From 5b1f16ca091effd8328514b3543a9362d799576c Mon Sep 17 00:00:00 2001 From: Walter Caffiero Date: Tue, 19 Oct 2021 15:50:16 +0200 Subject: [PATCH] ENG-2704 Start the version 7.0 and migrate the remaining AppEngine modules to the Pipeline 1.1 --- .github/workflows/ga-publication.yml | 58 ++++++++++ .github/workflows/post-merge.yml | 36 ++++++ .github/workflows/pr.yml | 162 +++++++++++++++++++++++++++ .github/workflows/publication.yml | 100 +++++++++++++++++ 4 files changed, 356 insertions(+) create mode 100644 .github/workflows/ga-publication.yml create mode 100644 .github/workflows/post-merge.yml create mode 100644 .github/workflows/pr.yml create mode 100644 .github/workflows/publication.yml diff --git a/.github/workflows/ga-publication.yml b/.github/workflows/ga-publication.yml new file mode 100644 index 0000000..9bbd482 --- /dev/null +++ b/.github/workflows/ga-publication.yml @@ -0,0 +1,58 @@ +name: GA Publication + +on: + release: + types: + - created + +env: + ENTANDO_OPT_USE_PPL_TAG: "v1.1.0" + ENTANDO_OPT_FEATURES: "${{ secrets.ENTANDO_OPT_FEATURES }}" + ENTANDO_OPT_LOG_LEVEL: "${{ secrets.ENTANDO_OPT_LOG_LEVEL }}" + ENTANDO_OPT_REPO_BOM_URL: "${{ secrets.ENTANDO_OPT_REPO_BOM_URL }}" + PPL_CONTEXT: ${{ toJson(github) }} + GIT_USER_NAME: "${{ secrets.GIT_USER_NAME }}" + GIT_USER_EMAIL: "${{ secrets.GIT_USER_EMAIL }}" + LOCAL_CLONE_DIR: "local-checkout" + + +jobs: + ga-publish: + env: + ENTANDO_OPT_MAVEN_REPO_GA: ${{ secrets.ENTANDO_OPT_MAVEN_REPO_GA }} + ENTANDO_BOT_TOKEN: ${{ secrets.ENTANDO_BOT_TOKEN }} + runs-on: ubuntu-latest + steps: + - name: "PR PIPELINE START" + run: | + ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }} + ~/ppl-run status-report + - name: "Checkout" + run: | + ~/ppl-run checkout-branch base \ + --id "CHECKOUT FOR GA PUBLICATION" \ + --lcd "$LOCAL_CLONE_DIR" + - name: "Cache Maven packages" + uses: actions/cache@v2 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 + - name: "Configure GA Repository" + uses: actions/setup-java@v1 + with: + java-version: 11 + server-id: maven-central + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE + - name: "Publish package to GA" + run: | + ~/ppl-run mvn GA-PUBLICATION \ + --id "GA-PUBLICATION" \ + --lcd "$LOCAL_CLONE_DIR" + env: + MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} diff --git a/.github/workflows/post-merge.yml b/.github/workflows/post-merge.yml new file mode 100644 index 0000000..4f9932f --- /dev/null +++ b/.github/workflows/post-merge.yml @@ -0,0 +1,36 @@ +name: Post-Merge + +on: + push: + branches: + - develop + +env: + ENTANDO_OPT_USE_PPL_TAG: "v1.1.0" + ENTANDO_OPT_FEATURES: "${{ secrets.ENTANDO_OPT_FEATURES }}" + ENTANDO_OPT_LOG_LEVEL: "${{ secrets.ENTANDO_OPT_LOG_LEVEL }}" + ENTANDO_OPT_REPO_BOM_URL: "${{ secrets.ENTANDO_OPT_REPO_BOM_URL }}" + PPL_CONTEXT: ${{ toJson(github) }} + GIT_USER_NAME: "${{ secrets.GIT_USER_NAME }}" + GIT_USER_EMAIL: "${{ secrets.GIT_USER_EMAIL }}" + LOCAL_CLONE_DIR: "local-checkout" + + +jobs: + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # TAG + add-release-tag: + runs-on: ubuntu-latest + steps: + - name: "ADD RELEASE TAG" + run: | + ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }} + + ~/ppl-run pr-status-report \ + .. checkout-branch base \ + --id "CHECKOUT-BASE" \ + --lcd "$LOCAL_CLONE_DIR" \ + --token "${{ secrets.ENTANDO_BOT_TOKEN }}" \ + .. release tag-snapshot-version \ + --id "TAG-RELEASE" \ + --lcd "$LOCAL_CLONE_DIR" diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml new file mode 100644 index 0000000..42d27ab --- /dev/null +++ b/.github/workflows/pr.yml @@ -0,0 +1,162 @@ +name: PR-CYCLE + +on: + pull_request: + types: + - opened + - synchronize + - reopened + branches: + - develop + +env: + ENTANDO_OPT_USE_PPL_TAG: "v1.0.2" + ENTANDO_OPT_FEATURES: "${{ secrets.ENTANDO_OPT_FEATURES }}" + ENTANDO_OPT_LOG_LEVEL: "${{ secrets.ENTANDO_OPT_LOG_LEVEL }}" + ENTANDO_OPT_REPO_BOM_URL: "${{ secrets.ENTANDO_OPT_REPO_BOM_URL }}" + PPL_CONTEXT: ${{ toJson(github) }} + GIT_USER_NAME: "${{ secrets.GIT_USER_NAME }}" + GIT_USER_EMAIL: "${{ secrets.GIT_USER_EMAIL }}" + LOCAL_CLONE_DIR: "local-checkout" + SNYK_ORG: "entando-ixc" + + +jobs: + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # PREPARE + + prepare: + runs-on: ubuntu-latest + outputs: + SCAN_MATRIX: ${{ steps.START.outputs.SCAN_MATRIX }} + steps: + #~ + - name: "PR PIPELINE START" + id: START + run: | + ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }} + ~/ppl-run \ + .. status-report \ + .. @checkout-branch pr --lcd "$LOCAL_CLONE_DIR" \ + .. @pr-labels remove "prepared" --id "REMOVE-LABEL-PREPARED" \ + .. @setup-feature-flags "PR_FORMAT_CHECK" "BOM_CHECK" "BOM" \ + .. @setup-features-list "SCAN_MATRIX" true SONAR_SCAN OWASP_SCAN SNYK_SCAN \ + ; + - name: "PR format check" + if: steps.START.outputs.PR_FORMAT_CHECK != 'false' + id: pr-format-check + run: | + ~/ppl-run check-pr-format --lcd "$LOCAL_CLONE_DIR" + # BOM + - name: "entando-core-bom check" + if: steps.START.outputs.BOM_CHECK != 'false' && steps.START.outputs.BOM != 'false' + id: pr-bom-check + run: | + ~/ppl-run @pr-labels add "prepared" --id "ADD-LABEL-PREPARED" + + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # FULL-BUILD + + full-build: + needs: [ 'prepare' ] + runs-on: ubuntu-latest + steps: + #~ CHECKOUT + - name: "CHECKOUT" + run: | + ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }} + ~/ppl-run checkout-branch pr \ + --lcd "$LOCAL_CLONE_DIR" \ + --token "${{ secrets.ENTANDO_BOT_TOKEN }}" \ + ; + + # Refines the cache key + echo "BUILD_CACHE_KEY=$( sha256sum "$LOCAL_CLONE_DIR/pom.xml" --zero | cut -d' ' -f1 )" >> $GITHUB_ENV + #~ JDK + - name: "Set up JDK 11" + uses: actions/setup-java@v1 + with: + java-version: 11 + #~ MAVEN CACHE + - name: "Cache Maven packages" + uses: actions/cache@v2 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2 + restore-keys: ${{ runner.os }}-m2 + #~ BUILD CACHE + - name: "Cache Build Dir" + id: build-cache + uses: actions/cache@v2 + with: + path: "${{ env.LOCAL_CLONE_DIR }}/target/" + key: ${{ runner.os }}-build-${{ env.BUILD_CACHE_KEY }} + #~ BUILD + - name: "FULL BUILD" + run: | + ~/ppl-run \ + .. mvn FULL-BUILD --lcd "$LOCAL_CLONE_DIR" \ + .. release tag-snapshot-release --lcd "$LOCAL_CLONE_DIR" \ + ; + + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # SCANS + scans: + needs: [ 'prepare', 'full-build' ] + runs-on: ubuntu-latest + if: ${{ needs.prepare.outputs.SCAN_MATRIX != '' }} + strategy: + max-parallel: 5 + fail-fast: false + matrix: + scan-type: ${{fromJson(needs.prepare.outputs.SCAN_MATRIX)}} + + steps: + #~ CHECKOUT + - name: "CHECKOUT" + run: | + ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }} + ~/ppl-run checkout-branch pr --lcd "$LOCAL_CLONE_DIR" + + echo "BUILD_CACHE_KEY=$( sha256sum "$LOCAL_CLONE_DIR/pom.xml" --zero | cut -d' ' -f1 )" >> $GITHUB_ENV + #~ JDK + - name: "Set up JDK 11" + uses: actions/setup-java@v1 + with: + java-version: 11 + #~ MAVEN CACHE + - name: "Cache Maven packages" + id: maven-cache + uses: actions/cache@v2 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2 + restore-keys: ${{ runner.os }}-m2 + #~ BUILD CACHE + - name: "Cache Build Dir" + id: build-cache + uses: actions/cache@v2 + with: + path: "${{ env.LOCAL_CLONE_DIR}}/target/" + key: ${{ runner.os }}-build-${{ env.BUILD_CACHE_KEY }} + #~ SCAN + - name: "Run the Scan" + run: | + SCAN_TYPE="${{ matrix.scan-type }}" + + case "$SCAN_TYPE" in + OWASP_SCAN) + ~/ppl-run mvn OWASP-SCAN --id "$SCAN_TYPE" --lcd "$LOCAL_CLONE_DIR" + ;; + SONAR_SCAN) + export SONAR_TOKEN="${{ secrets.SONAR_TOKEN }}" + ~/ppl-run mvn SONAR-SCAN --id "$SCAN_TYPE" --lcd "$LOCAL_CLONE_DIR" + ;; + SNYK_SCAN) + export SNYK_TOKEN="${{ secrets.SNYK_TOKEN }}" + ~/ppl-run scan snyk --org "$SNYK_ORG" --id "$SCAN_TYPE" --lcd "$LOCAL_CLONE_DIR" + ;; + esac diff --git a/.github/workflows/publication.yml b/.github/workflows/publication.yml new file mode 100644 index 0000000..cca79f9 --- /dev/null +++ b/.github/workflows/publication.yml @@ -0,0 +1,100 @@ +name: Internal Snapshot Publication + +on: + push: + tags: + - 'v*' + +env: + ENTANDO_OPT_USE_PPL_TAG: "v1.1.0" + ENTANDO_OPT_FEATURES: "${{ secrets.ENTANDO_OPT_FEATURES }}" + ENTANDO_OPT_LOG_LEVEL: "${{ secrets.ENTANDO_OPT_LOG_LEVEL }}" + ENTANDO_OPT_REPO_BOM_URL: "${{ secrets.ENTANDO_OPT_REPO_BOM_URL }}" + PPL_CONTEXT: ${{ toJson(github) }} + GIT_USER_NAME: "${{ secrets.GIT_USER_NAME }}" + GIT_USER_EMAIL: "${{ secrets.GIT_USER_EMAIL }}" + LOCAL_CLONE_DIR: "local-checkout" + + +jobs: + internal-publication: + env: + ENTANDO_OPT_MAVEN_REPO_DEVL: ${{ secrets.ENTANDO_OPT_MAVEN_REPO_DEVL }} + ENTANDO_OPT_MAVEN_REPO_PROD: ${{ secrets.ENTANDO_OPT_MAVEN_REPO_PROD }} + ENTANDO_BOT_TOKEN: ${{ secrets.ENTANDO_BOT_TOKEN }} + runs-on: ubuntu-latest + steps: + - name: "PR PIPELINE START" + id: START + run: | + ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }} + ~/ppl-run status-report \ + .. @setup-feature-flags "PR_FORMAT_CHECK" "BOM_CHECK" "BOM" \ + .. @setup-features-list "SCAN_MATRIX" true SONAR_SCAN OWASP_SCAN SNYK_SCAN \ + ; + #~ CHECKOUT + - name: "Checkout" + run: | + ~/ppl-run checkout-branch base \ + --id "CHECKOUT FOR NEXUS PUBLICATION" \ + --lcd "$LOCAL_CLONE_DIR" \ + ; + + # Refines the cache key + echo "BUILD_CACHE_KEY=$( sha256sum "$LOCAL_CLONE_DIR/pom.xml" --zero | cut -d' ' -f1 )" >> $GITHUB_ENV + #~ JDK + - name: "Set up JDK 11" + uses: actions/setup-java@v1 + with: + java-version: 11 + #~ MAVEN CACHE + - name: "Cache Maven packages" + uses: actions/cache@v2 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2 + restore-keys: ${{ runner.os }}-m2 + #~ BUILD CACHE + - name: "Cache Build Dir" + id: build-cache + uses: actions/cache@v2 + with: + path: "${{ env.LOCAL_CLONE_DIR }}/target/" + key: ${{ runner.os }}-build-${{ env.BUILD_CACHE_KEY }} + #~ CONFIGURE REPO + - name: "Configure Entando Nexus Repository" + uses: actions/setup-java@v1 + with: + java-version: 11 + server-id: internal-nexus + server-username: NEXUS_USERNAME + server-password: NEXUS_PASSWORD + #~ PUBLISH THE ARTIFACT + - name: "Publish package" + run: | + ~/ppl-run generic PUBLISH \ + --id "PUBLICATION" \ + --lcd "$LOCAL_CLONE_DIR" + env: + NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }} + NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} + #~ UPDATE THE BOM (if required) + - name: "BOM Update" + if: steps.START.outputs.BOM_CHECK != 'false' && steps.START.outputs.BOM != 'false' + run: | + ~/ppl-run bom update-bom \ + --id "UPDATE-BOM" \ + --lcd "$LOCAL_CLONE_DIR" \ + --token "$ENTANDO_BOT_TOKEN" + #~ PUBLISH TO DOCKER IMAGE + - name: "Publish docker" + env: + ENTANDO_OPT_DOCKER_BUILDS: "${{ secrets.ENTANDO_OPT_DOCKER_BUILDS }}" + ENTANDO_OPT_DOCKER_ORG: "${{ secrets.ENTANDO_OPT_DOCKER_ORG }}" + ENTANDO_OPT_DOCKER_USERNAME: "${{ secrets.ENTANDO_OPT_DOCKER_USERNAME }}" + ENTANDO_OPT_DOCKER_PASSWORD: "${{ secrets.ENTANDO_OPT_DOCKER_PASSWORD }}" + run: | + ~/ppl-run docker publish "$ENTANDO_OPT_DOCKER_BUILDS"\ + --id "PUBLISH-DOCKER" \ + --lcd "$LOCAL_CLONE_DIR" +