You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by vy...@apache.org on 2023/09/01 11:40:16 UTC
[logging-parent] branch main updated: Rework CI
This is an automated email from the ASF dual-hosted git repository.
vy pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/logging-parent.git
The following commit(s) were added to refs/heads/main by this push:
new 2021e0c Rework CI
2021e0c is described below
commit 2021e0c122b10aba7ab4a2fa1d634ea7d03ac924
Author: Volkan Yazıcı <vo...@yazi.ci>
AuthorDate: Fri Sep 1 13:40:21 2023 +0200
Rework CI
---
.github/{dependabot.yaml => dependabot.yml} | 0
.github/workflows/build-reusable.yml | 103 +++++++++++++++++++
.github/workflows/build.yml | 33 +++++-
...ld-template.yml => deploy-release-reusable.yml} | 112 ++-------------------
.github/workflows/deploy-snapshot-reusable.yml | 73 ++++++++++++++
5 files changed, 213 insertions(+), 108 deletions(-)
diff --git a/.github/dependabot.yaml b/.github/dependabot.yml
similarity index 100%
rename from .github/dependabot.yaml
rename to .github/dependabot.yml
diff --git a/.github/workflows/build-reusable.yml b/.github/workflows/build-reusable.yml
new file mode 100644
index 0000000..88eebdb
--- /dev/null
+++ b/.github/workflows/build-reusable.yml
@@ -0,0 +1,103 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: build-reusable
+
+on:
+ workflow_call:
+ inputs:
+ java-version:
+ description: "The Java *compiler* version! (Target is fixed: 8)"
+ required: false
+ type: string
+
+jobs:
+
+ build:
+
+ runs-on: ${{ matrix.os }}
+
+ strategy:
+ matrix:
+ os: [ macos-latest, ubuntu-latest, windows-latest ]
+
+ steps:
+
+ - name: Checkout repository
+ uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # 3.6.0
+
+ - name: Set up Java
+ uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # 3.7.0
+ with:
+ distribution: temurin
+ java-version: ${{ inputs.java-version }}
+ java-package: jdk
+ architecture: x64
+ cache: maven
+
+ # We could have used `verify`, but `clean install` is required while generating the build reproducibility report, which is performed in the next step.
+ # For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
+ - name: Build
+ shell: bash
+ run: |
+ ./mvnw \
+ --show-version --batch-mode --errors --no-transfer-progress \
+ -DtrimStackTrace=false \
+ -DinstallAtEnd=true \
+ clean install
+
+ # `clean verify artifact:compare` is required to generate the build reproducibility report.
+ # For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
+ - name: Report build reproducibility
+ shell: bash
+ run: |
+ ./mvnw \
+ --show-version --batch-mode --errors --no-transfer-progress \
+ -DskipTests=true \
+ clean verify artifact:compare
+
+ - name: Verify build reproducibility
+ shell: bash
+ run: |
+ find . -name target -type d -exec find {} -name "*.buildcompare" \; | while read report_file; do
+ if ! grep -q "^ko=0$" "$report_file"; then
+ echo "Spotted build reproducibility failure in \`$report_file\`:"
+ cat "$report_file"
+ echo "fuck"
+ fi
+ done
+
+ merge:
+
+ runs-on: ubuntu-latest
+ needs: build
+
+ steps:
+
+ - name: "[dependabot] Fetch metadata"
+ id: metadata
+ if: github.event_name == 'pull_request' && github.actor == 'dependabot[bot]'
+ uses: dependabot/fetch-metadata@c9c4182bf1b97f5224aee3906fd373f6b61b4526 # 1.6.0
+ with:
+ github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+ - name: "[dependabot] Auto-merge the PR"
+ if: github.event_name == 'pull_request' && github.actor == 'dependabot[bot]'
+ run: gh pr merge --auto --squash "$PR_URL"
+ env:
+ PR_URL: ${{ github.event.pull_request.html_url }}
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 4c75047..04f4815 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -23,21 +23,46 @@ on:
# They were (hopefully!) already tested in PR-triggered workflow.
branches-ignore:
- "dependabot/**"
+ paths-ignore:
+ - "**.adoc"
+ - "**.md"
+ - "**.txt"
pull_request:
paths-ignore:
- "**.adoc"
- "**.md"
- "**.txt"
+permissions: read-all
+
+env:
+ JAVA_VERSION: 17
+ PROJECT_NAME: logging-parent
+
jobs:
build:
- uses: apache/logging-parent/.github/workflows/build-template.yml@c36c3cca34fbbfa0087f8236ad6217fa54f1ba75
+ uses: apache/logging-parent/.github/workflows/build-reusable.yml@main
+ # Write permissions to allow merge of `dependabot` PRs
permissions:
contents: write
pull-requests: write
with:
- repository-path: apache/logging-parent
- java-version: 17
- project-name: logging-parent
+ java-version: ${{ env.JAVA_VERSION }}
+
+ deploy-snapshot:
+ needs: build
+ if: github.repository == 'apache/logging-parent' && github.ref == 'refs/heads/main'
+ uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yml@main
secrets: inherit
+ with:
+ java-version: ${{ env.JAVA_VERSION }}
+
+ deploy-release:
+ needs: build
+ if: github.repository == 'apache/logging-parent' && startsWith(github.ref, 'refs/heads/release/')
+ uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yml@main
+ secrets: inherit
+ with:
+ java-version: ${{ env.JAVA_VERSION }}
+ project-name: ${{ env.PROJECT_NAME }}
diff --git a/.github/workflows/build-template.yml b/.github/workflows/deploy-release-reusable.yml
similarity index 55%
rename from .github/workflows/build-template.yml
rename to .github/workflows/deploy-release-reusable.yml
index 1ff882a..861f5da 100644
--- a/.github/workflows/build-template.yml
+++ b/.github/workflows/deploy-release-reusable.yml
@@ -15,15 +15,11 @@
# limitations under the License.
#
-name: build
+name: deploy-release-reusable
on:
workflow_call:
inputs:
- repository-path:
- description: The relative GitHub path to the repository (e.g., `apache/logging-parent`)
- required: true
- type: string
java-version:
description: "The Java *compiler* version! (Target is fixed: 8)"
required: false
@@ -36,12 +32,6 @@ on:
GPG_SECRET_KEY:
description: GPG secret key for signing artifacts
required: true
- NEXUS_USER:
- description: Nexus snapshot repository username for deploying artifacts
- required: true
- NEXUS_PW:
- description: Nexus snapshot repository password for deploying artifacts
- required: true
LOGGING_STAGE_DEPLOYER_USER:
description: Nexus staging repository username for deploying artifacts
required: true
@@ -56,88 +46,8 @@ on:
required: true
jobs:
-
- build:
-
- runs-on: ${{ matrix.os }}
-
- strategy:
- matrix:
- os: [ macos-latest, ubuntu-latest, windows-latest ]
-
- steps:
-
- - name: Checkout repository
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # 3.6.0
-
- - name: Set up Java
- uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # 3.7.0
- with:
- distribution: temurin
- java-version: ${{ inputs.java-version }}
- java-package: jdk
- architecture: x64
- cache: maven
-
- # We could have used `verify`, but `clean install` is required while generating the build reproducibility report, which is performed in the next step.
- # For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
- - name: Build
- shell: bash
- run: |
- ./mvnw \
- --show-version --batch-mode --errors --no-transfer-progress \
- -DtrimStackTrace=false \
- -DinstallAtEnd=true \
- clean install
-
- # `clean verify artifact:compare` is required to generate the build reproducibility report.
- # For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
- - name: Report build reproducibility
- shell: bash
- run: |
- ./mvnw \
- --show-version --batch-mode --errors --no-transfer-progress \
- -DskipTests=true \
- clean verify artifact:compare
-
- - name: Verify build reproducibility
- shell: bash
- run: |
- find . -name target -type d -exec find {} -name "*.buildcompare" \; | while read report_file; do
- if ! grep -q "^ko=0$" "$report_file"; then
- echo "Spotted build reproducibility failure in \`$report_file\`:"
- cat "$report_file"
- echo "fuck"
- fi
- done
-
- merge:
-
- runs-on: ubuntu-latest
- needs: build
-
- steps:
-
- - name: "[dependabot] Fetch metadata"
- id: metadata
- if: github.event_name == 'pull_request' && github.actor == 'dependabot[bot]'
- uses: dependabot/fetch-metadata@c9c4182bf1b97f5224aee3906fd373f6b61b4526 # 1.6.0
- with:
- github-token: "${{ secrets.GITHUB_TOKEN }}"
-
- - name: "[dependabot] Auto-merge the PR"
- if: github.event_name == 'pull_request' && github.actor == 'dependabot[bot]'
- run: gh pr merge --auto --squash "$PR_URL"
- env:
- PR_URL: ${{ github.event.pull_request.html_url }}
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
deploy:
-
runs-on: ubuntu-latest
- needs: merge
- if: github.repository == inputs.repository-path && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/'))
-
steps:
- name: Checkout repository
@@ -147,14 +57,13 @@ jobs:
uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # 3.7.0
with:
distribution: temurin
- java-version: 17
+ java-version: ${{ inputs.java-version }}
java-package: jdk
architecture: x64
cache: maven
- server-id: ${{ github.ref == 'refs/heads/main' && 'apache.snapshots.https' || 'apache.releases.https' }}
+ server-id: apache.releases.https
server-username: NEXUS_USERNAME
server-password: NEXUS_PASSWORD
- # We won't use `maven-gpg-plugin`, but this is convenient to import the GPG secret key
gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
- name: Export version
@@ -169,21 +78,17 @@ jobs:
- name: Upload to Nexus
run: |
gpg --list-secret-keys
- MAVEN_PROFILES="deploy"
- if [[ "${{ github.ref }}" = "refs/heads/release" ]]; then
- MAVEN_PROFILES="$MAVEN_PROFILES,release"
- fi
./mvnw \
--show-version --batch-mode --errors --no-transfer-progress \
- -P $MAVEN_PROFILES
+ -P deploy,release
env:
# `NEXUS_USERNAME` and `NEXUS_PASSWORD` are used in `~/.m2/settings.xml` created by `setup-java` action
- NEXUS_USERNAME: ${{ github.ref == 'refs/heads/main' && secrets.NEXUS_USER || secrets.LOGGING_STAGE_DEPLOYER_USER }}
- NEXUS_PASSWORD: ${{ github.ref == 'refs/heads/main' && secrets.NEXUS_PW || secrets.LOGGING_STAGE_DEPLOYER_PW }}
+ NEXUS_USERNAME: ${{ secrets.LOGGING_STAGE_DEPLOYER_USER }}
+ NEXUS_PASSWORD: ${{ secrets.LOGGING_STAGE_DEPLOYER_PW }}
# `SIGN_KEY` is used by `sign-maven-plugin`
SIGN_KEY: ${{ secrets.GPG_SECRET_KEY }}
- - name: Create the distribution (RELEASE)
+ - name: Create the distribution
if: startsWith(github.ref, 'refs/heads/release/')
run: |
./mvnw \
@@ -201,8 +106,7 @@ jobs:
DIST_FILEPATH=$DIST_FILEPATH
EOF
- - name: Upload to Subversion (RELEASE)
- if: startsWith(github.ref, 'refs/heads/release/')
+ - name: Upload to Subversion
run: |
# Checkout the SVN repository
diff --git a/.github/workflows/deploy-snapshot-reusable.yml b/.github/workflows/deploy-snapshot-reusable.yml
new file mode 100644
index 0000000..ce1d854
--- /dev/null
+++ b/.github/workflows/deploy-snapshot-reusable.yml
@@ -0,0 +1,73 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: deploy-snapshot-reusable
+
+on:
+ workflow_call:
+ inputs:
+ java-version:
+ description: "The Java *compiler* version! (Target is fixed: 8)"
+ required: false
+ type: string
+ secrets:
+ NEXUS_USER:
+ description: Nexus snapshot repository username for deploying artifacts
+ required: true
+ NEXUS_PW:
+ description: Nexus snapshot repository password for deploying artifacts
+ required: true
+
+jobs:
+ deploy:
+ runs-on: ubuntu-latest
+ steps:
+
+ - name: Checkout repository
+ uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # 3.6.0
+
+ - name: Set up Java
+ uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # 3.7.0
+ with:
+ distribution: temurin
+ java-version: ${{ inputs.java-version }}
+ java-package: jdk
+ architecture: x64
+ cache: maven
+ server-id: apache.snapshots.https
+ server-username: NEXUS_USERNAME
+ server-password: NEXUS_PASSWORD
+
+ - name: Export version
+ run: |
+ export PROJECT_VERSION=$(./mvnw \
+ --quiet --batch-mode -DforceStdout=true \
+ -Dexpression=project.version \
+ help:evaluate \
+ | tail -n 1)
+ echo "PROJECT_VERSION=$PROJECT_VERSION" >> $GITHUB_ENV
+
+ - name: Upload to Nexus
+ run: |
+ gpg --list-secret-keys
+ ./mvnw \
+ --show-version --batch-mode --errors --no-transfer-progress \
+ -P deploy
+ env:
+ # `NEXUS_USERNAME` and `NEXUS_PASSWORD` are used in `~/.m2/settings.xml` created by `setup-java` action
+ NEXUS_USERNAME: ${{ secrets.NEXUS_USER }}
+ NEXUS_PASSWORD: ${{ secrets.NEXUS_PW }}