Skip to content

Release ESMF SDK

Release ESMF SDK #98

name: Release ESMF SDK
on:
workflow_dispatch:
inputs:
release_version:
description: 'Version number of the release'
required: true
jobs:
check-preconditions:
name: Check preconditions
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v4
# Required for Maven
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
overwrite-settings: false
- name: Setup Git
run: |
git config user.name github-actions
git config user.email [email protected]
- name: Sanity check version
if: ${{ !contains( github.event.inputs.release_version, '-M' ) }}
run: |
current_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
release_version=${{ github.event.inputs.release_version }}
if [[ $release_version =~ ^[0-9]+.[0-9]+.[0-9]+$ ]]
then
echo version is valid
else
echo release version $release_version is invalid
exit 1
fi
# The Linux build will upload the local Nexus deployment repository
# (i.e., what will be deployed to OSSRH/Maven Central)
# and the Linux-specific samm-cli binary to the build artifacts
build-linux:
name: Linux build
needs: [check-preconditions]
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v4
# Even though the build itself is done using the GraalVM JDK
# (see below), we use the setup-java action to have GPG configured
# so that it can be used from the maven-gpg-plugin.
- name: Configure GPG
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
gpg-private-key: ${{ secrets.PGP_KEY }}
gpg-passphrase: PGP_KEY_PASSWORD
overwrite-settings: false
- name: Setup JDK
uses: graalvm/setup-graalvm@2f25c0caae5b220866f732832d5e3e29ff493338 # v1.2.1
with:
java-version: '17.0.8'
distribution: 'graalvm'
components: 'native-image,js'
github-token: ${{ secrets.GITHUB_TOKEN }}
native-image-job-reports: 'true'
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Set Swap Space (Linux)
uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c # master
with:
swap-size-gb: 12
# The Linux build will prepare a local Nexus staging repository
# that includes all .jars except the CLI jar
- name: Build and run tests
run: |
export MAVEN_OPTS="-Xmx4096m"
export JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF8"
# Required for reactor dependencies
mvn clean install -DskipTests -Dmaven.javadoc.skip=true
mvn versions:set -DnewVersion=${{ github.event.inputs.release_version }}
mvn versions:commit
release_version=${{ github.event.inputs.release_version }}
# Actual build of core SDK
mvn -B -pl '!org.eclipse.esmf:samm-cli' clean deploy -Dmaven.wagon.httpconnectionManager.ttlSeconds=60 -DaltDeploymentRepository=local::default::file://nexus-staging -Psign
# Build of CLI
pushd tools/samm-cli
unset JAVA_TOOL_OPTIONS
mvn -B clean verify -Dmaven.wagon.httpconnectionManager.ttlSeconds=60
mvn -B verify -Pnative -Dmaven.wagon.httpconnectionManager.ttlSeconds=60
popd
# Create .tar.gz of samm-cli
pushd tools/samm-cli/target
chmod a+x samm
tar cfvz samm-cli-${{ github.event.inputs.release_version }}-linux-x86_64.tar.gz samm *.so
popd
mv tools/samm-cli/target/samm-cli-${{ github.event.inputs.release_version }}-linux-x86_64.tar.gz .
cp tools/samm-cli/target/samm-cli-*.jar .
env:
PGP_KEY_PASSWORD: ${{ secrets.PGP_KEY_PASSWORD }}
- name: Switch to Temurin JDK
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
overwrite-settings: false
- name: Test executable jar on Temurin
run: |
cd tools/samm-cli
mvn -B -Denforcer.skip -Dskip.maven.surefire failsafe:integration-test -Dmaven.wagon.httpconnectionManager.ttlSeconds=60
- name: Upload staging directory and Linux binary
uses: actions/upload-artifact@v4
with:
name: linux-artifacts
path: |
nexus-staging/
samm-cli-${{ github.event.inputs.release_version }}-linux-x86_64.tar.gz
samm-cli-${{ github.event.inputs.release_version }}.jar
samm-cli-${{ github.event.inputs.release_version }}-javadoc.jar
samm-cli-${{ github.event.inputs.release_version }}-sources.jar
samm-cli-${{ github.event.inputs.release_version }}-tests.jar
build-macos:
name: Mac build
needs: [check-preconditions]
runs-on: macos-13
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup JDK
uses: graalvm/setup-graalvm@2f25c0caae5b220866f732832d5e3e29ff493338 # v1.2.1
with:
java-version: '17.0.8'
distribution: 'graalvm'
components: 'native-image,js'
github-token: ${{ secrets.GITHUB_TOKEN }}
native-image-job-reports: 'true'
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Build and run tests
run: |
export MAVEN_OPTS="-Xmx4096m"
export JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF8"
# Required for reactor dependencies
mvn clean install -DskipTests -Dmaven.javadoc.skip=true
mvn versions:set -DnewVersion=${{ github.event.inputs.release_version }}
mvn versions:commit
# Actual build of core SDK
mvn -B -pl '!org.eclipse.esmf:samm-cli' clean install -Dmaven.wagon.httpconnectionManager.ttlSeconds=60
# Build of CLI
cd tools/samm-cli
unset JAVA_TOOL_OPTIONS
mvn -B clean verify -Dmaven.wagon.httpconnectionManager.ttlSeconds=60
shell: bash
- name: Build native executable
run: |
bundle="samm-bundle-$(date +%s)"
mkdir ${bundle}
curl -Lo jre.tar.gz https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.3%2B9/OpenJDK21U-jre_x64_mac_hotspot_21.0.3_9.tar.gz
tar -xvf jre.tar.gz
cp -r ./jdk-21.0.3+9-jre/Contents/Home ./${bundle}/jre
cp tools/samm-cli/target/samm-cli-${{ github.event.inputs.release_version }}.jar ./${bundle}/
cat <<EOF > ./${bundle}/run.sh
#!/usr/bin/env bash
HERE=\${BASH_SOURCE%/*}
"\$HERE/jre/bin/java" -jar "\$HERE/samm-cli-${{ github.event.inputs.release_version }}.jar" "\$@"
EOF
chmod +x ./${bundle}/run.sh
curl -Lo warp-packer https://github.com/dgiagio/warp/releases/download/v0.3.0/macos-x64.warp-packer
chmod +x warp-packer
./warp-packer --arch macos-x64 --input_dir ${bundle} --exec run.sh --output samm
chmod a+x samm
tar cfvz samm-cli-${{ github.event.inputs.release_version }}-macos-x86_64.tar.gz samm
shell: bash
- name: Upload Mac binary
uses: actions/upload-artifact@v4
with:
name: mac-artifacts
path: |
samm-cli-${{ github.event.inputs.release_version }}-macos-x86_64.tar.gz
# The Windows build will build the Windows-specific samm-cli
# and upload the binary to the build artifacts
build-windows:
name: Windows build
needs: [check-preconditions]
runs-on: windows-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup JDK
uses: graalvm/setup-graalvm@2f25c0caae5b220866f732832d5e3e29ff493338 # v1.2.1
with:
java-version: '17.0.8'
distribution: 'graalvm'
components: 'native-image,js'
github-token: ${{ secrets.GITHUB_TOKEN }}
native-image-job-reports: 'true'
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Configure Pagefile (Windows)
# Fix for "LINK : fatal error LNK1171: unable to load mspdbcore.dll (error code: 1455)":
# This seems to be caused by running out of memory; increasing page file
# size suggested here:
# https://github.com/actions/virtual-environments/issues/3420#issuecomment-861342418
uses: al-cheb/configure-pagefile-action@86589fd789a4de3e62ba628dda2cb10027b66d67 # v1.3
with:
minimum-size: 32GB
maximum-size: 32GB
disk-root: "C:"
- name: Build and run tests
run: |
export MAVEN_OPTS="-Xmx4096m"
export JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF8"
# Required for reactor dependencies
mvn clean install -DskipTests -Dmaven.javadoc.skip=true
mvn versions:set -DnewVersion=${{ github.event.inputs.release_version }}
mvn versions:commit
# Actual build of core SDK
mvn -B -pl '!org.eclipse.esmf:samm-cli' clean install -Dmaven.wagon.httpconnectionManager.ttlSeconds=60
# Build of CLI
cd tools/samm-cli
unset JAVA_TOOL_OPTIONS
mvn -B clean verify -Dmaven.wagon.httpconnectionManager.ttlSeconds=60
mvn -B verify -Pnative -Dmaven.wagon.httpconnectionManager.ttlSeconds=60
shell: bash
- name: Upload Windows binary
uses: actions/upload-artifact@v4
with:
name: windows-artifacts
path: |
tools/samm-cli/target/samm.exe
tools/samm-cli/target/*.dll
tools/samm-cli/target/lib/
release:
name: Release
needs: [build-linux, build-windows, build-macos]
runs-on: ubuntu-latest
steps:
# Need to checkout here too, so that we have the pom.xml
# with the deployment info available
- name: Checkout
uses: actions/checkout@v4
# Required to have Maven settings.xml set up correctly
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
server-id: ossrh
server-username: OSSRH_USERNAME
server-password: OSSRH_TOKEN
overwrite-settings: false
# Required to run the mvn:versions, since enforcer plugin
# will check for GraalVM JDK
- name: Setup JDK
uses: graalvm/setup-graalvm@2f25c0caae5b220866f732832d5e3e29ff493338 # v1.2.1
with:
java-version: '17.0.10'
distribution: 'graalvm'
components: 'native-image,js'
github-token: ${{ secrets.GITHUB_TOKEN }}
native-image-job-reports: 'false'
- name: Fetch Linux Artifacts
uses: actions/download-artifact@v4
with:
name: linux-artifacts
- name: Fetch Mac Artifacts
uses: actions/download-artifact@v4
with:
name: mac-artifacts
- name: Set versions
continue-on-error: true
run: |
release_version=${{ github.event.inputs.release_version }}
release_branch_name=${release_version%.*}.x
echo "release_branch_name=$release_branch_name" >> $GITHUB_ENV
# Set version in pom.xml files
mvn -B clean install -DskipTests -Dmaven.javadoc.skip=true
mvn -B versions:set -DnewVersion=${{ github.event.inputs.release_version }}
mvn -B versions:commit
# Set version in Antora module
yq eval -i '.version = "${{ github.event.inputs.release_version }}"' documentation/developer-guide/antora.yml
- name: Commit version changes and push to upstream repository
uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5
with:
branch: ${{ env.release_branch_name }}
commit_user_name: github-actions
commit_user_email: [email protected]
commit_author: Author <[email protected]>
file_pattern: 'documentation/developer-guide/antora.yml pom.xml */pom.xml */*/pom.xml'
# Full release: Github
- name: "Create Github release (full)"
if: ${{ !contains( github.event.inputs.release_version, '-M' ) }}
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
with:
body: "Release version ${{ github.event.inputs.release_version }}."
tag_name: v${{ github.event.inputs.release_version }}
target_commitish: ${{ env.release_branch_name }}
draft: false
prerelease: false
files: |
samm-cli-${{ github.event.inputs.release_version }}-linux-x86_64.tar.gz
samm-cli-${{ github.event.inputs.release_version }}-macos-x86_64.tar.gz
samm-cli-*.jar
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Notify issues of release their fix is contained in"
if: ${{ !contains( github.event.inputs.release_version, '-M' ) }}
uses: apexskier/github-release-commenter@3bd413ad5e1d603bfe2282f9f06f2bdcec079327 # v1.3.6
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
comment-template: |
Release {release_link} addresses this.
# Sign SAML-CLI Windows executable
- name: Get Artifact ID (Windows)
shell: bash
run: |
# Get the list of artifacts for the specified workflow run
response=$(curl -H "Authorization: Bearer $TOKEN" -H "Accept: application/vnd.github+json" "https://api.github.com/repos/${{ github.repository_owner }}/$(echo '${{ github.repository }}' | cut -d'/' -f2)/actions/runs/${{ github.run_id }}/artifacts")
# Filter out the ID of the artifact with a name that contains "windows"
artifact_id=$(echo "$response" | jq -r '.artifacts[] | select(.name | contains("windows-artifacts")) | .id')
# Save the artifact ID in an environment variable
echo "ARTIFACT_ID=$artifact_id" >> $GITHUB_ENV
env:
TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Commit Artifact URL and version changes and push to pre release branch for Jenkins (Windows)
shell: bash
run: |
ARTIFACT_URL_WIN="https://api.github.com/repos/eclipse-esmf/esmf-sdk/actions/artifacts/$ARTIFACT_ID/zip"
BRANCH_NAME="pre_release_configuration"
echo "artifact_url_win=$ARTIFACT_URL_WIN" > parameters.txt
echo "version=${{ github.event.inputs.release_version }}" >> parameters.txt
git config --global user.email "[email protected]"
git config --global user.name "github-actions"
git checkout -b $BRANCH_NAME
git add parameters.txt
git commit -m "Add parameters.txt with artifact_url_win and version"
git push origin $BRANCH_NAME
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Trigger Jenkins Job, for signing executable
shell: bash
run: |
DATA='{"repository": {"url": "https://github.com/eclipse-esmf/esmf-sdk", "html_url": "https://github.com/eclipse-esmf/esmf-sdk", "owner": { "name": "ESMF"}}, "pusher": { "name": "GitHub Action", "email": "[email protected]"}}'
SHA1="$(echo -n "${DATA}" | openssl dgst -sha1 -hmac "${WEBHOOK_SECRET}" | sed 's/SHA1(stdin)= //')"
curl -X POST https://ci.eclipse.org/esmf/github-webhook/ -H "Content-Type: application/json" -H "X-GitHub-Event: push" -H "X-Hub-Signature: sha1=${SHA1}" -d "${DATA}"
# Full release: Maven Central
# The (apparently) only way to retrieve the staging profile id
# is the undocumented rc-list-profiles command of the
# nexus-staging-maven-plugin:
# mvn org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13:rc-list-profiles -DnexusUrl=https://oss.sonatype.org/ -DserverId=ossrh
- name: Release to OSSRH/Maven Central
if: ${{ !contains( github.event.inputs.release_version, '-M' ) }}
run: |
mkdir deploy
mv nexus-staging deploy
cd deploy
mvn org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13:deploy-staged-repository \
-DnexusUrl=https://oss.sonatype.org/ \
-DserverId=ossrh \
-DrepositoryDirectory=nexus-staging \
-DstagingProfileId=7e73217781f2e
env:
OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }}
# Workaround for https://issues.sonatype.org/browse/OSSRH-66257
# as described in https://stackoverflow.com/a/70157413
MAVEN_OPTS: --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED
# Milestone release: Write settings to deploy to Github repo
- name: Write settings.xml
if: contains( github.event.inputs.release_version, '-M' )
uses: DamianReeves/write-file-action@0a7fcbe1960c53fc08fe789fa4850d24885f4d84 # v1.2
with:
path: settings.xml
contents: |
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
https://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>github</id>
<configuration>
<httpHeaders>
<property>
<name>Authorization</name>
<value>Bearer ${env.GITHUB_TOKEN}</value>
</property>
</httpHeaders>
</configuration>
</server>
<server>
<id>gpg.passphrase</id>
<passphrase>${env.PGP_KEY_PASSWORD}</passphrase>
</server>
</servers>
</settings>
write-mode: overwrite
# Milestone release: Maven deploy to Github
- name: Publish to Github
if: contains( github.event.inputs.release_version, '-M' )
run: mvn -s ./settings.xml -B clean -pl '!esmf-sdk-test-report,!documentation,!tools/samm-cli' deploy -DskipTests -Pmilestone-build,sign
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PGP_KEY_PASSWORD: ${{ secrets.PGP_KEY_PASSWORD }}
# Milestone release: Github
- name: "Create Github release (milestone)"
if: contains( github.event.inputs.release_version, '-M' )
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
with:
body: "Release version ${{ github.event.inputs.release_version }}."
tag_name: v${{ github.event.inputs.release_version }}
target_commitish: ${{ env.release_branch_name }}
draft: false
prerelease: true
files: |
samm-cli-${{ github.event.inputs.release_version }}-linux-x86_64.tar.gz
samm-cli-${{ github.event.inputs.release_version }}-macos-x86_64.tar.gz
samm-cli-*.jar
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}