Skip to content

CI

CI #1251

Workflow file for this run

name: CI
on:
push:
branches:
- 'main'
- '0.2.x'
paths-ignore:
- '.github/**'
schedule:
- cron: '0 10 * * *' # Once per day at 10am UTC
workflow_dispatch:
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
COMMIT_OWNER: ${{ github.event.pusher.name }}
COMMIT_SHA: ${{ github.sha }}
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
jobs:
prerequisites:
name: Pre-requisites for building
runs-on: ubuntu-latest
if: github.repository == 'spring-projects/spring-pulsar'
outputs:
runjobs: ${{ steps.continue.outputs.runjobs }}
project_version: ${{ steps.continue.outputs.project_version }}
steps:
- uses: actions/checkout@v3
- id: continue
name: Determine if should continue
run: |
# Run jobs if in upstream repository
echo "runjobs=true" >>$GITHUB_OUTPUT
# Extract version from gradle.properties
version=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}')
echo "project_version=$version" >>$GITHUB_OUTPUT
build_jdk_17:
name: Build (JDK 17)
needs: [prerequisites]
runs-on: ubuntu-latest
if: needs.prerequisites.outputs.runjobs
steps:
- uses: actions/checkout@v3
- uses: spring-io/spring-gradle-build-action@v2
- name: Build and run unit tests
run: |
./gradlew clean build -x integrationTest \
--continue --scan \
-PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD"
- name: Run integration tests
run: |
./gradlew integrationTest --rerun-tasks -DdownloadRabbitConnector=true --scan
- name: Capture test results
if: failure()
uses: actions/upload-artifact@v3
with:
name: test-results
path: '*/build/reports/tests/**/*.*'
retention-days: 3
check_samples:
name: Check Sample Apps
needs: [prerequisites]
runs-on: ubuntu-latest
if: needs.prerequisites.outputs.runjobs
steps:
- uses: actions/checkout@v3
- uses: spring-io/spring-gradle-build-action@v2
- name: Run all sample app tests
env:
LOCAL_REPOSITORY_PATH: ${{ github.workspace }}/build/publications/repos
VERSION: ${{ needs.prerequisites.outputs.project_version }}
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }}
run: |
./gradlew publishMavenJavaPublicationToLocalRepository
./gradlew \
--init-script ./spring-pulsar-sample-apps/sample-apps-check-ci.gradle \
-PlocalRepositoryPath="$LOCAL_REPOSITORY_PATH" \
-PspringPulsarVersion="$VERSION" \
:runAllSampleTests
scan:
name: Run Trivy Scan
needs: [prerequisites]
runs-on: ubuntu-latest
if: needs.prerequisites.outputs.runjobs
steps:
- uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
- name: 'Scanned'
shell: bash
run: echo "::info ::Scanned"
deploy_artifacts:
name: Deploy Artifacts
needs: [build_jdk_17, check_samples, scan]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: spring-io/spring-gradle-build-action@v2
- name: Deploy artifacts
env:
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }}
OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }}
OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }}
run: |
./gradlew publishArtifacts finalizeDeployArtifacts \
--stacktrace \
-PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" \
-PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD"
deploy_docs_antora:
name: Deploy Antora Docs
needs: [build_jdk_17, check_samples, scan]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: spring-io/spring-gradle-build-action@v2
- name: Run Antora
run: |
./gradlew antora
- name: Publish Docs
uses: spring-io/spring-doc-actions/[email protected]
with:
docs-username: ${{ secrets.DOCS_USERNAME }}
docs-host: ${{ secrets.DOCS_HOST }}
docs-ssh-key: ${{ secrets.DOCS_SSH_KEY }}
docs-ssh-host-key: ${{ secrets.DOCS_SSH_HOST_KEY }}
site-path: spring-pulsar-docs/build/site
- name: Bust Clouflare Cache
uses: spring-io/spring-doc-actions/[email protected]
with:
context-root: spring-pulsar
cloudflare-zone-id: ${{ secrets.CLOUDFLARE_ZONE_ID }}
cloudflare-cache-token: ${{ secrets.CLOUDFLARE_CACHE_TOKEN }}
perform_release:
name: Perform Release
needs: [prerequisites, deploy_artifacts, deploy_docs_antora]
runs-on: ubuntu-latest
permissions:
contents: write
timeout-minutes: 120
if: ${{ !endsWith(needs.prerequisites.outputs.project_version, '-SNAPSHOT') }}
env:
REPO: ${{ github.repository }}
BRANCH: ${{ github.ref_name }}
TOKEN: ${{ github.token }}
VERSION: ${{ needs.prerequisites.outputs.project_version }}
steps:
- uses: actions/checkout@v3
with:
token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
- uses: spring-io/spring-gradle-build-action@v2
- name: Wait for Artifactory artifacts (milestone)
if: ${{ contains(needs.prerequisites.outputs.project_version, '-RC') || contains(needs.prerequisites.outputs.project_version, '-M') }}
run: |
echo "Wait for artifacts of $REPO@$VERSION to appear on Artifactory."
until curl -f -s https://repo.spring.io/artifactory/milestone/org/springframework/pulsar/spring-pulsar/$VERSION/ > /dev/null
do
sleep 30
echo "."
done
echo "Artifacts for $REPO@$VERSION have been released to Artifactory."
- name: Wait for Maven Central artifacts (GA)
if: ${{ !contains(needs.prerequisites.outputs.project_version, '-SNAPSHOT') && !contains(needs.prerequisites.outputs.project_version, '-RC') && !contains(needs.prerequisites.outputs.project_version, '-M') }}
run: |
echo "Wait for artifacts of $REPO@$VERSION to appear on Maven Central."
until curl -f -s https://repo1.maven.org/maven2/org/springframework/pulsar/spring-pulsar/$VERSION/ > /dev/null
do
sleep 30
echo "."
done
echo "Artifacts for $REPO@$VERSION have been released to Maven Central."
- name: Setup git for release tagging
run: |
git config user.name 'github-actions[bot]'
git config user.email 'github-actions[bot]@users.noreply.github.com'
- name: Tag release (milestone)
if: ${{ startsWith(needs.prerequisites.outputs.project_version, '0.') || contains(needs.prerequisites.outputs.project_version, '-RC') || contains(needs.prerequisites.outputs.project_version, '-M') }}
run: |
echo "Tagging $REPO@$VERSION release."
git tag v$VERSION
git push --tags origin
- name: Create branch and tag release (GA)
if: ${{ !startsWith(needs.prerequisites.outputs.project_version, '0.') && !contains(needs.prerequisites.outputs.project_version, '-RC') && !contains(needs.prerequisites.outputs.project_version, '-M') }}
run: |
echo "Tagging $REPO@$VERSION and creating release branch."
git checkout -b $VERSION
git push --set-upstream origin $VERSION
git tag v$VERSION
git push --tags origin
- name: Install tooling for Github release
run: |
curl -sSL -O https://github.com/spring-io/github-changelog-generator/releases/download/v0.0.8/github-changelog-generator.jar
- name: Create Github release
env:
RELEASE_NOTES_FILE: ${{runner.temp}}/release_notes.md5
GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
run: |
java -jar github-changelog-generator.jar \
--spring.config.location=.github/changelog-generator.yml \
$VERSION $RELEASE_NOTES_FILE
cat $RELEASE_NOTES_FILE
gh release create v$VERSION \
--draft \
--title "Spring Pulsar $VERSION" \
--generate-notes \
--notes-file $RELEASE_NOTES_FILE
- name: Announce Release on Slack
id: spring-pulsar-announcing
uses: slackapi/[email protected]
with:
payload: |
{
"text": "spring-pulsar-announcing `${{ env.VERSION }}` is available now",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "spring-pulsar-announcing `${{ env.VERSION }}` is available now"
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SPRING_RELEASE_SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
- name: Update next snapshot version
run: |
echo "Updating $REPO@$VERSION to next snapshot version."
./gradlew :updateToSnapshotVersion
git commit -am "[Release $VERSION] Next development version"
git push