From a73c06e1e56c5b34b2bedc5cdfc3aab4b9439e4c Mon Sep 17 00:00:00 2001 From: jandroav Date: Thu, 16 Nov 2023 20:22:03 +0100 Subject: [PATCH] add reusable workflows --- .github/dependabot.yml | 16 +- .github/release-drafter.yml | 53 ++++ .github/workflows/attach-artifact-release.yml | 12 + .github/workflows/build-nightly.yml | 13 + .github/workflows/codeql.yml | 18 ++ .github/workflows/create-release.yml | 196 +-------------- .github/workflows/label-pr.yml | 19 ++ .github/workflows/pull-request.yml | 56 ----- .github/workflows/release-published.yml | 26 +- .github/workflows/test.yml | 43 ++++ pom.xml | 228 ++---------------- 11 files changed, 200 insertions(+), 480 deletions(-) create mode 100644 .github/release-drafter.yml create mode 100644 .github/workflows/attach-artifact-release.yml create mode 100644 .github/workflows/build-nightly.yml create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/label-pr.yml delete mode 100644 .github/workflows/pull-request.yml create mode 100644 .github/workflows/test.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a217b34..54c9015 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,7 +1,13 @@ version: 2 updates: -- package-ecosystem: maven - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 10 + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + + - package-ecosystem: "maven" + directory: "/" + schedule: + interval: "daily" + diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 0000000..3ea7091 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,53 @@ + +name-template: 'v$NEXT_MINOR_VERSION' +tag-template: 'v$NEXT_MINOR_VERSION' +exclude-labels: + - 'skipReleaseNotes' +categories: + - title: ':green_book: Notable Changes' + labels: + - 'notableChanges' + - title: '🚀 New Features' + labels: + - 'TypeEnhancement' + - 'TypeTest' + - title: '🐛 Bug Fixes 🛠' + labels: + - 'TypeBug' + - title: '💥 Breaking Changes' + labels: + - 'breakingChanges' + - title: '🤖 Security Driver and Other Updates' + collapse-after: 5 + labels: + - 'sdou' + - 'dependencies' + - title: '👏 New Contributors' + labels: + - 'newContributors' + + +change-template: '- (#$NUMBER) $TITLE @$AUTHOR ' +change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. +version-resolver: + major: + labels: + - 'major' + minor: + labels: + - 'minor' + patch: + labels: + - 'feature' + - 'enhancement' + - 'patch' + - 'bugfix' + - 'sdou' + default: minor +template: | + ## Changes + + $CHANGES + + **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION + diff --git a/.github/workflows/attach-artifact-release.yml b/.github/workflows/attach-artifact-release.yml new file mode 100644 index 0000000..b3fff2c --- /dev/null +++ b/.github/workflows/attach-artifact-release.yml @@ -0,0 +1,12 @@ +name: Attach Artifact to Release + +on: + pull_request: + types: + - closed + +jobs: + + attach-artifact-to-release: + uses: liquibase/build-logic/.github/workflows/extension-attach-artifact-release.yml@v0.5.7 + secrets: inherit diff --git a/.github/workflows/build-nightly.yml b/.github/workflows/build-nightly.yml new file mode 100644 index 0000000..1f9508f --- /dev/null +++ b/.github/workflows/build-nightly.yml @@ -0,0 +1,13 @@ +# This workflow will build the extension against the latest Liquibase artifact +name: "Nightly build" + +on: + schedule: + - cron: '0 7 * * 1-5' + +jobs: + nightly-build: + uses: liquibase/build-logic/.github/workflows/os-extension-test.yml@v0.5.7 + with: + nightly: true + secrets: inherit diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..a339c08 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,18 @@ +name: CodeQL + +on: + workflow_dispatch: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '16 14 * * 4' + +jobs: + codeql: + uses: liquibase/build-logic/.github/workflows/codeql.yml@v0.5.7 + secrets: inherit + with: + languages: '["java"]' diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index a101c7b..a9c483a 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -1,192 +1,12 @@ -name: Release Extension (v2) +name: Create Release + on: - repository_dispatch: - types: [liquibase-release] workflow_dispatch: - inputs: - liquibaseVersion: - description: 'Liquibase Version' - required: true - extensionVersion: - description: 'Extension Version (Defaults to Liquibase Version)' - required: false + push: + branches: + - main jobs: - setup: - name: Setup - runs-on: ubuntu-latest - outputs: - liquibaseVersion: ${{ steps.collect-data.outputs.liquibaseVersion }} - extensionVersion: ${{ steps.collect-data.outputs.extensionVersion }} - steps: - - name: Collect Data - id: collect-data - uses: actions/github-script@v4 - with: - script: | - if (context.payload.client_payload) { - core.setOutput("liquibaseVersion", context.payload.client_payload.liquibaseVersion); - core.setOutput("extensionVersion", context.payload.client_payload.liquibaseVersion); - } else if (context.payload.inputs) { - core.setOutput("liquibaseVersion", context.payload.inputs.liquibaseVersion); - core.setOutput("extensionVersion", context.payload.inputs.extensionVersion || context.payload.inputs.liquibaseVersion); - } else { - core.setFailed('Unknown event type') - } - - - run: | - echo "Saw Liquibase version ${{ steps.collect-data.outputs.liquibaseVersion }}" - echo "Saw Extension version ${{ steps.collect-data.outputs.extensionVersion }}" - - build: - name: "Build and Test" - runs-on: ubuntu-latest - needs: setup - outputs: - releaseSha: ${{ steps.get-release-sha.outputs.releaseSha }} - steps: - - uses: actions/checkout@v2 - with: - persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token - fetch-depth: 0 # otherwise, you will fail to push refs to dest repo - - - name: Cache Built Code - uses: actions/cache@v2 - with: - key: built-code-${{ github.run_id }} - path: ./**/target - - - name: Set up JDK - uses: actions/setup-java@v2 - with: - java-version: '8' - distribution: 'adopt' - - - name: Configure git user - run: | - git config user.name "liquibot" - git config user.email "liquibot@liquibase.org" - - - name: Download and install liquibase-core.jar - uses: dsaltares/fetch-gh-release-asset@master - with: - repo: "liquibase/liquibase" - version: "tags/v${{ needs.setup.outputs.liquibaseVersion }}" - file: "liquibase-core-${{ needs.setup.outputs.liquibaseVersion }}.jar" - target: "liquibase-core.jar" - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Install liquibase-core.jar - run: mvn -B org.apache.maven.plugins:maven-install-plugin:3.0.0-M1:install-file -Dfile=liquibase-core.jar - - - name: Update pom.xml with release versions and commit changes - run: | - mvn -B versions:set -DnewVersion=${{ needs.setup.outputs.extensionVersion }} -DallowSnapshots=false -DoldVersion="*" - mvn -B versions:use-dep-version -Dincludes=org.liquibase:liquibase-core -DdepVersion=${{ needs.setup.outputs.liquibaseVersion }} -DforceVersion=true - - git add pom.xml - if git diff-index --cached --quiet HEAD -- - then - echo "Nothing new to commit" - else - git commit -m "Version Bumped to ${{ needs.setup.outputs.extensionVersion }}" - fi - git tag -a -m "Version Bumped to ${{ needs.setup.outputs.extensionVersion }}" liquibase-mssql-${{ needs.setup.outputs.extensionVersion }} - git push "https://liquibot:$GITHUB_TOKEN@github.com/$GITHUB_REPOSITORY.git" HEAD:${{ github.ref }} --follow-tags --tags - - env: - GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }} - - - name: Get release SHA - id: get-release-sha - run: echo ::set-output name=releaseSha::$(git rev-parse HEAD) - - - - name: Build and Unit Test - run: mvn -B clean test package - - - name: Archive Test Results - if: ${{ always() }} - uses: actions/upload-artifact@v2 - with: - name: test-reports-jdk - path: ./**/target/surefire-reports - - - name: Save Artifacts - uses: actions/upload-artifact@v2 - with: - name: liquibase-mssql - path: | - target/*.jar - - integration-tests: - name: Java ${{ matrix.java }} - runs-on: ubuntu-latest - needs: build - strategy: - matrix: - java: [8, 11, 17] - steps: - - uses: actions/checkout@v2 - - name: Set up JDK ${{ matrix.java }} - uses: actions/setup-java@v2 - with: - java-version: ${{ matrix.java }} - distribution: 'adopt' - - name: Test With Maven - run: mvn clean verify --file pom.xml - - draft-release: - needs: [ setup, build, integration-tests ] - name: Draft Release - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Download Artifacts - uses: actions/download-artifact@v2 - with: - name: liquibase-mssql - - - name: Release - uses: softprops/action-gh-release@v1 - with: - target_commitish: ${{ needs.build.outputs.releaseSha }} - name: v${{ needs.setup.outputs.extensionVersion }} - tag_name: liquibase-mssql-${{ needs.setup.outputs.extensionVersion }} - draft: true - body: Support for Liquibase ${{ needs.setup.outputs.liquibaseVersion }}. - files: liquibase-mssql-*.jar - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - bump-pom-to-snapshot: - name: Prepare POM for Development - runs-on: ubuntu-latest - needs: [ draft-release ] - steps: - - uses: actions/checkout@v2 - with: - persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token - fetch-depth: 0 # otherwise, you will failed to push refs to dest repo - - - name: Set up JDK - uses: actions/setup-java@v2 - with: - java-version: '8' - distribution: 'adopt' - - - name: Configure git user - run: | - git config user.name "liquibot" - git config user.email "liquibot@liquibase.org" - - - name: Prepare code for next version - run: | - git pull - mvn -B versions:set -DnextSnapshot=true - git add pom.xml - git commit -m "Version Bumped to Snapshot for Development" - git push "https://liquibot:$GITHUB_TOKEN@github.com/$GITHUB_REPOSITORY.git" HEAD:${{ github.ref }} --follow-tags --tags - env: - GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }} + create-release: + uses: liquibase/build-logic/.github/workflows/create-release.yml@v0.5.7 + secrets: inherit diff --git a/.github/workflows/label-pr.yml b/.github/workflows/label-pr.yml new file mode 100644 index 0000000..a73d55b --- /dev/null +++ b/.github/workflows/label-pr.yml @@ -0,0 +1,19 @@ +name: Pull Request Labels +on: + pull_request: + types: [opened, labeled, unlabeled, synchronize, reopened] +jobs: + label: + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write + steps: + - name: Validate PR Labels + uses: mheap/github-action-required-labels@v5 + with: + mode: minimum + count: 1 + labels: "breakingChanges, newContributors, notableChanges, sdou, skipReleaseNotes, TypeBug, TypeEnhancement, TypeTest" + add_comment: true + message: "Label error: This PR is being prevented from merging because you have not added one of the labels: {{ provided }}. You'll need to add it before this PR can be merged." \ No newline at end of file diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml deleted file mode 100644 index 944abf9..0000000 --- a/.github/workflows/pull-request.yml +++ /dev/null @@ -1,56 +0,0 @@ -name: Run Unit Tests - -on: - pull_request: - types: - - opened - - reopened - - synchronize - -jobs: - unit-test: - name: Java ${{ matrix.java }} - runs-on: ubuntu-latest - strategy: - matrix: - java: [8, 11, 16] - - steps: - - uses: actions/checkout@v2 - - name: Cache Local Maven Repository - uses: actions/cache@v2 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - name: Set up JDK ${{ matrix.java }} - uses: actions/setup-java@v2 - with: - java-version: ${{ matrix.java }} - distribution: 'adopt' - - name: Run Unit Tests With Maven - run: mvn surefire:test --file pom.xml - - dependabot: - name: Merge dependabot - runs-on: ubuntu-latest - needs: unit-test - permissions: - contents: write - pull-requests: write - if: ${{ github.actor == 'dependabot[bot]' }} - - steps: - - name: Dependabot metadata - id: dependabot-metadata - uses: dependabot/fetch-metadata@v1.3.1 - - - name: Approve patch and minor updates - if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}} - run: | - gh pr merge --auto --merge "$PR_URL" - gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml index eb9d2ff..881b512 100644 --- a/.github/workflows/release-published.yml +++ b/.github/workflows/release-published.yml @@ -1,29 +1,11 @@ name: Release Extension to Sonatype on: + workflow_dispatch: release: types: [published] jobs: - release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Set up Java for publishing to Maven Central Repository - uses: actions/setup-java@v2 - with: - java-version: '11' - distribution: 'adopt' - server-id: sonatype-nexus-staging - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - gpg-private-key: ${{ secrets.GPG_SECRET }} - gpg-passphrase: GPG_PASSPHRASE - - - name: Publish to the Maven Central Repository - run: mvn clean deploy -Dmaven.test.skip -P release - env: - MAVEN_USERNAME: ${{ secrets.SONATYPE_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.SONATYPE_TOKEN }} - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} \ No newline at end of file + release: + uses: liquibase/build-logic/.github/workflows/extension-release-published.yml@v0.5.7 + secrets: inherit diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..d21cae4 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,43 @@ +name: Build and Test + +on: + pull_request_target: + types: + - opened + - reopened + - synchronize + +jobs: + authorize: + environment: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }} + runs-on: ubuntu-latest + steps: + - run: true + + build: + needs: authorize + uses: liquibase/build-logic/.github/workflows/os-extension-test.yml@v0.5.7 + secrets: inherit + + integration-tests: + name: Java ${{ matrix.java }} + runs-on: ubuntu-latest + needs: build + strategy: + matrix: + java: [11, 17, 21] + steps: + - uses: actions/checkout@v2 + - name: Set up JDK ${{ matrix.java }} + uses: actions/setup-java@v2 + with: + java-version: ${{ matrix.java }} + distribution: 'adopt' + - name: Test With Maven + run: mvn clean verify --file pom.xml + + + dependabot: + needs: build + uses: liquibase/build-logic/.github/workflows/dependabot-automerge.yml@v0.5.7 + secrets: inherit diff --git a/pom.xml b/pom.xml index d953c3a..95fb9ff 100644 --- a/pom.xml +++ b/pom.xml @@ -1,51 +1,25 @@ 4.0.0 + + + org.liquibase + liquibase-parent-pom + 0.3.2 + + org.liquibase.ext liquibase-mssql 4.25.1-SNAPSHOT Liquibase MS SQL Server Extensions Liquibase extensions for MS SQL Server. https://github.com/liquibase/liquibase-mssql - - Liquibase.org - http://www.liquibase.org - - - - http://www.apache.org/licenses/LICENSE-2.0 - Apache License, Version 2.0 - - - - https://github.com/liquibase/liquibase-mssql/issues - - - scm:git:http://github.com/liquibase/liquibase-mssql.git - https://github.com/liquibase/liquibase-mssql - HEAD - - - - nvoxland - Nathan Voxland - nathan.voxland@liquibase.org - http://nathan.voxland.net - http://nathan.voxland.net/ - - architect - developer - - -6 - - - - - org.liquibase - liquibase-core - 4.25.0 - + + + 4.25.0 + + com.microsoft.sqlserver mssql-jdbc @@ -62,183 +36,19 @@ - - - maven-resources-plugin - - UTF-8 - - - - - maven-compiler-plugin - - 1.8 - 1.8 - true - true - ${project.build.sourceEncoding} - - - maven-surefire-plugin + + + org.apache.maven.surefire + surefire-junit4 + 3.2.1 + + - false true - plain - - - unit-tests - test - - test - - - - **/*Test.java - - - - - integration-tests - integration-test - - test - - - - **/*IT.java - **/*Test.java - - - - - - - org.apache.maven.plugins - maven-enforcer-plugin - - - enforce-java - compile - - enforce - - - - - 1.8 - - - - - - - - - org.codehaus.mojo - build-helper-maven-plugin - 3.4.0 - - - - org.sonatype.plugins - nexus-staging-maven-plugin - 1.6.13 - true - - sonatype-nexus-staging - https://oss.sonatype.org/ - - - - - - - - sonatype-nexus-staging - Nexus Release Repository - https://oss.sonatype.org/service/local/staging/deploy/maven2 - - - sonatype-nexus-staging - Sonatype Nexus Snapshots - https://oss.sonatype.org/content/repositories/snapshots - - - - - - - release - - - - org.apache.maven.plugins - maven-source-plugin - 3.3.0 - - - attach-sources - - jar-no-fork - - - - - - org.apache.maven.plugins - maven-javadoc-plugin - - false - Liquibase CDI ${project.version} API - true - none - UTF-8 - ${project.basedir}/target - - - - jar-javadoc - - jar - - package - - - - - org.apache.maven.plugins - maven-gpg-plugin - 3.1.0 - - ${env.GPG_PASSPHRASE} - - - --batch - --no-tty - --pinentry-mode - loopback - - - - - sign-artifacts - verify - - sign - - - - - - - - -