Merge pull request #5 from approov/feature/maven-publish

Build, sign and publish to mavenFeature/maven publish
approov · Dec 28, 2024 · 7f6bbe7 · 7f6bbe7
2 parents db98e0a + 2a04620
commit 7f6bbe7
Show file tree

Hide file tree

Showing 7 changed files with 425 additions and 10 deletions.
diff --git a/.github/workflows/build_and_publish.yml b/.github/workflows/build_and_publish.yml
@@ -0,0 +1,48 @@
+name: Maven Publish
+
+on:
+  push:
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+' # Matches tags in the form 3.3.0
+
+jobs:
+  maven-publish:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/approov/core-service-containers/android:0.9.3
+      credentials:
+        username: ${{ secrets.APPROOV_GITHUB_READ_PACKAGE_USER }}
+        password: ${{ secrets.APPROOV_GITHUB_READ_PACKAGE_SECRET }}
+    timeout-minutes: 30
+    env:
+      WORKSPACE: "${{ github.workspace }}"
+      GIT_BRANCH: "${{ github.ref }}"
+      CURRENT_TAG: "${{ github.ref_name }}"
+      MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
+      MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
+      PGP_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+      PGP_KEY_ID: ${{ secrets.PGP_KEY_ID }}
+      GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
+    steps:
+    - name: Set up Git
+      run: git config --global --add safe.directory '*'
+
+    - name: Checkout Repository
+      uses: actions/checkout@v3
+
+    - name: Set Up Java
+      uses: actions/setup-java@v3
+      with:
+        distribution: 'temurin' # Use Eclipse Temurin distribution
+        java-version: '11'      # Use Java 11 for Android builds
+
+    - name: Build AAR
+      run:  ./gradlew assembleRelease
+
+    - name: Create Package
+      run: cd .maven && ./build-and-sign.sh
+
+    - name: Publish Package
+      run: cd .maven && ./maven-publish.sh
+
+
diff --git a/.maven/build-and-sign.sh b/.maven/build-and-sign.sh
@@ -0,0 +1,210 @@
+#!/bin/bash
+
+## set variables/constants required by the script
+
+# The version of the package that will be build and will be visible in maven central
+# For Approov SDK release 3.3.0 (library 7257) the version was 3.3.0
+# This is also used to rename the folder where the package is stored by replacing the TAG-RENAME-DIR
+# THE POM FILE MUST BE UPDATED WITH THE CORRECT VERSION WHICH MUST MATCH THIS VARIABLE
+VERSION="3.3.0"
+
+# Constant: current package name
+CURRENT_PACKAGE_NAME="service-okhttp"
+
+# Constant: Required package subdir structure
+PACKAGE_DIR_STRUCTURE="io/approov/${CURRENT_PACKAGE_NAME}"
+
+# Constant: The file prefix for each file placed in the above directory
+# NOTE: This is also the name of the binary SDK file expected by Maven
+FILE_PREFIX="${CURRENT_PACKAGE_NAME}-${VERSION}"
+
+# The PGP Key ID to use for signing the package; set by CI/CD
+# export PGP_KEY_ID=""
+# Verify that the PGP_KEY_ID is set
+if [ -z "$PGP_KEY_ID" ]; then
+    echo "Error: PGP_KEY_ID is not set. This script requires a PGP key ID to be set."
+    exit 1
+fi
+# Password for the GPG key; set by CI/CD
+# export GPG_PASSWORD=""
+# Verify that the GPG_PASSWORD is set
+if [ -z "$GPG_PASSWORD" ]; then
+    echo "Error: GPG_PASSWORD is not set. This script requires a GPG password to be set."
+    exit 1
+fi
+
+# The full path to the service aar package generated by gradle build.
+AAR_PATH="../approov-service/build/outputs/aar/approov-service-release.aar"
+
+
+# The path to the javadoc.jar file that will be uploaded to maven central
+JAVADOC_JAR_PATH="../approov-service/docs/javadoc.jar"
+
+# Path to the POM file: YOU MUST UPDATE THIS FILE WITH THE CORRECT <version
+# which MUST match the VERSION variable above
+POM_FILE_PATH="../approov-service/pom.xml"
+
+# Check if the above files exist before proceeding further
+if [ ! -f ${AAR_PATH} ]; then
+    echo "File not found: ${AAR_PATH}"
+    echo "Please make sure the file exists or change the location in the script and try again"
+    exit 1
+fi
+
+if [ ! -f ${JAVADOC_JAR_PATH} ]; then
+    echo "File not found: ${JAVADOC_JAR_PATH}"
+    echo "Please make sure the file exists or change the location in the script and try again"
+    exit 1
+fi
+
+if [ ! -f ${POM_FILE_PATH} ]; then
+    echo "File not found: ${POM_FILE_PATH}"
+    echo "Please make sure the file exists or change the location in the script and try again"
+    exit 1
+fi
+
+
+# The destination directory to place all the files
+DESTINATION_DIR="${PACKAGE_DIR_STRUCTURE}/${VERSION}"
+
+echo "Will create destination directory: ${DESTINATION_DIR}"
+# Create destination directory in current location
+mkdir -p ${DESTINATION_DIR}
+# Check if the command was successful
+if [ $? -eq 0 ]; then
+    echo "File successfully created: ${DESTINATION_DIR}"
+else
+    echo "Failed to create directory ${DESTINATION_DIR}"
+    exit 1
+fi
+
+# Copy operations to destination directory
+# 1. Copy javadoc.jar file and rename to destination:
+# Maven expects for version 3.2.2 of the javadoc.jar the following file
+# approov-service-3.2.2-javadoc.jar
+cp ${JAVADOC_JAR_PATH} ${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar
+
+# Check if the command was successful
+if [ $? -eq 0 ]; then
+    echo "File successfully copied: ${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar"
+else
+    echo "Failed to copy file as ${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar"
+    exit 1
+fi
+
+# Sign the target javadoc file
+OUTPUT_SIGNATURE="${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar.asc"
+gpg --batch --yes --passphrase "$GPG_PASSWORD" --pinentry-mode loopback --output "$OUTPUT_SIGNATURE" --detach-sign --local-user "$PGP_KEY_ID" "${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar"
+
+# Check if the command was successful
+if [ $? -eq 0 ]; then
+    echo "File successfully signed: ${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar.asc"
+else
+    echo "Failed to sign file as ${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar.asc"
+    exit 1
+fi
+# Compute hashes for the javadoc file
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar.sha1"
+# Compute SHA-1 and extract only the hash
+shasum "${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar" | awk '{print $1}' > "$OUTPUT_FILE"
+# sha256
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar.sha256"
+shasum -a 256 "${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar" | awk '{print $1}' > "$OUTPUT_FILE"
+# sha512
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar.sha512"
+shasum -a 512 "${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar" | awk '{print $1}' > "$OUTPUT_FILE"
+# md5
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar.md5"
+md5 "${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar" | awk '{print $4}' > "$OUTPUT_FILE"
+
+
+# 2. Copy the aar file and rename to destination:
+# Maven expects for version 3.2.2 of the aar file the following file
+# service-okhttp-3.2.2.aar
+cp ${AAR_PATH} ${DESTINATION_DIR}/${FILE_PREFIX}.aar
+
+# Check if the command was successful
+if [ $? -eq 0 ]; then
+    echo "File successfully copied: ${DESTINATION_DIR}/${FILE_PREFIX}.aar"
+else
+    echo "Failed to copy file as ${DESTINATION_DIR}/${FILE_PREFIX}.aar"
+    exit 1
+fi
+
+# Sign the android SDK aar file
+OUTPUT_SIGNATURE="${DESTINATION_DIR}/${FILE_PREFIX}.aar.asc"
+gpg --batch --yes --passphrase "$GPG_PASSWORD" --pinentry-mode loopback --output "$OUTPUT_SIGNATURE" --detach-sign --local-user "$PGP_KEY_ID" "${DESTINATION_DIR}/${FILE_PREFIX}.aar"
+
+# Check if the command was successful
+if [ $? -eq 0 ]; then
+    echo "File successfully signed: ${DESTINATION_DIR}/${FILE_PREFIX}.aar.asc"
+else
+    echo "Failed to sign file as ${DESTINATION_DIR}/${FILE_PREFIX}.aar.asc"
+    exit 1
+fi
+
+# Compute hashes for the aar file
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.aar.sha1"
+# Compute SHA-1 and extract only the hash
+shasum "${DESTINATION_DIR}/${FILE_PREFIX}.aar" | awk '{print $1}' > "$OUTPUT_FILE"
+# sha256
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.aar.sha256"
+shasum -a 256 "${DESTINATION_DIR}/${FILE_PREFIX}.aar" | awk '{print $1}' > "$OUTPUT_FILE"
+# sha512
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.aar.sha512"
+shasum -a 512 "${DESTINATION_DIR}/${FILE_PREFIX}.aar" | awk '{print $1}' > "$OUTPUT_FILE"
+# md5
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.aar.md5"
+md5 "${DESTINATION_DIR}/${FILE_PREFIX}.aar" | awk '{print $4}' > "$OUTPUT_FILE"
+
+# 3. Copy the pom file and rename to destination:
+# Maven expects for version 3.2.2 of the pom file the following file
+# service-okhttp-3.2.2.pom
+cp ${POM_FILE_PATH} ${DESTINATION_DIR}/${FILE_PREFIX}.pom
+
+# Check if the command was successful
+if [ $? -eq 0 ]; then
+    echo "File successfully copied: ${DESTINATION_DIR}/${FILE_PREFIX}.pom"
+else
+    echo "Failed to copy file as ${DESTINATION_DIR}/${FILE_PREFIX}.pom"
+    exit 1
+fi
+
+# Sign the pom file
+OUTPUT_SIGNATURE="${DESTINATION_DIR}/${FILE_PREFIX}.pom.asc"
+gpg --batch --yes --passphrase "$GPG_PASSWORD" --pinentry-mode loopback --output "$OUTPUT_SIGNATURE" --detach-sign --local-user "$PGP_KEY_ID" "${DESTINATION_DIR}/${FILE_PREFIX}.pom"
+
+# Check if the command was successful
+if [ $? -eq 0 ]; then
+    echo "File successfully signed: ${DESTINATION_DIR}/${FILE_PREFIX}.pom.asc"
+else
+    echo "Failed to sign file as ${DESTINATION_DIR}/${FILE_PREFIX}.pom.asc"
+    exit 1
+fi
+
+# Compute hashes for the pom file
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.pom.sha1"
+# Compute SHA-1 and extract only the hash
+shasum "${DESTINATION_DIR}/${FILE_PREFIX}.pom" | awk '{print $1}' > "$OUTPUT_FILE"
+# sha256
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.pom.sha256"
+shasum -a 256 "${DESTINATION_DIR}/${FILE_PREFIX}.pom" | awk '{print $1}' > "$OUTPUT_FILE"
+# sha512
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.pom.sha512"
+shasum -a 512 "${DESTINATION_DIR}/${FILE_PREFIX}.pom" | awk '{print $1}' > "$OUTPUT_FILE"
+# md5
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.pom.md5"
+md5 "${DESTINATION_DIR}/${FILE_PREFIX}.pom" | awk '{print $4}' > "$OUTPUT_FILE"
+
+# Force remove recursively all the .DS_Store files that might have been copied
+find "io/" -name ".DS_Store" -type f -delete
+# Finally zip the io/ directory and save it in current directory as ${FILE_PREFIX}.zip
+zip -r ${FILE_PREFIX}.zip "io"
+
+# Test if the zip file was created
+if [ -f "${FILE_PREFIX}.zip" ]; then
+    echo "Zip file created successfully: ${FILE_PREFIX}.zip"
+else
+    echo "Failed to create zip file: ${FILE_PREFIX}.zip"
+    exit 1
+fi
diff --git a/.maven/maven-publish.sh b/.maven/maven-publish.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+## set variables/constants required by the script
+# The current tag of github's branch
+# Bail out if CURRENT_TAG is not set
+if [ -z "$CURRENT_TAG" ]; then
+  echo "Error: CURRENT_TAG is not set. This script requires a tag to be set."
+  exit 1
+fi
+
+# Check the MAVEN_USERNAME and MAVEN_PASSWORD are set
+if [ -z "$MAVEN_USERNAME" ]; then
+  echo "Error: MAVEN_USERNAME is not set. This script requires a username to be set."
+  exit 1
+fi
+
+if [ -z "$MAVEN_PASSWORD" ]; then
+  echo "Error: MAVEN_PASSWORD is not set. This script requires a password to be set."
+  exit 1
+fi
+
+# The body artifact name
+BODY_ARTIFACT="service-okhttp-${CURRENT_TAG}.aar"
+
+# The username:password for the maven repository
+MAVEN_CREDENTIALS=`printf "${MAVEN_USERNAME}:${MAVEN_PASSWORD}" | base64`
+
+# Publish the body artifact
+curl --request POST \
+  --verbose \
+  --header 'Authorization: Bearer ${MAVEN_CREDENTIALS}' \
+  --form bundle=@${BODY_ARTIFACT} \
+  https://central.sonatype.com/api/v1/publisher/upload?publishingType=USER_MANAGED
diff --git a/approov-service/build.gradle b/approov-service/build.gradle
@@ -6,18 +6,16 @@ plugins {
 repositories {
     mavenCentral()
     google()
-    jcenter()
-    maven { url "https://jitpack.io" }
 }
 
 group = 'com.github.approov'
 
 android {
-    compileSdkVersion 30
+    compileSdk 34
 
     defaultConfig {
         minSdkVersion 21
-        targetSdkVersion 28
+        targetSdkVersion 34
     }
 
     buildTypes {
@@ -34,7 +32,7 @@ android {
 
 dependencies {
     implementation 'com.squareup.okhttp3:okhttp:4.12.0'
-    implementation 'com.github.approov:approov-android-sdk:3.2.2'
+    implementation 'io.approov:approov-android-sdk:3.3.0'
 }
 
 afterEvaluate {

diff --git a/approov-service/docs/javadoc.jar b/approov-service/docs/javadoc.jar