[MOSIP-29315] #552
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Maven Package upon a push | |
on: | |
push: | |
branches: | |
- '!release-branch' | |
- release-1* | |
- master | |
- 1.* | |
- develop | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
ref: ${{ github.ref }} | |
java-version: 11 | |
server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml | |
settings-path: ${{ github.workspace }} # location for the settings.xml file | |
- name: Setup branch and env | |
run: | | |
# Strip git ref prefix from version | |
echo "BRANCH_NAME=$(echo ${{ github.ref }} | sed -e 's,.*/\(.*\),\1,')" >> $GITHUB_ENV | |
echo "GPG_TTY=$(tty)" >> $GITHUB_ENV | |
- name: Setup branch and GPG public key | |
run: | | |
# Strip git ref prefix from version | |
echo ${{ env.BRANCH_NAME }} | |
echo ${{ env.GPG_TTY }} | |
sudo apt-get --yes install gnupg2 | |
gpg2 --import ./.github/keys/mosipgpgkey_pub.gpg | |
gpg2 --quiet --batch --passphrase=${{secrets.gpg_secret}} --allow-secret-key-import --import ./.github/keys/mosipgpgkey_sec.gpg | |
- uses: actions/cache@v1 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven-${{ env.BRANCH_NAME }} | |
- name: Setup the settings file for ossrh server | |
run: echo "<settings> <servers> <server> <id>ossrh</id> <username>${{secrets.ossrh_user}}</username> <password>${{secrets.ossrh_secret}}</password> </server> </servers> <profiles> <profile> <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.executable>gpg2</gpg.executable> <gpg.passphrase>${{secrets.gpg_secret}}</gpg.passphrase> </properties> </profile> <profile> <id>allow-snapshots</id> <activation><activeByDefault>true</activeByDefault></activation> <repositories> <repository> <id>snapshots-repo</id> <url>https://oss.sonatype.org/content/repositories/snapshots</url> <releases><enabled>false</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </repository> <repository> <id>releases-repo</id> <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url> <releases><enabled>true</enabled></releases> <snapshots><enabled>false</enabled></snapshots> </repository> </repositories> </profile> <profile> <id>sonar</id> <properties> <sonar.sources>.</sonar.sources> <sonar.host.url>https://sonarcloud.io</sonar.host.url> </properties> <activation> <activeByDefault>false</activeByDefault> </activation> </profile> </profiles> </settings>" > $GITHUB_WORKSPACE/settings.xml | |
- name: Build with Maven | |
run: | | |
cd partner | |
mvn -B package --file pom.xml -s $GITHUB_WORKSPACE/settings.xml | |
- name: Ready the springboot artifacts | |
run: find -name '*.jar' -executable -type f -exec zip release.zip {} + | |
- name: Upload the springboot jars | |
uses: actions/upload-artifact@v1 | |
with: | |
name: release | |
path: ./release.zip | |
- uses: 8398a7/action-slack@v3 | |
with: | |
status: ${{ job.status }} | |
fields: repo,message,commit,workflow,job # selectable (default: repo,message) | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} # required | |
if: failure() # Pick up events even if the job fails or is canceled. | |
publish_to_nexus: | |
if: "!contains(github.ref, 'master')" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
ref: ${{ github.ref }} | |
java-version: 11 | |
server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml | |
settings-path: ${{ github.workspace }} # location for the settings.xml file | |
- name: Setup branch and env | |
run: | | |
# Strip git ref prefix from version | |
echo "BRANCH_NAME=$(echo ${{ github.ref }} | sed -e 's,.*/\(.*\),\1,')" >> $GITHUB_ENV | |
echo "GPG_TTY=$(tty)" >> $GITHUB_ENV | |
- name: Setup branch and GPG public key | |
run: | | |
# Strip git ref prefix from version | |
echo ${{ env.BRANCH_NAME }} | |
echo ${{ env.GPG_TTY }} | |
sudo apt-get --yes install gnupg2 | |
gpg2 --import ./.github/keys/mosipgpgkey_pub.gpg | |
gpg2 --quiet --batch --passphrase=${{secrets.gpg_secret}} --allow-secret-key-import --import ./.github/keys/mosipgpgkey_sec.gpg | |
- uses: actions/cache@v1 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven-${{ env.BRANCH_NAME }} | |
- name: Setup the settings file for ossrh server | |
run: echo "<settings> <servers> <server> <id>ossrh</id> <username>${{secrets.ossrh_user}}</username> <password>${{secrets.ossrh_secret}}</password> </server> </servers> <profiles> <profile> <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.executable>gpg2</gpg.executable> <gpg.passphrase>${{secrets.gpg_secret}}</gpg.passphrase> </properties> </profile> <profile> <id>allow-snapshots</id> <activation><activeByDefault>true</activeByDefault></activation> <repositories> <repository> <id>snapshots-repo</id> <url>https://oss.sonatype.org/content/repositories/snapshots</url> <releases><enabled>false</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </repository> <repository> <id>releases-repo</id> <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url> <releases><enabled>true</enabled></releases> <snapshots><enabled>false</enabled></snapshots> </repository> </repositories> </profile> </profiles> </settings>" > $GITHUB_WORKSPACE/settings.xml | |
- name: Install xmllint | |
run: | | |
sudo apt-get update | |
sudo apt-get install libxml2-utils | |
- name: Build with Maven | |
run: cd partner && mvn -B package --file pom.xml -s $GITHUB_WORKSPACE/settings.xml | |
- name: Publish the maven package | |
run: | | |
chmod +x ./deploy.sh | |
cd partner && mvn deploy -s $GITHUB_WORKSPACE/settings.xml -f pom.xml | |
env: | |
GPG_TTY: $(tty) | |
# - uses: 8398a7/action-slack@v3 | |
# with: | |
# status: ${{ job.status }} | |
# fields: repo,message,commit,workflow,job # selectable (default: repo,message) | |
# env: | |
# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_DEVOPS_WEBHOOK }} # required | |
# if: failure() # Pick up events even if the job fails or is canceled.D | |
docker-policy-management-service: | |
needs: build | |
runs-on: ubuntu-latest | |
env: | |
NAMESPACE: ${{ secrets.dev_namespace_docker_hub }} | |
SERVICE_NAME: policy-management-service | |
SERVICE_LOCATION: partner/policy-management-service | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/download-artifact@v1 | |
with: | |
name: release | |
path: ./ | |
- name: Setup branch name | |
run: | | |
# Strip git ref prefix from version | |
echo "BRANCH_NAME=$(echo ${{ github.ref }} | sed -e 's,.*/\(.*\),\1,')" >> $GITHUB_ENV | |
echo ${{ env.BRANCH_NAME }} | |
- name: Get version info from pom | |
id: getPomVersion | |
uses: mavrosxristoforos/[email protected] | |
with: | |
xml-file: ./${{ env.SERVICE_LOCATION }}/pom.xml | |
xpath: /*[local-name()="project"]/*[local-name()="version"] | |
- name: Unzip and extract the policy-management-service | |
run: unzip -uj "release.zip" "${{ env.SERVICE_LOCATION }}/target/*" -d "./${{ env.SERVICE_LOCATION }}/target" | |
- name: Get current date | |
id: date | |
run: echo "::set-output name=date::$(date +'%Y-%m-%d')" | |
- name: Build image | |
run: | | |
cd "./${{env.SERVICE_LOCATION}}" | |
docker build . --build-arg SOURCE=mosip --build-arg COMMIT_HASH=$(git rev-parse HEAD) --build-arg COMMIT_ID=$(git rev-parse --short HEAD) --build-arg BUILD_TIME=${{steps.date.outputs.date}} --file Dockerfile --tag ${{ env.SERVICE_NAME }} | |
- name: Log into registry | |
run: echo "${{ secrets.release_docker_hub }}" | docker login -u ${{ secrets.actor_docker_hub }} --password-stdin | |
- name: Push image | |
run: | | |
IMAGE_ID=$NAMESPACE/$SERVICE_NAME | |
# Change all uppercase to lowercase | |
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') | |
echo "push version ${{steps.getPomVersion.outputs.info}}" | |
if [[ $BRANCH_NAME == master ]]; then | |
VERSION=latest | |
else | |
VERSION=$BRANCH_NAME | |
fi | |
echo IMAGE_ID=$IMAGE_ID | |
echo VERSION=$VERSION | |
docker tag $SERVICE_NAME $IMAGE_ID:$VERSION | |
docker push $IMAGE_ID:$VERSION | |
- uses: 8398a7/action-slack@v3 | |
with: | |
status: ${{ job.status }} | |
fields: repo,message,commit,workflow,job # selectable (default: repo,message) | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_DEVOPS_WEBHOOK }} # required | |
if: failure() # Pick up events even if the job fails or is canceled. | |
docker-partner-management-service: | |
needs: build | |
runs-on: ubuntu-latest | |
env: | |
NAMESPACE: ${{ secrets.dev_namespace_docker_hub }} | |
SERVICE_NAME: partner-management-service | |
SERVICE_LOCATION: partner/partner-management-service | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/download-artifact@v1 | |
with: | |
name: release | |
path: ./ | |
- name: Setup branch name | |
run: | | |
# Strip git ref prefix from version | |
echo "BRANCH_NAME=$(echo ${{ github.ref }} | sed -e 's,.*/\(.*\),\1,')" >> $GITHUB_ENV | |
echo ${{ env.BRANCH_NAME }} | |
- name: Get version info from pom | |
id: getPomVersion | |
uses: mavrosxristoforos/[email protected] | |
with: | |
xml-file: ./${{ env.SERVICE_LOCATION }}/pom.xml | |
xpath: /*[local-name()="project"]/*[local-name()="version"] | |
- name: Unzip and extract the partner-management-service | |
run: unzip -uj "release.zip" "${{ env.SERVICE_LOCATION }}/target/*" -d "./${{ env.SERVICE_LOCATION }}/target" | |
- name: Get current date | |
id: date | |
run: echo "::set-output name=date::$(date +'%Y-%m-%d')" | |
- name: Build image | |
run: | | |
cd "./${{env.SERVICE_LOCATION}}" | |
docker build . --build-arg SOURCE=mosip --build-arg COMMIT_HASH=$(git rev-parse HEAD) --build-arg COMMIT_ID=$(git rev-parse --short HEAD) --build-arg BUILD_TIME=${{steps.date.outputs.date}} --file Dockerfile --tag ${{ env.SERVICE_NAME }} | |
- name: Log into registry | |
run: echo "${{ secrets.release_docker_hub }}" | docker login -u ${{ secrets.actor_docker_hub }} --password-stdin | |
- name: Push image | |
run: | | |
IMAGE_ID=$NAMESPACE/$SERVICE_NAME | |
# Change all uppercase to lowercase | |
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') | |
echo "push version ${{steps.getPomVersion.outputs.info}}" | |
if [[ $BRANCH_NAME == master ]]; then | |
VERSION=latest | |
else | |
VERSION=$BRANCH_NAME | |
fi | |
echo IMAGE_ID=$IMAGE_ID | |
echo VERSION=$VERSION | |
docker tag $SERVICE_NAME $IMAGE_ID:$VERSION | |
docker push $IMAGE_ID:$VERSION | |
- uses: 8398a7/action-slack@v3 | |
with: | |
status: ${{ job.status }} | |
fields: repo,message,commit,workflow,job # selectable (default: repo,message) | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_DEVOPS_WEBHOOK }} # required | |
if: failure() # Pick up events even if the job fails or is canceled. | |
sonar_analysis: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
ref: ${{ github.ref }} | |
java-version: 11 | |
server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml | |
settings-path: ${{ github.workspace }} # location for the settings.xml file | |
- name: Setup branch and env | |
run: | | |
# Strip git ref prefix from version | |
echo "BRANCH_NAME=$(echo ${{ github.ref }} | sed -e 's,.*/\(.*\),\1,')" >> $GITHUB_ENV | |
echo "GPG_TTY=$(tty)" >> $GITHUB_ENV | |
- uses: actions/cache@v1 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven-${{ env.BRANCH_NAME }} | |
- name: Setup the settings file for ossrh server | |
run: echo "<settings> <servers> <server> <id>ossrh</id> <username>${{secrets.ossrh_user}}</username> <password>${{secrets.ossrh_secret}}</password> </server> </servers> <profiles> <profile> <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.executable>gpg2</gpg.executable> <gpg.passphrase>${{secrets.gpg_secret}}</gpg.passphrase> </properties> </profile> <profile> <id>allow-snapshots</id> <activation><activeByDefault>true</activeByDefault></activation> <repositories> <repository> <id>snapshots-repo</id> <url>https://oss.sonatype.org/content/repositories/snapshots</url> <releases><enabled>false</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </repository> <repository> <id>releases-repo</id> <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url> <releases><enabled>true</enabled></releases> <snapshots><enabled>false</enabled></snapshots> </repository> </repositories> </profile> <profile> <id>sonar</id> <properties> <sonar.sources>.</sonar.sources> <sonar.host.url>https://sonarcloud.io</sonar.host.url> </properties> <activation> <activeByDefault>false</activeByDefault> </activation> </profile> </profiles> </settings>" > $GITHUB_WORKSPACE/settings.xml | |
- name: Build with Maven | |
run: | | |
cd partner | |
mvn -B package --file pom.xml -s $GITHUB_WORKSPACE/settings.xml | |
- name: Analyze with SonarCloud | |
run: | | |
cd partner | |
mvn -B -Dgpg.skip verify sonar:sonar -Dsonar.projectKey=mosip_${{ github.event.repository.name }} -Dsonar.organization=${{ secrets.ORG_KEY }} -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=${{ secrets.SONAR_TOKEN }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |