From c7545699e3a5ffb1a7e26659b888661719ec8b59 Mon Sep 17 00:00:00 2001 From: Joe Di Pol Date: Thu, 2 Nov 2023 17:07:48 -0700 Subject: [PATCH] Add release workflow --- .github/workflows/release.yaml | 66 ++++++++++++++++++++++++++++++++++ etc/scripts/pipeline-env.sh | 46 +++++++++++++++++++----- etc/scripts/release.sh | 19 ++++++---- 3 files changed, 116 insertions(+), 15 deletions(-) create mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 00000000000..0f2b9366002 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,66 @@ +# Notes +# - cannot run on Windows, as we use shell scripts + +name: "Release" + +on: + push: + branches: + - 'release-*' +env: + JAVA_VERSION: '11' + JAVA_DISTRO: 'temurin' + MAVEN_HTTP_ARGS: '-Dmaven.wagon.httpconnectionManager.ttlSeconds=60 -Dmaven.wagon.http.retryHandler.count=3' + +concurrency: + group: release-${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + copyright: + timeout-minutes: 10 + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set up JDK ${{ env.JAVA_VERSION }} + uses: actions/setup-java@v3.13.0 + with: + distribution: ${{ env.JAVA_DISTRO }} + java-version: ${{ env.JAVA_VERSION }} + cache: maven + - name: Copyright + run: etc/scripts/copyright.sh + release: + timeout-minutes: 60 + runs-on: ubuntu-20.04 + environment: release + steps: + - uses: actions/checkout@v3 + with: + token: ${{ secrets.SERVICE_ACCOUNT_TOKEN }} + fetch-depth: '0' + - name: Set up JDK ${{ env.JAVA_VERSION }} + uses: actions/setup-java@v3.13.0 + with: + distribution: ${{ env.JAVA_DISTRO }} + java-version: ${{ env.JAVA_VERSION }} + cache: maven + - name: Release + env: + GPG_PASSPHRASE: ${{ secrets.HELIDON_GPG_PASSPHRASE }} + GPG_PRIVATE_KEY: ${{ secrets.HELIDON_GPG_PRIVATE_KEY }} + GPG_PUBLIC_KEY: ${{ secrets.HELIDON_GPG_PUBLIC_KEY }} + MAVEN_SETTINGS: ${{ secrets.MAVEN_SETTINGS }} + RELEASE_WORKFLOW: "true" + run: | + git config user.email "helidon-robot_ww@oracle.com" + git config user.name "Helidon Robot" + etc/scripts/release.sh release_build + - name: Upload Staged Artifacts + uses: actions/upload-artifact@v3 + with: + name: io-helidon-artifacts-${{ github.ref_name }} + path: parent/target/nexus-staging/ + retention-days: 90 diff --git a/etc/scripts/pipeline-env.sh b/etc/scripts/pipeline-env.sh index f91104068a5..f9dd28e55ac 100644 --- a/etc/scripts/pipeline-env.sh +++ b/etc/scripts/pipeline-env.sh @@ -44,12 +44,16 @@ require_env() { return 1 fi } + + +MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn" +MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.showDateTime=true" +MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS" +MAVEN_ARGS="${MAVEN_ARGS} -B ${MAVEN_HTTP_ARGS}" + if [ -n "${JENKINS_HOME}" ] ; then - export JAVA_HOME="/tools/jdk11" - MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn" - MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.showDateTime=true" - MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS" - export MAVEN_OPTS + export PIPELINE="true" + export JAVA_HOME="/tools/jdk11.0.12" export PATH="/tools/apache-maven-3.6.3/bin:${JAVA_HOME}/bin:/tools/node-v12/bin:${PATH}" if [ -n "${GITHUB_SSH_KEY}" ] ; then export GIT_SSH_COMMAND="ssh -i ${GITHUB_SSH_KEY}" @@ -61,8 +65,6 @@ if [ -n "${JENKINS_HOME}" ] ; then if [ -n "${NPM_CONFIG_REGISTRY}" ] ; then MAVEN_ARGS="${MAVEN_ARGS} -Dnpm.download.root=${NPM_CONFIG_REGISTRY}/npm/-/" fi - export MAVEN_ARGS - if [ -n "${https_proxy}" ] && [[ ! "${https_proxy}" =~ ^http:// ]] ; then export https_proxy="http://${https_proxy}" fi @@ -96,4 +98,32 @@ if [ -n "${JENKINS_HOME}" ] ; then GPG_KEYGRIP=$(gpg --with-keygrip -K | grep "Keygrip" | head -1 | awk '{print $3}') /usr/lib/gnupg/gpg-preset-passphrase --preset "${GPG_KEYGRIP}" <<< "${GPG_PASSPHRASE}" fi -fi \ No newline at end of file +fi + +if [ -n "${RELEASE_WORKFLOW}" ] ; then + if [ -n "${MAVEN_SETTINGS}" ] ; then + export MAVEN_SETTINGS_FILE="${HOME}/.m2/settings.xml" + echo "${MAVEN_SETTINGS}" > "${MAVEN_SETTINGS_FILE}" + MAVEN_ARGS="${MAVEN_ARGS} -s ${MAVEN_SETTINGS_FILE}" + fi + if [ -n "${GPG_PUBLIC_KEY}" ] ; then + tmpfile=$(mktemp /tmp/pub.XXXXXX.key) + echo "${GPG_PUBLIC_KEY}" > "${tmpfile}" + gpg --import --no-tty --batch "${tmpfile}" + rm "$tmpfile" + fi + if [ -n "${GPG_PRIVATE_KEY}" ] ; then + tmpfile=$(mktemp /tmp/pri.XXXXXX.key) + echo "${GPG_PRIVATE_KEY}" > "${tmpfile}" + gpg --allow-secret-key-import --import --no-tty --batch "${tmpfile}" + rm "$tmpfile" + fi + if [ -n "${GPG_PASSPHRASE}" ] ; then + echo "allow-preset-passphrase" >> ~/.gnupg/gpg-agent.conf + gpg-connect-agent reloadagent /bye + GPG_KEYGRIP=$(gpg --with-keygrip -K | grep "Keygrip" | head -1 | awk '{print $3}') + /usr/lib/gnupg/gpg-preset-passphrase --preset "${GPG_KEYGRIP}" <<< "${GPG_PASSPHRASE}" + fi +fi +export MAVEN_ARGS +export MAVEN_OPTS diff --git a/etc/scripts/release.sh b/etc/scripts/release.sh index a98defb67f1..d736a32b79d 100755 --- a/etc/scripts/release.sh +++ b/etc/scripts/release.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2018, 2020 Oracle and/or its affiliates. +# Copyright (c) 2018, 2023 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -214,14 +214,19 @@ release_build(){ -DstagingDescription="${STAGING_DESC}" # Create and push a git tag - local GIT_REMOTE=$(git config --get remote.origin.url | \ - sed "s,https://\([^/]*\)/,git@\1:,") + git tag -f "${FULL_VERSION}" + if [ -n "${JENKINS_HOME}" ] ; then + # In Jenkins use SSH to access remote + local GIT_REMOTE=$(git config --get remote.origin.url | \ + sed "s,https://\([^/]*\)/,git@\1:,") - git remote add release "${GIT_REMOTE}" > /dev/null 2>&1 || \ - git remote set-url release "${GIT_REMOTE}" + git remote add release "${GIT_REMOTE}" > /dev/null 2>&1 || \ + git remote set-url release "${GIT_REMOTE}" - git tag -f "${FULL_VERSION}" - git push --force release refs/tags/"${FULL_VERSION}":refs/tags/"${FULL_VERSION}" + git push --force release refs/tags/"${FULL_VERSION}":refs/tags/"${FULL_VERSION}" + else + git push --force origin refs/tags/"${FULL_VERSION}":refs/tags/"${FULL_VERSION}" + fi } # Invoke command