staging changed #135
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Activiti Cloud | |
| on: | |
| push: | |
| branches: ['releases/main/**'] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| load-release-info: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.load-descriptor.outputs.version }} | |
| next-version: ${{ steps.load-descriptor.outputs.next-version }} | |
| notes-start-tag: ${{ steps.load-descriptor.outputs.notes-start-tag }} | |
| mock: ${{ steps.load-descriptor.outputs.mock }} | |
| activiti-tag: ${{ steps.load-descriptor.outputs.activiti-tag }} | |
| activiti-cloud-tag: ${{ steps.load-descriptor.outputs.activiti-cloud-tag }} | |
| common-chart-tag: ${{ steps.load-descriptor.outputs.common-chart-tag }} | |
| full-chart-tag: ${{ steps.load-descriptor.outputs.full-chart-tag }} | |
| staging-repository: ${{ steps.load-descriptor.outputs.staging-repository }} | |
| steps: | |
| - name: Installing activiti-scripts | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/load-release-descriptor@9d00215f539f669b41c7fabf7b88ccc8f316926c # v6.0.1 | |
| id: load-descriptor | |
| with: | |
| release-descriptor: release.yaml | |
| release-docker-images: | |
| runs-on: ubuntu-latest | |
| needs: [load-release-info] | |
| steps: | |
| - name: Checkout activiti-scripts | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: tag-docker-images | |
| uses: ./.github/actions/docker-update-manifest | |
| with: | |
| base-tag: ${{ needs.load-release-info.outputs.activiti-cloud-tag }} | |
| extra-tag: ${{ needs.load-release-info.outputs.version }} | |
| dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| dockerhub-access-token: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} | |
| release-common-chart: | |
| if: false | |
| runs-on: ubuntu-latest | |
| needs: [load-release-info] | |
| env: | |
| COMMON_CHART_DIR: common-chart | |
| steps: | |
| - name: Checkout common chart | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| env: | |
| BASE_TAG: ${{needs.load-release-info.outputs.common-chart-tag}} | |
| with: | |
| path: ${{ env.COMMON_CHART_DIR }} | |
| repository: Activiti/activiti-cloud-common-chart | |
| ref: ${{ env.BASE_TAG }} | |
| token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| - name: Release common chart | |
| uses: Alfresco/alfresco-build-tools/.github/actions/helm-release-and-publish@9d00215f539f669b41c7fabf7b88ccc8f316926c # v6.0.1 | |
| with: | |
| version: ${{ needs.load-release-info.outputs.version }} | |
| chart-dir: charts/common | |
| chart-repository-dir: ${{ env.COMMON_CHART_DIR }} | |
| helm-repository: Activiti/activiti-cloud-helm-charts | |
| helm-repository-branch: gh-pages | |
| helm-repository-token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| git-username: ${{ secrets.BOT_GITHUB_USERNAME }} | |
| release-full-chart: | |
| runs-on: ubuntu-latest | |
| needs: [load-release-info, release-common-chart] | |
| env: | |
| FULL_CHART_DIR: full-chart | |
| CHART_FILES_DIR: charts/activiti-cloud-full-example | |
| VERSION: ${{needs.load-release-info.outputs.version}} | |
| steps: | |
| - name: Checkout activiti-scripts | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Checkout full chart | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| env: | |
| BASE_TAG: ${{ needs.load-release-info.outputs.full-chart-tag }} | |
| with: | |
| path: ${{ env.FULL_CHART_DIR }} | |
| repository: Activiti/activiti-cloud-full-chart | |
| ref: ${{ env.BASE_TAG }} | |
| token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| - name: Update dependencies | |
| working-directory: ${{ env.FULL_CHART_DIR }}/${{env.CHART_FILES_DIR}} | |
| run: | | |
| yq e '(.dependencies.[] | select(.name == "common").version) = env(VERSION)' -i requirements.yaml | |
| yq -i e '.runtime-bundle.image.tag = env(VERSION)' values.yaml | |
| yq -i e '.activiti-cloud-query.image.tag = env(VERSION)' values.yaml | |
| yq -i e '.activiti-cloud-connector.image.tag = env(VERSION)' values.yaml | |
| yq -i e '.activiti-cloud-identity-adapter.image.tag = env(VERSION)' values.yaml | |
| - name: Wait for common chart to be published | |
| uses: ./.github/actions/wait-for-chart | |
| with: | |
| chart-name: common | |
| version: ${{ needs.load-release-info.outputs.version }} | |
| helm-repo-name: activiti-cloud-helm-charts | |
| helm-repo-url: https://activiti.github.io/activiti-cloud-helm-charts | |
| - name: Release full chart | |
| uses: Alfresco/alfresco-build-tools/.github/actions/helm-release-and-publish@9d00215f539f669b41c7fabf7b88ccc8f316926c # v6.0.1 | |
| with: | |
| version: ${{ needs.load-release-info.outputs.version }} | |
| chart-dir: ${{env.CHART_FILES_DIR}} | |
| chart-repository-dir: ${{ env.FULL_CHART_DIR }} | |
| helm-repository: Activiti/activiti-cloud-helm-charts | |
| helm-repository-branch: gh-pages | |
| helm-repository-token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| git-username: ${{ secrets.BOT_GITHUB_USERNAME }} | |
| release-activiti: | |
| runs-on: ubuntu-latest | |
| needs: [load-release-info] | |
| steps: | |
| - name: Checkout activiti-scripts | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/maven-release@a4013b7dfd8453ee94ec5d4eb8cb51d74654f770 # improvement/AAE-24324-Adapt-management-of-Nexus-staging-repositories-to-Nexus-3 | |
| with: | |
| repo: Activiti/Activiti | |
| base-ref: ${{ needs.load-release-info.outputs.activiti-tag }} | |
| release-version: ${{ needs.load-release-info.outputs.version }} | |
| staging-repository: activiti-staging | |
| git-username: ${{ secrets.BOT_GITHUB_USERNAME }} | |
| github-token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| gpg-passphrase: "${{ secrets.GPG_PASSPHRASE }}" | |
| gpg-secret-keys: "${{ secrets.GPG_SECRET_KEYS }}" | |
| gpg-owner-trust: "${{ secrets.GPG_OWNERTRUST }}" | |
| nexus-username: "${{ secrets.NEXUS_USERNAME }}" | |
| nexus-password: "${{ secrets.NEXUS_PASSWORD }}" | |
| java-distribution: "temurin" | |
| java-version: "21" | |
| release-activiti-cloud: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - load-release-info | |
| - release-activiti | |
| steps: | |
| - name: Checkout activiti-scripts | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/maven-release@a4013b7dfd8453ee94ec5d4eb8cb51d74654f770 # improvement/AAE-24324-Adapt-management-of-Nexus-staging-repositories-to-Nexus-3 | |
| with: | |
| repo: Activiti/activiti-cloud | |
| base-ref: ${{ needs.load-release-info.outputs.activiti-cloud-tag }} | |
| extra-replacements: activiti.version=${{ needs.load-release-info.outputs.activiti-tag }} | |
| release-version: ${{ needs.load-release-info.outputs.version }} | |
| staging-repository: activiti-staging | |
| git-username: ${{ secrets.BOT_GITHUB_USERNAME }} | |
| github-token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| gpg-passphrase: "${{ secrets.GPG_PASSPHRASE }}" | |
| gpg-secret-keys: "${{ secrets.GPG_SECRET_KEYS }}" | |
| gpg-owner-trust: "${{ secrets.GPG_OWNERTRUST }}" | |
| nexus-username: "${{ secrets.NEXUS_USERNAME }}" | |
| nexus-password: "${{ secrets.NEXUS_PASSWORD }}" | |
| java-distribution: "temurin" | |
| java-version: "21" | |
| run-sanity-checks: | |
| if: false | |
| runs-on: ubuntu-latest | |
| needs: | |
| - load-release-info | |
| - release-docker-images | |
| - release-full-chart | |
| env: | |
| CHART_NAME: activiti-cloud-full-example | |
| CHART_REPO_NAME: activiti-cloud-helm-charts | |
| SSO_PROTOCOL: https | |
| GATEWAY_PROTOCOL: https | |
| CLUSTER_NAME: activiti | |
| CLUSTER_DOMAIN: envalfresco.com | |
| VERSION: ${{ needs.load-release-info.outputs.version }} | |
| ACT_CLOUD_DIR: activiti-cloud | |
| FULL_CHART_DIR: full-chart | |
| steps: | |
| - name: Set up kubectl | |
| uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v3 | |
| with: | |
| version: v1.19.6 | |
| - name: Set up Helm | |
| uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v3 | |
| with: | |
| version: v3.5.2 | |
| - name: Set up rancher | |
| uses: Alfresco/alfresco-build-tools/.github/actions/setup-rancher-cli@9d00215f539f669b41c7fabf7b88ccc8f316926c # v6.0.1 | |
| with: | |
| url: ${{ secrets.RANCHER2_URL }} | |
| access-key: ${{ secrets.RANCHER2_ACCESS_KEY }} | |
| secret-key: ${{ secrets.RANCHER2_SECRET_KEY }} | |
| context: ${{ env.CLUSTER_NAME }} | |
| - name: Checkout activiti-scripts | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Checkout activiti-cloud | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| repository: Activiti/activiti-cloud | |
| path: ${{ env.ACT_CLOUD_DIR}} | |
| # Use base tag instead of final one while checking out acceptance tests, in this way it's | |
| # possible to start running them earlier, once docker images and helm charts are released. | |
| ref: ${{ needs.load-release-info.outputs.activiti-cloud-tag }} | |
| - name: Checkout full chart | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| path: ${{ env.FULL_CHART_DIR }} | |
| repository: Activiti/activiti-cloud-full-chart | |
| ref: ${{ env.VERSION }} | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| cache: 'maven' | |
| - name: Wait for full chart to be published | |
| uses: ./.github/actions/wait-for-chart | |
| with: | |
| chart-name: ${{ env.CHART_NAME }} | |
| version: ${{ env.VERSION }} | |
| helm-repo-name: ${{ env.CHART_REPO_NAME }} | |
| helm-repo-url: https://activiti.github.io/activiti-cloud-helm-charts | |
| - name: Set up env variables | |
| run: | | |
| PREVIEW_NAME="release-${VERSION//./-}" | |
| GLOBAL_GATEWAY_DOMAIN=$CLUSTER_NAME.$CLUSTER_DOMAIN | |
| GATEWAY_HOST=gateway-$PREVIEW_NAME.$GLOBAL_GATEWAY_DOMAIN | |
| SSO_HOST=identity-$PREVIEW_NAME.$GLOBAL_GATEWAY_DOMAIN | |
| echo "PREVIEW_NAME=$PREVIEW_NAME" >> $GITHUB_ENV | |
| echo "GLOBAL_GATEWAY_DOMAIN=$GLOBAL_GATEWAY_DOMAIN" >> $GITHUB_ENV | |
| echo "GATEWAY_HOST=$GATEWAY_HOST" >> $GITHUB_ENV | |
| echo "SSO_HOST=$SSO_HOST" >> $GITHUB_ENV | |
| - name: Install application | |
| id: install-application | |
| working-directory: ${{env.FULL_CHART_DIR}}/charts/activiti-cloud-full-example | |
| env: | |
| MESSAGING_BROKER: rabbitmq | |
| MESSAGING_PARTITIONED: non-partitioned | |
| MESSAGING_DESTINATIONS: default-destinations | |
| CHART: activiti-cloud-helm-charts/activiti-cloud-full-example | |
| run: | | |
| helm upgrade $PREVIEW_NAME $CHART_REPO_NAME/$CHART_NAME --version $VERSION \ | |
| --install \ | |
| --set global.application.name=default-app \ | |
| --set global.keycloak.clientSecret=$(uuidgen) \ | |
| --set global.gateway.http=false \ | |
| --set global.gateway.domain=${GLOBAL_GATEWAY_DOMAIN} \ | |
| --values ${MESSAGING_BROKER}-values.yaml \ | |
| --values ${MESSAGING_PARTITIONED}-values.yaml \ | |
| --values ${MESSAGING_DESTINATIONS}-values.yaml \ | |
| --namespace $PREVIEW_NAME \ | |
| --create-namespace \ | |
| --atomic \ | |
| --timeout 8m | |
| - name: Run Acceptance Tests | |
| working-directory: ${{ env.ACT_CLOUD_DIR }} | |
| run: | | |
| wait_until_true () { | |
| local attempt_counter=0 | |
| local max_attempts=50 | |
| until "$@" | |
| do | |
| if [ ${attempt_counter} -eq ${max_attempts} ] | |
| then | |
| echo "Max attempts reached" | |
| break | |
| fi | |
| printf '.' | |
| attempt_counter=$((attempt_counter+1)) | |
| sleep 5 | |
| done | |
| } | |
| check_services_up () { | |
| curl --silent --head --fail $GATEWAY_PROTOCOL://$GATEWAY_HOST/rb/actuator/health > /dev/null 2>&1 && \ | |
| curl --silent --head --fail $GATEWAY_PROTOCOL://$GATEWAY_HOST/query/actuator/health > /dev/null 2>&1 | |
| } | |
| ### Main ### | |
| echo "Waiting for services to be up..." | |
| wait_until_true check_services_up | |
| # Showing the deployment result | |
| kubectl get all -n $PREVIEW_NAME | |
| # Launching the tests | |
| make test/runtime-acceptance-tests | |
| make test/identity-adapter-acceptance-tests | |
| - name: Delete application | |
| if: always() && steps.install-application.outcome == 'success' | |
| run: kubectl delete ns $PREVIEW_NAME | |
| create-scripts-tag: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - load-release-info | |
| - release-activiti | |
| - release-activiti-cloud | |
| env: | |
| RELEASE_VERSION: ${{ needs.load-release-info.outputs.version }} | |
| steps: | |
| - name: Checkout activiti-scripts | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/git-check-existing-tag@9d00215f539f669b41c7fabf7b88ccc8f316926c # v7.0.0 | |
| id: check-tag | |
| with: | |
| tag: ${{ env.RELEASE_VERSION }} | |
| - name: Create tag | |
| if: steps.check-tag.outputs.exists == 'false' | |
| run: | | |
| git config --global user.name "${{ secrets.BOT_GITHUB_USERNAME }}" | |
| git config --global user.email "${{ secrets.BOT_GITHUB_USERNAME }}@users.noreply.github.com" | |
| git tag "$RELEASE_VERSION" -m "Release version $RELEASE_VERSION" | |
| git push origin "$RELEASE_VERSION" | |
| promote-nexus-staging: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - load-release-info | |
| - release-activiti | |
| - create-scripts-tag | |
| steps: | |
| - name: Move artifacts to destination repository for activiti | |
| id: move-artifacts-activiti | |
| if: ${{ steps.count-artifacts-activiti.outputs.artifact_count > 0 }} | |
| uses: Alfresco/alfresco-build-tools/.github/actions/nexus-move-artifacts@a4013b7dfd8453ee94ec5d4eb8cb51d74654f770 # v6.0.1 | |
| with: | |
| nexus-username: ${{ secrets.NEXUS_USERNAME }} | |
| nexus-password: ${{ secrets.NEXUS_PASSWORD }} | |
| nexus-url: ${{ vars.NEXUS_URL }} | |
| destination-repository: activiti-temp-test-move | |
| source-repository: activiti-staging | |
| group: org.activiti | |
| version: ${{ needs.load-release-info.outputs.version }} | |
| - name: Move artifacts to destination repository for activiti-cloud | |
| id: move-artifacts-activiti-cloud | |
| if: ${{ steps.count-artifacts-activiti-cloud.outputs.artifact_count > 0 }} | |
| uses: Alfresco/alfresco-build-tools/.github/actions/nexus-move-artifacts@a4013b7dfd8453ee94ec5d4eb8cb51d74654f770 # v7.0.0 | |
| with: | |
| nexus-username: ${{ secrets.NEXUS_USERNAME }} | |
| nexus-password: ${{ secrets.NEXUS_PASSWORD }} | |
| nexus-url: ${{ vars.NEXUS_URL }} | |
| destination-repository: activiti-temp-test-move | |
| source-repository: activiti-staging | |
| group: org.activiti.cloud | |
| version: ${{ needs.load-release-info.outputs.version }} | |
| create-gh-releases: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - load-release-info | |
| - promote-nexus-staging | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| repo: | |
| - Activiti | |
| - activiti-cloud | |
| - activiti-cloud-common-chart | |
| - activiti-cloud-full-chart | |
| env: | |
| VERSION: ${{ needs.load-release-info.outputs.version }} | |
| NOTES_START_TAG: ${{ needs.load-release-info.outputs.notes-start-tag }} | |
| REPO_DIR: repos/${{ matrix.repo }} | |
| IS_MOCK: ${{ needs.load-release-info.outputs.mock }} | |
| steps: | |
| - name: Enable Draft | |
| if: ${{ env.IS_MOCK == 'true' }} | |
| run: | | |
| echo GH_RN_DRAFT="--draft" >> $GITHUB_ENV | |
| - name: Create Github release for ${{ matrix.repo }} | |
| env: | |
| GITHUB_REPO: Activiti/${{ matrix.repo }} | |
| GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| run: | | |
| gh release create $VERSION --generate-notes --repo $GITHUB_REPO --notes-start-tag $NOTES_START_TAG $GH_RN_DRAFT |