diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..e53ec73d --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,41 @@ +name: Publish + +on: + push: + tags: + - "*" + +jobs: + publish: + name: Publish + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set up JDK + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + - name: Cache Gradle packages + uses: actions/cache@v3 + with: + path: ~/.gradle/caches + key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} + restore-keys: ${{ runner.os }}-gradle + - name: Test + run: ./ci_test.sh + - name: Publish to Gradle Plugin Portal + env: + GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }} + GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }} + run: ./ci_publish_gradle.sh + - name: Publish to Maven Central + env: + FILE_ENCRYPTION_PASSWORD: ${{ secrets.FILE_ENCRYPTION_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }} + SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} + SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} + run: ./ci_publish.sh -s diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..9d6f342f --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,38 @@ +name: Test +on: + push: + branches: + - master + pull_request: + types: [opened, synchronize, reopened] + +jobs: + build: + name: Test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set up JDK + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + - name: Cache SonarCloud packages + uses: actions/cache@v3 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + - name: Cache Gradle packages + uses: actions/cache@v3 + with: + path: ~/.gradle/caches + key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} + restore-keys: ${{ runner.os }}-gradle + - name: Test + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: ./ci_test.sh diff --git a/.gitignore b/.gitignore index da46505d..102fc0b6 100644 --- a/.gitignore +++ b/.gitignore @@ -2,11 +2,11 @@ .gradle/ .* !.gitignore +!.github/ .settings/ build/ out/ bin/ -gradle.properties *.iml *.ipr *.iws diff --git a/build.gradle.kts b/build.gradle.kts index bd4a91c4..805c7982 100755 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -1,19 +1,18 @@ import org.jetbrains.kotlin.gradle.tasks.KotlinCompile -import org.kt3k.gradle.plugin.CoverallsPluginExtension import pl.allegro.tech.build.axion.release.domain.TagNameSerializationConfig import pl.allegro.tech.build.axion.release.domain.hooks.HooksConfig plugins { - id("com.github.kt3k.coveralls") version "2.12.0" + `maven-publish` id("io.github.gradle-nexus.publish-plugin") version "1.0.0" id("org.jmailen.kotlinter") version "3.3.0" apply false + id("org.sonarqube") version "4.0.0.2929" id("pl.allegro.tech.build.axion-release") version "1.9.2" jacoco java kotlin("jvm") version "1.7.22" apply false - `maven-publish` } repositories { @@ -85,12 +84,6 @@ subprojects { } } -//coverall multi module plugin configuration starts here -configure { - sourceDirs = nonSampleProjects.flatMap { it.sourceSets["main"].allSource.srcDirs }.filter { it.exists() }.map { it.path } - jacocoReportPath = "$buildDir/reports/jacoco/jacocoRootReport/jacocoRootReport.xml" -} - tasks { val jacocoMerge by creating(JacocoMerge::class) { executionData = files(nonSampleProjects.map { File(it.buildDir, "/jacoco/test.exec") }) @@ -115,7 +108,7 @@ tasks { xml.isEnabled = true } } - getByName("coveralls").dependsOn(jacocoRootReport) + getByName("sonar").dependsOn(jacocoRootReport) } nexusPublishing { @@ -123,3 +116,11 @@ nexusPublishing { sonatype () } } + +sonar { + properties { + property("sonar.projectKey", "ePages-de_restdocs-api-spec") + property("sonar.organization", "epages-de") + property("sonar.host.url", "https://sonarcloud.io") + } +} diff --git a/ci_build.sh b/ci_build.sh deleted file mode 100755 index 54317116..00000000 --- a/ci_build.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -e - -./gradlew clean build coveralls diff --git a/ci_publish_gradle.sh b/ci_publish_gradle.sh index bf4a833c..eb636110 100755 --- a/ci_publish_gradle.sh +++ b/ci_publish_gradle.sh @@ -1,4 +1,15 @@ #!/bin/bash set -e +function check_variable_set() { + _VARIABLE_NAME=$1 + _VARIABLE_VALUE=${!_VARIABLE_NAME} + if [[ -z ${_VARIABLE_VALUE} ]]; then + echo "Missing env variable ${_VARIABLE_NAME}" + exit 1 + fi +} +check_variable_set GRADLE_PUBLISH_KEY +check_variable_set GRADLE_PUBLISH_SECRET + ./gradlew publishPlugins -p restdocs-api-spec-gradle-plugin diff --git a/ci_publish_java.sh b/ci_publish_java.sh index 2aa6c626..60076d02 100755 --- a/ci_publish_java.sh +++ b/ci_publish_java.sh @@ -1,16 +1,102 @@ #!/bin/bash -set -e - -openssl aes-256-cbc -K $encrypted_7b7bcfd5be68_key -iv $encrypted_7b7bcfd5be68_iv \ - -in secret-keys.gpg.enc \ - -out "${SIGNING_KEYRING_FILE}" \ - -d - -./gradlew publishToSonatype \ - --info \ - --exclude-task :restdocs-api-spec-gradle-plugin:publishToSonatype \ - -Dorg.gradle.project.sonatypeUsername="${SONATYPE_USERNAME}" \ - -Dorg.gradle.project.sonatypePassword="${SONATYPE_PASSWORD}" \ - -Dorg.gradle.project.signing.keyId="${SIGNING_KEY_ID}" \ - -Dorg.gradle.project.signing.password="${SIGNING_PASSWORD}" \ - -Dorg.gradle.project.signing.secretKeyRingFile="${SIGNING_KEYRING_FILE}" + +set -e # Exit with nonzero exit code if anything fails + +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +SECRET_KEYS_FILE="${SCRIPT_DIR}/secret-keys.gpg" + +############################################################################### +# Parameter handling +############################################################################### + +usage () { + cat << EOF +DESCRIPTION: +The script publishes the Java libraries of this project to Sonatype or +Maven Local (default). + +SYNOPSIS: +$0 [-s] [-h] + +OPTIONS: + -s Publish to Sonatype (Default: off) + -h Show this message. + -? Show this message. + +REQUIRED ENVIRONMENT VARIABLES: +- FILE_ENCRYPTION_PASSWORD: Passphrase for decrypting the signing keys +- SIGNING_KEY_ID +- SIGNING_PASSWORD +- SONATYPE_USERNAME +- SONATYPE_PASSWORD + +DEPENDENCIES: +- gpg: https://help.ubuntu.com/community/GnuPrivacyGuardHowto + +EOF +} + +while getopts "s h ?" option ; do + case $option in + s) PUBLISH_TO_SONATYPE='true' + ;; + h ) usage + exit 0;; + ? ) usage + exit 0;; + esac +done + + +############################################################################### +# Env variables and dependencies +############################################################################### + +function check_variable_set() { + _VARIABLE_NAME=$1 + _VARIABLE_VALUE=${!_VARIABLE_NAME} + if [[ -z ${_VARIABLE_VALUE} ]]; then + echo "Missing env variable ${_VARIABLE_NAME}" + exit 1 + fi +} +check_variable_set FILE_ENCRYPTION_PASSWORD +check_variable_set SIGNING_KEY_ID +check_variable_set SIGNING_PASSWORD +check_variable_set SONATYPE_USERNAME +check_variable_set SONATYPE_PASSWORD + +if ! command -v gpg &> /dev/null; then + echo "gpg not installed. See https://help.ubuntu.com/community/GnuPrivacyGuardHowto" + exit 1 +fi + +############################################################################### +# Parameter handling +############################################################################### + +# Decrypt signing key +gpg --quiet --batch --yes --decrypt --passphrase="${FILE_ENCRYPTION_PASSWORD}" \ + --output ${SECRET_KEYS_FILE} secret-keys.gpg.enc + +if [[ ! -f "${SECRET_KEYS_FILE}" ]]; then + echo "File ${SECRET_KEYS_FILE} does not exist" + exit 1 +fi + +# Determine where to publish the Java archives +if [[ "${PUBLISH_TO_SONATYPE}" == "true" ]]; then + PUBLISH_GRADLE_TASK="publishToSonatype" +else + PUBLISH_GRADLE_TASK="publishToMavenLocal" +fi + +# Publish +./gradlew ${PUBLISH_GRADLE_TASK} \ + --info \ + --exclude-task :restdocs-api-spec-gradle-plugin:publishToSonatype \ + -Dorg.gradle.project.sonatypeUsername="${SONATYPE_USERNAME}" \ + -Dorg.gradle.project.sonatypePassword="${SONATYPE_PASSWORD}" \ + -Dorg.gradle.project.signing.keyId="${SIGNING_KEY_ID}" \ + -Dorg.gradle.project.signing.password="${SIGNING_PASSWORD}" \ + -Dorg.gradle.project.signing.secretKeyRingFile="${SECRET_KEYS_FILE}" diff --git a/ci_test.sh b/ci_test.sh new file mode 100755 index 00000000..52defd74 --- /dev/null +++ b/ci_test.sh @@ -0,0 +1,14 @@ +#!/bin/bash +set -e # Exit with nonzero exit code if anything fails + +if [[ -n "${SONAR_TOKEN}" ]]; then + SONAR_GRADLE_TASK="sonar" +else + echo "INFO: Skipping sonar analysis as SONAR_TOKEN is not set" +fi + +./gradlew \ + clean \ + ${SONAR_GRADLE_TASK} \ + build \ + --info diff --git a/gradle.properties b/gradle.properties new file mode 100644 index 00000000..e8675368 --- /dev/null +++ b/gradle.properties @@ -0,0 +1 @@ +org.gradle.jvmargs=-XX:MaxMetaspaceSize=300m -Xms256m -Xmx512m diff --git a/secret-keys.gpg.enc b/secret-keys.gpg.enc new file mode 100644 index 00000000..e848d338 Binary files /dev/null and b/secret-keys.gpg.enc differ