CI #1251
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- 'main' | |
- '0.2.x' | |
paths-ignore: | |
- '.github/**' | |
schedule: | |
- cron: '0 10 * * *' # Once per day at 10am UTC | |
workflow_dispatch: | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }} | |
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} | |
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} | |
COMMIT_OWNER: ${{ github.event.pusher.name }} | |
COMMIT_SHA: ${{ github.sha }} | |
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }} | |
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} | |
jobs: | |
prerequisites: | |
name: Pre-requisites for building | |
runs-on: ubuntu-latest | |
if: github.repository == 'spring-projects/spring-pulsar' | |
outputs: | |
runjobs: ${{ steps.continue.outputs.runjobs }} | |
project_version: ${{ steps.continue.outputs.project_version }} | |
steps: | |
- uses: actions/checkout@v3 | |
- id: continue | |
name: Determine if should continue | |
run: | | |
# Run jobs if in upstream repository | |
echo "runjobs=true" >>$GITHUB_OUTPUT | |
# Extract version from gradle.properties | |
version=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}') | |
echo "project_version=$version" >>$GITHUB_OUTPUT | |
build_jdk_17: | |
name: Build (JDK 17) | |
needs: [prerequisites] | |
runs-on: ubuntu-latest | |
if: needs.prerequisites.outputs.runjobs | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: spring-io/spring-gradle-build-action@v2 | |
- name: Build and run unit tests | |
run: | | |
./gradlew clean build -x integrationTest \ | |
--continue --scan \ | |
-PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" | |
- name: Run integration tests | |
run: | | |
./gradlew integrationTest --rerun-tasks -DdownloadRabbitConnector=true --scan | |
- name: Capture test results | |
if: failure() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: test-results | |
path: '*/build/reports/tests/**/*.*' | |
retention-days: 3 | |
check_samples: | |
name: Check Sample Apps | |
needs: [prerequisites] | |
runs-on: ubuntu-latest | |
if: needs.prerequisites.outputs.runjobs | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: spring-io/spring-gradle-build-action@v2 | |
- name: Run all sample app tests | |
env: | |
LOCAL_REPOSITORY_PATH: ${{ github.workspace }}/build/publications/repos | |
VERSION: ${{ needs.prerequisites.outputs.project_version }} | |
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }} | |
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }} | |
run: | | |
./gradlew publishMavenJavaPublicationToLocalRepository | |
./gradlew \ | |
--init-script ./spring-pulsar-sample-apps/sample-apps-check-ci.gradle \ | |
-PlocalRepositoryPath="$LOCAL_REPOSITORY_PATH" \ | |
-PspringPulsarVersion="$VERSION" \ | |
:runAllSampleTests | |
scan: | |
name: Run Trivy Scan | |
needs: [prerequisites] | |
runs-on: ubuntu-latest | |
if: needs.prerequisites.outputs.runjobs | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Run Trivy vulnerability scanner in repo mode | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: 'fs' | |
ignore-unfixed: true | |
format: 'sarif' | |
output: 'trivy-results.sarif' | |
severity: 'CRITICAL,HIGH' | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: 'trivy-results.sarif' | |
- name: 'Scanned' | |
shell: bash | |
run: echo "::info ::Scanned" | |
deploy_artifacts: | |
name: Deploy Artifacts | |
needs: [build_jdk_17, check_samples, scan] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: spring-io/spring-gradle-build-action@v2 | |
- name: Deploy artifacts | |
env: | |
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }} | |
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }} | |
OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }} | |
OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }} | |
run: | | |
./gradlew publishArtifacts finalizeDeployArtifacts \ | |
--stacktrace \ | |
-PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" \ | |
-PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" | |
deploy_docs_antora: | |
name: Deploy Antora Docs | |
needs: [build_jdk_17, check_samples, scan] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: spring-io/spring-gradle-build-action@v2 | |
- name: Run Antora | |
run: | | |
./gradlew antora | |
- name: Publish Docs | |
uses: spring-io/spring-doc-actions/[email protected] | |
with: | |
docs-username: ${{ secrets.DOCS_USERNAME }} | |
docs-host: ${{ secrets.DOCS_HOST }} | |
docs-ssh-key: ${{ secrets.DOCS_SSH_KEY }} | |
docs-ssh-host-key: ${{ secrets.DOCS_SSH_HOST_KEY }} | |
site-path: spring-pulsar-docs/build/site | |
- name: Bust Clouflare Cache | |
uses: spring-io/spring-doc-actions/[email protected] | |
with: | |
context-root: spring-pulsar | |
cloudflare-zone-id: ${{ secrets.CLOUDFLARE_ZONE_ID }} | |
cloudflare-cache-token: ${{ secrets.CLOUDFLARE_CACHE_TOKEN }} | |
perform_release: | |
name: Perform Release | |
needs: [prerequisites, deploy_artifacts, deploy_docs_antora] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
timeout-minutes: 120 | |
if: ${{ !endsWith(needs.prerequisites.outputs.project_version, '-SNAPSHOT') }} | |
env: | |
REPO: ${{ github.repository }} | |
BRANCH: ${{ github.ref_name }} | |
TOKEN: ${{ github.token }} | |
VERSION: ${{ needs.prerequisites.outputs.project_version }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} | |
- uses: spring-io/spring-gradle-build-action@v2 | |
- name: Wait for Artifactory artifacts (milestone) | |
if: ${{ contains(needs.prerequisites.outputs.project_version, '-RC') || contains(needs.prerequisites.outputs.project_version, '-M') }} | |
run: | | |
echo "Wait for artifacts of $REPO@$VERSION to appear on Artifactory." | |
until curl -f -s https://repo.spring.io/artifactory/milestone/org/springframework/pulsar/spring-pulsar/$VERSION/ > /dev/null | |
do | |
sleep 30 | |
echo "." | |
done | |
echo "Artifacts for $REPO@$VERSION have been released to Artifactory." | |
- name: Wait for Maven Central artifacts (GA) | |
if: ${{ !contains(needs.prerequisites.outputs.project_version, '-SNAPSHOT') && !contains(needs.prerequisites.outputs.project_version, '-RC') && !contains(needs.prerequisites.outputs.project_version, '-M') }} | |
run: | | |
echo "Wait for artifacts of $REPO@$VERSION to appear on Maven Central." | |
until curl -f -s https://repo1.maven.org/maven2/org/springframework/pulsar/spring-pulsar/$VERSION/ > /dev/null | |
do | |
sleep 30 | |
echo "." | |
done | |
echo "Artifacts for $REPO@$VERSION have been released to Maven Central." | |
- name: Setup git for release tagging | |
run: | | |
git config user.name 'github-actions[bot]' | |
git config user.email 'github-actions[bot]@users.noreply.github.com' | |
- name: Tag release (milestone) | |
if: ${{ startsWith(needs.prerequisites.outputs.project_version, '0.') || contains(needs.prerequisites.outputs.project_version, '-RC') || contains(needs.prerequisites.outputs.project_version, '-M') }} | |
run: | | |
echo "Tagging $REPO@$VERSION release." | |
git tag v$VERSION | |
git push --tags origin | |
- name: Create branch and tag release (GA) | |
if: ${{ !startsWith(needs.prerequisites.outputs.project_version, '0.') && !contains(needs.prerequisites.outputs.project_version, '-RC') && !contains(needs.prerequisites.outputs.project_version, '-M') }} | |
run: | | |
echo "Tagging $REPO@$VERSION and creating release branch." | |
git checkout -b $VERSION | |
git push --set-upstream origin $VERSION | |
git tag v$VERSION | |
git push --tags origin | |
- name: Install tooling for Github release | |
run: | | |
curl -sSL -O https://github.com/spring-io/github-changelog-generator/releases/download/v0.0.8/github-changelog-generator.jar | |
- name: Create Github release | |
env: | |
RELEASE_NOTES_FILE: ${{runner.temp}}/release_notes.md5 | |
GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} | |
run: | | |
java -jar github-changelog-generator.jar \ | |
--spring.config.location=.github/changelog-generator.yml \ | |
$VERSION $RELEASE_NOTES_FILE | |
cat $RELEASE_NOTES_FILE | |
gh release create v$VERSION \ | |
--draft \ | |
--title "Spring Pulsar $VERSION" \ | |
--generate-notes \ | |
--notes-file $RELEASE_NOTES_FILE | |
- name: Announce Release on Slack | |
id: spring-pulsar-announcing | |
uses: slackapi/[email protected] | |
with: | |
payload: | | |
{ | |
"text": "spring-pulsar-announcing `${{ env.VERSION }}` is available now", | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "spring-pulsar-announcing `${{ env.VERSION }}` is available now" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SPRING_RELEASE_SLACK_WEBHOOK_URL }} | |
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
- name: Update next snapshot version | |
run: | | |
echo "Updating $REPO@$VERSION to next snapshot version." | |
./gradlew :updateToSnapshotVersion | |
git commit -am "[Release $VERSION] Next development version" | |
git push |