forked from SAP/cloud-sdk-java
-
Notifications
You must be signed in to change notification settings - Fork 0
447 lines (407 loc) · 16 KB
/
prepare_release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
name: Prepare Release
on:
workflow_dispatch:
inputs:
release_version:
description: "Release version, leave empty for default value based on current snapshot"
required: false
env:
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.color=false"
MVN_CLI_ARGS: "--batch-mode --no-transfer-progress --fail-at-end --show-version"
jobs:
prepare-release:
runs-on: ubuntu-latest
name: Prepare
permissions:
contents: write
pull-requests: write
outputs:
branch_name: ${{ steps.prepare-release.outputs.BRANCH_NAME }}
release_commit_id: ${{ steps.prepare-release.outputs.RELEASE_COMMIT_ID }}
release_version: ${{ steps.get-release-versions.outputs.RELEASE_VERSION }}
new_snapshot: ${{ steps.get-release-versions.outputs.NEW_SNAPSHOT }}
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
ref: ${{ github.event.repository.default_branch }}
- name: Setup java
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: "17"
- name: Determine Release Version
run: |
python .pipeline/scripts/get-release-versions.py
id: get-release-versions
env:
INPUT_VERSION: ${{ github.event.inputs.release_version }}
- run: "echo Release Version: ${{ steps.get-release-versions.outputs.RELEASE_VERSION }}"
- run: "echo Current Snapshot: ${{ steps.get-release-versions.outputs.CURRENT_SNAPSHOT }}"
- run: "echo New Snapshot: ${{ steps.get-release-versions.outputs.NEW_SNAPSHOT }}"
- name: Prepare git
run: |
git config --global user.email "[email protected]"
git config --global user.name "Maven Central Release Script"
- name: Set release version ${{ steps.get-release-versions.outputs.RELEASE_VERSION }}
id: prepare-release
run: |
# NOTE: If you change this pattern here, also adjust perform_release.yml:
BRANCH_NAME=RELEASE-${{ steps.get-release-versions.outputs.RELEASE_VERSION }}
echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_OUTPUT
git switch --create $BRANCH_NAME
python .pipeline/scripts/set-release-versions.py --version ${{ steps.get-release-versions.outputs.RELEASE_VERSION }}
git add .
git commit -m "Update to version ${{ steps.get-release-versions.outputs.RELEASE_VERSION }}"
# We need to get the commit id, and push the branch so the release tag will point at the right commit afterwards
RELEASE_COMMIT_ID=$(git log -1 --pretty=format:"%H")
echo "RELEASE_COMMIT_ID=$RELEASE_COMMIT_ID" >> $GITHUB_OUTPUT
git push origin $BRANCH_NAME:$BRANCH_NAME
build:
needs: prepare-release
runs-on: ubuntu-latest
# Permissions block is optional, useful for dependabot checks
permissions:
checks: write
contents: read
name: Test and Package
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ needs.prepare-release.outputs.release_commit_id }}
- name: Setup Java
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: 17
- name: Test and Package
run: |
python .pipeline/scripts/generate-javadoc-sourcepath-properties.py
mvn $MVN_CLI_ARGS install org.jacoco:jacoco-maven-plugin:report javadoc:aggregate -Pdocs
python .pipeline/scripts/generate-release-artifacts.py --version ${{ needs.prepare-release.outputs.release_version }} --path-prefix release --with-signing
zip -q -r sap-cloud-sdk-java-${{ needs.prepare-release.outputs.release_version }}.zip release
- name: Local Changes Check
run: |
CHANGED_FILES="$(git --no-pager diff --name-only)"
if [ ! -z "$CHANGED_FILES" ]; then
echo "There are local changes in the following files:"
echo "$CHANGED_FILES"
echo "Printing the git diff:"
git --no-pager diff
exit 1
fi
- name: Test Report
if: success() || failure()
uses: scacap/action-surefire-report@v1
- name: Coverage Report
run: |
python .pipeline/scripts/print-coverage.py --jacoco-report-pattern '**/target/site/jacoco/jacoco.csv'
- name: PMD
run: |
mvn $MVN_CLI_ARGS org.apache.maven.plugins:maven-pmd-plugin:pmd
python .pipeline/scripts/print-pmd.py
- name: Spotbugs
run: |
mvn $MVN_CLI_ARGS com.github.spotbugs:spotbugs-maven-plugin:spotbugs
python .pipeline/scripts/print-spotbugs.py
- name: Upload release package
uses: actions/upload-artifact@v3
with:
name: cloud-sdk-package
path: sap-cloud-sdk-java-${{ needs.prepare-release.outputs.release_version }}.zip
retention-days: 1
- name: Upload JavaDocs
uses: actions/upload-artifact@v3
with:
name: cloud-sdk-aggregated-javadoc
path: ./target/site/apidocs
archetypes:
runs-on: ubuntu-latest
needs: [prepare-release, build]
permissions:
checks: write
contents: read
strategy:
matrix:
task:
- {
"archetype": "spring-boot3",
"javaVersion": 17,
"startCommand": "mvn spring-boot:run -B",
}
name: ${{ matrix.task.archetype }}
steps:
- name: Setup Java
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: ${{ matrix.task.javaVersion }}
- name: Load Maven Repository
uses: actions/cache/restore@v3
id: restore-cache
with:
path: ~/.m2/repository
key: maven-central
- name: Download Release ZIP
uses: actions/download-artifact@v3
with:
name: cloud-sdk-package
path: .
- name: Install Release Artifacts
run: |
unzip sap-cloud-sdk-java-${{ needs.prepare-release.outputs.release_version }}.zip -d .
cd release
rm -rf /home/runner/.m2/repository/archetype-catalog.xml
mvn $MVN_CLI_ARGS install
mvn $MVN_CLI_ARGS archetype:crawl
cd ..
rm -rf release
- name: Generate ${{ matrix.task.archetype }}
run: >
mvn archetype:generate -B
-DarchetypeCatalog=local
-DarchetypeGroupId=com.sap.cloud.sdk.archetypes
-DarchetypeArtifactId=${{ matrix.task.archetype }}
-DarchetypeVersion=${{ needs.prepare-release.outputs.release_version }}
-DgroupId=com.sap.test
-DartifactId=example-${{ matrix.task.archetype }}
-Dversion=1.0-SNAPSHOT
-Dpackage=com.sap.test
-Dhttp.keepAlive=false
# - name: Verify ${{ matrix.task.archetype }}
# working-directory: ./example-${{ matrix.task.archetype }}
# run: >
# mvn clean verify -B
# -Dhttp.keepAlive=false
# -Dmaven.test.skip=true
# - name: Test ${{ matrix.task.name }}
# working-directory: ./example-${{ matrix.task.archetype }}
# run: mvn test -B -Dsurefire.logLevel='error'
# - name: Spotbugs ${{ matrix.task.archetype }}
# working-directory: ./example-${{ matrix.task.archetype }}
# run: >
# mvn com.github.spotbugs:spotbugs-maven-plugin:check -B
# -pl !integration-tests
# -Dhttp.keepAlive=false
# -Dmaven.wagon.http.pool=false
#
# - name: Start ${{ matrix.task.archetype }}
# working-directory: ./example-${{ matrix.task.archetype }}/application
# run: |
# logFilePath=log.txt
# ${{ matrix.task.startCommand }} > $logFilePath 2>&1 &
#
# if ! curl -s --retry 60 --retry-delay 3 --retry-all-errors http://127.0.0.1:8080/hello ; then
# echo "Project generated from archetype ${{ matrix.task.archetype }} failed to start locally."
# cat $logFilePath
# exit 1
# fi
#
# if ! grep -q "I am running!" $logFilePath; then
# echo "Project generated from archetype ${{ matrix.task.archetype }} started locally, but did not contain the expected log output."
# cat $logFilePath
# exit 1
# fi
#
# if grep -iq "caused by" $logFilePath; then
# echo "Project generated from archetype ${{ matrix.task.archetype }} started locally, but an unexpected error occurred."
# cat $logFilePath
# exit 1
# fi
#
# - name: Verify .gitignore ${{ matrix.task.archetype }}
# working-directory: ./example-${{ matrix.task.archetype }}
# run: |
# if [ ! -f .gitignore ]; then
# ls -lah
# echo "Project generated from archetype does not contain a .gitignore file."
# exit 1
# fi
#
# - name: Purge SDK Artifacts from Maven Repository
# run: |
# rm -rf $HOME/.m2/repository/com/sap/cloud/sdk/
# rm -rf $HOME/.m2/repository/archetype-catalog.xml
# - name: Save Maven Repository
# uses: actions/cache/save@v3
# if: steps.restore-cache.outputs.cache-hit != 'true'
# id: save-cache
# with:
# path: ~/.m2/repository
# key: maven-central
- name: Fill summary with TODO
run: |
echo "# TODO" >> $GITHUB_STEP_SUMMARY
echo "Enable archetypes tests once all modules are migrated to github.com!" >> $GITHUB_STEP_SUMMARY
codeql:
name: Analyze with CodeQL
runs-on: ubuntu-latest
needs: prepare-release
timeout-minutes: 360
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: ${{ needs.prepare-release.outputs.release_commit_id }}
- name: Setup Java
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: 17
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: "java"
queries: security-extended
# M2
- name: Load Maven Repository
uses: actions/cache/restore@v3
id: restore-cache
with:
path: ~/.m2/repository
key: maven
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:java"
scan:
name: "Blackduck Scan"
runs-on: ubuntu-latest
needs: prepare-release
timeout-minutes: 15
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 1
ref: ${{ needs.prepare-release.outputs.branch_name }}
- name: Setup java
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: "17"
cache: maven
# Fixme: Use major version from pom once it is 5.x
- name: Get SDK Version
run: |
echo "project_version_NOT_YET_IN_USE=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout | cut -d '.' -f 1)" >> $GITHUB_ENV
- name: Determine Maven Excludes
run: |
python .pipeline/scripts/get-maven-excludes.py --filter-key excludeFromBlackDuckScan --filter-value True
id: get-maven-excludes-for-blackduck
- name: Blackduck Scan
uses: SAP/project-piper-action@27cadf261545552a68660531476c0915a97ee3d8
with:
command: detectExecuteScan
flags: \
--version=$PROJECT_VERSION \
env:
PIPER_token: ${{ secrets.BLACKDUCK_TOKEN }}
DETECT_MAVEN_EXCLUDED_MODULES: ${{ steps.get-maven-excludes-for-blackduck.outputs.EXCLUDES }}
DETECT_MAVEN_BUILD_COMMAND: -pl ${{ steps.get-maven-excludes-for-blackduck.outputs.PREFIXED_EXCLUDES }}
DETECT_TIMEOUT: 7200
PROJECT_VERSION: "5"
create_fosstars_report:
name: "Security rating"
runs-on: ubuntu-latest
needs: prepare-release
steps:
- uses: actions/checkout@v3
with:
ref: ${{ needs.prepare-release.outputs.branch_name }}
- uses: SAP/[email protected]
with:
report-branch: fosstars-report
token: "${{ secrets.GITHUB_TOKEN }}"
create-release:
runs-on: ubuntu-latest
needs: [archetypes, codeql, prepare-release, scan, create_fosstars_report]
name: Create Draft Release
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: ${{ needs.prepare-release.outputs.branch_name }}
- name: Download release package
uses: actions/download-artifact@v3
with:
name: cloud-sdk-package
path: .
- name: Download JavaDocs
uses: actions/download-artifact@v3
with:
name: cloud-sdk-aggregated-javadoc
path: ./sap-cloud-sdk-aggregated-javadoc
- name: Zip JavaDocs for Release
run: |
zip -q -r sap-cloud-sdk-aggregated-javadoc-${{ needs.prepare-release.outputs.release_version }}.zip sap-cloud-sdk-aggregated-javadoc
rm -rf sap-cloud-sdk-aggregated-javadoc
- name: Prepare git
run: |
git config --global user.email "[email protected]"
git config --global user.name "Maven Central Release Script"
- name: Create release
run: |
gh release create "rel/$VERSION" \
--target $COMMIT_ID \
--title "Release $VERSION" \
--draft --generate-notes \
sap-cloud-sdk-java-$VERSION.zip \
sap-cloud-sdk-aggregated-javadoc-$VERSION.zip
rm -rf sap-cloud-sdk-java-$VERSION.zip
rm -rf sap-cloud-sdk-aggregated-javadoc-$VERSION.zip
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VERSION: ${{ needs.prepare-release.outputs.release_version }}
COMMIT_ID: ${{ needs.prepare-release.outputs.release_commit_id }}
- name: Set new snapshot version
run: |
python .pipeline/scripts/set-release-versions.py --version ${{ needs.prepare-release.outputs.new_snapshot }}
git add .
git commit -m "Update to version ${{ needs.prepare-release.outputs.new_snapshot }}"
git push
- name: Create PR
run: |
RELEASE_URL=$(gh release view rel/$VERSION --json url | jq -r .url)
PR_BODY=$(python .pipeline/scripts/print-pr-body.py --commit-url https://github.com/SAP/cloud-sdk-java/commit/$COMMIT_ID --release-url $RELEASE_URL)
gh pr create --title "Release $VERSION" --body "$PR_BODY"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VERSION: ${{ needs.prepare-release.outputs.release_version }}
COMMIT_ID: ${{ needs.prepare-release.outputs.release_commit_id }}
notify-job:
runs-on: ubuntu-latest
needs:
[
prepare-release,
build,
archetypes,
codeql,
create-release,
scan,
create_fosstars_report,
]
if: ${{ failure() }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Delete Release Branch
run: |
git push origin --delete ${{ needs.prepare-release.outputs.branch_name }}
- name: Notify
run: python .pipeline/scripts/notify.py
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
WORKFLOW: ${{ github.workflow }}
WORKFLOW_RUN_URL: https://github.com/SAP/cloud-sdk-java/actions/runs/${{ github.run_id }}
BRANCH_NAME: ${{ needs.prepare-release.outputs.branch_name }}