From 583f1b71e6b27ba1d021f638e96b3dd40aa94aa6 Mon Sep 17 00:00:00 2001 From: Anatoly Karlov Date: Mon, 5 May 2025 16:52:58 +0700 Subject: [PATCH 1/2] bump --- .github/actions/commit-info/action.yml | 24 ++++++++++++++ .github/workflows/maven-library-build.yml | 1 - .github/workflows/maven-library-deploy.yml | 11 +++---- .github/workflows/maven-service-build.yml | 5 ++- .github/workflows/maven-service-deploy.yml | 1 + .github/workflows/maven-swag-build.yml | 1 - .github/workflows/maven-swag-deploy.yml | 38 ++++++++++++---------- .github/workflows/maven-thrift-build.yml | 13 +++----- .github/workflows/maven-thrift-deploy.yml | 14 ++++---- 9 files changed, 67 insertions(+), 41 deletions(-) create mode 100644 .github/actions/commit-info/action.yml diff --git a/.github/actions/commit-info/action.yml b/.github/actions/commit-info/action.yml new file mode 100644 index 0000000..db8c5a2 --- /dev/null +++ b/.github/actions/commit-info/action.yml @@ -0,0 +1,24 @@ +name: Retrieve commit info +description: Retrieve commit info +runs: + using: "composite" + steps: + - shell: bash + run: | + if [[ "$GITHUB_REF_NAME" != "master" && "$GITHUB_REF_NAME" != "main" ]]; then + SAFE_BRANCH_NAME=$(echo "$GITHUB_REF_NAME" | tr '/' '-') + SAFE_BRANCH_NAME=$(echo "$SAFE_BRANCH_NAME" | sed 's/[^a-zA-Z0-9._-]//g') + BRANCH_SUFFIX="-$SAFE_BRANCH_NAME" + else + BRANCH_SUFFIX="" + fi + echo "BRANCH_SUFFIX=$BRANCH_SUFFIX" >> $GITHUB_ENV + + COMMIT_NUMBER=$(git rev-list HEAD --count) + echo "COMMIT_NUMBER=$COMMIT_NUMBER" >> $GITHUB_ENV + + SHA_7=${GITHUB_SHA::7} + echo "SHA_7=$SHA_7" >> $GITHUB_ENV + + REVISION="1.${COMMIT_NUMBER}-${SHA_7}${BRANCH_SUFFIX}" + echo "REVISION=$REVISION" >> $GITHUB_ENV diff --git a/.github/workflows/maven-library-build.yml b/.github/workflows/maven-library-build.yml index 8bc133e..57a95e3 100644 --- a/.github/workflows/maven-library-build.yml +++ b/.github/workflows/maven-library-build.yml @@ -67,4 +67,3 @@ jobs: - name: Upload code coverage uses: codecov/codecov-action@v4 - diff --git a/.github/workflows/maven-library-deploy.yml b/.github/workflows/maven-library-deploy.yml index cd8ee49..56dba0d 100644 --- a/.github/workflows/maven-library-deploy.yml +++ b/.github/workflows/maven-library-deploy.yml @@ -13,11 +13,6 @@ on: required: false default: "temurin" type: string - mvn-args: - description: 'Additional maven params' - required: false - default: "" - type: string secrets: server-username: required: true @@ -37,6 +32,10 @@ jobs: - name: Checkout Repo uses: actions/checkout@v4 + - name: Retrieve commit info + id: commit_info + uses: ./.github/actions/commit-info + - name: Deploy package uses: valitydev/action-deploy-jdk-package@v1.0.20 with: @@ -46,7 +45,7 @@ jobs: server-password: ${{ secrets.server-password }} deploy-secret-key: ${{ secrets.deploy-secret-key }} deploy-secret-key-password: ${{ secrets.deploy-secret-key-password }} - maven-args: ${{ inputs.mvn-args }} + maven-args: '-Dcommit.number=${{ env.COMMIT_NUMBER }} -Drevision=${{ env.REVISION }}' - name: Mattermost Notification if: always() diff --git a/.github/workflows/maven-service-build.yml b/.github/workflows/maven-service-build.yml index 4c710b6..14a44b2 100644 --- a/.github/workflows/maven-service-build.yml +++ b/.github/workflows/maven-service-build.yml @@ -56,17 +56,20 @@ jobs: scan: name: Scan with Trivy - needs: build + needs: [build] runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: Install Trivy CLI run: | wget https://github.com/aquasecurity/trivy/releases/download/v0.39.1/trivy_0.39.1_Linux-64bit.deb sudo dpkg -i trivy_0.39.1_Linux-64bit.deb + - uses: actions/download-artifact@v4 with: name: bom.json + - name: Run Trivy with SBOM run: trivy sbom --severity CRITICAL,HIGH --format sarif -o trivy-report.sarif ./bom.json diff --git a/.github/workflows/maven-service-deploy.yml b/.github/workflows/maven-service-deploy.yml index 1774170..81a4d9d 100644 --- a/.github/workflows/maven-service-deploy.yml +++ b/.github/workflows/maven-service-deploy.yml @@ -60,6 +60,7 @@ jobs: SLACK_COLOR: ${{ job.status }} SLACK_LINK_NAMES: true SLACK_FOOTER: "" + test-coverage: if: ${{ !inputs.ignore-coverage }} runs-on: ubuntu-22.04 diff --git a/.github/workflows/maven-swag-build.yml b/.github/workflows/maven-swag-build.yml index 5cfc953..f482a13 100644 --- a/.github/workflows/maven-swag-build.yml +++ b/.github/workflows/maven-swag-build.yml @@ -52,4 +52,3 @@ jobs: - name: Build client jar run: mvn --batch-mode clean package -f pom.xml -P="client" - diff --git a/.github/workflows/maven-swag-deploy.yml b/.github/workflows/maven-swag-deploy.yml index 44d5454..e1b1be8 100644 --- a/.github/workflows/maven-swag-deploy.yml +++ b/.github/workflows/maven-swag-deploy.yml @@ -13,6 +13,16 @@ on: required: false default: "web_deploy" type: string + java-version: + description: 'Java version' + required: false + default: "15" + type: string + java-distribution: + description: 'Java distribution' + required: false + default: "adopt" + type: string secrets: server-username: required: true @@ -75,23 +85,19 @@ jobs: path: ${{ inputs.dist-directory }} - name: Retrieve commit info - run: | - echo "::set-output name=COMMIT_NUMBER::$(git rev-list HEAD --count)" - echo "::set-output name=SHA_7::${GITHUB_SHA::7}" id: commit_info + uses: ./.github/actions/commit-info - - name: Set artifact version - run: | - mvn versions:set versions:commit -DnewVersion="1.${{ steps.commit_info.outputs.COMMIT_NUMBER }}-${{ steps.commit_info.outputs.SHA_7 }}-server" - - - name: Deploy server package + - name: Deploy package uses: valitydev/action-deploy-jdk-package@v1.0.20 with: + jdk-version: ${{ inputs.java-version }} + jdk-distribution: ${{ inputs.java-distribution }} server-username: ${{ secrets.server-username }} server-password: ${{ secrets.server-password }} deploy-secret-key: ${{ secrets.deploy-secret-key }} deploy-secret-key-password: ${{ secrets.deploy-secret-key-password }} - maven-args: '-Dcommit.number=${{ steps.commit_info.outputs.COMMIT_NUMBER }} -Drevision="1.${{ steps.commit_info.outputs.COMMIT_NUMBER }}-${{ steps.commit_info.outputs.SHA_7 }}-server" -P="server"' + maven-args: '-Dcommit.number=${{ env.COMMIT_NUMBER }} -Drevision=${{ env.REVISION }}-server" -P="server"' deploy-client: runs-on: ubuntu-22.04 @@ -109,23 +115,19 @@ jobs: path: ${{ inputs.dist-directory }} - name: Retrieve commit info - run: | - echo "::set-output name=COMMIT_NUMBER::$(git rev-list HEAD --count)" - echo "::set-output name=SHA_7::${GITHUB_SHA::7}" id: commit_info + uses: ./.github/actions/commit-info - - name: Set artifact version - run: | - mvn --batch-mode versions:set versions:commit -DnewVersion="1.${{ steps.commit_info.outputs.COMMIT_NUMBER }}-${{ steps.commit_info.outputs.SHA_7 }}-client" - - - name: Deploy client package + - name: Deploy package uses: valitydev/action-deploy-jdk-package@v1.0.20 with: + jdk-version: ${{ inputs.java-version }} + jdk-distribution: ${{ inputs.java-distribution }} server-username: ${{ secrets.server-username }} server-password: ${{ secrets.server-password }} deploy-secret-key: ${{ secrets.deploy-secret-key }} deploy-secret-key-password: ${{ secrets.deploy-secret-key-password }} - maven-args: '-Dcommit.number=${{ steps.commit_info.outputs.COMMIT_NUMBER }} -Drevision="1.${{ steps.commit_info.outputs.COMMIT_NUMBER }}-${{ steps.commit_info.outputs.SHA_7 }}-client" -P="client"' + maven-args: '-Dcommit.number=${{ env.COMMIT_NUMBER }} -Drevision=${{ env.REVISION }}-client" -P="client"' success-notify: runs-on: ubuntu-22.04 diff --git a/.github/workflows/maven-thrift-build.yml b/.github/workflows/maven-thrift-build.yml index 35d9d77..bbd6f91 100644 --- a/.github/workflows/maven-thrift-build.yml +++ b/.github/workflows/maven-thrift-build.yml @@ -19,22 +19,19 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Install thrift - uses: valitydev/action-setup-thrift@v1.0.3 + uses: valitydev/action-setup-thrift@v1.0.6 + - name: Checkout Repo uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Set up Maven uses: actions/setup-java@v4 with: java-version: ${{ inputs.java-version }} distribution: ${{ inputs.java-distribution }} cache: 'maven' - - name: Retrieve commit info - run: | - echo "::set-output name=COMMIT_NUMBER::$(git rev-list HEAD --count)" - echo "::set-output name=SHA_7::${GITHUB_SHA::7}" - id: commit_info - - name: Build package - run: mvn --batch-mode -Dcommit.number=${{ steps.commit_info.outputs.COMMIT_NUMBER }} -Drevision="1.${{ steps.commit_info.outputs.COMMIT_NUMBER }}-${{ steps.commit_info.outputs.SHA_7 }}" clean compile -f pom.xml + - name: Build packages + run: mvn -B clean verify diff --git a/.github/workflows/maven-thrift-deploy.yml b/.github/workflows/maven-thrift-deploy.yml index 7db79cd..33d19bd 100644 --- a/.github/workflows/maven-thrift-deploy.yml +++ b/.github/workflows/maven-thrift-deploy.yml @@ -30,26 +30,28 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Install thrift - uses: valitydev/action-setup-thrift@v1.0.3 + uses: valitydev/action-setup-thrift@v1.0.6 + - name: Checkout Repo uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Retrieve commit info - run: | - echo "::set-output name=COMMIT_NUMBER::$(git rev-list HEAD --count)" - echo "::set-output name=SHA_7::${GITHUB_SHA::7}" id: commit_info + uses: ./.github/actions/commit-info + - name: Deploy package uses: valitydev/action-deploy-jdk-package@v1.0.20 with: jdk-version: ${{ inputs.java-version }} - java-distribution: ${{ inputs.java-distribution }} + jdk-distribution: ${{ inputs.java-distribution }} server-username: ${{ secrets.server-username }} server-password: ${{ secrets.server-password }} deploy-secret-key: ${{ secrets.deploy-secret-key }} deploy-secret-key-password: ${{ secrets.deploy-secret-key-password }} - maven-args: '-Dcommit.number=${{ steps.commit_info.outputs.COMMIT_NUMBER }} -Drevision="1.${{ steps.commit_info.outputs.COMMIT_NUMBER }}-${{ steps.commit_info.outputs.SHA_7 }}"' + maven-args: '-Dcommit.number=${{ env.COMMIT_NUMBER }} -Drevision=${{ env.REVISION }}' + notify: runs-on: ubuntu-22.04 needs: [deploy] From 8431e32fa8281e4267012c460db260605a71d65b Mon Sep 17 00:00:00 2001 From: Anatoly Karlov Date: Thu, 15 May 2025 19:17:02 +0700 Subject: [PATCH 2/2] bump --- .github/workflows/maven-library-deploy.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/maven-library-deploy.yml b/.github/workflows/maven-library-deploy.yml index 56dba0d..cd8ee49 100644 --- a/.github/workflows/maven-library-deploy.yml +++ b/.github/workflows/maven-library-deploy.yml @@ -13,6 +13,11 @@ on: required: false default: "temurin" type: string + mvn-args: + description: 'Additional maven params' + required: false + default: "" + type: string secrets: server-username: required: true @@ -32,10 +37,6 @@ jobs: - name: Checkout Repo uses: actions/checkout@v4 - - name: Retrieve commit info - id: commit_info - uses: ./.github/actions/commit-info - - name: Deploy package uses: valitydev/action-deploy-jdk-package@v1.0.20 with: @@ -45,7 +46,7 @@ jobs: server-password: ${{ secrets.server-password }} deploy-secret-key: ${{ secrets.deploy-secret-key }} deploy-secret-key-password: ${{ secrets.deploy-secret-key-password }} - maven-args: '-Dcommit.number=${{ env.COMMIT_NUMBER }} -Drevision=${{ env.REVISION }}' + maven-args: ${{ inputs.mvn-args }} - name: Mattermost Notification if: always()