forked from hyperledger/fabric-chaincode-java
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathazure-pipelines.yml
229 lines (219 loc) · 10.5 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
# fabric-chaincode-java azure pipeline configuration.
#
name: $(SourceBranchName)-$(Date:yyyyMMdd)$(Rev:.rrr)
# Daily build for final quality
# cf https://crontab.guru/#0_23_*_*_*
schedules:
- cron: "0 10,12,14,16,23 * * *"
displayName: "Chaincode Java Nightly Driver"
branches:
include:
- main
trigger:
branches:
include:
- "main"
tags:
include:
- "*"
# These are custom defined variables, the pipeline one is currently used for the build scripts
# to know to produce tests results in XML format for Azure to consume, for developers
# this isn't set so command line output is given
#
# Chaincode_Java_Creds is the protected group of keys for publishing
#
variables:
- group: Chaincode_Java_Creds
- group: Github-PackageRegistry-Credentials
- group: JARSigningPublish
- name: component
value: fabric-chaincode-java
- name: pipeline
value: ci
- name: PUSH_VERSION
value: stable
- name: FABRIC_VERSION
value: latest
pool:
vmImage: "ubuntu-latest"
# The stages and jobs, potential for rationalization and optimization
# Keeping it simple and explicit whilst we gain experience
#
stages:
- stage: Build_and_test
jobs:
- job: displayenv
steps:
- template: templates/build-data.yml
- job: main
steps:
- task: Gradle@2
inputs:
workingDirectory: ""
gradleWrapperFile: "gradlew"
gradleOptions: "-Xmx3072m"
javaHomeOption: "JDKVersion"
jdkVersionOption: "1.8"
jdkArchitectureOption: "x64"
options: "-x javadoc"
publishJUnitResults: true
testResultsFiles: "$(System.DefaultWorkingDirectory)/**/TEST-*.xml"
tasks: "build"
- task: PublishBuildArtifacts@1
condition: or(succeeded(), failed())
inputs:
pathToPublish: fabric-chaincode-shim/build/reports/checkstyle/
artifactName: checkstylereport
displayName: 'Checkstyle'
continueOnError: true
- task: PublishBuildArtifacts@1
condition: or(succeeded(), failed())
inputs:
pathToPublish: fabric-chaincode-shim/build/reports/jacoco/
artifactName: coveragereport
displayName: 'JaCoCo Coverage'
continueOnError: true
- task: PublishTestResults@2
inputs:
testResultsFormat: 'JUnit'
testResultsFiles: 'fabric-chaincode-shim/build/reports/dependency-check-junit.xml'
mergeTestResults: true
failTaskOnFailedTests: false
testRunTitle: OWASP Dependency Check
displayName: 'Publish OWASP Dependency Check JUnit results'
- task: CopyFiles@2
inputs:
contents: |
fabric-chaincode-shim/build/reports/dependency-check-*.*
targetFolder: $(Build.ArtifactStagingDirectory)/dependency-check
displayName: 'Collect OWASP Dependency Check results'
- task: PublishBuildArtifacts@1
inputs:
pathToPublish: $(Build.ArtifactStagingDirectory)/dependency-check
artifactName: 'Dependency Check Report'
displayName: 'Publish full OWASP Dependency Check result'
- task: PublishCodeCoverageResults@1
inputs:
summaryFileLocation: "$(System.DefaultWorkingDirectory)/**/fabric-chaincode-shim/build/reports/jacoco/test/jacocoTestReport.xml"
# Copy the built artifacts to the staging directory, tgz, and the docker image
- script: |
set -ev
./gradlew -Psigning.keyId=${SIGNING_ID} -Psigning.password=${SIGNING_PASSWORD} -Psigning.secretKeyRingFile=${KEYRING_FILE} publishProtosJarPublicationToMavenLocal
./gradlew -Psigning.keyId=${SIGNING_ID} -Psigning.password=${SIGNING_PASSWORD} -Psigning.secretKeyRingFile=${KEYRING_FILE} publishShimJarPublicationToMavenLocal
tar -zcvf localmaven.tgz ${HOME}/.m2/repository/org/hyperledger
docker image save hyperledger/fabric-javaenv | gzip > $(Build.ArtifactStagingDirectory)/fabric-javaenv.tar.gz
displayName: 'Package tgz and docker image'
- task: PublishBuildArtifacts@1
inputs:
pathToPublish: localmaven.tgz
artifactName: java-tgz
- task: PublishBuildArtifacts@1
inputs:
pathToPublish: $(Build.ArtifactStagingDirectory)/fabric-javaenv.tar.gz
artifactName: javaenv-docker-image
- job: javadoc
dependsOn: displayenv
variables:
${{ if eq(variables['Build.SourceBranch'], 'refs/heads/main') }}:
javadoc_release: main
${{ if ne(variables['Build.SourceBranch'], 'refs/heads/main') }}:
javadoc_release: $[format('release-{0}',dependencies.displayenv.outputs['BuildData.MINOR_PACKAGE_VERSION'])]
steps:
- script: ./gradlew javadoc
displayName: 'Build JavaDoc'
- script: |
if [ -d docs ]; then
mkdir gh-pages
cp -r docs/* gh-pages
fi
displayName: 'Copy gh-pages doc'
condition: eq(variables['Build.SourceBranch'], 'refs/heads/main')
- script: |
git fetch origin
git checkout -b gh-pages origin/gh-pages
mkdir -p $(javadoc_release)/api
rm -rf $(javadoc_release)/api/*
cp -r fabric-chaincode-shim/build/docs/javadoc/* $(javadoc_release)/api
# if the gh-pages is present from the previous script, then copy across the files across.
if [ -d gh-pages ]; then
find . -maxdepth 1 ! \( -name [.]* -o -name 'gh-pages' -o -name 'main' -o -name 'release-*' \) -exec rm -rf {} \;
cp -r gh-pages/* .
rm -rf gh-pages
fi
displayName: 'Update gh-pages branch'
- script: |
git config --global user.email "[email protected]"
git config --global user.name "Hyperledger Bot"
git add -A
git commit -m "Publishing GitHub Pages"
git push https://$(GITHUB-PAT)@github.com/hyperledger/fabric-chaincode-java.git gh-pages
displayName: 'Commit gh-pages changes'
condition: and(succeeded(),eq(variables['Build.Reason'], 'IndividualCI'))
# As the next script is more complex and uses loops, run this discretely in a sh file
# Publishing step for git tags
- stage: Publish_tag
condition: and(succeeded('Build_and_test'), startsWith(variables['Build.SourceBranch'], 'refs/tags'))
jobs:
- job: docker_publish
steps:
- template: templates/build-data.yml
- task: DownloadPipelineArtifact@2
inputs:
artifact: javaenv-docker-image
path: $(Build.SourcesDirectory)/build
- script: |
wget -qO "$PWD/manifest-tool" https://github.com/estesp/manifest-tool/releases/download/v1.0.0/manifest-tool-linux-amd64
chmod +x ./manifest-tool
docker image load --input build/fabric-javaenv.tar.gz
docker images
docker login ${DOCKER_REGISTRY_URL} --username=${DOCKER_REGISTRY_USERNAME} --password=${DOCKER_REGISTRY_PASSWORD}
echo "Logged in to docker registry"
# tag javaenv image to PACKAGE_VERSION
docker tag hyperledger/fabric-javaenv hyperledger/fabric-javaenv:amd64-$(BuildData.PACKAGE_VERSION)
# push javaenv to repository
docker push hyperledger/fabric-javaenv:amd64-$(BuildData.PACKAGE_VERSION)
./manifest-tool push from-args --platforms linux/amd64 --template "hyperledger/fabric-javaenv:amd64-$(BuildData.PACKAGE_VERSION)" --target "hyperledger/fabric-javaenv:$(BuildData.PACKAGE_VERSION)"
./manifest-tool push from-args --platforms linux/amd64 --template "hyperledger/fabric-javaenv:amd64-$(BuildData.PACKAGE_VERSION)" --target "hyperledger/fabric-javaenv:$(BuildData.MINOR_PACKAGE_VERSION)"
env:
DOCKER_REGISTRY_USERNAME: $(DockerHub-Username)
DOCKER_REGISTRY_PASSWORD: $(DockerHub-Password)
- job: jar_publish
steps:
- template: templates/build-data.yml
- task: DownloadSecureFile@1
name: keyring
inputs:
secureFile: secring.gpg
- script: |
./gradlew -Psigning.keyId=${SIGNING_ID} -Psigning.password=${SIGNING_PASSWORD} -Psigning.secretKeyRingFile=${KEYRING_FILE} -PossrhUsername=${OSSRH_USER} -PossrhPassword=${OSSRH_PASSWORD} publishAllPublicationsToReleaseRepository
./gradlew -Psigning.keyId=${SIGNING_ID} -Psigning.password=${SIGNING_PASSWORD} -Psigning.secretKeyRingFile=${KEYRING_FILE} -PossrhUsername=${OSSRH_USER} -PossrhPassword=${OSSRH_PASSWORD} publishAllPublicationsToSnapshotRepository
env:
SIGNING_ID: $(JAR-Signing-Id)
SIGNING_PASSWORD: $(JAR-Signing-Password)
KEYRING_FILE: $(keyring.secureFilePath)
OSSRH_USER: $(OSSRH-User)
OSSRH_PASSWORD: $(OSSRH-Password)
#
- stage: Publish_tag_nightly
condition: and(succeeded('Build_and_test'), eq(variables['Build.Reason'], 'Schedule')) # only run on the scheduled builds
jobs:
- job: jar_publish
steps:
- template: templates/build-data.yml
- task: DownloadSecureFile@1
name: keyring
inputs:
secureFile: secring.gpg
- script: |
./gradlew -PNIGHTLY=true -Psigning.keyId=${SIGNING_ID} -Psigning.password=${SIGNING_PASSWORD} -Psigning.secretKeyRingFile=${KEYRING_FILE} -PartifactoryUsername=${ARTIFACTORY_USER} -PartifactoryhPassword=${ARTIFACTORY_PASSWORD} publishMavenPublicationToReleaseRepository
./gradlew -PNIGHTLY=true -Psigning.keyId=${SIGNING_ID} -Psigning.password=${SIGNING_PASSWORD} -Psigning.secretKeyRingFile=${KEYRING_FILE} -PartifactoryUsername=${ARTIFACTORY_USER} -PartifactoryhPassword=${ARTIFACTORY_PASSWORD} publishMavenPublicationToSnapshotRepository
env:
SIGNING_ID: $(JAR-Signing-Id)
SIGNING_PASSWORD: $(JAR-Signing-Password)
KEYRING_FILE: $(keyring.secureFilePath)
ARTIFACTORY_USER: $(ARTIFACTORY-User)
ARTIFACTORY_PASSWORD: $(ARTIFACTORY-Password)