diff --git a/.github/workflows/pull_request_check.yml b/.github/workflows/pull_request_check.yml index 08c938b7..eec5f4ec 100644 --- a/.github/workflows/pull_request_check.yml +++ b/.github/workflows/pull_request_check.yml @@ -86,3 +86,30 @@ jobs: run: mvn install -DskipTests -P dependencies-for-integration-tests,start-windows-native-image-for-integration-tests,run-postman-integration-tests -D os.platform=win env: TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Upload binary (Windows) + if: matrix.os == 'windows-latest' + uses: actions/upload-artifact@v4 + with: + name: aspect-model-editor-vDEV-SNAPSHOT-win + path: | + aspect-model-editor-runtime/target/ame-backend-DEV-SNAPSHOT-win.exe + aspect-model-editor-runtime/target/*.dll + aspect-model-editor-runtime/target/*.bat + aspect-model-editor-runtime/target/lib/ + + - name: Upload binary (Linux) + if: matrix.os == 'ubuntu-20.04' + uses: actions/upload-artifact@v4 + with: + name: ame-backend-${{ matrix.os }} + path: | + aspect-model-editor-runtime/target/ame-backend-DEV-SNAPSHOT-linux + aspect-model-editor-runtime/target/*.so + + - name: Upload binary (Mac) + if: matrix.os == 'macos-12' + uses: actions/upload-artifact@v4 + with: + name: ame-backend-${{ matrix.os }} + path: aspect-model-editor-runtime/target/ame-backend-DEV-SNAPSHOT-mac diff --git a/.github/workflows/tagged_release.yml b/.github/workflows/tagged_release.yml index 0ad8e7e1..8b8cadb6 100644 --- a/.github/workflows/tagged_release.yml +++ b/.github/workflows/tagged_release.yml @@ -115,6 +115,18 @@ jobs: Remove-Item -Recurse -Force $tempDir shell: pwsh + - name: Upload binary (Windows) + if: matrix.os == 'windows-latest' + uses: actions/upload-artifact@v4 + with: + name: aspect-model-editor-v${{ github.event.inputs.release_version }}-win + path: | + aspect-model-editor-runtime/target/ame-backend-${{ github.event.inputs.release_version }}-win.exe + aspect-model-editor-runtime/target/*.dll + aspect-model-editor-runtime/target/*.bat + aspect-model-editor-runtime/target/lib/ + + # Release Mac and Linux executables - name: Create GitHub release (Mac) if: ${{ (matrix.os == 'macos-12') && (!contains( github.ref, '-M' )) }} uses: svenstaro/upload-release-action@latest @@ -164,24 +176,46 @@ jobs: git config user.name github-actions git config user.email github-actions@github.com - - name: Create GitHub release (Windows) - if: ${{ (matrix.os == 'windows-latest') && (!contains( github.ref, '-M' )) }} - uses: svenstaro/upload-release-action@latest - with: - file_glob: true - overwrite: true - prerelease: false - repo_token: ${{ secrets.GITHUB_TOKEN }} - file: aspect-model-editor-v${{ github.event.inputs.release_version }}-win.zip - tag: v${{ github.event.inputs.release_version }} + # Sign Windows executable + - name: Get Artifact ID (Windows) + if: matrix.os == 'windows-latest' + shell: bash + run: | + # Get the list of artifacts for the specified workflow run + response=$(curl -H "Authorization: Bearer $TOKEN" -H "Accept: application/vnd.github+json" "https://api.github.com/repos/${{ github.repository_owner }}/$(echo '${{ github.repository }}' | cut -d'/' -f2)/actions/runs/${{ github.run_id }}/artifacts") + + # Filter out the ID of the artifact with a name that contains "windows" + artifact_id=$(echo "$response" | jq -r '.artifacts[] | select(.name | contains("win")) | .id') + + # Save the artifact ID in an environment variable + echo "ARTIFACT_ID=$artifact_id" >> $GITHUB_ENV + env: + TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Commit Artifact url and version changes and push to pre release branch for jenkins (Windows) + if: matrix.os == 'windows-latest' + shell: bash + run: | + ARTIFACT_URL_WIN="https://api.github.com/repos/eclipse-esmf/esmf-aspect-model-editor-backend/actions/artifacts/$ARTIFACT_ID/zip" + BRANCH_NAME="pre_release_configuration" + + echo "artifact_url_win=$ARTIFACT_URL_WIN" > parameters.txt + echo "version=${{ github.event.inputs.release_version }}" >> parameters.txt + + git config --global user.email "github-actions@github.com" + git config --global user.name "github-actions" + git checkout -b $BRANCH_NAME + git add parameters.txt + git commit -m "Add parameters.txt with artifact_url_win and version" + git push origin $BRANCH_NAME + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Trigger Jenkins Job, for signing executable + if: matrix.os == 'windows-latest' + shell: bash + run: | + DATA='{"repository": {"url": "https://github.com/eclipse-esmf/esmf-aspect-model-editor-backend", "html_url": "https://github.com/eclipse-esmf/esmf-aspect-model-editor-backend", "owner": { "name": "ESMF"}}, "pusher": { "name": "GitHub Action", "email": "esmf-dev@eclipse.org"}}' + SHA1="$(echo -n "${DATA}" | openssl dgst -sha1 -hmac "${WEBHOOK_SECRET}" | sed 's/SHA1(stdin)= //')" + curl -X POST https://ci.eclipse.org/esmf/github-webhook/ -H "Content-Type: application/json" -H "X-GitHub-Event: push" -H "X-Hub-Signature: sha1=${SHA1}" -d "${DATA}" - - name: Create GitHub pre-release (Windows) - if: ${{ (matrix.os == 'windows-latest') && (contains( github.ref, '-M' )) }} - uses: svenstaro/upload-release-action@latest - with: - file_glob: true - overwrite: true - prerelease: true - repo_token: ${{ secrets.GITHUB_TOKEN }} - file: aspect-model-editor-v${{ github.event.inputs.release_version }}-win.zip - tag: v${{ github.event.inputs.release_version }} diff --git a/.jenkins/Jenkinsfile b/.jenkins/Jenkinsfile new file mode 100644 index 00000000..aaf46c42 --- /dev/null +++ b/.jenkins/Jenkinsfile @@ -0,0 +1,115 @@ +pipeline { + agent any + + environment { + GITHUB_BOT_TOKEN = credentials('github-bot-token') + } + + stages { + stage('Read parameters file') { + steps { + script { + if (fileExists('parameters.txt')) { + // Read the file + def fileContent = readFile('parameters.txt').trim() + + // Split the file content into lines + def lines = fileContent.split("\n") + + // Iterate over the lines and set the environment variables + lines.each { line -> + def parts = line.split('=') + if (parts.size() == 2) { + env[parts[0]] = parts[1] + } + } + + echo "Artifact URL: ${env.artifact_url_win}" + echo "Version: ${env.version}" + } else { + echo "Error: parameters.txt does not exist." + } + } + } + } + + stage('Download and unpack artifact') { + steps { + script { + sh "curl -L -H 'Accept: application/vnd.github.v3+json' \ + -H 'Authorization: Bearer ${GITHUB_BOT_TOKEN}' \ + '${env.artifact_url_win}' \ + --output 'aspect-model-editor-v${env.version}-win.zip'" + sh "mkdir -p unpack_dir" + sh "unzip -o aspect-model-editor-v${env.version}-win.zip -d unpack_dir" + sh "ls -a unpack_dir" + } + } + } + + stage('Sign Applications') { + steps { + script { + sh "mkdir -p signed_dir" + sh "find unpack_dir -name '*.dll' -exec mv {} signed_dir \\;" + sh "curl -o signed_dir/ame-backend-${env.version}-win.exe -F file=@unpack_dir/ame-backend-${env.version}-win.exe https://cbi.eclipse.org/authenticode/sign" + sh "zip -r aspect-model-editor-v${env.version}-win-signed.zip signed_dir" + } + } + } + + stage('Release signed WINDOWS artifact to GitHub Releases') { + steps { + script { + def repo = "eclipse-esmf/esmf-aspect-model-editor-backend" + def tagName = "v${env.version}" + def fileName = "aspect-model-editor-v${env.version}-win-signed.zip" + def releaseId = "" + + def tagExists = sh(script: """ + curl -s -L \\ + -H "Accept: application/vnd.github+json" \\ + -H "Authorization: Bearer \$GITHUB_BOT_TOKEN" \\ + https://api.github.com/repos/${repo}/git/refs/tags/${tagName} | jq -r '.ref' + """, returnStdout: true).trim() + + if (tagExists == "null") { + // Tag does not exist, create a new one + releaseId = sh(script: """ + curl -s -L \\ + -H "Accept: application/vnd.github+json" \\ + -H "Authorization: Bearer \$GITHUB_BOT_TOKEN" \\ + -X POST \\ + -d '{ "tag_name": "${tagName}", "name": "${tagName}", "body": "Release ${tagName}" }' \\ + https://api.github.com/repos/${repo}/releases | jq -r '.id' + """, returnStdout: true).trim() + } else { + // Tag exists, use the existing one + releaseId = sh(script: """ + curl -s -L \\ + -H "Accept: application/vnd.github+json" \\ + -H "Authorization: Bearer \$GITHUB_BOT_TOKEN" \\ + https://api.github.com/repos/${repo}/releases/tags/${tagName} | jq -r '.id' + """, returnStdout: true).trim() + } + + sh """ + curl -L \ + -X POST \ + -H "Accept: application/vnd.github+json" \\ + -H "Authorization: Bearer \$GITHUB_BOT_TOKEN" \ + -H "Content-Type: application/octet-stream" \ + --data-binary @${fileName} \ + "https://uploads.github.com/repos/${repo}/releases/${releaseId}/assets?name=${fileName}" + """ + + sh """ + curl -X DELETE \ + -H "Authorization: Bearer \$GITHUB_BOT_TOKEN" \ + "https://api.github.com/repos/eclipse-esmf/esmf-aspect-model-editor-backend/git/refs/heads/pre_release_configuration" + """ + } + } + } + } +}