From 104f6dd3d22e349abd5a1018c2ba7feb68032658 Mon Sep 17 00:00:00 2001 From: Paul Latzelsperger Date: Tue, 3 Dec 2024 13:06:52 +0100 Subject: [PATCH 1/2] feat(ci): use common workflows --- .github/actions/bump-version/action.yml | 68 ------------------- .github/actions/import-gpg-key/action.yml | 39 ----------- .../publish-maven-artifacts/action.yml | 64 ----------------- .github/actions/run-tests/action.yml | 35 ---------- .github/actions/setup-build/action.yml | 23 ------- .github/workflows/dash-dependency-check.yml | 63 ----------------- .github/workflows/publish-snapshot.yml | 50 -------------- .github/workflows/release-tck-build.yml | 4 +- .github/workflows/run-tests.yaml | 6 +- .github/workflows/trigger_snapshot.yml | 10 +-- 10 files changed, 11 insertions(+), 351 deletions(-) delete mode 100644 .github/actions/bump-version/action.yml delete mode 100644 .github/actions/import-gpg-key/action.yml delete mode 100644 .github/actions/publish-maven-artifacts/action.yml delete mode 100644 .github/actions/run-tests/action.yml delete mode 100644 .github/actions/setup-build/action.yml delete mode 100644 .github/workflows/dash-dependency-check.yml delete mode 100644 .github/workflows/publish-snapshot.yml diff --git a/.github/actions/bump-version/action.yml b/.github/actions/bump-version/action.yml deleted file mode 100644 index a9edc88..0000000 --- a/.github/actions/bump-version/action.yml +++ /dev/null @@ -1,68 +0,0 @@ -# -# Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# SPDX-License-Identifier: Apache-2.0 -# -# Contributors: -# Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation -# - ---- -name: "Bump version in gradle.properties" -description: "Increments the patch version of the version found in gradle.properties, appends -SNAPSHOT" -inputs: - target_branch: - default: 'main' - description: "Branch on which the version bump is to be done." - required: false - base_version: - description: "The current version, which is to be bumped to the next snapshot" - required: false - -runs: - using: "composite" - steps: - - uses: actions/checkout@v4 - - name: read version from gradle.properties - shell: bash - run: | - # Prepare git env - git config user.name "eclipse-dataspacetck-bot" - git config user.email "dataspacetck-bot@eclipse.org" - - # checkout target - git fetch origin - git checkout ${{ inputs.target_branch }} - - # use current version from input - baseVersion=${{ inputs.base_version }} - existingVersion=$(grep "version" gradle.properties | awk -F= '{print $2}') - - # read the major, minor, and patch components, consume -SNAPSHOT - IFS=.- read -r RELEASE_VERSION_MAJOR RELEASE_VERSION_MINOR RELEASE_VERSION_PATCH SNAPSHOT<<<"$baseVersion" - INC=0 - # Compute new snapshot version, do not increment snapshot on non-final releases, e.g. -rc1 - if [ -z $SNAPSHOT ]; then - echo "$baseVersion is a final release version, increase patch for next snapshot" - INC=1 - else - echo "$baseVersion is not a final release version (contains \"$SNAPSHOT\"), will not increase patch" - fi - - # construct the new version - newVersion="$RELEASE_VERSION_MAJOR.$RELEASE_VERSION_MINOR.$((RELEASE_VERSION_PATCH+$INC))"-SNAPSHOT - - # replace every occurrence of =$baseVersion with =$newVersion - grep -rlz "$existingVersion" . --exclude=\*.{sh,bin} | xargs sed -i "s/$existingVersion/$newVersion/g" - - echo "Bumped the version from $baseVersion to $newVersion" - - # Commit and push to the desired branch, defaults to 'main' - git add . - git commit --message "Bump version from $baseVersion to $newVersion [skip ci]" - - git push origin ${{ inputs.target_branch }} diff --git a/.github/actions/import-gpg-key/action.yml b/.github/actions/import-gpg-key/action.yml deleted file mode 100644 index cfe5bcb..0000000 --- a/.github/actions/import-gpg-key/action.yml +++ /dev/null @@ -1,39 +0,0 @@ -# -# Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# SPDX-License-Identifier: Apache-2.0 -# -# Contributors: -# Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation -# - - ---- -name: "Import GPG Key" -description: "Imports a GPG key" -inputs: - gpg-private-key: - required: true - description: "The GPG Private Key" -runs: - using: "composite" - steps: - - name: List Keys - shell: bash - run: | - gpg -K --keyid-format=long - - - name: Import GPG Private Key - shell: bash - run: | - echo "use-agent" >> ~/.gnupg/gpg.conf - echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf - echo -e "${{ inputs.gpg-private-key }}" | gpg --import --batch - for fpr in $(gpg --list-keys --with-colons | awk -F: '/fpr:/ {print $10}' | sort -u); - do - echo -e "5\\ny\\n" | gpg --batch --command-fd 0 --expert --edit-key $fpr trust; - done diff --git a/.github/actions/publish-maven-artifacts/action.yml b/.github/actions/publish-maven-artifacts/action.yml deleted file mode 100644 index a2c5c71..0000000 --- a/.github/actions/publish-maven-artifacts/action.yml +++ /dev/null @@ -1,64 +0,0 @@ -# -# Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# SPDX-License-Identifier: Apache-2.0 -# -# Contributors: -# Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation -# - ---- -name: "Publish Maven Artifacts" -description: "Build and publish maven artifacts to repository" - -inputs: - version: - description: the version to be attached to the artifacts, if not specified, the one configured in the project will be used - required: false - gpg-private-key: - description: the gpg private key used to publish - required: true - gpg-passphrase: - description: the gpg passphrase used to publish - required: true - osshr-username: - description: the OSSHR username - required: true - osshr-password: - description: the OSSHR password - required: true - -runs: - using: "composite" - steps: - - uses: ./.github/actions/setup-build - - - uses: ./.github/actions/import-gpg-key - with: - gpg-private-key: ${{ inputs.gpg-private-key }} - - - if: inputs.version != null - shell: bash - run: | - sed -i 's#^version=.*#version=${{ inputs.version }}#g' $(find . -name "gradle.properties") - - - name: "Publish To OSSRH/MavenCentral" - shell: bash - env: - OSSRH_USERNAME: ${{ inputs.osshr-username }} - OSSRH_PASSWORD: ${{ inputs.osshr-password }} - run: |- - VERSION=$(grep "version" gradle.properties | awk -F= '{print $2}') - cmd="" - if [[ $VERSION != *-SNAPSHOT ]] - then - cmd="closeAndReleaseSonatypeStagingRepository"; - fi - echo "Publishing Version $VERSION to Sonatype" - ./gradlew publishToSonatype ${cmd} --no-parallel -Pversion=$VERSION -Psigning.gnupg.executable=gpg -Psigning.gnupg.passphrase="${{ inputs.gpg-passphrase }}" \ - -Dorg.gradle.internal.network.retry.max.attempts=5 -Dorg.gradle.internal.network.retry.initial.backOff=5000 - diff --git a/.github/actions/run-tests/action.yml b/.github/actions/run-tests/action.yml deleted file mode 100644 index 3369953..0000000 --- a/.github/actions/run-tests/action.yml +++ /dev/null @@ -1,35 +0,0 @@ -# -# Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# SPDX-License-Identifier: Apache-2.0 -# -# Contributors: -# Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation -# - ---- -name: "Run tests" -description: "Run tests and archive test results for subsequent publication" -inputs: - command: - required: true - description: "The shell command to run tests" -runs: - using: "composite" - steps: - - name: Run Tests - shell: bash - run: ${{ inputs.command }} - - - name: Upload Test Results - uses: actions/upload-artifact@v3 - if: always() - with: - name: Test Results ${{ github.job }} - path: | - **/test-results/**/*.xml - **/build/reports/jacoco/test/jacocoTestReport.xml diff --git a/.github/actions/setup-build/action.yml b/.github/actions/setup-build/action.yml deleted file mode 100644 index 98b7cdc..0000000 --- a/.github/actions/setup-build/action.yml +++ /dev/null @@ -1,23 +0,0 @@ -# -# Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# SPDX-License-Identifier: Apache-2.0 -# -# Contributors: -# Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation -# - ---- -name: "Setup Gradle" -description: "Setup Gradle" -runs: - using: "composite" - steps: - - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: 'temurin' diff --git a/.github/workflows/dash-dependency-check.yml b/.github/workflows/dash-dependency-check.yml deleted file mode 100644 index efdbc8a..0000000 --- a/.github/workflows/dash-dependency-check.yml +++ /dev/null @@ -1,63 +0,0 @@ -# -# Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# SPDX-License-Identifier: Apache-2.0 -# -# Contributors: -# Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation -# - ---- -name: 'DASH Dependency Check' -on: - push: - branches: - - main - pull_request: - -permissions: - contents: read - -jobs: - Dash-Verify-Licenses: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: ./.github/actions/setup-build - - name: Download latest Eclipse Dash - run: | - curl -L https://repo.eclipse.org/service/local/artifact/maven/redirect\?r\=dash-licenses\&g\=org.eclipse.dash\&a\=org.eclipse.dash.licenses\&v\=LATEST --output dash.jar - - name: generate DEP file - run: | - # dash returns a nonzero exit code if there are libs that need review. the "|| true" avoids that - ./gradlew allDependencies | grep -Poh "(?<=\s)[\w.-]+:[\w.-]+:[^:\s\[\]]+" | sort | uniq | java -jar dash.jar - -summary DEPENDENCIES-gen || true - - # error if DEPENDENCIES is empty - grep -E 'maven' DEPENDENCIES-gen | if test $(wc -l) -lt 1; then - echo "::error file=DEPENDENCIES-gen,title=Dependencies file is invalid" - exit 1 - fi - - # log error and fail job if rejected deps are found - grep -E 'rejected' DEPENDENCIES-gen | if test $(wc -l) -gt 0; then - echo "::error file=DEPENDENCIES,title=Rejected Dependencies found::Please remove all rejected dependencies." - exit 1 - fi - - - name: Check for differences - run: | - if diff DEPENDENCIES DEPENDENCIES-gen ; then - echo "DEPENDENCIES unchanged" - else - diff DEPENDENCIES DEPENDENCIES-gen || true - echo "------------------------------------------------------------" - echo "=== Please copy the following content back to DEPENDENCIES ===" - cat DEPENDENCIES-gen - echo "=== end of content ===" - echo "::error file=DEPENDENCIES,title=Dependencies outdated::The DEPENDENCIES file was outdated and must be regenerated. Check the output of this job for more information" - exit 1 - fi diff --git a/.github/workflows/publish-snapshot.yml b/.github/workflows/publish-snapshot.yml deleted file mode 100644 index 2a509f6..0000000 --- a/.github/workflows/publish-snapshot.yml +++ /dev/null @@ -1,50 +0,0 @@ -# -# Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# SPDX-License-Identifier: Apache-2.0 -# -# Contributors: -# Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation -# - ---- -name: "Publish Snapshot Build" - -on: - workflow_dispatch: - workflow_call: - -jobs: - secrets-presence: - name: "Check for required credentials" - runs-on: ubuntu-latest - outputs: - HAS_OSSRH: ${{ steps.secret-presence.outputs.HAS_OSSRH }} - steps: - - name: Check whether secrets exist - id: secret-presence - run: | - [ ! -z "${{ secrets.GPG_PASSPHRASE }}" ] && - [ ! -z "${{ secrets.GPG_PRIVATE_KEY }}" ] && - [ ! -z "${{ secrets.OSSRH_PASSWORD }}" ] && - [ ! -z "${{ secrets.OSSRH_USERNAME }}" ] && echo "HAS_OSSRH=true" >> $GITHUB_OUTPUT - exit 0 - - Publish-Snapshot: - name: "Publish artefacts to OSSRH Snapshots" - runs-on: ubuntu-latest - needs: [ secrets-presence ] - if: | - needs.secrets-presence.outputs.HAS_OSSRH - steps: - - uses: actions/checkout@v4 - - uses: ./.github/actions/publish-maven-artifacts - with: - gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} - gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} - osshr-username: ${{ secrets.OSSRH_USERNAME }} - osshr-password: ${{ secrets.OSSRH_PASSWORD }} diff --git a/.github/workflows/release-tck-build.yml b/.github/workflows/release-tck-build.yml index a999649..1b28645 100644 --- a/.github/workflows/release-tck-build.yml +++ b/.github/workflows/release-tck-build.yml @@ -12,7 +12,7 @@ # --- -name: Create CVF Release +name: Create TCK Build Release on: workflow_dispatch: inputs: @@ -80,7 +80,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/bump-version + - uses: eclipse-dataspacetck/tck-common/.github/actions/bump-version@main with: target_branch: "main" base_version: ${{ needs.Prepare-Release.outputs.tck-version }} \ No newline at end of file diff --git a/.github/workflows/run-tests.yaml b/.github/workflows/run-tests.yaml index 7a76aaf..46f0eae 100644 --- a/.github/workflows/run-tests.yaml +++ b/.github/workflows/run-tests.yaml @@ -52,7 +52,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/setup-build + - uses: eclipse-dataspacetck/tck-common/.github/actions/setup-build@main - name: Run Checkstyle run: ./gradlew checkstyleMain checkstyleTest @@ -61,7 +61,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/setup-build + - uses: eclipse-dataspacetck/tck-common/.github/actions/setup-build@main - name: Run Javadoc run: ./gradlew javadoc @@ -72,7 +72,7 @@ jobs: JACOCO: true steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/setup-build + - uses: eclipse-dataspacetck/tck-common/.github/actions/setup-build@main - name: Run unit tests run: | diff --git a/.github/workflows/trigger_snapshot.yml b/.github/workflows/trigger_snapshot.yml index f224bab..fdcc6a8 100644 --- a/.github/workflows/trigger_snapshot.yml +++ b/.github/workflows/trigger_snapshot.yml @@ -23,9 +23,11 @@ on: jobs: Publish-Snapshot: # This workflow will abort if the required secrets don't exist - uses: ./.github/workflows/publish-snapshot.yml + uses: eclipse-dataspacetck/tck-common/.github/workflows/publish-snapshot.yml@main secrets: inherit -# Publish-Dependencies: -# uses: eclipse-edc/.github/.github/workflows/publish-dependencies.yml@main -# secrets: inherit + Publish-Dependencies: + uses: eclipse-dataspacetck/tck-common/.github/workflows/publish-dependencies.yml@main + permissions: + contents: write + secrets: inherit From ee7a31b22f2e161152d5da9cd307b5b916566536 Mon Sep 17 00:00:00 2001 From: Paul Latzelsperger Date: Tue, 3 Dec 2024 13:10:38 +0100 Subject: [PATCH 2/2] updated CODEOWNERS --- CODEOWNERS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CODEOWNERS b/CODEOWNERS index 4b9de6f..b35a4c4 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -15,3 +15,6 @@ NOTICE.md @jimmarino @wolf4ood @paullatzelsperger .github/actions/ @paullatzelsperger .github/ISSUE_TEMPLATE @paullatzelsperger .github/workflows/ @paullatzelsperger + +plugins/ @paullatzelsperger +buildSrc/ @paullatzelsperger \ No newline at end of file