diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 00000000000..3646f55eeed --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,66 @@ +# Notes +# - cannot run on Windows, as we use shell scripts + +name: "Release" + +on: + push: + branches: + - 'test-release-*' +env: + JAVA_VERSION: '21' + JAVA_DISTRO: 'oracle' + MAVEN_HTTP_ARGS: '-Dmaven.wagon.httpconnectionManager.ttlSeconds=60 -Dmaven.wagon.http.retryHandler.count=3' + +concurrency: + group: release-${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + copyright: + timeout-minutes: 10 + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set up JDK ${{ env.JAVA_VERSION }} + uses: oracle-actions/setup-java@v1.3.1 + with: + website: ${{ env.JAVA_DISTRO }} + release: ${{ env.JAVA_RELEASE }} + cache: maven + - name: Copyright + run: etc/scripts/copyright.sh + release: + timeout-minutes: 60 + runs-on: ubuntu-20.04 + environment: release + steps: + - uses: actions/checkout@v3 + with: + token: ${{ secrets.SERVICE_ACCOUNT_TOKEN }} + fetch-depth: '0' + - name: Set up JDK ${{ env.JAVA_VERSION }} + uses: oracle-actions/setup-java@v1.3.1 + with: + website: ${{ env.JAVA_DISTRO }} + release: ${{ env.JAVA_RELEASE }} + cache: maven + - name: Release + env: + GPG_PASSPHRASE: ${{ secrets.HELIDON_GPG_PASSPHRASE }} + GPG_PRIVATE_KEY: ${{ secrets.HELIDON_GPG_PRIVATE_KEY }} + GPG_PUBLIC_KEY: ${{ secrets.HELIDON_GPG_PUBLIC_KEY }} + MAVEN_SETTINGS: ${{ secrets.MAVEN_SETTINGS }} + RELEASE_WORKFLOW: "true" + run: | + git config user.email "helidon-robot_ww@oracle.com" + git config user.name "Helidon Robot" + etc/scripts/release.sh release_build + - name: Upload Staged Artifacts + uses: actions/upload-artifact@v3 + with: + name: io-helidon-staged-artifacts + path: parent/target/nexus-staging/ + retention-days: 90 diff --git a/.github/workflows/snapshotrelease.yaml b/.github/workflows/snapshotrelease.yaml new file mode 100644 index 00000000000..8ac3ad8c558 --- /dev/null +++ b/.github/workflows/snapshotrelease.yaml @@ -0,0 +1,39 @@ +# Perform a snapshot build and deploy to snapshot repository +# Notes +# - cannot run on Windows, as we use shell scripts + +name: "Snapshot Release" + +on: + workflow_dispatch: + +env: + JAVA_VERSION: '21' + JAVA_DISTRO: 'oracle' + MAVEN_HTTP_ARGS: '-Dmaven.wagon.httpconnectionManager.ttlSeconds=60 -Dmaven.wagon.http.retryHandler.count=3' + +concurrency: + group: release-${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + +jobs: + deploy: + timeout-minutes: 60 + runs-on: ubuntu-20.04 + environment: release + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: '0' + - name: Set up JDK ${{ env.JAVA_VERSION }} + uses: oracle-actions/setup-java@v1.3.1 + with: + website: ${{ env.JAVA_DISTRO }} + release: ${{ env.JAVA_RELEASE }} + cache: maven + - name: Build and deploy + env: + MAVEN_SETTINGS: ${{ secrets.MAVEN_SETTINGS }} + RELEASE_WORKFLOW: "true" + run: | + etc/scripts/release.sh deploy_snapshot diff --git a/Jenkinsfile b/Jenkinsfile index 6b641720ae1..6f9358c0706 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2022 Oracle and/or its affiliates. + * Copyright (c) 2020, 2023 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -40,4 +40,9 @@ pipeline { } } } + post { + always { + archiveArtifacts artifacts: 'parent/target/nexus-staging/**' + } + } } diff --git a/etc/scripts/includes/pipeline-env.sh b/etc/scripts/includes/pipeline-env.sh index d0c36da3554..b556ae8a926 100644 --- a/etc/scripts/includes/pipeline-env.sh +++ b/etc/scripts/includes/pipeline-env.sh @@ -65,37 +65,29 @@ if [ -z "${__PIPELINE_ENV_INCLUDED__}" ]; then PATH="${PATH}:${JAVA_HOME}/bin" } - if [ -n "${HELIDON_PIPELINES}" ] ; then - export PIPELINE="true" - MAVEN_ARGS="${MAVEN_ARGS} -B ${MAVEN_HTTP_ARGS}" - export MAVEN_ARGS - # temporary fix for copyright plugin - git config diff.renameLimit 32768 - fi + MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn" + MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.showDateTime=true" + MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS" + # Needed for archetype engine plugin + MAVEN_OPTS="${MAVEN_OPTS} --add-opens=java.base/java.util=ALL-UNNAMED" + # Needed for generating site + MAVEN_OPTS="${MAVEN_OPTS} --add-opens=java.desktop/com.sun.imageio.plugins.png=ALL-UNNAMED" + + MAVEN_ARGS="${MAVEN_ARGS} -B ${MAVEN_HTTP_ARGS}" if [ -n "${JENKINS_HOME}" ] ; then export PIPELINE="true" - export JAVA_HOME="/tools/jdk20" - MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn" - MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.showDateTime=true" - MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS" - # Needed for archetype engine plugin - MAVEN_OPTS="${MAVEN_OPTS} --add-opens=java.base/java.util=ALL-UNNAMED" - # Needed for generating site - MAVEN_OPTS="${MAVEN_OPTS} --add-opens=java.desktop/com.sun.imageio.plugins.png=ALL-UNNAMED" - export MAVEN_OPTS + export JAVA_HOME="/tools/jdk21" export PATH="/tools/apache-maven-3.8.6/bin:${JAVA_HOME}/bin:/tools/node-v12/bin:${PATH}" if [ -n "${GITHUB_SSH_KEY}" ] ; then export GIT_SSH_COMMAND="ssh -i ${GITHUB_SSH_KEY}" fi - MAVEN_ARGS="${MAVEN_ARGS} -B" if [ -n "${MAVEN_SETTINGS_FILE}" ] ; then MAVEN_ARGS="${MAVEN_ARGS} -s ${MAVEN_SETTINGS_FILE}" fi if [ -n "${NPM_CONFIG_REGISTRY}" ] ; then MAVEN_ARGS="${MAVEN_ARGS} -Dnpm.download.root=${NPM_CONFIG_REGISTRY}/npm/-/" fi - export MAVEN_ARGS if [ -n "${https_proxy}" ] && [[ ! "${https_proxy}" =~ ^http:// ]] ; then export https_proxy="http://${https_proxy}" @@ -130,10 +122,35 @@ if [ -z "${__PIPELINE_ENV_INCLUDED__}" ]; then GPG_KEYGRIP=$(gpg --with-keygrip -K | grep "Keygrip" | head -1 | awk '{print $3}') /usr/lib/gnupg/gpg-preset-passphrase --preset "${GPG_KEYGRIP}" <<< "${GPG_PASSPHRASE}" fi - # temporary fix for copyright plugin - git config diff.renameLimit 32768 fi + if [ -n "${RELEASE_WORKFLOW}" ] ; then + if [ -n "${MAVEN_SETTINGS}" ] ; then + export MAVEN_SETTINGS_FILE="${HOME}/.m2/settings.xml" + echo "${MAVEN_SETTINGS}" > "${MAVEN_SETTINGS_FILE}" + MAVEN_ARGS="${MAVEN_ARGS} -s ${MAVEN_SETTINGS_FILE}" + fi + if [ -n "${GPG_PUBLIC_KEY}" ] ; then + tmpfile=$(mktemp /tmp/pub.XXXXXX.key) + echo "${GPG_PUBLIC_KEY}" > "${tmpfile}" + gpg --import --no-tty --batch "${tmpfile}" + rm "$tmpfile" + fi + if [ -n "${GPG_PRIVATE_KEY}" ] ; then + tmpfile=$(mktemp /tmp/pri.XXXXXX.key) + echo "${GPG_PRIVATE_KEY}" > "${tmpfile}" + gpg --allow-secret-key-import --import --no-tty --batch "${tmpfile}" + rm "$tmpfile" + fi + if [ -n "${GPG_PASSPHRASE}" ] ; then + echo "allow-preset-passphrase" >> ~/.gnupg/gpg-agent.conf + gpg-connect-agent reloadagent /bye + GPG_KEYGRIP=$(gpg --with-keygrip -K | grep "Keygrip" | head -1 | awk '{print $3}') + /usr/lib/gnupg/gpg-preset-passphrase --preset "${GPG_KEYGRIP}" <<< "${GPG_PASSPHRASE}" + fi + fi + export MAVEN_ARGS + export MAVEN_OPTS else echo "WARNING: ${WS_DIR}/etc/scripts/includes/pipeline-env.sh included multiple times." fi diff --git a/etc/scripts/release.sh b/etc/scripts/release.sh index f0ab5a9d3b1..edb3c0905c7 100755 --- a/etc/scripts/release.sh +++ b/etc/scripts/release.sh @@ -49,6 +49,8 @@ $(basename ${0}) [ --build-number=N ] CMD Perform a release build This will create a local branch, deploy artifacts and push a tag + deploy_snapshot + Perform a snapshot build and deploy to snapshot repository EOF } @@ -66,7 +68,7 @@ for ((i=0;i<${#ARGS[@]};i++)) exit 0 ;; *) - if [ "${ARG}" = "update_version" ] || [ "${ARG}" = "release_build" ] ; then + if [ "${ARG}" = "update_version" ] || [ "${ARG}" = "release_build" ] || [ "${ARG}" = "deploy_snapshot" ] ; then readonly COMMAND="${ARG}" else echo "ERROR: unknown argument: ${ARG}" @@ -259,14 +261,46 @@ release_build(){ -DstagingDescription="${STAGING_DESC}" # Create and push a git tag - local GIT_REMOTE=$(git config --get remote.origin.url | \ - sed "s,https://\([^/]*\)/,git@\1:,") + git tag -f "${FULL_VERSION}" + if [ -n "${JENKINS_HOME}" ] ; then + # In Jenkins use SSH to access remote + local GIT_REMOTE=$(git config --get remote.origin.url | \ + sed "s,https://\([^/]*\)/,git@\1:,") - git remote add release "${GIT_REMOTE}" > /dev/null 2>&1 || \ - git remote set-url release "${GIT_REMOTE}" + git remote add release "${GIT_REMOTE}" > /dev/null 2>&1 || \ + git remote set-url release "${GIT_REMOTE}" - git tag -f "${FULL_VERSION}" - git push --force release refs/tags/"${FULL_VERSION}":refs/tags/"${FULL_VERSION}" + git push --force release refs/tags/"${FULL_VERSION}":refs/tags/"${FULL_VERSION}" + else + git push --force origin refs/tags/"${FULL_VERSION}":refs/tags/"${FULL_VERSION}" + fi +} + +deploy_snapshot(){ + + # Make sure version ends in -SNAPSHOT + if [[ ${MVN_VERSION} != *-SNAPSHOT ]]; then + echo "Helidon version ${MVN_VERSION} is not a SNAPSHOT version. Failing snapshot release." + exit 1 + fi + + readonly NEXUS_SNAPSHOT_URL="https://oss.sonatype.org/content/repositories/snapshots/" + echo "Deploying snapshot build ${MVN_VERSION} to ${NEXUS_SNAPSHOT_URL}" + + # The nexus-staging-maven-plugin had issues deploying the module + # helidon-applications because the distributionManagement section is empty. + # So we deploy using the apache maven-deploy-plugin and altDeploymentRepository + # property. The deployAtEnd option requires version 3.0.0 of maven-deploy-plugin + # or newer to work correctly on multi-module systems + set -x + mvn ${MAVEN_ARGS} -e clean deploy \ + -Parchetypes \ + -DskipTests \ + -DaltDeploymentRepository="ossrh::${NEXUS_SNAPSHOT_URL}" \ + -DdeployAtEnd=true \ + -DretryFailedDeploymentCount="10" + + echo "Done. ${MVN_VERSION} deployed to ${NEXUS_SNAPSHOT_URL}" } # Invoke command