diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4f9ef198..5764c0e2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,28 +6,6 @@ concurrency: cancel-in-progress: true jobs: - print-workflow-description: - runs-on: ubuntu-latest - steps: - - run: echo "This is a CI build of branch ${{ github.ref }} in repository ${{ github.repository }}" - - run: echo "This job was triggered by a ${{ github.event_name }} event and is running on a ${{ runner.os }} server" - - run-tests: + test: name: "Run Unit & Integration Tests" - runs-on: ubuntu-latest - steps: - - name: "Checkout the repository" - uses: actions/checkout@v2 - - name: "Set up JDK 17" - uses: actions/setup-java@v3 - with: - java-version: 17 - distribution: 'temurin' - - name: "Cache Maven packages" - uses: actions/cache@v2 - with: - path: ~/.m2 - key: ${{ runner.os }}-m3-${{ hashFiles('**/pom.xml') }} - restore-keys: ${{ runner.os }}-m3 - - name: "Run unit & integration tests" - run: mvn -U -B -V -ntp verify --file pom.xml + uses: eclipse-pass/main/.github/workflows/ci.yml@combined-release diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index badf437d..73235466 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,11 +1,6 @@ -# Release artifact will be pushed to Sonatype, which is synced to Maven Central -# Build artifacts get pushed to Sonatype and non-SNAPSHOT versions are then -# auto-synced to Maven Central -name: Publish a release to Maven Central +name: Publish a release on: - # We can use very similiar workflow to manually trigger a full publish - # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatchinputs workflow_dispatch: inputs: releaseversion: @@ -15,119 +10,15 @@ on: description: 'Next dev version' required: true -# Will need to have someone with admin permissions to add some secrets: -# Credentials for Sonatype, needs a Sonatype account. -# - OSSRH_USERNAME -# - OSSRH_PASSWORD -# Will need GPG key + passphrase to sign artifacts for Maven Central -# - MAVEN_GPG_PASSPHRASE -# - MAVEN_GPG_KEY -# -# Should be able to use secrets.GITHUB_TOKEN to push images to GHCR, this -# secret is provided automatically to the workflow -# -# May need a GH PAT (likely fine-grained) in order to update pass-docker with -# new image refs -# (Not yet used) -# - GH_USER -# - GH_PAT -# -# Using maven with arguments: -# -B (--batch-mode) non-interactive batch mode -# -U force dependency SNAPSHOT update -# -V print maven version without stopping build -# -ntp (--no-transfer-progress) do not show download progress - env: RELEASE: ${{ inputs.releaseversion }} NEXT: ${{ inputs.nextversion}} jobs: - publish: - runs-on: ubuntu-latest - # Can we check to make sure $NEXT doesn't already exist as a tag? - steps: - # ============================================================================= - # Setup - # ============================================================================= - # Automatically checks out the repo and branch where the workflow was triggered - - name: Checkout code - uses: actions/checkout@v3 - - - name: Config git user - run: | - git config user.name ${{ github.actor }} - git config user.email "${{ github.actor }}@users.noreply.github.com" - - - name: Setup Java & Maven - uses: actions/setup-java@v3 - with: - java-version: 17 - distribution: 'temurin' - server-id: ossrh - # User/pass refer to ENV VARs set below - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} - gpg-passphrase: MAVEN_GPG_PASSPHRASE - - # ============================================================================= - # Start the work - # ============================================================================= - # This versions:update-parent will grab the specified release (non-snapshot) - - name: Bump version to release - run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$RELEASE - - - name: Commit release version bump - uses: EndBug/add-and-commit@v9 - with: - add: pom.xml **/pom.xml - message: "Update parent version to $RELEASE" - push: false - - # Will publish and create new Docker image for release version - - name: Publish release - run: | - mvn -B -U -V -ntp release:prepare -DreleaseVersion=$RELEASE -Dtag=$RELEASE -DdevelopmentVersion=$NEXT -DautoVersionSubmodules=true - mvn -B -U -V -ntp release:perform -P release - env: - # Add OSSRH_USERNAME and OSSRH_PASSWORD as GH secrets - # https://docs.github.com/en/actions/security-guides/encrypted-secrets - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - - # Project and submodule versions _should_ already be updated in the release step above - - name: Update parent POM to new dev version - run: mvn -B -U -V -ntp versions:update-parent -DallowSnapshots=true -DparentVersion=$NEXT - - - name: Commit snapshot version bump - uses: EndBug/add-and-commit@v9 - with: - add: pom.xml **/pom.xml - message: "Update parent version to $NEXT" - push: true - - # Will produce a new Docker image for the new dev version - - name: Build and publish new dev version - run: mvn -B -U -V -ntp deploy -P release - env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - - - name: Push new release tag GH - run: git push origin --tags - - # Handle Docker images - - name: Login to GHCR - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Push Docker image to GHCR - run: | - docker push ghcr.io/eclipse-pass/pass-core-main:$RELEASE - docker push ghcr.io/eclipse-pass/pass-core-main:$NEXT + release: + uses: eclipse-pass/main/.github/workflows/release.yml@combined-release + secrets: inherit + with: + releaseversion: ${{ inputs.releaseversion }} + nextversion: ${{ inputs.nextversion}} + images: ghcr.io/eclipse-pass/pass-core-main diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml index 4171ada3..a7eb9e02 100644 --- a/.github/workflows/snapshot.yml +++ b/.github/workflows/snapshot.yml @@ -1,4 +1,4 @@ -name: Publish SNAPSHOT to Sonatype +name: Publish the SNAPSHOT on: push: diff --git a/.github/workflows/update-image.yml b/.github/workflows/update-image.yml deleted file mode 100644 index 5671cfdd..00000000 --- a/.github/workflows/update-image.yml +++ /dev/null @@ -1,42 +0,0 @@ -# This workflow will update the pass-core-main Docker image in GHCR and update the pass-core config -# in pass-docker - -name: Update Docker image - -on: - workflow_dispatch: - push: - branches: [main] - -jobs: - build: - runs-on: ubuntu-latest - - steps: - # Update pass-core-main Docker image in GHCR - - name: Check out latest pass-core - uses: actions/checkout@v3 - - - name: "Set up JDK 17" - uses: actions/setup-java@v3 - with: - java-version: 17 - distribution: 'temurin' - cache: 'maven' - - - name: Login to GHCR - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: "Build new package" - run: mvn -U -B -V -ntp clean verify - - - name: "Get image tag" - id: image_tag - run: echo "IMAGE_TAG=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout`" >> $GITHUB_OUTPUT - - - name: "Upload Docker image to GHCR" - run: "docker push ghcr.io/eclipse-pass/pass-core-main:${{ steps.image_tag.outputs.IMAGE_TAG }}"