AJ-1095: Publish Library and CLI (#3)

* First pass at enabling publish

wip

* Add readme for publishing process

* Add publishing to gradle and GHA

* working local publish

* Update name for package

* Ensure git properties is correctly generated

remove git setup for cli

* Update name

* Publish CLI to artifactory

* Remaining TODO

* undo downgrading gradle

* Add import from library code

move snapshot as an addition on publishing

Add new command to readme

* Update name to action

* Upgrade artifactory; set git properties config for CLI

* Add instructions for cli upgrade

update readme

* Add comments

update comment

* Use re-usable GHA workflows instead of dispatch

update name

* PR Review

* Add alias command

* test out new GHA

turn off dry run

* Add as release branch for testing

* try pattern

* add slash

* bump 0.4.0

* Pull version from git config

* Remove -SNAPSHOT from version

* revert to v3

* Updated main class declaration and add ability to run cli

* Try adding automatic creation of release with CLI jar

* [undo before merge] add release job to tag action just for testing

fix version

* bump 0.4.0

* test

* test

* bump 0.5.0

* Revert "bump 0.5.0"

This reverts commit ff47321.

* try using workspace path

* test

* bump 0.5.0

* test

updatea

* bump 0.6.0

* try again

* variable name

* bump 0.7.0

* test

* bump 0.8.0

* try release upgrade command

* bump 0.9.0

* create and upload files and generate notes

* bump 0.10.0

* remove github workspace

* bump 0.11.0

* test

* bump 0.12.0

* make sure we're checking out the tagged

* fix formatting

* bump 0.13.0

* Final changes to github actions; revert settings.gradle

* Update cli release related code

* Update readme for CLI release

fix

* Fix spotbugs

* Update README.md and include distribution in the release

* pass output from tag to release-cli

* spotbugs fix

* Add comment

* Add test coverage

spotless

* Add more info to readme on how to use published resources

* Update GHA - fix inputs, outputs

* UNDO BEFORE MERGE - undo main

wip

* Consolidate slack notifications and have single gradlew build call

* add workflow dispatch

* add back ref

* Need secrets inherit in order use secrets in called workflow

* test full workflow - undo before merge

* Revert "test full workflow - undo before merge"

This reverts commit ae5ccc7.

* PR Review: Update GitConfiguration

* PR Review: Remove workflow_dispatch trigger, Update required secrets

* PR Review: Updated command

* PR Review: Remove artifact group

* update formatting

---------

Co-authored-by: bumptagbot <robot@terra.team>

.github/workflows/build-and-test.yml → .github/workflows/build-test-and-publish.yml

@@ -1,9 +1,11 @@
-name: Build and Test
+name: Build, Test and Publish
 
 on:
   push:
     branches: [ main ]
-    paths-ignore: [ '*.md' ]
+    paths-ignore:
+      - '*.md'
+      - 'settings.gradle' # Avoid running workflows on version bumps
   pull_request:
     branches: [ '**' ]
 
@@ -68,8 +70,30 @@ jobs:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-  notify-slack:
+  tag:
     needs: [ build, unit-tests-and-sonarqube, source-clear ]
+    uses: ./.github/workflows/tag.yml
+    if: success() && github.ref == 'refs/heads/main'
+    secrets: inherit
+
+  publish-library:
+    needs: [ tag ]
+    uses: ./.github/workflows/publish.yml
+    if: success() && github.ref == 'refs/heads/main'
+    secrets: inherit
+    with:
+      tag: ${{ needs.tag.outputs.tag }}
+
+  release-cli:
+    needs: [ tag ]
+    uses: ./.github/workflows/release-cli.yml
+    secrets: inherit
+    if: success() && github.ref == 'refs/heads/main'
+    with:
+      tag: ${{ needs.tag.outputs.tag }}
+
+  notify-slack-on-failure:
+    needs: [ build, unit-tests-and-sonarqube, source-clear, tag, publish-library, release-cli ]
     runs-on: ubuntu-latest
 
     if: failure() && github.ref == 'refs/heads/main'
@@ -86,16 +110,3 @@ jobs:
           fields: job,message
           text: 'Build failed :sadpanda:'
           username: 'Java-PFB GitHub Action'
-
-  dispatch-tag:
-    needs: [ build, unit-tests-and-sonarqube, source-clear ]
-    runs-on: ubuntu-latest
-
-    if: success() && github.ref == 'refs/heads/main'
-
-    steps:
-      - name: Fire off tag action
-        uses: broadinstitute/workflow-dispatch@v1
-        with:
-          workflow: Tag
-          token: ${{ secrets.BROADBOT_TOKEN }}

.github/workflows/publish.yml

@@ -1,5 +1,17 @@
-name: Publish and deploy
-on: create
+name: Publish Library to Artifactory
+on:
+  workflow_call:
+    inputs:
+      tag:
+        required: true
+        type: string
+    secrets:
+      BROADBOT_TOKEN:
+        required: true
+      ARTIFACTORY_USERNAME:
+        required: true
+      ARTIFACTORY_PASSWORD:
+        required: true
 
 env:
   SERVICE_NAME: ${{ github.event.repository.name }}
@@ -12,39 +24,21 @@ jobs:
       contents: 'read'
       id-token: 'write'
     runs-on: ubuntu-latest
-    outputs:
-      tag: ${{ steps.tag.outputs.tag }}
     steps:
-      - name: Enable publish with AJ-1095
-        run: echo "TODO"
-#      - uses: actions/checkout@v3
-#      - name: Set up JDK
-#        uses: actions/setup-java@v3
-#        with:
-#          java-version: '17'
-#          distribution: 'temurin'
-#          cache: 'gradle'
-
-#      - name: Parse tag
-#        id: tag
-#        run: echo "tag=$(git describe --tags)" >> $GITHUB_OUTPUT
-#
-#      - name: Publish to Artifactory
-#        run: ./gradlew --build-cache :client:artifactoryPublish
-#        env:
-#          ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
-#          ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
-#          ARTIFACTORY_REPO_KEY: "libs-release-local"
-#
-#      - name: Notify slack on failure
-#        uses: broadinstitute/action-slack@v3.8.0
-#        if: failure()
-#        env:
-#          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-#        with:
-#          channel: '#dsp-analysis-journeys-alerts'
-#          status: failure
-#          author_name: Publish to dev
-#          fields: job
-#          text: 'Publish failed :sadpanda:'
-#          username: 'Java-PFB GitHub Action'
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ inputs.tag }}
+          token: ${{ secrets.BROADBOT_TOKEN }}
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'gradle'
+      - name: Publish Library Artifactory
+        run: ./gradlew --build-cache :library:artifactoryPublish
+        env:
+          ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
+          ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
+          ARTIFACTORY_REPO_KEY: "libs-release-local"

.github/workflows/release-cli.yml

@@ -0,0 +1,33 @@
+name: Create Github Release with CLI Jar and Distribution
+on:
+  workflow_call:
+    inputs:
+      tag:
+        required: true
+        type: string
+    secrets:
+      BROADBOT_TOKEN:
+        required: true
+
+jobs:
+  release-job:
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ inputs.tag }}
+          token: ${{ secrets.BROADBOT_TOKEN }}
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'gradle'
+      - name: Build jar with latest tagged version
+        run: |
+          ./gradlew --build-cache jar assembleDist
+      - name: Create tagged release with CLI jar
+        run: gh release create ${{ inputs.tag }} 'cli/build/libs/java-pfb-cli-${{ inputs.tag }}.jar' 'cli/build/distributions/cli-${{ inputs.tag }}.zip' --generate-notes --verify-tag
+        env:
+          GH_TOKEN: ${{ secrets.BROADBOT_TOKEN }}

.github/workflows/tag.yml

@@ -1,9 +1,18 @@
 name: Tag
-on: workflow_dispatch
+on:
+  workflow_call:
+    outputs:
+      tag:
+        value: ${{ jobs.tag-job.outputs.tag }}
+    secrets:
+      BROADBOT_TOKEN:
+        required: true
 
 jobs:
   tag-job:
     runs-on: ubuntu-latest
+    outputs:
+        tag: ${{ steps.tag.outputs.tag }}
     steps:
       - name: Checkout current code
         uses: actions/checkout@v3
@@ -19,4 +28,4 @@ jobs:
           DEFAULT_BUMP: minor
           RELEASE_BRANCHES: main
           VERSION_FILE_PATH: settings.gradle
-          VERSION_LINE_MATCH: "^\\s*gradle.ext.releaseVersion\\s*=\\s*'.*'"
+          VERSION_LINE_MATCH: "^\\s*gradle.ext.releaseVersion\\s*=\\s*'.*'"

README.md

@@ -2,9 +2,19 @@
 
 A java implementation of the [pyPFB](https://github.com/uc-cdis/pypfb) library that includes a CLI and a java library. 
 
+
+## Getting Started
+See the [library README](library/README.md) for more details on how to reference the lbirary in your project.
+
 The CLI is a wrapper around the library. See the [CLI README](cli/README.md) for more information.
 
-## Running SourceClear locally
+## Developer Information
+
+### Publishing
+
+See [library](library/README.md) and [cli](cli/README.md) readmes for more details. 
+
+### Running SourceClear locally
 
 [SourceClear](https://srcclr.github.io) is a static analysis tool that scans a project's Java
 dependencies for known vulnerabilities. If you get a build failure due a SourceClear error and want
@@ -18,7 +28,7 @@ export SRCCLR_API_TOKEN=$(vault read -field=api_token secret/secops/ci/srcclr/gr
 
 Results of the scan are uploaded to [Veracode](https://sca.analysiscenter.veracode.com/workspaces/jppForw/projects/768265/issues). You can request an account to view results from #dsp-infosec-champions. 
 
-## Running SonarQube locally
+### Running SonarQube locally
 
 [SonarQube](https://www.sonarqube.org) is a static analysis code that scans code for a wide
 range of issues, including maintainability and possible bugs. If you get a build failure due to

buildSrc/build.gradle

@@ -11,4 +11,6 @@ dependencies {
     implementation 'com.srcclr.gradle:com.srcclr.gradle.gradle.plugin:3.1.12'
     implementation 'org.sonarqube:org.sonarqube.gradle.plugin:4.2.1.3168'
     implementation 'info.picocli:picocli:4.7.4'
+    implementation 'com.gorylenko.gradle-git-properties:gradle-git-properties:2.3.1'
+    implementation 'org.jfrog.buildinfo:build-info-extractor-gradle:5.0.3'
 }

buildSrc/src/main/groovy/bio.terra.pfb.java-application-conventions.gradle

@@ -0,0 +1,4 @@
+plugins {
+    id 'bio.terra.pfb.java-common-conventions'
+    id 'application'
+}

buildSrc/src/main/groovy/bio.terra.pfb.java-common-conventions.gradle

@@ -4,6 +4,7 @@ plugins {
     id 'java'
     id 'org.sonarqube'
     id 'com.diffplug.spotless'
+    id 'com.gorylenko.gradle-git-properties'
 }
 
 boolean isCiServer = System.getenv().containsKey("CI")
@@ -14,20 +15,6 @@ java {
     }
 }
 
-repositories {
-    maven {
-        // Terra proxy for maven central
-        url 'https://broadinstitute.jfrog.io/broadinstitute/maven-central/'
-    }
-    mavenCentral()
-    maven {
-        url 'https://broadinstitute.jfrog.io/broadinstitute/libs-release/'
-    }
-    maven {
-        url 'https://broadinstitute.jfrog.io/broadinstitute/libs-snapshot-local/'
-    }
-}
-
 dependencies {
     testImplementation 'org.hamcrest:hamcrest:2.2'
 

cli/README.md

@@ -1,14 +1,74 @@
-Current usage of CLI:
-First, run "jar" gradle task in cli project.
+Java PFB CLI
+===
+
+## Available Commands
+- hello
+- getNumber5
+- --version
+- --help
+
+## Local Run and Development
+
+### Option 1 - Run via Gradle (Suggested workflow)
+
+Run the following command to build the library and CLI jar and execute a command:
+```shell
+./gradlew run --args=<command>
+```
+
+### Option 2: Assemble distribution zip and run
+Run the following command to build the library and CLI jar:
+```shell
+./gradlew :cli:assembleDist
+```
+Unzip the distribution
+```shell
+unzip cli/build/distributions/cli-<VERSION>.zip
+```
+Run commands
+```shell
+./cli-<VERSION>/bin/cli <command>
+```
+
+### Option 3: Build and run jar
+Run the following command to build the library and CLI jar:
 ```shell
 ./gradlew :cli:jar
 ```
 
 Then, you can use the CLI with the following command:
 ```shell
-java -cp "cli/build/libs/java-pfb-cli.jar" bio.terra.pfb.JavaPfbCommand <command>
+java -jar "cli/build/libs/java-pfb-cli-<VERSION>.jar" <command>
 ```
-Available Commands:
-- hello
-- --version
-- --help
+An alias can be created to simplify this command:
+```shell
+alias pfb='java -jar "cli/build/libs/java-pfb-cli-<VERSION>.jar"'
+```
+Example usage of the alias:
+```shell
+pfb --version
+```
+
+# Download and run the CLI
+## Option 1 - Run from Jar Downloaded from Github Release
+1) Download Jar from latest Github release.
+2) Note the location of the downloaded jar and run the jar with the following command:
+```shell
+java -cp "<PATH-TO-JAR>" bio.terra.pfb.JavaPfbCommand <command>
+```
+## Option 2 - Run from Distribution Downloaded from Github Release
+1) Download Distribution zip from latest Github release.
+2) Unzip the distribution
+```shell
+unzip <PATH-TO-ZIP>/cli-<VERSION>.zip
+```
+3) Note the location of the unzipped distribution and run the CLI with the following command:
+```shell
+./cli-<VERSION>/bin/cli --version
+```
+
+## Upgrade the CLI
+
+Github release containing the CLI jar is automatically generated via Github actions when a change is pushed to main. 
+
+

cli/build.gradle

@@ -1,25 +1,31 @@
 plugins {
-    id 'bio.terra.pfb.java-common-conventions'
+    id 'bio.terra.pfb.java-application-conventions'
 }
 
-version 'unspecified'
+application {
+    mainClass = 'bio.terra.pfb.JavaPfbCommand'
+}
+
+version gradle.releaseVersion
+apply from: "generators.gradle"
 
 repositories {
     mavenCentral()
 }
 
 dependencies {
     implementation 'info.picocli:picocli:4.7.4'
+    implementation project(':library')
 }
 
 jar {
-    manifest {
-        attributes 'Main-Class': 'bio.terra.pfb.JavaPfbCommand'
-    }
+    manifest.attributes["Main-Class"] = application.mainClass
     archiveBaseName.set('java-pfb-cli')
     from {
         configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) }
     }
+    duplicatesStrategy = DuplicatesStrategy.EXCLUDE
+    dependsOn(':library:jar')
 }
 
 sonar {