Files
spring-tools/.github/workflows/gh-hosted-eclipse-distro-build.yml
2025-03-10 10:48:23 -04:00

425 lines
21 KiB
YAML

name: Eclipse Distro STS Build (GitHub Hosted)
on:
workflow_call:
inputs:
eclipse_profile:
description: Eclipse profile 'e429' etc
required: true
default: 'e429'
type: string
build_type:
description: Build type such as 'snapshot', 'milestone' or 'release'
required: true
default: 'snapshot'
type: string
sts4-language-servers-version:
description: version of sts4 ls extensions
required: false
type: string
p2-qualifier:
description: p2 qualifier to override
required: false
type: string
java_version:
description: JDK version to build the artifacts
required: false
default: '17'
type: string
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CDN_S3_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CDN_S3_SECRET_KEY }}
AWS_DEFAULT_REGION: us-east-1
AWS_ENDPOINT_URL_S3: ${{ secrets.CDN_S3_ENDPOINT }}
AWS_S3_BUCKET: ${{ secrets.CDN_BUCKET }}/spring-tools
DOWNLOAD_URL_ROOT: https://cdn.spring.io/spring-tools
CDN_BUCKET: ${{ secrets.CDN_BUCKET }}
jobs:
eclipse-distro-build:
runs-on: ubuntu-latest
steps:
- name: Setup AWS CLI 2.22
run: |
curl -s "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.22.35.zip" -o "awscliv2.zip"
unzip -q awscliv2.zip
sudo ./aws/install --update
aws --version
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
with:
sparse-checkout: |
.github
eclipse-distribution
eclipse-extensions
- name: Set up JDK ${{ inputs.java_version }}
uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2
with:
java-version: ${{ inputs.java_version }}
distribution: 'temurin'
- name: Enforce https instead of http
run: ./nohttp.sh
- name: Install GPG key
run: |
echo "${{ secrets.GPG_PRIVATE_KEY }}" > gpg.asc
echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --passphrase-fd 0 --import gpg.asc
- name: Project Version
id: project-version
run: |
cd eclipse-distribution
current_version=`./mvnw help:evaluate -Dexpression="project.version" -q -DforceStdout`
version=${current_version%%-*}
echo "version=$version" >> $GITHUB_OUTPUT
- name: Build Eclipse Distro
env:
# MAVEN_OPTS: -Dmaven.wagon.httpconnectionManager.ttlSeconds=40 -Dmaven.wagon.http.retryHandler.count=10 -Daether.connector.http.connectionMaxTtl=40 -Dhttp.keepAlive=false -Dhttpclient.retry-max=30 -Dorg.eclipse.ecf.provider.filetransfer.httpclient.retrieve.readTimeout=1800000 -Dorg.eclipse.ecf.provider.filetransfer.httpclient4.retrieve.readTimeout=1800000 -Dorg.eclipse.ecf.provider.filetransfer.retrieve.readTimeout=1800000 -Dorg.eclipse.ecf.provider.filetransfer.retrieve.retryAttempts=30 -Dorg.eclipse.equinox.p2.transport.ecf.retry=10
gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
gpg_keyname: ${{ secrets.GPG_KEYID }}
run: |
java -version
sts4_ls_version=${{ inputs.sts4-language-servers-version }}
sts4_ls_version_param=""
if ! [[ -z ${sts4_ls_version} ]]; then
sts4_ls_version_param="-Dsts4-language-servers-version=${sts4_ls_version}"
fi
p2_qualifier=${{ inputs.p2-qualifier }}
p2_qualifier_param=""
if ! [[ -z ${p2_qualifier} ]]; then
p2_qualifier_param="-Dp2.qualifier=${p2_qualifier}"
fi
cd eclipse-distribution
./mvnw --batch-mode -U clean install -P${{ inputs.eclipse_profile }} -P${{ inputs.build_type }} $sts4_ls_version_param $p2_qualifier_param -Pgitactions -Pgpg.sign \
-Dmaven.repo.local=~/.m2/repository-signed -Dmaven.test.skip=true -Declipse.p2.mirrors=false -Dtycho.localArtifacts=ignore -Dp2.replaceQualifier=true \
-Dskip.eclipserun.proxies=false -Dtycho.equinox.resolver.uses=true \
-Dmaven.wagon.httpconnectionManager.ttlSeconds=120 \
-Dmaven.wagon.http.retryHandler.count=60 \
-Dorg.eclipse.equinox.p2.transport.ecf.retry=60 \
-Daether.connector.http.connectionMaxTtl=60 \
-Dhttp.keepAlive=false \
-Dhttpclient.retry-max=60 \
-Dorg.eclipse.ecf.provider.filetransfer.httpclient.retrieve.readTimeout=2400000 -Dorg.eclipse.ecf.provider.filetransfer.httpclient4.retrieve.readTimeout=2400000 -Dorg.eclipse.ecf.provider.filetransfer.retrieve.readTimeout=2400000 \
-Dorg.eclipse.ecf.provider.filetransfer.retrieve.retryAttempts=60
- name: Store S3 Paths
id: s3-paths
run: |
dist_path=`cat ${{ github.workspace }}/eclipse-distribution/org.springframework.boot.ide.product.${{ inputs.eclipse_profile }}/target/s3-dist-path.txt`
p2_path=`cat ${{ github.workspace }}/eclipse-distribution/org.springframework.boot.ide.product.${{ inputs.eclipse_profile }}/target/s3-p2-repo-dist-path.txt`
echo "dist_path=$dist_path" >> $GITHUB_OUTPUT
echo "p2_path=$p2_path" >> $GITHUB_OUTPUT
- name: Upload P2 Repo Build Artifacts
run: |
cd eclipse-distribution/org.springframework.boot.ide.product.${{ inputs.eclipse_profile }}/target
p2_path=${{ steps.s3-paths.outputs.p2_path }}
echo "P2 path: ${p2_path}"
aws s3 rm s3://$AWS_S3_BUCKET/$p2_path/ --recursive
aws s3 cp ./repository/ s3://$AWS_S3_BUCKET/$p2_path/ --recursive --no-progress
- name: Upload Linux Distro Build Artifacts
run: |
cd eclipse-distribution/org.springframework.boot.ide.product.${{ inputs.eclipse_profile }}/target/products
files=`ls spring-tool-suite-4*linux*.tar.gz`
for file in $files
do
echo "Re-archive using tar.gz on linux runner to remove LIBARCHIVE headers"
mkdir extracted
tar -xzf $file --directory ./extracted
cd extracted
tar -czf ../$file .
cd ..
rm -rf extracted
echo "Generate checksums for ${file}"
shasum -a 256 $file > ${file}.sha256
md5sum $file > ${file}.md5
done
echo "Processing S3 update..."
dist_path=${{ steps.s3-paths.outputs.dist_path }}
ls spring-tool-suite-4*linux*.tar.gz*
echo "Removing old Linux .tar.gz files from s3..."
aws s3 rm s3://$AWS_S3_BUCKET/$dist_path --recursive --exclude "*" --include "spring-tool-suite-4*linux*.tar.gz*" --exclude "*/*"
echo "Uploading new Linux .tar.gz files to s3..."
aws s3 cp . s3://$AWS_S3_BUCKET/$dist_path --recursive --exclude "*" --include "spring-tool-suite-4*linux*.tar.gz*" --exclude "*/*" --no-progress
- name: Update Nightly Distro Downloads page
if: ${{ inputs.build_type == 'snapshot' }}
run: |
eclipse_profile=${{ inputs.eclipse_profile }}
eclipse_version=${eclipse_profile:0:2}.${eclipse_profile:2}
${{ github.workspace }}/.github/scripts/update-distro-download-page.sh ${{ steps.s3-paths.outputs.dist_path }} $eclipse_version ${{ inputs.build_type }} $AWS_S3_BUCKET $DOWNLOAD_URL_ROOT
- name: Upload Build Artifacts for Signing
run: |
echo "Uploading Win Zips and OSX tar.gz to S3 for signing..."
id=${{ inputs.eclipse_profile }}-${{ inputs.build_type }}-${{ github.run_id }}
aws s3 cp ${{ github.workspace }}/eclipse-distribution/org.springframework.boot.ide.product.${{ inputs.eclipse_profile }}/target/products s3://$AWS_S3_BUCKET/sts4-distro-ci-temp/$id --recursive --exclude "*" --include "spring-tool-suite-4*win*.zip" --include "spring-tool-suite-4*macosx*.tar.gz" --exclude "*/*" --no-progress
outputs:
id: ${{ inputs.eclipse_profile }}-${{ inputs.build_type }}-${{ github.run_id }}
dist_path: ${{ steps.s3-paths.outputs.dist_path }}
p2_path: ${{ steps.s3-paths.outputs.p2_path }}
version: ${{ steps.project-version.outputs.version }}
sign-win-distros:
needs: [ eclipse-distro-build ]
runs-on: ubuntu-latest
steps:
- name: Setup AWS CLI 2.22
run: |
curl -s "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.22.35.zip" -o "awscliv2.zip"
unzip -q awscliv2.zip
sudo ./aws/install --update
aws --version
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
with:
sparse-checkout: |
.github
- name: Download Win Zips from S3 for Signing
run: |
rm -f spring-tool-suite-4*win*.zip*
rm -f spring-tool-suite-4*win*.self-extracting.jar*
ls
aws s3 mv s3://$AWS_S3_BUCKET/sts4-distro-ci-temp/${{ needs.eclipse-distro-build.outputs.id }} . --recursive --exclude "*" --include "spring-tool-suite-4*win*.zip*" --exclude "*/*" --no-progress
- name: Sign EXE within zip files
id: sign
run: |
files=`ls spring-tool-suite-4*win*.zip`
for file in $files
do
${{ github.workspace }}/.github/scripts/sign-exe-in-zip-file.sh $file ${{ github.workspace }}/.github/scripts/sign-exe.sh ${{ github.workspace }}/.github/scripts/self-extracting-jar-creator.jar ${{ github.run_id }} &
done
FAIL=0
for job in `jobs -p`
do
wait $job || let "FAIL+=1"
done
if [ "$FAIL" == "0" ];
then
echo "Done signing EXE files"
else
echo "Failed signing one or more EXE files"
exit 1
fi
- name: Update Win zip/jar on S3
id: update-s3
run: |
dist_path=${{ needs.eclipse-distro-build.outputs.dist_path }}
echo "Processing S3 update..."
ls spring-tool-suite-4*win*
echo "Removing old win zip and self extracting jar files from S3..."
aws s3 rm s3://$AWS_S3_BUCKET/${dist_path} --recursive --exclude "*" --include "spring-tool-suite-4*win*.zip*" --include "spring-tool-suite-4*win*.self-extracting.jar*" --exclude "*/*"
echo "Uploading new win zip and self extracting jar files to S3..."
aws s3 mv . s3://$AWS_S3_BUCKET/${dist_path} --recursive --exclude "*" --include "spring-tool-suite-4*win*.zip*" --include "spring-tool-suite-4*win*.self-extracting.jar*" --exclude "*/*" --no-progress
- name: Update Nightly Distro Downloads page
if: ${{ inputs.build_type == 'snapshot' }}
run: |
dist_path=${{ needs.eclipse-distro-build.outputs.dist_path }}
eclipse_profile=${{ inputs.eclipse_profile }}
eclipse_version=${eclipse_profile:0:2}.${eclipse_profile:2}
${{ github.workspace }}/.github/scripts/update-distro-download-page.sh $dist_path $eclipse_version ${{ inputs.build_type }} $AWS_S3_BUCKET $DOWNLOAD_URL_ROOT
sign-osx-distros:
needs: [ eclipse-distro-build ]
runs-on: macos-15
steps:
- name: Setup AWS CLI 2.22
run: |
curl -s "https://awscli.amazonaws.com/AWSCLIV2-2.22.35.pkg" -o "awscliv2.pkg"
sudo installer -pkg ./awscliv2.pkg -target /
aws --version
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
with:
sparse-checkout: |
.github
- name: Create Keychain. Add Mac App Dev Certificate to Keychain
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN=$RUNNER_TEMP/app-signing.keychain-db
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN
security set-keychain-settings -lut 21600 $KEYCHAIN
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN
security list-keychain -d user -s $KEYCHAIN
- name: Unlock Keychain for OSX signing
run: |
security unlock-keychain -p ${{ secrets.KEYCHAIN_PASSWORD }} $RUNNER_TEMP/app-signing.keychain-db
- name: Install appdmg
run: |
npm install -g appdmg
- name: Download OSX tar.gz files from S3 for Signing/Notarization
run: |
rm -rf *macosx*
ls
aws s3 mv s3://$AWS_S3_BUCKET/sts4-distro-ci-temp/${{ needs.eclipse-distro-build.outputs.id }} . --recursive --exclude "*" --include "spring-tool-suite-4*macosx*.tar.gz" --exclude "*/*" --no-progress
- name: Sign .app, Create and Sign DMG
env:
MACOS_CERTIFICATE_ID: ${{ secrets.MACOS_CERTIFICATE_ID }}
NOTARIZE_PROFILE: notarize-app-dmg-profile
run: |
export KEYCHAIN=$RUNNER_TEMP/app-signing.keychain-db
ls ${{ github.workspace }}/.github/assets
files=`ls spring-tool-suite-4*macosx*.tar.gz`
for file in $files
do
${{ github.workspace }}/.github/scripts/sign-osx-distro-file.sh $file ${{ github.workspace }}/.github/assets/entitlements.plist ${{ github.workspace }}/.github/assets/sts4.icns
done
- name: Notarize DMG files
env:
NOTARIZE_PROFILE: notarize-app-dmg-profile
run: |
xcrun notarytool store-credentials $NOTARIZE_PROFILE --apple-id ${{ secrets.VMWARE_APPLE_USER }} --team-id ${{ secrets.VMWARE_APPLE_TEAM_ID }} --password ${{ secrets.VMWARE_APPLE_PASSWORD }}
dmg_files=`ls spring-tool-suite-4*macosx*.dmg`
for dmg_file in $dmg_files
do
${{ github.workspace }}/.github/scripts/notarize-osx-distro-file.sh $dmg_file $NOTARIZE_PROFILE &
done
FAIL=0
for job in `jobs -p`
do
wait $job || let "FAIL+=1"
done
if [ "$FAIL" == "0" ];
then
echo "Done signing and notarization of DMG files"
else
echo "Failed Notarization"
exit 1
fi
- name: Update DMG files on S3
id: update-s3
run: |
dist_path=${{ needs.eclipse-distro-build.outputs.dist_path }}
echo "Processing S3 update..."
ls spring-tool-suite-4*macosx*.dmg*
echo "Removing old dmg files from S3..."
aws s3 rm s3://$AWS_S3_BUCKET/${dist_path} --recursive --exclude "*" --include "spring-tool-suite-4*macosx*.dmg*" --exclude "*/*"
echo "Uploading new dmg files to S3..."
aws s3 mv . s3://$AWS_S3_BUCKET/${dist_path} --recursive --exclude "*" --include "spring-tool-suite-4*macosx*.dmg*" --exclude "*/*" --no-progress
- name: Update Nightly Distro Downloads page
if: ${{ inputs.build_type == 'snapshot' && always() }}
run: |
dist_path=${{ needs.eclipse-distro-build.outputs.dist_path }}
eclipse_profile=${{ inputs.eclipse_profile }}
eclipse_version=${eclipse_profile:0:2}.${eclipse_profile:2}
${{ github.workspace }}/.github/scripts/update-distro-download-page.sh $dist_path $eclipse_version ${{ inputs.build_type }} $AWS_S3_BUCKET $DOWNLOAD_URL_ROOT
- name: Cleanup
if: ${{ always() }}
run: |
rm -rf *spring-tool-suite-4*macosx*
purge_cache:
needs: [ eclipse-distro-build, sign-win-distros, sign-osx-distros ]
if: ${{ always() && inputs.build_type != 'snapshot' && contains(join(needs.*.result, ','), 'success')}}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
with:
sparse-checkout: |
.github
- name: Collect URLs to Purge
id: collect-urls
run: |
ESCAPED_REPLACE_URL=$(printf '%s\n' "$DOWNLOAD_URL_ROOT/" | sed -e 's/[\/&]/\\&/g')
sed_pattern="s/^[ \t]*/$ESCAPED_REPLACE_URL/"
dist_urls=`aws s3 ls s3://$AWS_S3_BUCKET/${{ needs.eclipse-distro-build.outputs.dist_path }} --recursive | awk '{$1=$2=$3=""; print $0}' | sed -e "$sed_pattern" | paste -sd' ' -`
p2_urls=`aws s3 ls s3://$AWS_S3_BUCKET/${{ needs.eclipse-distro-build.outputs.p2_path }} --recursive | awk '{$1=$2=$3=""; print $0}' | sed -e "$sed_pattern" | paste -sd' ' -`
urls="${dist_urls} ${p2_urls}"
echo "urls=$urls" >> $GITHUB_OUTPUT
- uses: ./.github/actions/cloudflare-purge
name: Invalidate URLs
with:
urls: ${{ steps.collect-urls.outputs.urls }}
cloudflare_zone_id: ${{ secrets.CLOUDFLARE_ZONE_ID }}
cloudflare_cache_token: ${{ secrets.CLOUDFLARE_CACHE_TOKEN }}
gchat-message:
needs: [ eclipse-distro-build, sign-win-distros, sign-osx-distros ]
if: ${{ inputs.build_type == 'release' }}
name: Send GChat message
runs-on: ubuntu-latest
steps:
- name: Google Chat Notification
run: |
echo "P2 Update Site: ${DOWNLOAD_URL_ROOT}/${{ needs.eclipse-distro-build.outputs.p2_path }}"
downloads_html="sts4-distro-downloads-${{ inputs.eclipse_profile }}.txt"
rm -f ./downloads_html
s3_url=s3://${AWS_S3_BUCKET}/${{ needs.eclipse-distro-build.outputs.dist_path }}
files=`aws s3 cp ${s3_url} . --recursive --exclude "*" --include "spring-tool-suite-4*.zip" --include "spring-tool-suite-4*.dmg" --include "spring-tool-suite-4*.self-extracting.jar" --include "spring-tool-suite-4*.tar.gz" --exclude "*/*" --dryrun`
s3_url_prefix="s3://${AWS_S3_BUCKET}"
s3_url_prefix_length=${#s3_url_prefix}
for file in $files
do
if [[ "$file" =~ ^"${s3_url_prefix}" ]]; then
download_url=${DOWNLOAD_URL_ROOT}${file:$s3_url_prefix_length}
filename=${file:${#s3_url}+1}
echo $download_url
echo $filename
echo "<a href=${download_url}>${filename}</a>" >> $downloads_html
fi
done
distro_links=`cat ./$downloads_html`
rm -f ./$downloads_html
build_type=${{ inputs.build_type }}
build_type=${build_type^}
eclipse_profile=${{ inputs.eclipse_profile }}
eclipse_version=${eclipse_profile:1:1}.${eclipse_profile:2}
curl --location --request POST '${{ secrets.TOOLS_TEAM_GCHAT_WEBHOOK_URL }}' \
--header 'Content-Type: application/json' \
--data-raw "{
\"cardsV2\": [
{
\"card\": {
\"header\": {
\"title\": \"STS ${{ needs.eclipse-distro-build.outputs.version }} ${build_type}\",
\"subtitle\": \"Eclipse ${eclipse_version}\",
\"imageUrl\": \"https://avatars.githubusercontent.com/u/317776?s=48&amp;v=4\",
},
\"sections\": [
{
\"widgets\": [
{
\"decoratedText\": {
\"topLabel\": \"P2 Update Site\",
\"text\": \"<a href=${DOWNLOAD_URL_ROOT}/${{ needs.eclipse-distro-build.outputs.p2_path }}>${DOWNLOAD_URL_ROOT}/${{ needs.eclipse-distro-build.outputs.p2_path }}</a>\",
\"wrapText\": true
}
},
{
\"decoratedText\": {
\"topLabel\": \"Distributions\",
\"text\": \"${distro_links}\",
\"wrapText\": true
}
}
]
}
]
}
}
]
}"
cleanup:
needs: [ eclipse-distro-build, sign-win-distros, sign-osx-distros ]
if: ${{ always() }}
runs-on: ubuntu-latest
steps:
- name: Remove Temp Build Artifacts from S3
id: cleanup-s3-temp-storage
run: |
aws s3 rm s3://$AWS_S3_BUCKET/sts4-distro-ci-temp --recursive --exclude "*" --include "${{ needs.eclipse-distro-build.outputs.id }}/*"
notify-failure:
needs: [ eclipse-distro-build, sign-win-distros, sign-osx-distros, cleanup, purge_cache ]
if: ${{ always() && contains(needs.*.result, 'failure') }}
uses: ./.github/workflows/notify-failed.yml
with:
md_message: "*Failed Eclipse '${{ inputs.eclipse_profile }}' Distribution ${{ inputs.build_type }} Build:* <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.run_id }}>"
secrets: inherit