Release ESMF SDK #105
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release ESMF SDK | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release_version: | |
| description: 'Version number of the release' | |
| required: true | |
| jobs: | |
| check-preconditions: | |
| name: Check preconditions | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # Required for Maven | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| overwrite-settings: false | |
| - name: Setup Git | |
| run: | | |
| git config user.name github-actions | |
| git config user.email [email protected] | |
| - name: Sanity check version | |
| if: ${{ !contains( github.event.inputs.release_version, '-M' ) }} | |
| run: | | |
| current_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) | |
| release_version=${{ github.event.inputs.release_version }} | |
| if [[ $release_version =~ ^[0-9]+.[0-9]+.[0-9]+$ ]] | |
| then | |
| echo version is valid | |
| else | |
| echo release version $release_version is invalid | |
| exit 1 | |
| fi | |
| shell: bash | |
| # The Linux build will upload the local Nexus deployment repository | |
| # (i.e., what will be deployed to OSSRH/Maven Central) | |
| # and the Linux-specific samm-cli binary to the build artifacts | |
| build-linux: | |
| name: Linux build | |
| needs: [check-preconditions] | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # Even though the build itself is done using the GraalVM JDK | |
| # (see below), we use the setup-java action to have GPG configured | |
| # so that it can be used from the maven-gpg-plugin. | |
| - name: Configure GPG | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| gpg-private-key: ${{ secrets.PGP_KEY }} | |
| gpg-passphrase: PGP_KEY_PASSWORD | |
| overwrite-settings: false | |
| - name: Setup JDK | |
| uses: graalvm/setup-graalvm@2f25c0caae5b220866f732832d5e3e29ff493338 # v1.2.1 | |
| with: | |
| java-version: '17.0.8' | |
| distribution: 'graalvm' | |
| components: 'native-image,js' | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| native-image-job-reports: 'true' | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Set Swap Space (Linux) | |
| uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c # master | |
| with: | |
| swap-size-gb: 12 | |
| # The Linux build will prepare a local Nexus staging repository | |
| # that includes all .jars except the CLI jar | |
| - name: Build and run tests | |
| run: | | |
| export MAVEN_OPTS="-Xmx4096m" | |
| export JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF8" | |
| # Required for reactor dependencies | |
| mvn clean install -DskipTests -Dmaven.javadoc.skip=true | |
| mvn versions:set -DnewVersion=${{ github.event.inputs.release_version }} | |
| mvn versions:commit | |
| release_version=${{ github.event.inputs.release_version }} | |
| # Actual build of core SDK | |
| mvn -B -pl '!org.eclipse.esmf:samm-cli' clean deploy -Dmaven.wagon.httpconnectionManager.ttlSeconds=60 -DaltDeploymentRepository=local::default::file://nexus-staging -Psign | |
| # Build of CLI | |
| pushd tools/samm-cli | |
| unset JAVA_TOOL_OPTIONS | |
| mvn -B clean verify -Dmaven.wagon.httpconnectionManager.ttlSeconds=60 | |
| mvn -B verify -Pnative -Dmaven.wagon.httpconnectionManager.ttlSeconds=60 | |
| popd | |
| # Create .tar.gz of samm-cli | |
| pushd tools/samm-cli/target | |
| chmod a+x samm | |
| tar cfvz samm-cli-${{ github.event.inputs.release_version }}-linux-x86_64.tar.gz samm *.so | |
| popd | |
| mv tools/samm-cli/target/samm-cli-${{ github.event.inputs.release_version }}-linux-x86_64.tar.gz . | |
| cp tools/samm-cli/target/samm-cli-*.jar . | |
| env: | |
| PGP_KEY_PASSWORD: ${{ secrets.PGP_KEY_PASSWORD }} | |
| - name: Switch to Temurin JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| overwrite-settings: false | |
| - name: Test executable jar on Temurin | |
| run: | | |
| cd tools/samm-cli | |
| mvn -B -Denforcer.skip -Dskip.maven.surefire failsafe:integration-test -Dmaven.wagon.httpconnectionManager.ttlSeconds=60 | |
| - name: Upload staging directory and Linux binary | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: linux-artifacts | |
| path: | | |
| nexus-staging/ | |
| samm-cli-${{ github.event.inputs.release_version }}-linux-x86_64.tar.gz | |
| samm-cli-${{ github.event.inputs.release_version }}.jar | |
| samm-cli-${{ github.event.inputs.release_version }}-javadoc.jar | |
| samm-cli-${{ github.event.inputs.release_version }}-sources.jar | |
| samm-cli-${{ github.event.inputs.release_version }}-tests.jar | |
| build-macos: | |
| name: Mac build | |
| needs: [check-preconditions] | |
| runs-on: macos-13 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup JDK | |
| uses: graalvm/setup-graalvm@2f25c0caae5b220866f732832d5e3e29ff493338 # v1.2.1 | |
| with: | |
| java-version: '17.0.8' | |
| distribution: 'graalvm' | |
| components: 'native-image,js' | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| native-image-job-reports: 'true' | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Build and run tests | |
| run: | | |
| export MAVEN_OPTS="-Xmx4096m" | |
| export JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF8" | |
| # Required for reactor dependencies | |
| mvn clean install -DskipTests -Dmaven.javadoc.skip=true | |
| mvn versions:set -DnewVersion=${{ github.event.inputs.release_version }} | |
| mvn versions:commit | |
| # Actual build of core SDK | |
| mvn -B -pl '!org.eclipse.esmf:samm-cli' clean install -Dmaven.wagon.httpconnectionManager.ttlSeconds=60 | |
| # Build of CLI | |
| cd tools/samm-cli | |
| unset JAVA_TOOL_OPTIONS | |
| mvn -B clean verify -Dmaven.wagon.httpconnectionManager.ttlSeconds=60 | |
| shell: bash | |
| - name: Build native executable | |
| run: | | |
| bundle="samm-bundle-$(date +%s)" | |
| mkdir ${bundle} | |
| curl -Lo jre.tar.gz https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.3%2B9/OpenJDK21U-jre_x64_mac_hotspot_21.0.3_9.tar.gz | |
| tar -xvf jre.tar.gz | |
| cp -r ./jdk-21.0.3+9-jre/Contents/Home ./${bundle}/jre | |
| cp tools/samm-cli/target/samm-cli-${{ github.event.inputs.release_version }}.jar ./${bundle}/ | |
| cat <<EOF > ./${bundle}/run.sh | |
| #!/usr/bin/env bash | |
| HERE=\${BASH_SOURCE%/*} | |
| "\$HERE/jre/bin/java" -jar "\$HERE/samm-cli-${{ github.event.inputs.release_version }}.jar" "\$@" | |
| EOF | |
| chmod +x ./${bundle}/run.sh | |
| curl -Lo warp-packer https://github.com/dgiagio/warp/releases/download/v0.3.0/macos-x64.warp-packer | |
| chmod +x warp-packer | |
| ./warp-packer --arch macos-x64 --input_dir ${bundle} --exec run.sh --output samm | |
| chmod a+x samm | |
| tar cfvz samm-cli-${{ github.event.inputs.release_version }}-macos-x86_64.tar.gz samm | |
| shell: bash | |
| - name: Upload Mac binary | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: mac-artifacts | |
| path: | | |
| samm-cli-${{ github.event.inputs.release_version }}-macos-x86_64.tar.gz | |
| # The Windows build will build the Windows-specific samm-cli | |
| # and upload the binary to the build artifacts | |
| build-windows: | |
| name: Windows build | |
| needs: [check-preconditions] | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup JDK | |
| uses: graalvm/setup-graalvm@2f25c0caae5b220866f732832d5e3e29ff493338 # v1.2.1 | |
| with: | |
| java-version: '17.0.8' | |
| distribution: 'graalvm' | |
| components: 'native-image,js' | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| native-image-job-reports: 'true' | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Configure Pagefile (Windows) | |
| # Fix for "LINK : fatal error LNK1171: unable to load mspdbcore.dll (error code: 1455)": | |
| # This seems to be caused by running out of memory; increasing page file | |
| # size suggested here: | |
| # https://github.com/actions/virtual-environments/issues/3420#issuecomment-861342418 | |
| uses: al-cheb/configure-pagefile-action@86589fd789a4de3e62ba628dda2cb10027b66d67 # v1.3 | |
| with: | |
| minimum-size: 32GB | |
| maximum-size: 32GB | |
| disk-root: "C:" | |
| - name: Build and run tests | |
| run: | | |
| export MAVEN_OPTS="-Xmx4096m" | |
| export JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF8" | |
| # Required for reactor dependencies | |
| mvn clean install -DskipTests -Dmaven.javadoc.skip=true | |
| mvn versions:set -DnewVersion=${{ github.event.inputs.release_version }} | |
| mvn versions:commit | |
| # Actual build of core SDK | |
| mvn -B -pl '!org.eclipse.esmf:samm-cli' clean install -Dmaven.wagon.httpconnectionManager.ttlSeconds=60 | |
| # Build of CLI | |
| cd tools/samm-cli | |
| unset JAVA_TOOL_OPTIONS | |
| mvn -B clean verify -Dmaven.wagon.httpconnectionManager.ttlSeconds=60 | |
| mvn -B verify -Pnative -Dmaven.wagon.httpconnectionManager.ttlSeconds=60 | |
| shell: bash | |
| - name: Upload Windows binary | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: windows-artifacts | |
| path: | | |
| tools/samm-cli/target/samm.exe | |
| tools/samm-cli/target/*.dll | |
| tools/samm-cli/target/lib/ | |
| release: | |
| name: Release | |
| needs: [build-linux, build-windows, build-macos] | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Need to checkout here too, so that we have the pom.xml | |
| # with the deployment info available | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # Required to have Maven settings.xml set up correctly | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| server-id: ossrh | |
| server-username: OSSRH_USERNAME | |
| server-password: OSSRH_TOKEN | |
| overwrite-settings: false | |
| # Required to run the mvn:versions, since enforcer plugin | |
| # will check for GraalVM JDK | |
| - name: Setup JDK | |
| uses: graalvm/setup-graalvm@2f25c0caae5b220866f732832d5e3e29ff493338 # v1.2.1 | |
| with: | |
| java-version: '17.0.10' | |
| distribution: 'graalvm' | |
| components: 'native-image,js' | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| native-image-job-reports: 'false' | |
| - name: Fetch Linux Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: linux-artifacts | |
| - name: Fetch Mac Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: mac-artifacts | |
| - name: Set versions | |
| continue-on-error: true | |
| run: | | |
| release_version=${{ github.event.inputs.release_version }} | |
| release_branch_name=${release_version%.*}.x | |
| echo "release_branch_name=$release_branch_name" >> $GITHUB_ENV | |
| # Set version in pom.xml files | |
| mvn -B clean install -DskipTests -Dmaven.javadoc.skip=true | |
| mvn -B versions:set -DnewVersion=${{ github.event.inputs.release_version }} | |
| mvn -B versions:commit | |
| # Set version in Antora module | |
| yq eval -i '.version = "${{ github.event.inputs.release_version }}"' documentation/developer-guide/antora.yml | |
| - name: Commit version changes and push to upstream repository | |
| uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5 | |
| with: | |
| branch: ${{ env.release_branch_name }} | |
| commit_user_name: github-actions | |
| commit_user_email: [email protected] | |
| commit_author: Author <[email protected]> | |
| file_pattern: 'documentation/developer-guide/antora.yml pom.xml */pom.xml */*/pom.xml' | |
| # Full release: Github | |
| - name: "Create Github release (full)" | |
| if: ${{ !contains( github.event.inputs.release_version, '-M' ) }} | |
| uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 | |
| with: | |
| body: "Release version ${{ github.event.inputs.release_version }}." | |
| tag_name: v${{ github.event.inputs.release_version }} | |
| target_commitish: ${{ env.release_branch_name }} | |
| draft: false | |
| prerelease: false | |
| files: | | |
| samm-cli-${{ github.event.inputs.release_version }}-linux-x86_64.tar.gz | |
| samm-cli-${{ github.event.inputs.release_version }}-macos-x86_64.tar.gz | |
| samm-cli-*.jar | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Notify issues of release their fix is contained in" | |
| if: ${{ !contains( github.event.inputs.release_version, '-M' ) }} | |
| uses: apexskier/github-release-commenter@3bd413ad5e1d603bfe2282f9f06f2bdcec079327 # v1.3.6 | |
| with: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| comment-template: | | |
| Release {release_link} addresses this. | |
| # Sign SAML-CLI Windows executable | |
| - name: Get Artifact ID (Windows) | |
| shell: bash | |
| run: | | |
| # Get the list of artifacts for the specified workflow run | |
| response=$(curl -H "Authorization: Bearer $TOKEN" -H "Accept: application/vnd.github+json" "https://api.github.com/repos/${{ github.repository_owner }}/$(echo '${{ github.repository }}' | cut -d'/' -f2)/actions/runs/${{ github.run_id }}/artifacts") | |
| # Filter out the ID of the artifact with a name that contains "windows" | |
| artifact_id=$(echo "$response" | jq -r '.artifacts[] | select(.name | contains("windows-artifacts")) | .id') | |
| # Save the artifact ID in an environment variable | |
| echo "ARTIFACT_ID=$artifact_id" >> $GITHUB_ENV | |
| env: | |
| TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Commit Artifact URL and version changes and push to pre release branch for Jenkins (Windows) | |
| shell: bash | |
| run: | | |
| ARTIFACT_URL_WIN="https://api.github.com/repos/eclipse-esmf/esmf-sdk/actions/artifacts/$ARTIFACT_ID/zip" | |
| BRANCH_NAME="pre_release_configuration" | |
| echo "artifact_url_win=$ARTIFACT_URL_WIN" > parameters.txt | |
| echo "version=${{ github.event.inputs.release_version }}" >> parameters.txt | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "github-actions" | |
| git checkout -b $BRANCH_NAME | |
| git add parameters.txt | |
| git commit -m "Add parameters.txt with artifact_url_win and version" | |
| git push origin $BRANCH_NAME | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Trigger Jenkins Job, for signing executable | |
| shell: bash | |
| run: | | |
| DATA='{"repository": {"url": "https://github.com/eclipse-esmf/esmf-sdk", "html_url": "https://github.com/eclipse-esmf/esmf-sdk", "owner": { "name": "ESMF"}}, "pusher": { "name": "GitHub Action", "email": "[email protected]"}}' | |
| SHA1="$(echo -n "${DATA}" | openssl dgst -sha1 -hmac "${WEBHOOK_SECRET}" | sed 's/SHA1(stdin)= //')" | |
| curl -X POST https://ci.eclipse.org/esmf/github-webhook/ -H "Content-Type: application/json" -H "X-GitHub-Event: push" -H "X-Hub-Signature: sha1=${SHA1}" -d "${DATA}" | |
| # Full release: Maven Central | |
| # The (apparently) only way to retrieve the staging profile id | |
| # is the undocumented rc-list-profiles command of the | |
| # nexus-staging-maven-plugin: | |
| # mvn org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13:rc-list-profiles -DnexusUrl=https://oss.sonatype.org/ -DserverId=ossrh | |
| - name: Release to OSSRH/Maven Central | |
| if: ${{ !contains( github.event.inputs.release_version, '-M' ) }} | |
| run: | | |
| mkdir deploy | |
| mv nexus-staging deploy | |
| cd deploy | |
| mvn org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13:deploy-staged-repository \ | |
| -DnexusUrl=https://oss.sonatype.org/ \ | |
| -DserverId=ossrh \ | |
| -DrepositoryDirectory=nexus-staging \ | |
| -DstagingProfileId=7e73217781f2e | |
| env: | |
| OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
| OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} | |
| # Workaround for https://issues.sonatype.org/browse/OSSRH-66257 | |
| # as described in https://stackoverflow.com/a/70157413 | |
| MAVEN_OPTS: --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED | |
| # Milestone release: Write settings to deploy to Github repo | |
| - name: Write settings.xml | |
| if: contains( github.event.inputs.release_version, '-M' ) | |
| uses: DamianReeves/write-file-action@0a7fcbe1960c53fc08fe789fa4850d24885f4d84 # v1.2 | |
| with: | |
| path: settings.xml | |
| contents: | | |
| <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 | |
| https://maven.apache.org/xsd/settings-1.0.0.xsd"> | |
| <servers> | |
| <server> | |
| <id>github</id> | |
| <configuration> | |
| <httpHeaders> | |
| <property> | |
| <name>Authorization</name> | |
| <value>Bearer ${env.GITHUB_TOKEN}</value> | |
| </property> | |
| </httpHeaders> | |
| </configuration> | |
| </server> | |
| <server> | |
| <id>gpg.passphrase</id> | |
| <passphrase>${env.PGP_KEY_PASSWORD}</passphrase> | |
| </server> | |
| </servers> | |
| </settings> | |
| write-mode: overwrite | |
| # Milestone release: Maven deploy to Github | |
| - name: Publish to Github | |
| if: contains( github.event.inputs.release_version, '-M' ) | |
| run: mvn -s ./settings.xml -B clean -pl '!esmf-sdk-test-report,!documentation,!tools/samm-cli' deploy -DskipTests -Pmilestone-build,sign | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PGP_KEY_PASSWORD: ${{ secrets.PGP_KEY_PASSWORD }} | |
| # Milestone release: Github | |
| - name: "Create Github release (milestone)" | |
| if: contains( github.event.inputs.release_version, '-M' ) | |
| uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 | |
| with: | |
| body: "Release version ${{ github.event.inputs.release_version }}." | |
| tag_name: v${{ github.event.inputs.release_version }} | |
| target_commitish: ${{ env.release_branch_name }} | |
| draft: false | |
| prerelease: true | |
| files: | | |
| samm-cli-${{ github.event.inputs.release_version }}-linux-x86_64.tar.gz | |
| samm-cli-${{ github.event.inputs.release_version }}-macos-x86_64.tar.gz | |
| samm-cli-*.jar | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |