Skip to content

Merge pull request #1271 from failnix/main #1

Merge pull request #1271 from failnix/main

Merge pull request #1271 from failnix/main #1

# If this workflow is triggered by a push to main, it deploys a SNAPSHOT
# If this workflow is triggered manually, it deploys a SNAPSHOT
# If this workflow is triggered by publishing a Release, it
# deploys a RELEASE with the selected version
# updates the project version by incrementing the patch version
# commits the version update change to the repository's default branch (main).
name: Deploy artifacts
on:
push:
branches: [main]
release:
types: [published]
jobs:
test:
uses: ./.github/workflows/build-test.yml
deploy:
runs-on: ubuntu-latest
needs: [test]
env:
OWNER: "camunda"
IMAGE_NAME: "zeebe-process-test-engine"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Import Secrets
id: secrets
uses: hashicorp/[email protected]
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
secret/data/products/zeebe/ci/zeebe-process-test REGISTRY_HUB_DOCKER_COM_USR;
secret/data/products/zeebe/ci/zeebe-process-test REGISTRY_HUB_DOCKER_COM_PSW;
secret/data/products/zeebe/ci/zeebe-process-test ARTIFACTS_USR;
secret/data/products/zeebe/ci/zeebe-process-test ARTIFACTS_PSW;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_DEPLOYMENT_USR;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_DEPLOYMENT_PSW;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_GPG_SIGNING_KEY_SEC;
- name: Set up Java environment
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 21
cache: maven
- name: Build jar
run: |
mvn clean package -DskipTests -P !localBuild -pl :zeebe-process-test-engine-agent -am
# We build a docker image with a specific tag. There are 2 possible scenarios here.
# 1. The workflow is triggered manually or by a change on the main branch. The tag should be equal to the project.version.
# 2. The workflow is triggered by a new release. The tag should be the version of the release.
- name: Build Docker image
run: |
if ! [ -z "${{ github.event.release.tag_name }}" ]; then
TAG="${{ github.event.release.tag_name }}"
else
TAG=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
fi
cd engine-agent
docker build . -t $IMAGE_NAME:$TAG
# We push the docker image to dockerhub
- name: Push Docker image
run: |
if ! [ -z "${{ github.event.release.tag_name }}" ]; then
TAG="${{ github.event.release.tag_name }}"
else
TAG=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
fi
echo '${{ steps.secrets.outputs.REGISTRY_HUB_DOCKER_COM_PSW }}' | docker login -u '${{ steps.secrets.outputs.REGISTRY_HUB_DOCKER_COM_USR }}' --password-stdin
echo $IMAGE_NAME
echo $TAG
IMAGE_ID=$OWNER/$IMAGE_NAME
echo $IMAGE_ID
docker tag $IMAGE_NAME:$TAG $IMAGE_ID:$TAG
docker push $IMAGE_ID:$TAG
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_SEC }}
passphrase: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE }}
# We want the community-action-maven-release to update the versions on the correct branch. For
# this reason an extra step is introduced to decide what branch we should pass to this action.
# In the case of a push to the main branch, or an alpha release we should update the main branch.
# In other cases a stable/major.minor branch should be available. In this step we first find
# the major and minor versions of this tag. If we found them we will set the BRANCH env variable
# to stable/major.minor.
- name: Decide git branch
id: branch
run: |
if ! [ -z "${{ github.event.release.tag_name }}" ] && [[ "${{ github.event.release.tag_name }}" != *"alpha"* ]]; then
MAJOR_MINOR_VERSION=$(echo ${{ github.event.release.tag_name }} | sed -rn 's/^([0-9]+.[0-9]+).[0-9]+.*$/\1/p')
test -z "${MAJOR_MINOR_VERSION}" && echo "::error::Tag ${{ github.event.release.tag_name }} does not adhere to semantic versioning" && exit 1
echo "branch=stable/${MAJOR_MINOR_VERSION}" >> $GITHUB_OUTPUT
echo "Branch = stable/${MAJOR_MINOR_VERSION}"
else
echo "branch=${{ github.event.repository.default_branch }}" >> $GITHUB_OUTPUT
echo "Branch = ${{ github.event.repository.default_branch }}"
fi
# In extension-testcontainer we have a config file which contains the image tag. This is managed by maven and
# maven will set this to the project version in this step, unless the placeholder (${project.version}) has been
# overridden by the "Update tag in config" step. This happens when the workflow is triggered by a change on the
# main branch.
- name: Build and deploy to Maven
id: release
uses: camunda-community-hub/community-action-maven-release@v1
with:
release-version: ${{ github.event.release.tag_name }}
release-profile: community-action-maven-release
nexus-usr: ${{ steps.secrets.outputs.ARTIFACTS_USR }}
nexus-psw: ${{ steps.secrets.outputs.ARTIFACTS_PSW }}
maven-usr: ${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_USR }}
maven-psw: ${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_PSW }}
maven-gpg-passphrase: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE }}
maven-url: s01.oss.sonatype.org
github-token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ steps.branch.outputs.branch }}
- name: Attach artifacts to GitHub Release (Release only)
if: github.event.release
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: ${{ steps.release.outputs.artifacts_archive_path }}
asset_name: ${{ steps.release.outputs.artifacts_archive_path }}
asset_content_type: application/zip