Merge pull request #51 from liquibase/DAT-15646

DAT-15646




  Reusable Debian Package Creation Workflow Migration

.github/package-deb-pom.xml

@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+	<groupId>${groupId}</groupId>
+	<artifactId>${artifactId}</artifactId>
+	<version>${revision}</version>
+    <description>Universal pom for deb packaging</description>
+
+	<properties>
+		<maven.antrun.version>3.1.0</maven.antrun.version>
+		<org.vafer.jdeb.version>1.10</org.vafer.jdeb.version>
+	</properties>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>  
+				<artifactId>maven-antrun-plugin</artifactId>  
+				<version>${maven.antrun.version}</version>  
+				<executions>  
+					<execution>  
+						<id>unpack</id>  
+						<phase>package</phase>  
+						<configuration>  
+							<target>  
+								<untar src="${project.build.directory}/${project.artifactId}-${project.version}.tar.gz" compression="gzip" dest="${project.build.directory}/dist-unpacked" />
+							</target>  
+						</configuration>  
+						<goals>  
+							<goal>run</goal>  
+						</goals>  
+					</execution>  
+				</executions>  
+			</plugin> 
+			<plugin>
+				<groupId>org.vafer</groupId>
+				<artifactId>jdeb</artifactId>
+				<version>${org.vafer.jdeb.version}</version>
+				<executions>
+					<execution>
+						<id>create-deb</id>
+						<phase>package</phase>
+						<goals>
+							<goal>jdeb</goal>
+						</goals>
+					</execution>
+				</executions>
+				<configuration>
+					<deb>${project.build.directory}/${project.artifactId}-${project.version}.deb</deb>
+					<controlDir>${project.basedir}/src/${project.artifactId}/deb/control</controlDir>
+					<dataSet>
+						<data>
+							<src>${project.build.directory}/dist-unpacked</src>
+							<type>directory</type>
+							<mapper>
+								<type>perm</type>
+								<prefix>/opt/liquibase</prefix>
+								<filemode>755</filemode>
+							</mapper>
+						</data>
+						<data>
+							<src>${project.basedir}/src/${project.artifactId}/main/archive/${project.artifactId}-env.sh</src>
+							<type>file</type>
+							<mapper>
+								<type>perm</type>
+								<prefix>/etc/profile.d/</prefix>
+								<filemode>755</filemode>
+							</mapper>
+						</data>
+					</dataSet>
+				</configuration>
+			</plugin>
+		</plugins>
+	</build>
+</project>

.github/workflows/package-deb.yml

@@ -0,0 +1,102 @@
+name: DEB packaging
+on:
+  workflow_call:
+    inputs:
+      groupId:
+        description: 'Value from the groupId field in pom.xml. i.e. org.liquibase'
+        required: true
+        type: string
+      artifactId:
+        description: 'Value from the artifactId field in pom.xml. i.e. liquibase'
+        required: true
+        type: string
+      version:
+        description: 'Value from the version field in pom.xml. i.e 4.23.0'
+        type: string
+    secrets:
+      AWS_PROD_ACCESS_KEY_ID:
+        description: 'AWS_PROD_ACCESS_KEY_ID from the caller workflow'
+        required: true
+      AWS_PROD_SECRET_ACCESS_KEY:
+        description: 'AWS_PROD_SECRET_ACCESS_KEY from the caller workflow'
+        required: true
+      GPG_SECRET:
+        description: 'GPG_SECRET from the caller workflow'
+        required: true
+      GPG_PASSPHRASE:
+        description: 'GPG_PASSPHRASE from the caller workflow'
+        required: true
+      GPG_SECRET_KEY_ID:
+        description: 'GPG_SECRET_KEY_ID from the caller workflow'
+        required: true
+
+
+env:
+  MAVEN_VERSION: '3.9.2'
+
+jobs:
+
+  upload_deb:
+      name: Upload ${{ inputs.artifactId }} deb package
+      runs-on: ubuntu-22.04
+      steps:
+        - uses: actions/checkout@v3
+
+        - name: Set up Java
+          uses: actions/setup-java@v3
+          with:
+            java-version: '17'
+            distribution: 'temurin'
+            cache: 'maven'
+
+        - name: Get Reusable Maven Files
+          run: |
+            # Under the src folder is where specific packages files live. The GitHub action inputs will modify the universal package-deb-pom.xml to tell the process which assets to use during the packaging step
+            mkdir -p $PWD/.github/src/${{ inputs.artifactId }}/deb/control
+            mkdir -p $PWD/.github/src/${{ inputs.artifactId }}/main/archive
+            curl -o $PWD/.github/src/${{ inputs.artifactId }}/deb/control/control https://raw.githubusercontent.com/liquibase/build-logic/v0.3.7/src/${{ inputs.artifactId }}/deb/control/control
+            curl -o $PWD/.github/src/${{ inputs.artifactId }}/deb/control/postinst https://raw.githubusercontent.com/liquibase/build-logic/v0.3.7/src/${{ inputs.artifactId }}/deb/control/postinst
+            curl -o $PWD/.github/src/${{ inputs.artifactId }}/main/archive/${{ inputs.artifactId }}-env.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.3.7/src/${{ inputs.artifactId }}/main/archive/${{ inputs.artifactId }}-env.sh
+            curl -o $PWD/.github/package-deb-pom.xml https://raw.githubusercontent.com/liquibase/build-logic/v0.3.7/.github/package-deb-pom.xml
+
+        - name: Set up Maven
+          uses: stCarolas/setup-maven@v4.5
+          with:
+            maven-version: ${{ env.MAVEN_VERSION }}
+
+        - name: Set up Ruby
+          uses: ruby/setup-ruby@v1
+          with:
+            ruby-version: 3.1.4
+
+        - name: Configure AWS credentials
+          uses: aws-actions/configure-aws-credentials@v2
+          with:
+            aws-access-key-id: ${{ secrets.AWS_PROD_ACCESS_KEY_ID }}
+            aws-secret-access-key: ${{ secrets.AWS_PROD_SECRET_ACCESS_KEY }}
+            aws-region: us-east-1
+
+        - name: Download ${{ inputs.artifactId }} Release
+          run: |
+            mkdir -p $PWD/.github/target
+            # Creating deb packages needs to get release assets from somewhere so be sure to follow this pattern in the artifact repo: https://github.com/liquibase/ARTIFACT_ID/releases/download/vVERSION/ARTIFACT_ID-VERSION.tar.gz
+            wget -q -O $PWD/.github/target/${{ inputs.artifactId }}-${{ inputs.version }}.tar.gz https://github.com/liquibase/${{ inputs.artifactId }}/releases/download/v${{ inputs.version }}/${{ inputs.artifactId }}-${{ inputs.version }}.tar.gz
+
+        - name: Build ${{ inputs.artifactId }} deb package
+          run: |
+            mvn package -f $PWD/.github/package-deb-pom.xml -DgroupId=${{ inputs.groupId }} -DartifactId=${{ inputs.artifactId }} -Drevision=${{ inputs.version }} -DskipTests
+
+        - name: Install deb-s3 gem
+          run: gem install deb-s3
+
+        - name: Upload ${{ inputs.artifactId }} deb package
+          run: |
+            sudo apt install pinentry-tty
+            echo "2" | sudo update-alternatives --config pinentry
+            echo "${{ secrets.GPG_SECRET }}" | gpg --batch --import --pinentry-mode loopback --passphrase "${{ secrets.GPG_PASSPHRASE }}"
+            export GPG_TTY=$(tty)
+            echo '${{ secrets.GPG_PASSPHRASE }}' > pass.txt
+            deb-s3 upload --preserve-versions --sign "${{ secrets.GPG_SECRET_KEY_ID }}" --gpg-options "\-\-pinentry-mode loopback \-\-batch \-\-passphrase\-file pass.txt \-\-yes \-\-quiet" --bucket repo.liquibase.com $PWD/.github/target/${{ inputs.artifactId }}-${{ inputs.version }}.deb 
+                  
+        
+

README.md

@@ -46,6 +46,12 @@ jobs:
 
 If inputs are not provided, `'[8, 11, 17, 18]'` and `'["ubuntu-latest", "windows-latest"]'` will be used as default values
 
+`package-deb.yml` is triggered by a workflow call event and runs some Maven goals needed to create and distribute `deb` packages. It has several inputs:
+
+- **groupId**: Value from the `groupId` field in the pom file. i.e. `org.liquibase`
+- **artifactId**: Value from the `artifactId` field in the pom file. i.e. `liquibase`
+- **version**: Value from the `version` field in the pom file. i.e `4.23.1`
+
 ## Example Build/Test/Release Extension Workflow
 
 ```mermaid
@@ -66,6 +72,7 @@ Please review the below table of reusable workflows and their descriptions:
 | `extension-release-published.yml`       | Publishes a release to Maven Central                                                  |
 | `extension-update-version.yml`          | Updates release and development `pom.xml` versions                                    |
 | `os-extension-test.yml`                 | Unit tests across build matrix on previously built artifact                           |
+| `package-deb.yml`                       | Creates and uploads deb packages                                                      |
 | `pro-extension-test.yml`                | Same as OS job, but with additional Pro-only vars such as License Key                 |
 | `sonar-pull-request.yml`                | Code Coverage Scan for PRs.  Requires branch name parameter                           |
 | `sonar-push.yml`                        | Same as PR job, but for pushes to main. Does not require branch name parameter        |  

src/liquibase/deb/control/control

@@ -0,0 +1,9 @@
+Package: liquibase
+Version: [[version]]
+Section: misc
+Priority: optional
+Architecture: all
+Depends:
+Maintainer: Nathan Voxland <nathan.voxland@liquibase.org>
+Description: Liquibase Debian Installer
+Distribution: development

src/liquibase/deb/control/postinst

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+# Needed once the installation is complete. No need to open a new terminal
+export LIQUIBASE_HOME=/opt/liquibase
+export PATH=$PATH:$LIQUIBASE_HOME
+exec $SHELL

src/liquibase/main/archive/liquibase-env.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+# Needed when restarting the terminal
+export LIQUIBASE_HOME=/opt/liquibase
+export PATH=$PATH:$LIQUIBASE_HOME
+exec $SHELL