You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by vy...@apache.org on 2023/09/01 13:35:26 UTC
[logging-log4j-tools] branch main updated (95a85e3 -> e10b3c3)
This is an automated email from the ASF dual-hosted git repository.
vy pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/logging-log4j-tools.git
from 95a85e3 Bump actions/checkout from 3.5.3 to 3.6.0 (#75)
new a70cc04 Link to the support policy
new e10b3c3 Reuse `logging-parent` workflows
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.github/workflows/build.yml | 206 +++++++-------------------------------------
README.adoc | 2 +-
2 files changed, 30 insertions(+), 178 deletions(-)
[logging-log4j-tools] 01/02: Link to the support policy
Posted by vy...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
vy pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/logging-log4j-tools.git
commit a70cc04425073cdc0970d981d869d8dd40b08026
Author: Volkan Yazıcı <vo...@yazi.ci>
AuthorDate: Fri Sep 1 15:16:58 2023 +0200
Link to the support policy
---
README.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.adoc b/README.adoc
index 9ef3664..2ee1a9d 100644
--- a/README.adoc
+++ b/README.adoc
@@ -45,7 +45,7 @@ See xref:RELEASING.adoc[release instructions] for further details.
Please keep in mind that this project is intended for internal usage only.
You can use GitHub Issues for feature requests and bug reports – not questions!
-For the rest, you can use mailto:security@logging.apache.org[the Log4j development mailing list].
+See https://logging.apache.org/log4j/2.x/support.html[the Log4j support policy] for details.
== Security
[logging-log4j-tools] 02/02: Reuse `logging-parent` workflows
Posted by vy...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
vy pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/logging-log4j-tools.git
commit e10b3c3f3a8a5d659802eb702a7eab481493890a
Author: Volkan Yazıcı <vo...@yazi.ci>
AuthorDate: Fri Sep 1 15:34:51 2023 +0200
Reuse `logging-parent` workflows
---
.github/workflows/build.yml | 206 +++++++-------------------------------------
1 file changed, 29 insertions(+), 177 deletions(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5a6d14f..ccd2317 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -21,17 +21,42 @@ on:
push:
# Avoid workflow run for _merged_ `dependabot` PRs.
# They were (hopefully!) already tested in PR-triggered workflow.
- branches-ignore: "dependabot/**"
+ branches-ignore:
+ - "dependabot/**"
+ paths-ignore:
+ - "**.adoc"
+ - "**.md"
+ - "**.txt"
pull_request:
paths-ignore:
- "**.adoc"
- "**.md"
- "**.txt"
-permissions:
- contents: write
- pull-requests: write
+permissions: read-all
+jobs:
+
+ build:
+ uses: apache/logging-parent/.github/workflows/build-reusable.yml@main
+ # Write permissions to allow merge of `dependabot` PRs
+ permissions:
+ contents: write
+ pull-requests: write
+
+ deploy-snapshot:
+ needs: build
+ if: github.repository == 'apache/logging-log4j-tools' && github.ref == 'refs/heads/main'
+ uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yml@main
+ secrets: inherit
+
+ deploy-release:
+ needs: build
+ if: github.repository == 'apache/logging-log4j-tools' && startsWith(github.ref, 'refs/heads/release/')
+ uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yml@main
+ secrets: inherit
+ with:
+ project-name: log4j-tools
jobs:
build:
@@ -55,176 +80,3 @@ jobs:
java-package: jdk
architecture: x64
cache: maven
-
- # We could have used `verify`, but `clean install` is required while generating the build reproducibility report, which is performed in the next step.
- # For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
- - name: Build
- shell: bash
- run: |
- ./mvnw \
- --show-version --batch-mode --errors --no-transfer-progress \
- -DtrimStackTrace=false \
- -DinstallAtEnd=true \
- clean install
-
- # `clean verify artifact:compare` is required to generate the build reproducibility report.
- # For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
- - name: Report build reproducibility
- shell: bash
- run: |
- ./mvnw \
- --show-version --batch-mode --errors --no-transfer-progress \
- -DskipTests=true \
- clean verify artifact:compare
-
- - name: Verify build reproducibility
- shell: bash
- run: |
- for report_file in target/*.buildcompare **/target/*.buildcompare; do
- if ! grep -q "^ko=0$" "$report_file"; then
- echo "Spotted build reproducibility failure in \`$report_file\`:"
- cat "$report_file"
- exit 1
- fi
- done
-
- merge:
-
- runs-on: ubuntu-latest
- needs: build
-
- steps:
-
- - name: "[dependabot] Fetch metadata"
- id: metadata
- if: github.event_name == 'pull_request' && github.actor == 'dependabot[bot]'
- uses: dependabot/fetch-metadata@v1.6.0
- with:
- github-token: "${{ secrets.GITHUB_TOKEN }}"
-
- - name: "[dependabot] Auto-merge the PR"
- if: github.event_name == 'pull_request' && github.actor == 'dependabot[bot]'
- run: gh pr merge --auto --squash "$PR_URL"
- env:
- PR_URL: ${{ github.event.pull_request.html_url }}
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
- deploy:
-
- runs-on: ubuntu-latest
- needs: merge
- if: github.repository == 'apache/logging-log4j-tools' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/'))
-
- steps:
-
- - name: Checkout repository
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # 3.6.0
-
- - name: Set up Java & GPG
- uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # 3.7.0
- with:
- distribution: temurin
- java-version: 17
- java-package: jdk
- architecture: x64
- cache: maven
- server-id: ${{ github.ref == 'refs/heads/main' && 'apache.snapshots.https' || 'apache.releases.https' }}
- server-username: NEXUS_USERNAME
- server-password: NEXUS_PASSWORD
- # We won't use `maven-gpg-plugin`, but this is convenient to import the GPG secret key
- gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
-
- - name: Export version
- run: |
- export PROJECT_VERSION=$(./mvnw \
- --quiet --batch-mode -DforceStdout=true \
- -Dexpression=project.version \
- help:evaluate \
- | tail -n 1)
- echo "PROJECT_VERSION=$PROJECT_VERSION" >> $GITHUB_ENV
-
- - name: Check version (SNAPSHOT)
- if: github.ref == 'refs/heads/main'
- run: |
- [[ "$PROJECT_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+-SNAPSHOT$ ]] || {
- echo "was expecting a snapshot version, found: \"$PROJECT_VERSION\"" 1>&2
- exit 1
- }
-
- - name: Check version (RELEASE)
- if: startsWith(github.ref, 'refs/heads/release/')
- run: |
- [[ "${GITHUB_REF/refs\/heads\/release\//}" == "$PROJECT_VERSION" ]] || {
- echo "git ref \"$GITHUB_REF\" mismatches with the version: \"$PROJECT_VERSION\"" 1>&2
- exit 1
- }
- [[ "$PROJECT_VERSION" =~ ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*(-[a-zA-Z][0-9a-zA-Z-]*)?)$ ]] || {
- echo "invalid release version: \"$PROJECT_VERSION\"" 1>&2
- exit 1
- }
-
- - name: Upload to Nexus
- run: |
- gpg --list-secret-keys
- ./mvnw \
- --show-version --batch-mode --errors --no-transfer-progress \
- -P deploy
- env:
- # `NEXUS_USERNAME` and `NEXUS_PASSWORD` are used in `~/.m2/settings.xml` created by `setup-java` action
- NEXUS_USERNAME: ${{ github.ref == 'refs/heads/main' && secrets.NEXUS_USER || secrets.LOGGING_STAGE_DEPLOYER_USER }}
- NEXUS_PASSWORD: ${{ github.ref == 'refs/heads/main' && secrets.NEXUS_PW || secrets.LOGGING_STAGE_DEPLOYER_PW }}
- # `SIGN_KEY` is used by `sign-maven-plugin`
- SIGN_KEY: ${{ secrets.GPG_SECRET_KEY }}
-
- - name: Create the distribution (RELEASE)
- if: startsWith(github.ref, 'refs/heads/release/')
- run: |
- ./mvnw \
- --show-version --batch-mode --errors --no-transfer-progress \
- --non-recursive -P distribution
- export DIST_FILENAME_PREFIX="apache-log4j-tools"
- export DIST_FILENAME_VERSIONED_PREFIX="${DIST_FILENAME_PREFIX}-${PROJECT_VERSION}"
- export DIST_FILEPATH="/tmp/${DIST_FILENAME_VERSIONED_PREFIX}.zip"
- mv "target/dist.zip" "$DIST_FILEPATH"
- gpg --armor --detach-sign --yes --pinentry-mode error "$DIST_FILEPATH"
- sha512sum "$DIST_FILEPATH" > "$DIST_FILEPATH.sha512"
- cat >> $GITHUB_ENV << EOF
- DIST_FILENAME_PREFIX=$DIST_FILENAME_PREFIX
- DIST_FILENAME_VERSIONED_PREFIX=$DIST_FILENAME_VERSIONED_PREFIX
- DIST_FILEPATH=$DIST_FILEPATH
- EOF
-
- - name: Upload to Subversion (RELEASE)
- if: startsWith(github.ref, 'refs/heads/release/')
- run: |
-
- # Checkout the SVN repository
- export SVN_DIR="/tmp/svn-repo"
- svn co \
- --depth files \
- https://dist.apache.org/repos/dist/dev/logging/log4j \
- "$SVN_DIR"
- cd "$SVN_DIR"
-
- # Clean up old files
- find . -name "${DIST_FILENAME_PREFIX}*" -type f -print0 | xargs -0 -r svn delete
-
- # Generate emails
- for EMAIL_TYPE in vote announce; do
- "$GITHUB_WORKSPACE/.github/generate-email.sh" $EMAIL_TYPE $PROJECT_VERSION $GITHUB_SHA \
- > "${DIST_FILENAME_VERSIONED_PREFIX}-email-${EMAIL_TYPE}.txt"
- done
-
- # Copy the distribution
- cp "$DIST_FILEPATH"* .
-
- # Add & commit changes
- svn add "${DIST_FILENAME_PREFIX}"*
- svn commit \
- --username "$SVN_USERNAME" \
- --password "$SVN_PASSWORD" \
- -m "Added *fake* \`${DIST_FILENAME_PREFIX}\` artifacts for release \`${PROJECT_VERSION}\`"
-
- env:
- SVN_USERNAME: ${{ secrets.SVN_USERNAME }}
- SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }}