feat: bash scripts using aws secrets to build and deploy wars

.tool-versions

@@ -0,0 +1,5 @@
+nodejs 18.7.0
+java temurin-11.0.15+10
+maven 3.6.3
+mvnd 0.9.0
+awscli 2.9.15

build-deploy-wars.sh

@@ -0,0 +1,116 @@
+#!/usr/bin/env bash
+
+# exit on errors
+set -o errexit -o errtrace -o nounset -o functrace -o pipefail
+shopt -s inherit_errexit 2>/dev/null || true
+trap 'sk-catch --exit_code $? --line $LINENO --linecallfunc "$BASH_COMMAND" --funcstack $(printf "::%s" ${FUNCNAME[@]}) -o stdout ' ERR
+
+# import shellkit functions
+source shellkit_bootstrap.sh
+
+# defaults
+current_dir=`pwd`
+checkout_name=$(basename `pwd`)
+NAME="$(basename "${0}")"
+build_envs="prod sandbox qa int"
+tag="v2.0.1"
+
+#
+# functions
+#
+
+usage(){
+I_USAGE="
+
+  Usage: ${NAME} [OPTIONS]
+
+  Description:
+
+    Build orcid-angular war files for each environment and then deploy to and artifact repo
+
+    NOTE: credentials for the artifact repo are sourced from aws secrets but you still need your aws api access to be configured
+          secretid is stored in shellkit.conf
+
+  General usage:
+
+    ${NAME} -t vx.x.x
+
+  Required options:
+      -t | --tag         )  tag ($tag)
+      -b | --build_envs   )  build environments to use ($build_envs)
+
+"
+  echo "$I_USAGE"
+  exit
+
+}
+
+#
+# args
+#
+
+while :
+do
+  case ${1-default} in
+      --*help|-h         )  usage ; exit 0 ;;
+      -t | --tag         )  tag=$2; shift 2 ;;
+      -b | --build_envs   )  build_envs=$2; shift 2 ;;
+      -v | --verbose )       verbose_arg='-v' VERBOSE=$((VERBOSE+1)); shift ;;
+      --) shift ; break ;;
+      -*) echo "WARN: Unknown option (ignored): $1" >&2 ; shift ;;
+      *)  break ;;
+    esac
+done
+
+sk-arg-check tag
+
+tag_numeric=$(echo "$tag" | tr -dc '[:digit:].')
+echo_log "building for: $tag_numeric"
+
+#
+# setup build environment from .tool-versions
+#
+echo_log "configure build environment for orcid-angular $tag_numeric"
+
+sk-asdf-install-tool-versions
+# set JAVA_HOME
+. ~/.asdf/plugins/java/set-java-home.bash
+_asdf_java_update_java_home
+
+sk-dir-make ~/log
+
+echo $AWS_SECRET_ID
+# source the secrets for the artifact uploads
+sk-aws-secret-source $AWS_SECRET_ID
+
+echo ${ARTIFACT_URL}${ARTIFACT_REPO_PATH}
+
+export ARTIFACT_USER=$ARTIFACT_USER
+export ARTIFACT_PASSWORD=$ARTIFACT_PASSWORD
+
+#
+# build each build_env
+#
+
+for build_env in $build_envs;do
+  echo_log "building $build_env"
+  build_log_file=~/log/orcid-angular-${build_env}-${tag_numeric}.log
+  echo_log "for build progress see $build_log_file"
+
+  # set the version tag to be -${build_env}-${tag_numeric}
+  mvn versions:set -DnewVersion="${tag_numeric}" -DgenerateBackupPoms=false --activate-profiles ${build_env} -Dnodejs.workingDirectory=. -l $build_log_file --settings settings-custom-deploy.xml
+
+  # NOTE: deploy stage performs build as well as deploy
+  mvnd --batch-mode \
+      --settings settings-custom-deploy.xml \
+      --file "pom.xml" \
+      -Dmaven.test.skip \
+      -DaltReleaseDeploymentRepository=github::${ARTIFACT_URL}${ARTIFACT_REPO_PATH} \
+      deploy -Dmaven.test.skip --activate-profiles ${build_env} -Dnodejs.workingDirectory=. -l $build_log_file
+
+done
+
+du -sh ~/.m2/orcid-angular-repo/
+
+sk-time-spent
+

build-wars.sh

@@ -0,0 +1,97 @@
+#!/usr/bin/env bash
+
+# exit on errors
+set -o errexit -o errtrace -o nounset -o functrace -o pipefail
+shopt -s inherit_errexit 2>/dev/null || true
+trap 'sk-catch --exit_code $? --line $LINENO --linecallfunc "$BASH_COMMAND" --funcstack $(printf "::%s" ${FUNCNAME[@]}) -o stdout ' ERR
+
+# import shellkit functions
+source shellkit_bootstrap.sh
+
+# defaults
+current_dir=`pwd`
+checkout_name=$(basename `pwd`)
+NAME="$(basename "${0}")"
+build_envs="prod sandbox qa int"
+tag="v2.0.1"
+
+#
+# functions
+#
+
+usage(){
+I_USAGE="
+
+  Usage: ${NAME} [OPTIONS]
+
+  Description:
+
+    Build orcid-angular war files for each environment
+
+
+  General usage:
+
+    ${NAME} -t vx.x.x
+
+  Required options:
+      -t | --tag         )  tag ($tag)
+      -b | --build_envs   )  build environments to use ($build_envs)
+
+"
+  echo "$I_USAGE"
+  exit
+
+}
+
+#
+# args
+#
+
+while :
+do
+  case ${1-default} in
+      --*help|-h         )  usage ; exit 0 ;;
+      -t | --tag         )  tag=$2; shift 2 ;;
+      -b | --build_envs   )  build_envs=$2; shift 2 ;;
+      -v | --verbose )       verbose_arg='-v' VERBOSE=$((VERBOSE+1)); shift ;;
+      --) shift ; break ;;
+      -*) echo "WARN: Unknown option (ignored): $1" >&2 ; shift ;;
+      *)  break ;;
+    esac
+done
+
+sk-arg-check tag
+
+tag_numeric=$(echo "$tag" | tr -dc '[:digit:].')
+echo_log "building for: $tag_numeric"
+
+#
+# setup build environment from .tool-versions
+#
+
+sk-asdf-install-tool-versions
+# set JAVA_HOME
+. ~/.asdf/plugins/java/set-java-home.bash
+_asdf_java_update_java_home
+
+sk-dir-make ~/log
+
+#
+# build each build_env
+#
+
+for build_env in $build_envs;do
+  echo_log "building $build_env"
+  # set the version tag to be -${build_env}-${tag_numeric}
+  mvn versions:set -DnewVersion="${tag_numeric}" -DgenerateBackupPoms=false --activate-profiles ${build_env} -Dnodejs.workingDirectory=. --settings settings-custom.xml
+
+  build_log_file=~/log/orcid-angular-${build_env}-${tag_numeric}.log
+
+  # perform the build
+  mvnd install --activate-profiles ${build_env} -Dnodejs.workingDirectory=. -DskipTest -l $build_log_file --settings settings-custom.xml
+
+  find . -name '*.war'
+done
+
+sk-time-spent
+

settings-custom-deploy.xml

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<settings xmlns="http://maven.apache.org/SETTINGS/1.1.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd">
+
+  <activeProfiles>
+    <!--make the profile active all the time -->
+    <activeProfile>github</activeProfile>
+  </activeProfiles>
+
+  <profiles>
+    <profile>
+      <id>github</id>
+    </profile>
+  </profiles>
+
+  <localRepository>${env.HOME}/.m2/orcid-angular-repo</localRepository>
+
+  <servers>
+    <server>
+      <id>github</id>
+      <username>${env.ARTIFACT_USER}</username>
+      <password>${env.ARTIFACT_PASSWORD}</password>
+    </server>
+  </servers>
+
+</settings>
+

settings-custom.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<settings xmlns="http://maven.apache.org/SETTINGS/1.1.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd">
+
+  <activeProfiles>
+    <!--make the profile active all the time -->
+    <activeProfile>github</activeProfile>
+  </activeProfiles>
+
+  <profiles>
+    <profile>
+      <id>github</id>
+    </profile>
+  </profiles>
+
+  <localRepository>${env.HOME}/.m2/orcid-angular-repo</localRepository>
+
+</settings>
+

settings-deploy.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<settings xmlns="http://maven.apache.org/SETTINGS/1.1.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd">
+
+  <activeProfiles>
+    <!--make the profile active all the time -->
+    <activeProfile>github</activeProfile>
+  </activeProfiles>
+
+  <profiles>
+    <profile>
+      <id>github</id>
+    </profile>
+  </profiles>
+
+  <servers>
+    <server>
+      <id>github</id>
+      <username>${env.ARTIFACT_USER}</username>
+      <password>${env.ARTIFACT_PASSWORD}</password>
+    </server>
+  </servers>
+
+</settings>
+

shellkit.conf

@@ -0,0 +1,36 @@
+# means a git checkout is attempted
+SHELLKIT_GIT_CHECKOUT=1
+[email protected]:ORCID/shellkit-action.git
+SHELLKIT_TAG=main
+export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
+
+# deployed to managed systems not a git repo
+SHELLKIT_SYSTEM_PATH=/opt/shellkit
+
+# user checked out repos
+SHELLKIT_DEV_PATH=~/work/shellkit
+
+# repo just for this project
+SHELLKIT_LOCAL_PATH=~/shellkit_local/$(basename `pwd`)
+
+# search these paths in order of preference
+SHELLKIT_PATHS="$SHELLKIT_LOCAL_PATH $SHELLKIT_DEV_PATH $SHELLKIT_SYSTEM_PATH"
+
+# touch a file named SHELLKIT_DEV_MODE and SHELLKIT_DEV_PATH will be used without a git checkout
+if [[ -f SHELLKIT_DEV_MODE ]];then
+    SHELLKIT_PATHS=$SHELLKIT_DEV_PATH
+    SHELLKIT_GIT_CHECKOUT=0
+fi
+######################################################
+# extra app specific config
+
+remote_git_url=$(git config --get remote.origin.url)
+
+if grep -q ORCID-dev <<< $(echo $remote_git_url);then
+  AWS_SECRET_ID=artifact_upload_qa
+else
+  AWS_SECRET_ID=artifact_upload
+fi
+
+# vim: filetype=sh
+

shellkit_bootstrap.sh

@@ -0,0 +1,42 @@
+# test if we can have a key to checkout shellkit
+source shellkit.conf
+
+_git_clone_or_fetch_local(){
+  # skip any git operations
+  if [[ "$SHELLKIT_GIT_CHECKOUT" -eq 0 ]];then
+    return
+  fi
+
+  # basic check to see if repo already exists
+  if [[ -d ${SHELLKIT_LOCAL_PATH}/.git ]];then
+    git -C $SHELLKIT_LOCAL_PATH reset --hard
+    # fetch new branches
+    git -C $SHELLKIT_LOCAL_PATH fetch --all
+    git -C $SHELLKIT_LOCAL_PATH checkout $SHELLKIT_TAG
+    git -C $SHELLKIT_LOCAL_PATH pull --no-edit
+  else
+    git clone $SHELLKIT_GIT_URL $SHELLKIT_LOCAL_PATH
+    git -C $SHELLKIT_LOCAL_PATH checkout $SHELLKIT_TAG
+  fi
+}
+
+_shellkit_source(){
+
+  for shellkit in $SHELLKIT_PATHS;do
+    if [[ -d $shellkit ]];then
+      source $shellkit/profile.d/shellkit.sh
+      break
+    fi
+  done
+}
+
+fatal(){ echo "failed to load shellkit" ; exit 1; }
+
+###################################################################
+
+_git_clone_or_fetch_local
+
+_shellkit_source
+
+# test function that is part of shellkit, if it fails to run we exit
+sk-test-true > /dev/null || fatal