From f6789f198970eb47ec1bcd69ae757bc9f018f864 Mon Sep 17 00:00:00 2001
From: Linsong Wang <linsong@Linsongs-MacBook-Pro-IBM.local>
Date: Thu, 23 May 2024 12:59:46 -0700
Subject: [PATCH] add build and release pipeline

---
 Jenkinsfile          | 138 +++++++++++++++++++++++++++++++++++++++++++
 jenkins/agent.yaml   |  19 ++++++
 jenkins/settings.xml |  33 +++++++++++
 3 files changed, 190 insertions(+)
 create mode 100644 Jenkinsfile
 create mode 100644 jenkins/agent.yaml
 create mode 100644 jenkins/settings.xml

diff --git a/Jenkinsfile b/Jenkinsfile
new file mode 100644
index 000000000..0d578c5d1
--- /dev/null
+++ b/Jenkinsfile
@@ -0,0 +1,138 @@
+pipeline {
+
+    agent {
+        kubernetes {
+            defaultContainer 'maven'
+            yamlFile 'jenkins/agent.yaml'
+        }
+    }
+
+    environment {
+        GPG_SECRET     = credentials('presto-release-gpg-secret')
+        GPG_TRUST      = credentials("presto-release-gpg-trust")
+        GPG_PASSPHRASE = credentials("presto-release-gpg-passphrase")
+
+        GITHUB_OSS_TOKEN_ID = 'github-personal-token-wanglinsong'
+
+        SONATYPE_NEXUS_CREDS    = credentials('presto-sonatype-nexus-creds')
+        SONATYPE_NEXUS_PASSWORD = "$SONATYPE_NEXUS_CREDS_PSW"
+        SONATYPE_NEXUS_USERNAME = "$SONATYPE_NEXUS_CREDS_USR"
+    }
+
+    options {
+        buildDiscarder(logRotator(numToKeepStr: '100'))
+        disableConcurrentBuilds()
+        disableResume()
+        overrideIndexTriggers(false)
+        timeout(time: 30, unit: 'MINUTES')
+        timestamps()
+    }
+
+    parameters {
+        booleanParam(name: 'PERFORM_MAVEN_RELEASE',
+                     defaultValue: false,
+                     description: 'Release and update development version when running in the master')
+    }
+
+    stages {
+        stage('Setup') {
+            steps {
+                sh 'apt update && apt install -y bash build-essential git gpg python3 python3-venv'
+            }
+        }
+
+        stage ('Prepare to Release') {
+            steps {
+                script {
+                    env.REPO_CURRENT_VERSION = sh(
+                        script: 'mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -ntp -DforceStdout',
+                        returnStdout: true).trim()
+                }
+                echo "current version: ${REPO_CURRENT_VERSION}"
+
+                sh '''
+                    git config --global --add safe.directory ${PWD}
+                    git config --global user.email "oss-release-bot@prestodb.io"
+                    git config --global user.name "oss-release-bot"
+                '''
+
+                sh '''
+                    mvn release:prepare -B -DskipTests \
+                        -DautoVersionSubmodules=true \
+                        -DgenerateBackupPoms=false
+
+                    git branch
+                    git log --pretty="format:%ce: %s" -8
+                    SCM_TAG=$(cat release.properties | grep scm.tag=)
+                    echo ${SCM_TAG#*=} > repo-release-tag.txt
+                '''
+
+                script {
+                    env.REPO_RELEASE_TAG = sh(
+                        script: 'cat repo-release-tag.txt',
+                        returnStdout: true).trim()
+                }
+                echo "release tag: ${REPO_RELEASE_TAG}"
+            }
+        }
+
+        stage ('Release Maven Artifacts') {
+            when {
+                allOf {
+                    expression { params.PERFORM_MAVEN_RELEASE }
+                    branch 'master'
+                }
+            }
+
+            steps {
+                echo "Update GitHub Repo"
+
+                sh '''
+                    git switch -c master
+                    git branch
+                '''
+
+                sh '''#!/bin/bash -ex
+                    gpg --batch --import ${GPG_SECRET}
+                    echo ${GPG_TRUST} | gpg --import-ownertrust -
+                    gpg --list-secret-keys
+                    echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
+                '''
+
+                withCredentials([usernamePassword(
+                        credentialsId: "${GITHUB_OSS_TOKEN_ID}",
+                        passwordVariable: 'GIT_PASSWORD',
+                        usernameVariable: 'GIT_USERNAME')]) {
+                    sh '''
+                        git --no-pager log --since="60 days ago" --graph --pretty=format:'%C(auto)%h%d%Creset %C(cyan)(%cd)%Creset %C(green)%cn <%ce>%Creset %s'
+                        head -n 18 pom.xml
+                        ORIGIN="https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com/prestodb/drift.git"
+                        git push --follow-tags --set-upstream ${ORIGIN} master
+                    '''
+                }
+
+                echo "Release ${REPO_RELEASE_TAG} maven artifacts"
+                sh '''#!/bin/bash -ex
+                    export GPG_TTY=$TTY
+                    printenv | sort
+
+                    git checkout ${REPO_RELEASE_TAG}
+                    git status
+                    git branch
+                    git log -8
+                    head -n 18 pom.xml
+
+                    mvn -s ${WORKSPACE}/jenkins/settings.xml -V -B -U -e -T2C deploy \
+                        -DautoReleaseAfterClose=true \
+                        -Dgpg.passphrase=${GPG_PASSPHRASE} \
+                        -DkeepStagingRepositoryOnCloseRuleFailure=true \
+                        -DkeepStagingRepositoryOnFailure=true \
+                        -DskipTests \
+                        -Poss-release \
+                        -Pdeploy-to-ossrh \
+                        -DstagingProgressTimeoutMinutes=10
+                '''
+            }
+        }
+    }
+}
diff --git a/jenkins/agent.yaml b/jenkins/agent.yaml
new file mode 100644
index 000000000..410b3f9fc
--- /dev/null
+++ b/jenkins/agent.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  namespace: oss-agent
+spec:
+  serviceAccountName: oss-agent
+  containers:
+  - name: maven
+    image: maven:3.8.6-openjdk-8-slim
+    tty: true
+    resources:
+      requests:
+        memory: "1Gi"
+        cpu: "500m"
+      limits:
+        memory: "2Gi"
+        cpu: "1000m"
+    command:
+    - cat
diff --git a/jenkins/settings.xml b/jenkins/settings.xml
new file mode 100644
index 000000000..965a13f8c
--- /dev/null
+++ b/jenkins/settings.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<settings
+  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"
+  xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <servers>
+    <server>
+      <id>sonatype-nexus-snapshots</id>
+      <username>${env.SONATYPE_NEXUS_USERNAME}</username>
+      <password>${env.SONATYPE_NEXUS_PASSWORD}</password>
+    </server>
+    <server>
+      <id>sonatype.snapshots</id>
+      <username>${env.SONATYPE_NEXUS_USERNAME}</username>
+      <password>${env.SONATYPE_NEXUS_PASSWORD}</password>
+    </server>
+    <server>
+      <id>ossrh</id>
+      <username>${env.SONATYPE_NEXUS_USERNAME}</username>
+      <password>${env.SONATYPE_NEXUS_PASSWORD}</password>
+    </server>
+  </servers>
+  <profiles>
+    <profile>
+      <id>nexus</id>
+      <!--Enable snapshots for the built in central repo to direct -->
+      <!--all requests to nexus via the mirror -->
+    </profile>
+  </profiles>
+  <activeProfiles>
+    <activeProfile>nexus</activeProfile>
+  </activeProfiles>
+</settings>