ES-185 (#141) #131
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: NPM and Maven Package upon a push | |
on: | |
push: | |
branches: | |
- '!release-branch' | |
- release-* | |
- master | |
- develop | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
ref: ${{ github.ref }} | |
java-version: 11 | |
server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml | |
settings-path: ${{ github.workspace }} # location for the settings.xml file | |
- name: Setup branch and env | |
run: | | |
# Strip git ref prefix from version | |
echo "BRANCH_NAME=$(echo ${{ github.ref }} | sed -e 's,.*/\(.*\),\1,')" >> $GITHUB_ENV | |
echo "GPG_TTY=$(tty)" >> $GITHUB_ENV | |
- name: Setup branch and GPG public key | |
run: | | |
# Strip git ref prefix from version | |
echo ${{ env.BRANCH_NAME }} | |
echo ${{ env.GPG_TTY }} | |
sudo apt-get --yes install gnupg2 | |
gpg2 --import ./.github/keys/mosipgpgkey_pub.gpg | |
gpg2 --quiet --batch --passphrase=${{secrets.gpg_secret}} --allow-secret-key-import --import ./.github/keys/mosipgpgkey_sec.gpg | |
- uses: actions/cache@v1 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven-${{ env.BRANCH_NAME }} | |
- name: Setup the settings file for ossrh server | |
run: echo "<settings> <servers> <server> <id>ossrh</id> <username>${{secrets.ossrh_user}}</username> <password>${{secrets.ossrh_secret}}</password> </server> </servers> <profiles> <profile> <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.executable>gpg2</gpg.executable> <gpg.passphrase>${{secrets.gpg_secret}}</gpg.passphrase> </properties> </profile> <profile> <id>allow-snapshots</id> <activation><activeByDefault>true</activeByDefault></activation> <repositories> <repository> <id>snapshots-repo</id> <url>https://oss.sonatype.org/content/repositories/snapshots</url> <releases><enabled>false</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </repository> <repository> <id>releases-repo</id> <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url> <releases><enabled>true</enabled></releases> <snapshots><enabled>false</enabled></snapshots> </repository> </repositories> </profile> <profile> <id>sonar</id> <properties> <sonar.sources>.</sonar.sources> <sonar.host.url>https://sonarcloud.io</sonar.host.url> </properties> <activation> <activeByDefault>false</activeByDefault> </activation> </profile> </profiles> </settings>" > $GITHUB_WORKSPACE/settings.xml | |
- name: Build with Maven | |
run: | | |
cd mock-identity-system | |
mvn -B package -s $GITHUB_WORKSPACE/settings.xml --file pom.xml | |
- name: Ready the springboot artifacts | |
run: find -name '*.jar' -executable -type f -exec zip release.zip {} + | |
- name: Upload the springboot jars | |
uses: actions/upload-artifact@v1 | |
with: | |
name: release | |
path: ./release.zip | |
- uses: 8398a7/action-slack@v3 | |
with: | |
status: ${{ job.status }} | |
fields: repo,message,commit,author,action,eventName,ref,workflow,job,took # selectable (default: repo,message) | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} # required | |
if: failure() # Pick up events even if the job fails or is canceled. | |
publish_to_nexus: | |
if: "!contains(github.ref, 'master')" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
ref: ${{ github.ref }} | |
java-version: 11 | |
server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml | |
settings-path: ${{ github.workspace }} # location for the settings.xml file | |
- name: Setup branch and env | |
run: | | |
# Strip git ref prefix from version | |
echo "BRANCH_NAME=$(echo ${{ github.ref }} | sed -e 's,.*/\(.*\),\1,')" >> $GITHUB_ENV | |
echo "GPG_TTY=$(tty)" >> $GITHUB_ENV | |
- name: Setup branch and GPG public key | |
run: | | |
# Strip git ref prefix from version | |
echo ${{ env.BRANCH_NAME }} | |
echo ${{ env.GPG_TTY }} | |
sudo apt-get --yes install gnupg2 | |
gpg2 --import ./.github/keys/mosipgpgkey_pub.gpg | |
gpg2 --quiet --batch --passphrase=${{secrets.gpg_secret}} --allow-secret-key-import --import ./.github/keys/mosipgpgkey_sec.gpg | |
- uses: actions/cache@v1 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven-${{ env.BRANCH_NAME }} | |
- name: Setup the settings file for ossrh server | |
run: echo "<settings> <servers> <server> <id>ossrh</id> <username>${{secrets.RELEASE_USER}}</username> <password>${{secrets.RELEASE_TOKEN}}</password> </server> </servers> <profiles> <profile> <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.executable>gpg2</gpg.executable> <gpg.passphrase>${{secrets.gpg_secret}}</gpg.passphrase> </properties> </profile> <profile> <id>allow-snapshots</id> <activation><activeByDefault>true</activeByDefault></activation> <repositories> <repository> <id>snapshots-repo</id> <url>https://oss.sonatype.org/content/repositories/snapshots</url> <releases><enabled>false</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </repository> <repository> <id>releases-repo</id> <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url> <releases><enabled>true</enabled></releases> <snapshots><enabled>false</enabled></snapshots> </repository> </repositories> </profile> <profile> <id>sonar</id> <properties> <sonar.sources>.</sonar.sources> <sonar.host.url>https://sonarcloud.io</sonar.host.url> </properties> <activation> <activeByDefault>false</activeByDefault> </activation> </profile> </profiles> </settings>" > $GITHUB_WORKSPACE/settings.xml | |
- name: Install xmllint | |
run: | | |
sudo apt-get update | |
sudo apt-get install libxml2-utils | |
- name: Build with Maven | |
run: | | |
mvn -B package --file pom.xml -s $GITHUB_WORKSPACE/settings.xml | |
- name: Publish the maven package | |
run: | | |
mvn deploy -DaltDeploymentRepository=ossrh::default::${{ secrets.OSSRH_SNAPSHOT_URL }} -s $GITHUB_WORKSPACE/settings.xml -f pom.xml | |
env: | |
GITHUB_TOKEN: ${{ secrets.RELEASE_token }} | |
GPG_TTY: $(tty) | |
build-mock-relying-party-ui: | |
runs-on: ubuntu-latest | |
env: | |
NAMESPACE: ${{ secrets.dev_namespace_docker_hub }} | |
SERVICE_NAME: mock-relying-party-ui | |
SERVICE_LOCATION: mock-relying-party-ui | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-node@v1 | |
- name: Setup branch and env | |
run: | | |
# Strip git ref prefix from version | |
echo "BRANCH_NAME=$(echo ${{ github.ref }} | sed -e 's,.*/\(.*\),\1,')" >> $GITHUB_ENV | |
echo "GPG_TTY=$(tty)" >> $GITHUB_ENV | |
- name: Get current date | |
run: echo "BUILD_DATETIME=$(date +'%Y-%m-%d %HH:%MM:%Ss')" >> $GITHUB_ENV | |
- name: Build image | |
run: | | |
cd "./${{env.SERVICE_LOCATION}}" | |
docker build . --file Dockerfile --build-arg SOURCE=mosip --build-arg COMMIT_HASH=$(git rev-parse HEAD) --build-arg COMMIT_ID=$(git rev-parse --short HEAD) --build-arg BUILD_TIME="${{ env.BUILD_DATETIME }}" --tag ${{ env.SERVICE_NAME }} | |
- name: Log into registry | |
run: echo "${{ secrets.release_docker_hub }}" | docker login -u ${{ secrets.actor_docker_hub }} --password-stdin | |
- name: Push image | |
run: | | |
IMAGE_ID=$NAMESPACE/$SERVICE_NAME | |
# Change all uppercase to lowercase | |
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') | |
if [[ $BRANCH_NAME == master ]]; then | |
VERSION=latest | |
else | |
VERSION=$BRANCH_NAME | |
fi | |
echo "push version $VERSION" | |
echo IMAGE_ID=$IMAGE_ID | |
echo VERSION=$VERSION | |
docker tag $SERVICE_NAME $IMAGE_ID:$VERSION | |
docker push $IMAGE_ID:$VERSION | |
- uses: 8398a7/action-slack@v3 | |
with: | |
status: ${{ job.status }} | |
fields: repo,message,commit,workflow,job # selectable (default: repo,message) | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} # required | |
if: failure() # Pick up events even if the job fails or is canceled. | |
build-mock-relying-party-service: | |
runs-on: ubuntu-latest | |
env: | |
NAMESPACE: ${{ secrets.dev_namespace_docker_hub }} | |
SERVICE_NAME: mock-relying-party-service | |
SERVICE_LOCATION: mock-relying-party-service | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-node@v1 | |
- name: Setup branch and env | |
run: | | |
# Strip git ref prefix from version | |
echo "BRANCH_NAME=$(echo ${{ github.ref }} | sed -e 's,.*/\(.*\),\1,')" >> $GITHUB_ENV | |
echo "GPG_TTY=$(tty)" >> $GITHUB_ENV | |
- name: Get current date | |
run: echo "BUILD_DATETIME=$(date +'%Y-%m-%d %HH:%MM:%Ss')" >> $GITHUB_ENV | |
- name: Build image | |
run: | | |
cd "./${{env.SERVICE_LOCATION}}" | |
docker build . --file Dockerfile --build-arg SOURCE=mosip --build-arg COMMIT_HASH=$(git rev-parse HEAD) --build-arg COMMIT_ID=$(git rev-parse --short HEAD) --build-arg BUILD_TIME="${{ env.BUILD_DATETIME }}" --tag ${{ env.SERVICE_NAME }} | |
- name: Log into registry | |
run: echo "${{ secrets.release_docker_hub }}" | docker login -u ${{ secrets.actor_docker_hub }} --password-stdin | |
- name: Push image | |
run: | | |
IMAGE_ID=$NAMESPACE/$SERVICE_NAME | |
# Change all uppercase to lowercase | |
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') | |
VERSION=$BRANCH_NAME | |
echo "push version $VERSION" | |
echo IMAGE_ID=$IMAGE_ID | |
echo VERSION=$VERSION | |
docker tag $SERVICE_NAME $IMAGE_ID:$VERSION | |
docker push $IMAGE_ID:$VERSION | |
- uses: 8398a7/action-slack@v3 | |
with: | |
status: ${{ job.status }} | |
fields: repo,message,commit,author,job,took # selectable (default: repo,message) | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} # required | |
if: failure() # Pick up events even if the job fails or is canceled. | |
mock-identity-system: | |
needs: build | |
runs-on: ubuntu-latest | |
env: | |
NAMESPACE: ${{ secrets.dev_namespace_docker_hub }} | |
SERVICE_NAME: mock-identity-system | |
SERVICE_LOCATION: mock-identity-system | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/download-artifact@v1 | |
with: | |
name: release | |
path: ./ | |
- name: Setup branch name | |
run: | | |
# Strip git ref prefix from version | |
echo "BRANCH_NAME=$(echo ${{ github.ref }} | sed -e 's,.*/\(.*\),\1,')" >> $GITHUB_ENV | |
echo "GPG_TTY=$(tty)" >> $GITHUB_ENV | |
- name: Unzip and extract the mock-identity-system | |
run: unzip -uj "release.zip" "${{ env.SERVICE_LOCATION }}/target/*" -d "./${{ env.SERVICE_LOCATION }}/target" | |
- name: Get current date | |
id: date | |
run: echo "::set-output name=date::$(date +'%Y-%m-%d')" | |
- name: Build image | |
run: | | |
cd "./${{env.SERVICE_LOCATION}}" | |
docker build . --build-arg SOURCE=mosip --build-arg COMMIT_HASH=$(git rev-parse HEAD) --build-arg COMMIT_ID=$(git rev-parse --short HEAD) --build-arg BUILD_TIME=${{steps.date.outputs.date}} --file Dockerfile --tag ${{ env.SERVICE_NAME }} | |
- name: Log into registry | |
run: echo "${{ secrets.release_docker_hub }}" | docker login -u ${{ secrets.actor_docker_hub }} --password-stdin | |
- name: Push image | |
run: | | |
IMAGE_ID=$NAMESPACE/$SERVICE_NAME | |
# Change all uppercase to lowercase | |
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') | |
echo "push version ${{steps.getPomVersion.outputs.info}}" | |
if [[ $BRANCH_NAME == master ]]; then | |
VERSION=latest | |
else | |
VERSION=$BRANCH_NAME | |
fi | |
echo IMAGE_ID=$IMAGE_ID | |
echo VERSION=$VERSION | |
docker tag $SERVICE_NAME $IMAGE_ID:$VERSION | |
docker push $IMAGE_ID:$VERSION | |
- uses: 8398a7/action-slack@v3 | |
with: | |
status: ${{ job.status }} | |
fields: repo,message,commit,author,action,eventName,ref,workflow,job,took # selectable (default: repo,message) | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_DEVOPS_WEBHOOK }} # required | |
if: failure() # Pick up events even if the job fails or is canceled. | |
sonar_analysis: | |
runs-on: ubuntu-latest | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-node@v1 | |
with: | |
node-version: '14' | |
- name: Setup branch and env | |
run: | | |
# Strip git ref prefix from version | |
echo "BRANCH_NAME=$(echo ${{ github.ref }} | sed -e 's,.*/\(.*\),\1,')" >> $GITHUB_ENV | |
echo "GPG_TTY=$(tty)" >> $GITHUB_ENV | |
- name: run sonar analysis | |
run: | | |
mvn -B -Dgpg.skip verify sonar:sonar -Dsonar.projectKey=mosip_esignet-mock-services -Dsonar.organization=${{ secrets.ORG_KEY }} -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=${{ secrets.SONAR_TOKEN }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |