Update SSL certs for integration tests (#675) #1570
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- '1.0.x' | |
paths-ignore: | |
- '.github/**' | |
workflow_dispatch: | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }} | |
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} | |
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} | |
COMMIT_OWNER: ${{ github.event.pusher.name }} | |
COMMIT_SHA: ${{ github.sha }} | |
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }} | |
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} | |
jobs: | |
prerequisites: | |
name: Pre-requisites for building | |
runs-on: ubuntu-latest | |
if: github.repository == 'spring-projects/spring-pulsar' | |
outputs: | |
runjobs: ${{ steps.continue.outputs.runjobs }} | |
project_version: ${{ steps.continue.outputs.project_version }} | |
boot_version: ${{ steps.continue.outputs.boot_version }} | |
steps: | |
- uses: actions/checkout@v3 | |
- id: continue | |
name: Determine if should continue | |
run: | | |
# Run jobs if in upstream repository | |
echo "runjobs=true" >>$GITHUB_OUTPUT | |
# Extract version from gradle.properties | |
version=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}') | |
echo "project_version=$version" >>$GITHUB_OUTPUT | |
bootVersion=$(cat gradle/libs.versions.toml | grep "spring-boot = \"" | cut -d '"' -f2) | |
echo "boot_version=$bootVersion" >>$GITHUB_OUTPUT | |
build_jdk_17: | |
name: Build (1.0.x w/ JDK 17) | |
needs: [prerequisites] | |
runs-on: ubuntu-latest | |
if: needs.prerequisites.outputs.runjobs | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: spring-io/spring-gradle-build-action@v2 | |
- name: Build and run unit tests | |
run: | | |
./gradlew clean build -x integrationTest \ | |
--continue --scan \ | |
-PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" | |
- name: Run integration tests | |
run: | | |
./gradlew integrationTest --rerun-tasks -DdownloadRabbitConnector=true --scan | |
- name: Capture test results | |
if: failure() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: test-results | |
path: '*/build/reports/tests/**/*.*' | |
retention-days: 3 | |
check_samples: | |
name: Check Sample Apps | |
needs: [prerequisites] | |
strategy: | |
matrix: | |
springBootVersion: [ "${{ needs.prerequisites.outputs.boot_version }}" ] | |
runs-on: ubuntu-latest | |
if: needs.prerequisites.outputs.runjobs | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: spring-io/spring-gradle-build-action@v2 | |
- name: Run all sample app tests | |
env: | |
LOCAL_REPOSITORY_PATH: ${{ github.workspace }}/build/publications/repos | |
VERSION: ${{ needs.prerequisites.outputs.project_version }} | |
BOOT_VERSION: ${{ matrix.springBootVersion }} | |
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }} | |
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }} | |
run: | | |
./gradlew publishMavenJavaPublicationToLocalRepository | |
./gradlew \ | |
--init-script ./spring-pulsar-sample-apps/sample-apps-check-ci.gradle \ | |
-PlocalRepositoryPath="$LOCAL_REPOSITORY_PATH" \ | |
-PspringPulsarVersion="$VERSION" \ | |
-PspringBootVersion="$BOOT_VERSION" \ | |
:runAllSampleTests | |
scan: | |
needs: [prerequisites] | |
if: needs.prerequisites.outputs.runjobs | |
uses: ./.github/workflows/trivy-scan.yml | |
with: | |
config-path: .github/trivy-to-sarif.yaml | |
upload-results: true | |
deploy_artifacts: | |
name: Deploy Artifacts (1.0.x) | |
needs: [build_jdk_17, check_samples, scan] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: spring-io/spring-gradle-build-action@v2 | |
- name: Deploy artifacts | |
env: | |
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }} | |
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }} | |
OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }} | |
OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }} | |
run: | | |
./gradlew publishArtifacts finalizeDeployArtifacts \ | |
--stacktrace \ | |
-PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" \ | |
-PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" | |
deploy_docs_antora: | |
name: Deploy Antora Docs | |
needs: [build_jdk_17, check_samples, scan] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: spring-io/spring-gradle-build-action@v2 | |
- name: Run Antora | |
run: | | |
./gradlew antora | |
- name: Publish Docs | |
uses: spring-io/spring-doc-actions/[email protected] | |
with: | |
docs-username: ${{ secrets.DOCS_USERNAME }} | |
docs-host: ${{ secrets.DOCS_HOST }} | |
docs-ssh-key: ${{ secrets.DOCS_SSH_KEY }} | |
docs-ssh-host-key: ${{ secrets.DOCS_SSH_HOST_KEY }} | |
site-path: spring-pulsar-docs/build/site | |
- name: Bust Clouflare Cache | |
uses: spring-io/spring-doc-actions/[email protected] | |
with: | |
context-root: spring-pulsar | |
cloudflare-zone-id: ${{ secrets.CLOUDFLARE_ZONE_ID }} | |
cloudflare-cache-token: ${{ secrets.CLOUDFLARE_CACHE_TOKEN }} | |
perform_release: | |
name: Perform Release | |
needs: [prerequisites, deploy_artifacts, deploy_docs_antora] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
timeout-minutes: 120 | |
if: ${{ !endsWith(needs.prerequisites.outputs.project_version, '-SNAPSHOT') }} | |
env: | |
REPO: ${{ github.repository }} | |
BRANCH: ${{ github.ref_name }} | |
VERSION: ${{ needs.prerequisites.outputs.project_version }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} | |
- uses: spring-io/spring-gradle-build-action@v2 | |
- name: Wait for Artifactory artifacts (milestone) | |
if: ${{ contains(needs.prerequisites.outputs.project_version, '-RC') || contains(needs.prerequisites.outputs.project_version, '-M') }} | |
run: | | |
echo "Wait for artifacts of $REPO@$VERSION to appear on Artifactory." | |
until curl -f -s https://repo.spring.io/artifactory/milestone/org/springframework/pulsar/spring-pulsar/$VERSION/ > /dev/null | |
do | |
sleep 30 | |
echo "." | |
done | |
echo "Artifacts for $REPO@$VERSION have been released to Artifactory." | |
- name: Wait for Maven Central artifacts (GA) | |
if: ${{ !contains(needs.prerequisites.outputs.project_version, '-SNAPSHOT') && !contains(needs.prerequisites.outputs.project_version, '-RC') && !contains(needs.prerequisites.outputs.project_version, '-M') }} | |
run: | | |
echo "Wait for artifacts of $REPO@$VERSION to appear on Maven Central." | |
until curl -f -s https://repo1.maven.org/maven2/org/springframework/pulsar/spring-pulsar/$VERSION/ > /dev/null | |
do | |
sleep 30 | |
echo "." | |
done | |
echo "Artifacts for $REPO@$VERSION have been released to Maven Central." | |
- name: Setup git for release tagging | |
run: | | |
git config user.name 'github-actions[bot]' | |
git config user.email 'github-actions[bot]@users.noreply.github.com' | |
- name: Tag release | |
run: | | |
echo "Tagging $REPO@$VERSION release." | |
git tag v$VERSION | |
git push --tags origin | |
- name: Install tooling for Github release | |
run: | | |
curl -sSL -O https://github.com/spring-io/github-changelog-generator/releases/download/v0.0.8/github-changelog-generator.jar | |
- name: Create Github release | |
env: | |
RELEASE_NOTES_FILE: ${{runner.temp}}/release_notes.md5 | |
GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} | |
run: | | |
java -jar github-changelog-generator.jar \ | |
--spring.config.location=.github/changelog-generator.yml \ | |
$VERSION $RELEASE_NOTES_FILE | |
cat $RELEASE_NOTES_FILE | |
gh release create v$VERSION \ | |
--draft \ | |
--title "Spring Pulsar $VERSION" \ | |
--generate-notes \ | |
--notes-file $RELEASE_NOTES_FILE | |
- name: Announce Release on Slack | |
id: spring-pulsar-announcing | |
uses: slackapi/[email protected] | |
with: | |
payload: | | |
{ | |
"text": "spring-pulsar-announcing `${{ env.VERSION }}` is available now", | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "spring-pulsar-announcing `${{ env.VERSION }}` is available now" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SPRING_RELEASE_SLACK_WEBHOOK_URL }} | |
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
- name: Update next snapshot version | |
run: | | |
echo "Updating $REPO@$VERSION to next snapshot version." | |
./gradlew :updateToSnapshotVersion | |
git commit -am "[Release $VERSION] Next development version" | |
git push |