diff --git a/.github/workflows/continuous-integration-workflow.yml b/.github/workflows/continuous-integration-workflow.yml index abbd81b9..68c2a7d3 100644 --- a/.github/workflows/continuous-integration-workflow.yml +++ b/.github/workflows/continuous-integration-workflow.yml @@ -1,4 +1,4 @@ -name: CI +name: Build and Deploy on: push: @@ -7,48 +7,81 @@ on: schedule: - cron: '0 10 * * *' # Once per day at 10am UTC +env: + RUN_JOBS: ${{ github.repository == 'spring-projects/spring-authorization-server' }} + DEPLOY_ARTIFACTS: false + DEPLOY_DOCS: false + jobs: + prerequisites: + name: Pre-requisites for building + runs-on: ubuntu-latest + outputs: + runjobs: ${{ steps.continue.outputs.runjobs }} + project_version: ${{ steps.continue.outputs.project_version }} + steps: + - uses: actions/checkout@v2 + - id: continue + name: Determine if should continue + if: env.RUN_JOBS == 'true' + run: | + # Run jobs if in upstream repository + echo "::set-output name=runjobs::true" + # Extract version from gradle.properties + version=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}') + echo "::set-output name=project_version::$version" build: name: Build - runs-on: ${{ matrix.os }} + needs: [prerequisites] strategy: matrix: os: [ubuntu-latest, windows-latest] jdk: [11] fail-fast: false + runs-on: ${{ matrix.os }} + if: needs.prerequisites.outputs.runjobs steps: - uses: actions/checkout@v2 - name: Set up JDK ${{ matrix.jdk }} uses: actions/setup-java@v1 with: java-version: ${{ matrix.jdk }} + - name: Setup gradle user name + run: | + mkdir -p ~/.gradle + echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 + env: + GRADLE_USER_HOME: ~/.gradle - name: Build with Gradle - run: ./gradlew clean build + env: + GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }} + GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} + run: ./gradlew clean build --continue -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" snapshot_tests: name: Test against snapshots + needs: [prerequisites] runs-on: ubuntu-latest + if: needs.prerequisites.outputs.runjobs steps: - uses: actions/checkout@v2 - name: Set up JDK uses: actions/setup-java@v1 with: java-version: 11 - - name: Test - run: echo Testing against snapshots - sonar: - name: Static Code Analysis - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Set up JDK - uses: actions/setup-java@v1 - with: - java-version: 11 - - name: Sonar - run: echo Running Sonarqube static code analysis - artifacts: + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 + - name: Snapshot Tests + env: + GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }} + GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} + run: ./gradlew test --refresh-dependencies -Duser.name=spring-builds+github -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" -PforceMavenRepositories=snapshot -PspringFrameworkVersion='5.3.+' -PspringSecurityVersion='5.5.+' -PlocksDisabled --stacktrace + deploy_artifacts: name: Deploy Artifacts - needs: [build, snapshot_tests, sonar] + needs: [build, snapshot_tests] runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -56,11 +89,24 @@ jobs: uses: actions/setup-java@v1 with: java-version: 11 + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 - name: Deploy Artifacts - run: echo Deploying Artifacts - docs: + if: env.DEPLOY_ARTIFACTS == 'true' + env: + GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }} + GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} + ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }} + ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }} + OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }} + OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }} + ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }} + ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} + run: ./gradlew publishArtifacts finalizeDeployArtifacts -Duser.name=spring-builds+github -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace + deploy_docs: name: Deploy Docs - needs: [build, snapshot_tests, sonar] + needs: [build, snapshot_tests] runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -68,17 +114,15 @@ jobs: uses: actions/setup-java@v1 with: java-version: 11 + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 - name: Deploy Docs - run: echo Deploying Docs - schema: - name: Deploy Schema - needs: [build, snapshot_tests, sonar] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Set up JDK - uses: actions/setup-java@v1 - with: - java-version: 11 - - name: Deploy Schema - run: echo Deploying Schema + if: env.DEPLOY_DOCS == 'true' + env: + GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }} + GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }} + DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }} + DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }} + DOCS_HOST: ${{ secrets.DOCS_HOST }} + run: ./gradlew deployDocs -PdeployDocsSshKey="$DOCS_SSH_KEY" -PdeployDocsSshUsername="$DOCS_USERNAME" -PdeployDocsHost="$DOCS_HOST" --stacktrace diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index afdeae11..00000000 --- a/Jenkinsfile +++ /dev/null @@ -1,105 +0,0 @@ -def projectProperties = [ - [$class: 'BuildDiscarderProperty', - strategy: [$class: 'LogRotator', numToKeepStr: '5']], - pipelineTriggers([cron('@daily')]) -] -properties(projectProperties) - -def SUCCESS = hudson.model.Result.SUCCESS.toString() -currentBuild.result = SUCCESS - -def GRADLE_ENTERPRISE_CACHE_USER = usernamePassword(credentialsId: 'gradle_enterprise_cache_user', - passwordVariable: 'GRADLE_ENTERPRISE_CACHE_PASSWORD', - usernameVariable: 'GRADLE_ENTERPRISE_CACHE_USERNAME') -def GRADLE_ENTERPRISE_SECRET_ACCESS_KEY = string(credentialsId: 'gradle_enterprise_secret_access_key', - variable: 'GRADLE_ENTERPRISE_ACCESS_KEY') -def SPRING_SIGNING_SECRING = file(credentialsId: 'spring-signing-secring.gpg', variable: 'SIGNING_KEYRING_FILE') -def SPRING_GPG_PASSPHRASE = string(credentialsId: 'spring-gpg-passphrase', variable: 'SIGNING_PASSWORD') -def OSSRH_S01_CREDENTIALS = usernamePassword(credentialsId: 'oss-s01-token', passwordVariable: 'OSSRH_S01_TOKEN_PASSWORD', usernameVariable: 'OSSRH_S01_TOKEN_USERNAME') -def ARTIFACTORY_CREDENTIALS = usernamePassword(credentialsId: '02bd1690-b54f-4c9f-819d-a77cb7a9822c', usernameVariable: 'ARTIFACTORY_USERNAME', passwordVariable: 'ARTIFACTORY_PASSWORD') -def JENKINS_PRIVATE_SSH_KEY = file(credentialsId: 'docs.spring.io-jenkins_private_ssh_key', variable: 'DEPLOY_SSH_KEY') -def SONAR_LOGIN_CREDENTIALS = string(credentialsId: 'spring-sonar.login', variable: 'SONAR_LOGIN') -def JENKINS_USER = '-Duser.name="spring-builds+jenkins"' - -def jdkEnv(String jdk = 'jdk8') { - def jdkTool = tool(jdk) - return "JAVA_HOME=${ jdkTool }" -} - -try { - parallel check: { - stage('Check') { - node { - checkout scm - sh "git clean -dfx" - try { - withCredentials([ARTIFACTORY_CREDENTIALS, - GRADLE_ENTERPRISE_CACHE_USER, - GRADLE_ENTERPRISE_SECRET_ACCESS_KEY]) { - withEnv([jdkEnv(), - "GRADLE_ENTERPRISE_CACHE_USERNAME=${GRADLE_ENTERPRISE_CACHE_USERNAME}", - "GRADLE_ENTERPRISE_CACHE_PASSWORD=${GRADLE_ENTERPRISE_CACHE_PASSWORD}", - "GRADLE_ENTERPRISE_ACCESS_KEY=${GRADLE_ENTERPRISE_ACCESS_KEY}"]) { - sh "./gradlew $JENKINS_USER check -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --stacktrace" - } - } - } catch(Exception e) { - currentBuild.result = 'FAILED: check' - throw e - } finally { - junit '**/build/test-results/*/*.xml' - } - } - } - } - - if(currentBuild.result == 'SUCCESS') { - parallel artifacts: { - stage('Deploy Artifacts') { - node { - checkout scm - sh "git clean -dfx" - withCredentials([SPRING_SIGNING_SECRING, - SPRING_GPG_PASSPHRASE, - OSSRH_S01_CREDENTIALS, - ARTIFACTORY_CREDENTIALS, - GRADLE_ENTERPRISE_CACHE_USER, - GRADLE_ENTERPRISE_SECRET_ACCESS_KEY]) { - withEnv([jdkEnv(), - "GRADLE_ENTERPRISE_CACHE_USERNAME=${GRADLE_ENTERPRISE_CACHE_USERNAME}", - "GRADLE_ENTERPRISE_CACHE_PASSWORD=${GRADLE_ENTERPRISE_CACHE_PASSWORD}", - "GRADLE_ENTERPRISE_ACCESS_KEY=${GRADLE_ENTERPRISE_ACCESS_KEY}"]) { - sh "./gradlew $JENKINS_USER deployArtifacts finalizeDeployArtifacts -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password='$SIGNING_PASSWORD' -PossrhTokenUsername=$OSSRH_S01_TOKEN_USERNAME -PossrhTokenPassword=$OSSRH_S01_TOKEN_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --stacktrace" - } - } - } - } - } - } -} catch(Exception e) { - currentBuild.result = 'FAILED: deploys' - throw e -} finally { - def buildStatus = currentBuild.result - def buildNotSuccess = !SUCCESS.equals(buildStatus) - def lastBuildNotSuccess = !SUCCESS.equals(currentBuild.previousBuild?.result) - - if(buildNotSuccess || lastBuildNotSuccess) { - - stage('Notifiy') { - node { - final def RECIPIENTS = [[$class: 'DevelopersRecipientProvider'], [$class: 'RequesterRecipientProvider']] - - def subject = "${buildStatus}: Build ${env.JOB_NAME} ${env.BUILD_NUMBER} status is now ${buildStatus}" - def details = """The build status changed to ${buildStatus}. For details see ${env.BUILD_URL}""" - - emailext ( - subject: subject, - body: details, - recipientProviders: RECIPIENTS, - to: "$SPRING_SECURITY_TEAM_EMAILS" - ) - } - } - } -}