Move CI from TravisCI to GitHub Actions #339
Conversation
johnttompkins
force-pushed
the
github-actions
branch
3 times, most recently
from
d23600f to
bb6236d
Compare
johnttompkins
force-pushed
the
github-actions
branch
from
690c881 to
3c65f2f
Compare
| @@ -431,6 +431,12 @@ | |||
| <goals> | |||
| <goal>sign</goal> | |||
| </goals> | |||
| <configuration> | |||
There was a problem hiding this comment.
Had to add this to pick up the passphrase for the gpg key that is set in the setup java step
johnttompkins
requested review from
wbingli,
ammokhov,
PatMyron and
sungkkim
|
Can we remove |
Should be removed now. |
| env: | ||
| AWS_DEFAULT_REGION: us-east-1 | ||
| AWS_REGION: us-east-1 |
There was a problem hiding this comment.
Are these environment variables used for anything btw?
| env: | |
| AWS_DEFAULT_REGION: us-east-1 | |
| AWS_REGION: us-east-1 |
There was a problem hiding this comment.
yeah if you dont have these set the unit tests fail 🤷🏻 something with initializing aws clients in unit tests. maybe at a later date we can look into why these are necessary are try to remove
| AWS_REGION: us-east-1 | ||
| strategy: | ||
| matrix: | ||
| python: [3.6, 3.7, 3.8] |
There was a problem hiding this comment.
linking aws-cloudformation/cloudformation-cli-python-plugin#139 again just so we don't forget later
we should just sweep all these repos when we get Python 3.9 working:
| python: [3.6, 3.7, 3.8] | |
| python: [3.6, 3.7, 3.8, 3.9] |
| matrix: | ||
| python: [3.6, 3.7, 3.8] | ||
| java: [8, 11] | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
might as well test on macos-latest and windows-latest here as well
There was a problem hiding this comment.
added. i think it might also be useful to test compatibility with published libraries and plugins i.e. since we are managing two different packages of software, we should test the library against the published plugin and vice versa to ensure backwards compatibility. These things get missed since we test the built library in a given PR with the built plugin in the given PR
There was a problem hiding this comment.
seeing some macos failures trying to build the java library. going to leave out the multiple OS testing for now since this was just supposed to be a migration and create a followup so we can do this in a more targeted way where we aren't just running 18 jobs for one pr. ideally we'd only need to test compatibility of the plugin with the given OS
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Set up Java & publishing credentials | ||
| uses: actions/setup-java@v1 | ||
| with: | ||
| java-version: 8 | ||
| server-id: sonatype-nexus-staging # Value of the distributionManagement/repository/id field of the pom.xml | ||
| server-username: SONATYPE_USERNAME # env variable for username in deploy | ||
| server-password: SONATYPE_PASSWORD # env variable for token in deploy | ||
| gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Value of the GPG private key to import | ||
| gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase | ||
| - name: Deploy to sonatype staging repo | ||
| run: mvn deploy -Ppublishing | ||
| env: | ||
| SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} | ||
| SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} | ||
| MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} |
There was a problem hiding this comment.
confused what's going on with secrets/env variables here
looks similar to actions/setup-java README but don't understand why env variables are set in the step after they're used 🤔
There was a problem hiding this comment.
i think it's to limit the scope of when these secrets are on the build machine. the setup-java step simply creates a configuration file which points to environment variables then the deploy step sets these when the configuration file is actually used (during the mvn deploy command)
Co-authored-by: Pat Myron <[email protected]>
This reverts commit d581404.
Issue #, if available:
Description of changes: First two commits: Github actions CI for java. Should have parity with existing travis job.
Next commit: Adding a PyPI deployment actions. Any time a release w tag suffix "-plugin" is published, the CI job will publish said release to PyPI.
Final commit: Adds automation to release to our staging repository for releases w tag suffix "-lib". This should make it a lot easier to cut new releases, as all that is necessary is a version bump an a tag. Also adds a small configuration change to the pom.xml to support the automated deployment.
For both of these, I added the credentials for uploading, keys, passphrases, etc. As GitHub secrets, which are encrypted and stored on an organization level.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.