.oidc-provider }} - oidc-audience: ${{ inputs.oidc-audience }} + oidc-provider-name: ${{ secrets.JFROG_OIDC_PROVIDER }} + oidc-audience: ${{ secrets.JFROG_OIDC_AUDIENCE }} - name: Get info id: get-build-info run: | echo build-info=$(jf rt curl /api/build/clients-java-push-to-dev/${{ inputs.build-number }}) >> $GITHUB_OUTPUT + - name: Get commit hash from repo + id: get-commit-hash + run: | + echo commit-hash=$(echo '${{ steps.get-build-info.outputs.build-info }}' | jq -r '.buildInfo.vcs[].revision') >> $GITHUB_OUTPUT + + - name: Get build name + id: get-build-name + run: | + echo build-name=$(echo '${{ steps.get-build-info.outputs.build-info }}' | jq -r '.buildInfo.name') >> $GITHUB_OUTPUT + - name: Debug run: | - echo ${{ steps.get-build-info.outputs.build-info }} + echo "commit-hash: '${{ steps.get-commit-hash.outputs.commit-hash }}'" + echo "build-name: '${{ steps.get-build-name.outputs.build-name }}'" diff --git a/.github/workflows/promote.yaml b/.github/workflows/promote.yaml index 302218397..bb39d52f0 100644 --- a/.github/workflows/promote.yaml +++ b/.github/workflows/promote.yaml @@ -4,7 +4,7 @@ on: workflow_call: inputs: build-number: - type: number + type: string description: Build number used to build artifact to be promoted target-repository: type: string @@ -15,6 +15,10 @@ on: secrets: CLIENT_BOT_PAT: required: true + JFROG_OIDC_PROVIDER: + required: true + JFROG_OIDC_AUDIENCE: + required: true jobs: validate-build: @@ -25,8 +29,8 @@ jobs: env: JF_URL: ${{ vars.JFROG_PLATFORM_URL }} with: - oidc-provider-name: ${{ inputs.oidc-provider }} - oidc-audience: ${{ inputs.oidc-audience }} + oidc-provider-name: ${{ secrets.JFROG_OIDC_PROVIDER }} + oidc-audience: ${{ secrets.JFROG_OIDC_AUDIENCE }} - name: Get info id: get-build-info @@ -36,25 +40,70 @@ jobs: - name: Get commit hash from repo id: get-commit-hash run: | - echo commit-hash=$(steps.get-build-info.outputs.build-info | jq -r '.vcs[].revision') >> $GITHUB_OUTPUT + echo commit-hash=$(echo '${{ steps.get-build-info.outputs.build-info }}' | jq -r '.buildInfo.vcs[].revision') >> $GITHUB_OUTPUT - - name: Get commit hash from repo + - name: Get build name id: get-build-name run: | - echo build-name=$(steps.get-build-info.outputs.build-info | jq -r '.name') >> $GITHUB_OUTPUT + echo build-name=$(echo '${{ steps.get-build-info.outputs.build-info }}' | jq -r '.buildInfo.name') >> $GITHUB_OUTPUT - name: Debug run: | - echo ${{ steps.get-build-info.outputs.build-info }} - echo ${{ steps.get-build-info.outputs.build-name }} + echo "commit-hash: '${{ steps.get-commit-hash.outputs.commit-hash }}'" + echo "build-name: '${{ steps.get-build-name.outputs.build-name }}'" - - name: Merge commit hash from source to target branch - uses: ./github/actions/fast-forward-merge + # Needed since we are using actions which are part of the repository + - name: Checkout + uses: actions/checkout@v4 with: - ref-to-merge: ${{ steps.get-build-info.outputs.build-info }} - base-branch: ${{ inputs.target-branch }} - git-bot-token: ${{ secrets.CLIENT_BOT_PAT }} + # Fetch the whole history to prevent unrelated history errors + fetch-depth: "0" + ref: ${{ inputs.target-branch }} + token: ${{ secrets.CLIENT_BOT_PAT }} + + - name: Fast forward + shell: bash + run: git merge --ff-only ${{ inputs.ref-to-merge }} + + - name: Add tagging message + uses: stefanzweifel/git-auto-commit-action@v4 + with: + commit_message: "Promote to prod [skip ci]" + commit_author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + tagging_message: Promote to PROD + branch: ${{ inputs.target-branch }} + + - name: Upload changes to remote head branch + shell: bash + run: git push - name: Promote build run: | - jf rt build-promote ${{ steps.get-build-info.outputs.build-name }} ${{ inputs.build-number }} ${{ inputs.target-repository }} + jf rt build-promote ${{ steps.get-build-name.outputs.build-name }} ${{ inputs.build-number }} ${{ inputs.target-repository }} + + - name: Get artifact version + id: get-artifact-version + working-directory: client + run: | + echo artifact-version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) >> $GITHUB_OUTPUT + + - name: Get artifact name + id: get-artifact-name + working-directory: client + run: | + echo artifact-name=$(mvn help:evaluate -Dexpression=project.build.finalName -q -DforceStdout) >> $GITHUB_OUTPUT + + #- name: Create GitHub release + # uses: ./.github/actions/github-release + # with: + # artifact-version: ${{ steps.get-artifact-version.outputs.artifact-version }} + # github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish to Sonatype (Maven central) + uses: ./.github/actions/publish-to-sonatype + with: + oidc-provider: ${{ secrets.JFROG_OIDC_PROVIDER }} + oidc-audience: ${{ secrets.JFROG_OIDC_AUDIENCE }} + artifact-name: ${{ steps.get-artifact-name.outputs.artifact-name }} + artifact-version: ${{ steps.get-artifact-version.outputs.artifact-version }} + target-repository: ${{ inputs.target-repository }} diff --git a/.github/workflows/push-to-dev.yaml b/.github/workflows/push-to-stage.yaml similarity index 72% rename from .github/workflows/push-to-dev.yaml rename to .github/workflows/push-to-stage.yaml index ccc8c95e0..5448b1646 100644 --- a/.github/workflows/push-to-dev.yaml +++ b/.github/workflows/push-to-stage.yaml @@ -9,8 +9,7 @@ on: jobs: build-stage: name: Build stage - uses: ./.github/workflows/build-dev.yaml + uses: ./.github/workflows/release-stage.yaml with: branch: ${{ github.ref }} - upload-artifacts: true secrets: inherit diff --git a/.github/workflows/release-stage.yaml b/.github/workflows/release-stage.yaml new file mode 100644 index 000000000..241530bb3 --- /dev/null +++ b/.github/workflows/release-stage.yaml @@ -0,0 +1,52 @@ +on: + workflow_call: + inputs: + branch: + type: string + required: true + +jobs: + debug-job: + runs-on: ubuntu-latest + steps: + - name: debug + run: | + echo "${{ inputs.branch }}" + echo "${{ github.base_ref }}" + + java-version: + needs: debug-job + runs-on: ubuntu-latest + outputs: + java-version: ${{ steps.get-java-version.outputs.java-version }} + steps: + - name: Checkout client + uses: actions/checkout@v4 + with: + ref: ${{ inputs.branch }} + + - name: Get java version + id: get-java-version + run: | + echo java-version="$(grep '' pom.xml | sed -e 's/<[^>]*>//g' | awk '{$1=$1};1')" >> $GITHUB_OUTPUT + + - name: Debug - java-version + run: | + echo ${{ steps.get-java-version.outputs.java-version }} + + build: + uses: ./.github/workflows/release.yaml + needs: java-version + strategy: + matrix: + crypto-type: [bouncycastle, gnu] + with: + java-version: ${{ needs.java-version.outputs.java-version }} + branch: ${{ inputs.branch }} + crypto-type: ${{ matrix.crypto-type }} + secrets: inherit + + aggregate-published-artifacts: + uses: ./.github/workflows/aggregate-build.yaml + needs: build + secrets: inherit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 000000000..0c3a01319 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,83 @@ +permissions: + # This is required for requesting the OIDC token + id-token: write + +on: + workflow_call: + inputs: + branch: + type: string + required: true + java-version: + type: string + required: true + crypto-type: + type: string + required: true + secrets: + GPG_SECRET_KEY: + required: true + GPG_PASS: + required: true + JFROG_OIDC_PROVIDER: + required: true + JFROG_OIDC_AUDIENCE: + required: true + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ inputs.branch }} + + # Java plugin will setup gpg but we are not using maven to deploy do JFrog. + # - jf mvn clean install on publish does not publish POM we would like to publish + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: "semeru" + java-version: ${{ inputs.java-version }} + gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} + gpg-passphrase: GPG_PASS + + - name: Build all modules + shell: bash + run: mvn clean install -P ${{ inputs.crypto-type }} # The crypto profile is usually set with set_crypto but since we need to toggle multiple prfiles set_crypto option is not being picked up + + - name: Stage artifacts for publish + working-directory: client + shell: bash + run: mvn clean source:jar javadoc:jar install -P gpg -P ${{ inputs.crypto-type }} # The crypto profile is usually set with set_crypto but since we need to toggle multiple prfiles set_crypto option is not being picked up + env: + GPG_PASS: ${{ secrets.GPG_PASS }} + + - name: Get artifact name + id: get-artifact-name + working-directory: client + run: | + echo artifact-name=$(mvn help:evaluate -Dexpression=project.build.finalName -P ${{ inputs.crypto-type }} -q -DforceStdout) >> $GITHUB_OUTPUT + + - name: Get artifact ID + id: get-artifact-id + working-directory: client + run: | + echo artifact-id="aerospike-client${{ inputs.crypto-type == 'bouncycastle' && '-bc' || '' }}-jdk${{ inputs.java-version }}" >> $GITHUB_OUTPUT + + - name: Get artifact version + id: get-artifact-version + working-directory: client + run: | + echo artifact-version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) >> $GITHUB_OUTPUT + + - name: Publish to JFrog + uses: ./.github/actions/publish-to-jfrog + with: + crypto-type: ${{ inputs.crypto-type }} + oidc-provider: ${{ secrets.JFROG_OIDC_PROVIDER }} + oidc-audience: ${{ secrets.JFROG_OIDC_AUDIENCE }} + artifact-name: ${{ steps.get-artifact-name.outputs.artifact-name }} + artifact-id: ${{ steps.get-artifact-id.outputs.artifact-id }} + artifact-version: ${{ steps.get-artifact-version.outputs.artifact-version }} diff --git a/benchmarks/pom.xml b/benchmarks/pom.xml index e779b50f1..a0734fccb 100644 --- a/benchmarks/pom.xml +++ b/benchmarks/pom.xml @@ -6,7 +6,7 @@ com.aerospike aerospike-parent - 9.0.2 + ${revision} aerospike-benchmarks jar diff --git a/client/config.json b/client/config.json new file mode 100644 index 000000000..9963bf030 --- /dev/null +++ b/client/config.json @@ -0,0 +1,12 @@ +{ + "files": [ + { + "pattern": "target/*.jar", + "target": "test" + }, + { + "pattern": "one", + "target": "another" + } + ] +} diff --git a/client/config.template b/client/config.template new file mode 100644 index 000000000..5638046b9 --- /dev/null +++ b/client/config.template @@ -0,0 +1,12 @@ +{ + "files": [ + { + "pattern": "target/*.jar", + "target": "" + }, + { + "pattern": "", + "target": "" + } + ] +} diff --git a/client/src/resources/bouncy_pom.xml b/client/deploy-resources/bouncycastle_pom.xml similarity index 98% rename from client/src/resources/bouncy_pom.xml rename to client/deploy-resources/bouncycastle_pom.xml index c32d7bea6..1fc1c059c 100644 --- a/client/src/resources/bouncy_pom.xml +++ b/client/deploy-resources/bouncycastle_pom.xml @@ -2,7 +2,7 @@ 4.0.0 com.aerospike aerospike-client-bc-jdk21 - 9.0.1 + 9.0.2 jar Aerospike Java Client BC Aerospike Java client interface to Aerospike database server. Uses Bouncy Castle crypto library for RIPEMD-160 hashing. diff --git a/client/src/resources/gnu_pom.xml b/client/deploy-resources/gnu_pom.xml similarity index 98% rename from client/src/resources/gnu_pom.xml rename to client/deploy-resources/gnu_pom.xml index 3682ae49a..5005254e9 100644 --- a/client/src/resources/gnu_pom.xml +++ b/client/deploy-resources/gnu_pom.xml @@ -2,7 +2,7 @@ 4.0.0 com.aerospike aerospike-client-jdk21 - 9.0.1 + 9.0.2 jar Aerospike Java Client Aerospike Java client interface to Aerospike database server diff --git a/client/deploy-resources/publish-spec.json.template b/client/deploy-resources/publish-spec.json.template new file mode 100644 index 000000000..4d4bb0231 --- /dev/null +++ b/client/deploy-resources/publish-spec.json.template @@ -0,0 +1,16 @@ +{ + "files": [ + { + "pattern": "target/*.asc", + "target": "" + }, + { + "pattern": "target/*.jar", + "target": "" + }, + { + "pattern": "", + "target": "" + } + ] +} diff --git a/client/pom.xml b/client/pom.xml index baa6963c9..cda8518d2 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -6,9 +6,9 @@ com.aerospike aerospike-parent - 9.0.2 + ${revision} - aerospike-client-jdk21 + aerospike-client${crypto.type}-jdk21 jar aerospike-client-jdk21 @@ -114,16 +114,17 @@ install install-file - + - ${project.basedir}/src/resources/bouncy_pom.xml + ${project.basedir}/deploy-resources/bouncycastle_pom.xml target/${project.build.finalName}.jar com.aerospike aerospike-client${crypto.type}-jdk21 - - - - + true + + + + @@ -183,19 +184,47 @@ install install-file - + - ${project.basedir}/src/resources/gnu_pom.xml + ${project.basedir}/deploy-resources/gnu_pom.xml target/${project.build.finalName}.jar com.aerospike aerospike-client${crypto.type}-jdk21 - + true + + + gpg + + + + org.apache.maven.plugins + maven-gpg-plugin + 3.1.0 + + + sign-artifacts + verify + + sign + + + + + + --pinentry-mode + loopback + + + + + + @@ -301,7 +330,6 @@ - diff --git a/examples/pom.xml b/examples/pom.xml index 7e668d44d..8d8da1e34 100644 --- a/examples/pom.xml +++ b/examples/pom.xml @@ -6,7 +6,7 @@ com.aerospike aerospike-parent - 9.0.2 + ${revision} aerospike-examples jar diff --git a/pom.xml b/pom.xml index fb3e8f36c..4eea320ed 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ com.aerospike aerospike-parent aerospike-parent - 9.0.2 + ${revision} pom https://github.com/aerospike/aerospike-client-java @@ -29,6 +29,7 @@ + 9.0.2 UTF-8 UTF-8 @@ -43,6 +44,7 @@ 0.4 1.9.0 4.13.1 + 3.1.3 @@ -134,6 +136,31 @@ org.apache.maven.plugins maven-javadoc-plugin ${maven-javadoc-plugin.version} + + + + org.codehaus.mojo + flatten-maven-plugin + + true + resolveCiFriendliesOnly + + + + flatten + process-resources + + flatten + + + + flatten.clean + clean + + clean + + + diff --git a/test/pom.xml b/test/pom.xml index e6d5d0086..8649bb7f7 100644 --- a/test/pom.xml +++ b/test/pom.xml @@ -6,7 +6,7 @@ com.aerospike aerospike-parent - 9.0.2 + ${revision} aerospike-client-test jar