merge: #950 #752
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# If this workflow is triggered by a push to main, it deploys a SNAPSHOT | |
# If this workflow is triggered manually, it deploys a SNAPSHOT | |
# If this workflow is triggered by publishing a Release, it | |
# deploys a RELEASE with the selected version | |
# updates the project version by incrementing the patch version | |
# commits the version update change to the repository's default branch (main). | |
name: Deploy artifacts | |
on: | |
push: | |
branches: [main] | |
release: | |
types: [published] | |
jobs: | |
test: | |
uses: ./.github/workflows/build-test.yml | |
deploy: | |
runs-on: ubuntu-latest | |
needs: [test] | |
env: | |
OWNER: "camunda" | |
IMAGE_NAME: "zeebe-process-test-engine" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Import Secrets | |
id: secrets | |
uses: hashicorp/[email protected] | |
with: | |
url: ${{ secrets.VAULT_ADDR }} | |
method: approle | |
roleId: ${{ secrets.VAULT_ROLE_ID }} | |
secretId: ${{ secrets.VAULT_SECRET_ID }} | |
secrets: | | |
secret/data/products/zeebe/ci/zeebe-process-test REGISTRY_HUB_DOCKER_COM_USR; | |
secret/data/products/zeebe/ci/zeebe-process-test REGISTRY_HUB_DOCKER_COM_PSW; | |
secret/data/products/zeebe/ci/zeebe-process-test ARTIFACTS_USR; | |
secret/data/products/zeebe/ci/zeebe-process-test ARTIFACTS_PSW; | |
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_DEPLOYMENT_USR; | |
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_DEPLOYMENT_PSW; | |
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE; | |
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_GPG_SIGNING_KEY_SEC; | |
- name: Set up Java environment | |
uses: actions/setup-java@v3 | |
with: | |
distribution: temurin | |
java-version: 21 | |
cache: maven | |
- name: Build jar | |
run: | | |
mvn clean package -DskipTests -P !localBuild -pl :zeebe-process-test-engine-agent -am | |
# We build a docker image with a specific tag. There are 2 possible scenarios here. | |
# 1. The workflow is triggered manually or by a change on the main branch. The tag should be equal to the project.version. | |
# 2. The workflow is triggered by a new release. The tag should be the version of the release. | |
- name: Build Docker image | |
run: | | |
if ! [ -z "${{ github.event.release.tag_name }}" ]; then | |
TAG="${{ github.event.release.tag_name }}" | |
else | |
TAG=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) | |
fi | |
cd engine-agent | |
docker build . -t $IMAGE_NAME:$TAG | |
# We push the docker image to dockerhub | |
- name: Push Docker image | |
run: | | |
if ! [ -z "${{ github.event.release.tag_name }}" ]; then | |
TAG="${{ github.event.release.tag_name }}" | |
else | |
TAG=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) | |
fi | |
echo '${{ steps.secrets.outputs.REGISTRY_HUB_DOCKER_COM_PSW }}' | docker login -u '${{ steps.secrets.outputs.REGISTRY_HUB_DOCKER_COM_USR }}' --password-stdin | |
echo $IMAGE_NAME | |
echo $TAG | |
IMAGE_ID=$OWNER/$IMAGE_NAME | |
echo $IMAGE_ID | |
docker tag $IMAGE_NAME:$TAG $IMAGE_ID:$TAG | |
docker push $IMAGE_ID:$TAG | |
- name: Import GPG key | |
id: import_gpg | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
gpg_private_key: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_SEC }} | |
passphrase: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE }} | |
# We want the community-action-maven-release to update the versions on the correct branch. For | |
# this reason an extra step is introduced to decide what branch we should pass to this action. | |
# In the case of a push to the main branch, or an alpha release we should update the main branch. | |
# In other cases a stable/major.minor branch should be available. In this step we first find | |
# the major and minor versions of this tag. If we found them we will set the BRANCH env variable | |
# to stable/major.minor. | |
- name: Decide git branch | |
id: branch | |
run: | | |
if ! [ -z "${{ github.event.release.tag_name }}" ] && [[ "${{ github.event.release.tag_name }}" != *"alpha"* ]]; then | |
MAJOR_MINOR_VERSION=$(echo ${{ github.event.release.tag_name }} | sed -rn 's/^([0-9]+.[0-9]+).[0-9]+.*$/\1/p') | |
test -z "${MAJOR_MINOR_VERSION}" && echo "::error::Tag ${{ github.event.release.tag_name }} does not adhere to semantic versioning" && exit 1 | |
echo "branch=stable/${MAJOR_MINOR_VERSION}" >> $GITHUB_OUTPUT | |
echo "Branch = stable/${MAJOR_MINOR_VERSION}" | |
else | |
echo "branch=${{ github.event.repository.default_branch }}" >> $GITHUB_OUTPUT | |
echo "Branch = ${{ github.event.repository.default_branch }}" | |
fi | |
# In extension-testcontainer we have a config file which contains the image tag. This is managed by maven and | |
# maven will set this to the project version in this step, unless the placeholder (${project.version}) has been | |
# overridden by the "Update tag in config" step. This happens when the workflow is triggered by a change on the | |
# main branch. | |
- name: Build and deploy to Maven | |
id: release | |
uses: camunda-community-hub/community-action-maven-release@v1 | |
with: | |
release-version: ${{ github.event.release.tag_name }} | |
release-profile: community-action-maven-release | |
nexus-usr: ${{ steps.secrets.outputs.ARTIFACTS_USR }} | |
nexus-psw: ${{ steps.secrets.outputs.ARTIFACTS_PSW }} | |
maven-usr: ${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_USR }} | |
maven-psw: ${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_PSW }} | |
maven-gpg-passphrase: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE }} | |
maven-url: s01.oss.sonatype.org | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
branch: ${{ steps.branch.outputs.branch }} | |
- name: Attach artifacts to GitHub Release (Release only) | |
if: github.event.release | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ github.event.release.upload_url }} | |
asset_path: ${{ steps.release.outputs.artifacts_archive_path }} | |
asset_name: ${{ steps.release.outputs.artifacts_archive_path }} | |
asset_content_type: application/zip |