4.x: release workflow (#7569)

* Jenkins: Archive artifacts * Add snapshot and release workflows
helidon-io · Sep 12, 2023 · 7a489cc · 7a489cc
1 parent 7dce029
commit 7a489cc
Show file tree

Hide file tree

Showing 5 changed files with 189 additions and 28 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,66 @@
+# Notes
+# - cannot run on Windows, as we use shell scripts
+
+name: "Release"
+
+on:
+  push:
+    branches:
+      - 'test-release-*'
+env:
+  JAVA_VERSION: '21'
+  JAVA_DISTRO: 'oracle'
+  MAVEN_HTTP_ARGS: '-Dmaven.wagon.httpconnectionManager.ttlSeconds=60 -Dmaven.wagon.http.retryHandler.count=3'
+
+concurrency:
+  group: release-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  copyright:
+    timeout-minutes: 10
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up JDK ${{ env.JAVA_VERSION }}
+        uses: oracle-actions/setup-java@v1.3.1
+        with:
+          website: ${{ env.JAVA_DISTRO }}
+          release: ${{ env.JAVA_RELEASE }}
+          cache: maven
+      - name: Copyright
+        run: etc/scripts/copyright.sh
+  release:
+    timeout-minutes: 60
+    runs-on: ubuntu-20.04
+    environment: release
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.SERVICE_ACCOUNT_TOKEN }}
+          fetch-depth: '0'
+      - name: Set up JDK ${{ env.JAVA_VERSION }}
+        uses: oracle-actions/setup-java@v1.3.1
+        with:
+          website: ${{ env.JAVA_DISTRO }}
+          release: ${{ env.JAVA_RELEASE }}
+          cache: maven
+      - name: Release
+        env:
+          GPG_PASSPHRASE: ${{ secrets.HELIDON_GPG_PASSPHRASE }}
+          GPG_PRIVATE_KEY: ${{ secrets.HELIDON_GPG_PRIVATE_KEY }}
+          GPG_PUBLIC_KEY: ${{ secrets.HELIDON_GPG_PUBLIC_KEY }}
+          MAVEN_SETTINGS: ${{ secrets.MAVEN_SETTINGS }}
+          RELEASE_WORKFLOW: "true"
+        run: |
+          git config user.email "helidon-robot_ww@oracle.com"
+          git config user.name "Helidon Robot"
+          etc/scripts/release.sh release_build
+      - name: Upload Staged Artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: io-helidon-staged-artifacts
+          path: parent/target/nexus-staging/
+          retention-days: 90
diff --git a/.github/workflows/snapshotrelease.yaml b/.github/workflows/snapshotrelease.yaml
@@ -0,0 +1,39 @@
+# Perform a snapshot build and deploy to snapshot repository
+# Notes
+# - cannot run on Windows, as we use shell scripts
+
+name: "Snapshot Release"
+
+on:
+  workflow_dispatch:
+
+env:
+  JAVA_VERSION: '21'
+  JAVA_DISTRO: 'oracle'
+  MAVEN_HTTP_ARGS: '-Dmaven.wagon.httpconnectionManager.ttlSeconds=60 -Dmaven.wagon.http.retryHandler.count=3'
+
+concurrency:
+  group: release-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  deploy:
+    timeout-minutes: 60
+    runs-on: ubuntu-20.04
+    environment: release
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: '0'
+      - name: Set up JDK ${{ env.JAVA_VERSION }}
+        uses: oracle-actions/setup-java@v1.3.1
+        with:
+          website: ${{ env.JAVA_DISTRO }}
+          release: ${{ env.JAVA_RELEASE }}
+          cache: maven
+      - name: Build and deploy
+        env:
+          MAVEN_SETTINGS: ${{ secrets.MAVEN_SETTINGS }}
+          RELEASE_WORKFLOW: "true"
+        run: |
+          etc/scripts/release.sh deploy_snapshot
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, 2022 Oracle and/or its affiliates.
+ * Copyright (c) 2020, 2023 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -40,4 +40,9 @@ pipeline {
       }
     }
   }
+  post {
+    always {
+        archiveArtifacts artifacts: 'parent/target/nexus-staging/**'
+    }
+  }
 }
diff --git a/etc/scripts/includes/pipeline-env.sh b/etc/scripts/includes/pipeline-env.sh
@@ -65,37 +65,29 @@ if [ -z "${__PIPELINE_ENV_INCLUDED__}" ]; then
         PATH="${PATH}:${JAVA_HOME}/bin"
     }
 
-    if [ -n "${HELIDON_PIPELINES}" ] ; then
-      export PIPELINE="true"
-      MAVEN_ARGS="${MAVEN_ARGS} -B ${MAVEN_HTTP_ARGS}"
-      export MAVEN_ARGS
-      # temporary fix for copyright plugin
-      git config diff.renameLimit 32768
-    fi
+    MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn"
+    MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.showDateTime=true"
+    MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS"
+    # Needed for archetype engine plugin
+    MAVEN_OPTS="${MAVEN_OPTS} --add-opens=java.base/java.util=ALL-UNNAMED"
+    # Needed for generating site
+    MAVEN_OPTS="${MAVEN_OPTS} --add-opens=java.desktop/com.sun.imageio.plugins.png=ALL-UNNAMED"
+
+    MAVEN_ARGS="${MAVEN_ARGS} -B ${MAVEN_HTTP_ARGS}"
 
     if [ -n "${JENKINS_HOME}" ] ; then
         export PIPELINE="true"
-        export JAVA_HOME="/tools/jdk20"
-        MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn"
-        MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.showDateTime=true"
-        MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS"
-        # Needed for archetype engine plugin
-        MAVEN_OPTS="${MAVEN_OPTS} --add-opens=java.base/java.util=ALL-UNNAMED"
-        # Needed for generating site
-        MAVEN_OPTS="${MAVEN_OPTS} --add-opens=java.desktop/com.sun.imageio.plugins.png=ALL-UNNAMED"
-        export MAVEN_OPTS
+        export JAVA_HOME="/tools/jdk21"
         export PATH="/tools/apache-maven-3.8.6/bin:${JAVA_HOME}/bin:/tools/node-v12/bin:${PATH}"
         if [ -n "${GITHUB_SSH_KEY}" ] ; then
             export GIT_SSH_COMMAND="ssh -i ${GITHUB_SSH_KEY}"
         fi
-        MAVEN_ARGS="${MAVEN_ARGS} -B"
         if [ -n "${MAVEN_SETTINGS_FILE}" ] ; then
             MAVEN_ARGS="${MAVEN_ARGS} -s ${MAVEN_SETTINGS_FILE}"
         fi
         if [ -n "${NPM_CONFIG_REGISTRY}" ] ; then
             MAVEN_ARGS="${MAVEN_ARGS} -Dnpm.download.root=${NPM_CONFIG_REGISTRY}/npm/-/"
         fi
-        export MAVEN_ARGS
 
         if [ -n "${https_proxy}" ] && [[ ! "${https_proxy}" =~ ^http:// ]] ; then
             export https_proxy="http://${https_proxy}"
@@ -130,10 +122,35 @@ if [ -z "${__PIPELINE_ENV_INCLUDED__}" ]; then
             GPG_KEYGRIP=$(gpg --with-keygrip -K | grep "Keygrip" | head -1 | awk '{print $3}')
             /usr/lib/gnupg/gpg-preset-passphrase --preset "${GPG_KEYGRIP}" <<< "${GPG_PASSPHRASE}"
         fi
-        # temporary fix for copyright plugin
-        git config diff.renameLimit 32768
     fi
 
+    if [ -n "${RELEASE_WORKFLOW}" ] ; then
+        if [ -n "${MAVEN_SETTINGS}" ] ; then
+            export MAVEN_SETTINGS_FILE="${HOME}/.m2/settings.xml"
+            echo "${MAVEN_SETTINGS}" > "${MAVEN_SETTINGS_FILE}"
+            MAVEN_ARGS="${MAVEN_ARGS} -s ${MAVEN_SETTINGS_FILE}"
+        fi
+        if [ -n "${GPG_PUBLIC_KEY}" ] ; then
+            tmpfile=$(mktemp /tmp/pub.XXXXXX.key)
+            echo "${GPG_PUBLIC_KEY}" > "${tmpfile}"
+            gpg --import --no-tty --batch "${tmpfile}"
+            rm "$tmpfile"
+        fi
+        if [ -n "${GPG_PRIVATE_KEY}" ] ; then
+            tmpfile=$(mktemp /tmp/pri.XXXXXX.key)
+            echo "${GPG_PRIVATE_KEY}" > "${tmpfile}"
+            gpg --allow-secret-key-import --import --no-tty --batch "${tmpfile}"
+            rm "$tmpfile"
+        fi
+        if [ -n "${GPG_PASSPHRASE}" ] ; then
+            echo "allow-preset-passphrase" >> ~/.gnupg/gpg-agent.conf
+            gpg-connect-agent reloadagent /bye
+            GPG_KEYGRIP=$(gpg --with-keygrip -K | grep "Keygrip" | head -1 | awk '{print $3}')
+            /usr/lib/gnupg/gpg-preset-passphrase --preset "${GPG_KEYGRIP}" <<< "${GPG_PASSPHRASE}"
+        fi
+    fi
+    export MAVEN_ARGS
+    export MAVEN_OPTS
 else
     echo "WARNING: ${WS_DIR}/etc/scripts/includes/pipeline-env.sh included multiple times."
 fi
diff --git a/etc/scripts/release.sh b/etc/scripts/release.sh
@@ -49,6 +49,8 @@ $(basename ${0}) [ --build-number=N ] CMD
         Perform a release build
         This will create a local branch, deploy artifacts and push a tag
 
+    deploy_snapshot
+        Perform a snapshot build and deploy to snapshot repository
 EOF
 }
 
@@ -66,7 +68,7 @@ for ((i=0;i<${#ARGS[@]};i++))
         exit 0
         ;;
     *)
-        if [ "${ARG}" = "update_version" ] || [ "${ARG}" = "release_build" ] ; then
+        if [ "${ARG}" = "update_version" ] || [ "${ARG}" = "release_build" ] || [ "${ARG}" = "deploy_snapshot" ] ; then
             readonly COMMAND="${ARG}"
         else
             echo "ERROR: unknown argument: ${ARG}"
@@ -259,14 +261,46 @@ release_build(){
       -DstagingDescription="${STAGING_DESC}"
 
     # Create and push a git tag
-    local GIT_REMOTE=$(git config --get remote.origin.url | \
-        sed "s,https://\([^/]*\)/,git@\1:,")
+    git tag -f "${FULL_VERSION}"
+    if [ -n "${JENKINS_HOME}" ] ; then
+        # In Jenkins use SSH to access remote
+        local GIT_REMOTE=$(git config --get remote.origin.url | \
+            sed "s,https://\([^/]*\)/,git@\1:,")
 
-    git remote add release "${GIT_REMOTE}" > /dev/null 2>&1 || \
-    git remote set-url release "${GIT_REMOTE}"
+        git remote add release "${GIT_REMOTE}" > /dev/null 2>&1 || \
+        git remote set-url release "${GIT_REMOTE}"
 
-    git tag -f "${FULL_VERSION}"
-    git push --force release refs/tags/"${FULL_VERSION}":refs/tags/"${FULL_VERSION}"
+        git push --force release refs/tags/"${FULL_VERSION}":refs/tags/"${FULL_VERSION}"
+    else
+        git push --force origin refs/tags/"${FULL_VERSION}":refs/tags/"${FULL_VERSION}"
+    fi
+}
+
+deploy_snapshot(){
+
+    # Make sure version ends in -SNAPSHOT
+    if [[ ${MVN_VERSION} != *-SNAPSHOT ]]; then
+        echo "Helidon version ${MVN_VERSION} is not a SNAPSHOT version. Failing snapshot release."
+        exit 1
+    fi
+
+    readonly NEXUS_SNAPSHOT_URL="https://oss.sonatype.org/content/repositories/snapshots/"
+    echo "Deploying snapshot build ${MVN_VERSION} to ${NEXUS_SNAPSHOT_URL}"
+
+    # The nexus-staging-maven-plugin had issues deploying the module
+    # helidon-applications because the distributionManagement section is empty.
+    # So we deploy using the apache maven-deploy-plugin and altDeploymentRepository
+    # property. The deployAtEnd option requires version 3.0.0 of maven-deploy-plugin
+    # or newer to work correctly on multi-module systems
+    set -x
+    mvn ${MAVEN_ARGS} -e clean deploy \
+      -Parchetypes \
+      -DskipTests \
+      -DaltDeploymentRepository="ossrh::${NEXUS_SNAPSHOT_URL}" \
+      -DdeployAtEnd=true \
+      -DretryFailedDeploymentCount="10"
+
+    echo "Done. ${MVN_VERSION} deployed to ${NEXUS_SNAPSHOT_URL}"
 }
 
 # Invoke command