Issue TBD54566975#94: Build Kotlin Distribution and CI via GitHub Act…

…ions * Rewrite Maven Build (pom.xml) * Add manual trigger to dispatch CI * Remove native binaries from source control - these should be supplied by the developer build or the CI build * Build native libraries on CI (MacOS aarch64 Darwin, MacOS x86_64 Darwin, Linux x86_64 GNU, Linux x86_64 MUSL) * Add cargo config on libssl (needed for some platforms) * Deploy SNAPSHOT to TBD Artifactory * Acceptance test the JVM Distribution
ALRubinger · Aug 1, 2024 · 94932aa · 94932aa
1 parent c933a1f
commit 94932aa
Show file tree

Hide file tree

Showing 18 changed files with 931 additions and 312 deletions.
diff --git a/.github/workflows/bound-kt-ci.yml b/.github/workflows/bound-kt-ci.yml
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,6 +1,12 @@
 name: CI
 
 on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version of Kotlin binary to publish to TBD Artifactory. For example "1.0.0-SNAPSHOT". If not supplied, will default to version specified in the POM. Must end in "-SNAPSHOT".'
+        required: false
+        default: "0.0.0-SNAPSHOT"
   push:
     branches:
       - main
@@ -14,37 +20,69 @@ env:
   RUSTFLAGS: "-Dwarnings"
 
 jobs:
-  build:
-    runs-on: ubuntu-latest
+  build_aarch64_apple_darwin:
+    runs-on: macos-latest
+    name: Build aarch64-apple-darwin target
     steps:
-      - uses: actions/checkout@v4
-      - name: Init Hermit
-        uses: cashapp/activate-hermit@v1
+      - uses: actions/checkout@v2
+      - name: Install Rust
+        run: rustup toolchain install stable
+      - name: Run Build Script
+        run: |
+          cd bindings/tbdex_uniffi/libtargets/aarch64_apple_darwin
+          ./build
+      - name: Upload .dylib
+        uses: actions/upload-artifact@v4.0.0
         with:
-          cache: true
-      - name: Setup
-        run: just setup
-      - name: Build
-        run: just build
+          name: aarch64-apple-darwin-dylib
+          path: bound/kt/src/main/resources/libtbdex_uniffi_aarch64_apple_darwin.dylib
 
-  test:
-    strategy:
-      matrix:
-        os: [ ubuntu-latest, macos-latest ] # TODO add back windows-latest https://github.com/TBD54566975/tbdex-rs/issues/44
-        rust: [ stable, nightly ]
-    runs-on: ${{ matrix.os }}
+  build_x86_64_apple_darwin:
+    runs-on: macos-12
+    name: Build x86_64-apple-darwin target
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v2
+      - name: Install Rust
+        run: rustup toolchain install stable
+      - name: Run Build Script
+        run: |
+          cd bindings/tbdex_uniffi/libtargets/x86_64_apple_darwin
+          ./build
+      - name: Upload .dylib
+        uses: actions/upload-artifact@v4.0.0
         with:
-          submodules: true
-      - name: Init Hermit
-        uses: cashapp/activate-hermit@v1
+          name: x86_64-apple-darwin-dylib
+          path: bound/kt/src/main/resources/libtbdex_uniffi_x86_64_apple_darwin.dylib
+
+  build_x86_64_unknown_linux_gnu:
+    runs-on: ubuntu-latest
+    name: Build x86_64-unknown-linux-gnu target
+    steps:
+      - uses: actions/checkout@v2
+      - name: Run Build Script
+        run: |
+          cd bindings/tbdex_uniffi/libtargets/x86_64_unknown_linux_gnu
+          ./build
+      - name: Upload .so
+        uses: actions/upload-artifact@v4.0.0
         with:
-          cache: true
-      - name: Setup
-        run: just setup
-      - name: Test
-        run: just test
+          name: x86_64-unknown-linux-gnu-so
+          path: bound/kt/src/main/resources/libtbdex_uniffi_x86_64_unknown_linux_gnu.so
+
+  build_x86_64_unknown_linux_musl:
+    runs-on: ubuntu-latest
+    name: Build x86_64-unknown-linux-musl target
+    steps:
+      - uses: actions/checkout@v2
+      - name: Run Build Script
+        run: |
+          cd bindings/tbdex_uniffi/libtargets/x86_64_unknown_linux_musl
+          ./build
+      - name: Upload .so
+        uses: actions/upload-artifact@v4.0.0
+        with:
+          name: x86_64-unknown-linux-musl-so
+          path: bound/kt/src/main/resources/libtbdex_uniffi_x86_64_unknown_linux_musl.so
 
   lint:
     runs-on: ubuntu-latest
@@ -59,60 +97,131 @@ jobs:
       - name: Lint
         run: just lint
 
-  kt-test:
+  kotlin-build-test-deploy-snapshot:
+    needs:
+      - build_aarch64_apple_darwin
+      - build_x86_64_apple_darwin
+      - build_x86_64_unknown_linux_gnu
+      - build_x86_64_unknown_linux_musl
     runs-on: macos-latest
     steps:
       - uses: actions/checkout@v4
         with:
           submodules: true
-      - name: Init Hermit
-        uses: cashapp/activate-hermit@v1
+      - name: Set up JDK 11
+        uses: actions/setup-java@v3
         with:
-          cache: true
-      - name: Setup
-        run: just setup
+          distribution: "adopt"
+          java-version: "11"
+
+      - name: Resolve Snapshot Version
+        id: resolve_version
+        run: |
+          # Version resolution: use provided
+          if [ -n "${{ github.event.inputs.version }}" ]; then
+            resolvedVersion=${{ github.event.inputs.version }}
+          # Otherwise, construct a version for deployment in form X.Y.Z-commit-$shortSHA-SNAPSHOT
+          else
+            longSHA=$(git rev-parse --verify HEAD)
+            shortSHA=$(echo "${longSHA:0:7}")
+            resolvedVersion="commit-$shortSHA-SNAPSHOT"
+            echo "Requesting deployment as version: $resolvedVersion"
+          fi
+
+          # Postcondition check; only allow this to proceed if we have a version ending in "-SNAPSHOT"
+          if [[ ! "$resolvedVersion" =~ -SNAPSHOT$ ]]; then
+            echo "Error: The version does not end with \"-SNAPSHOT\": $resolvedVersion"
+            exit 1
+          fi
+
+          echo "Resolved SNAPSHOT Version: $resolvedVersion"
+          echo "resolved_version=$resolvedVersion" >> $GITHUB_OUTPUT
+
+      - name: Download MacOS aarch64 Native Library
+        uses: actions/download-artifact@v4.0.0
+        with:
+          name: aarch64-apple-darwin-dylib
+          path: bound/kt/src/main/resources/
+      - name: Download MacOS x86_64 Native Library
+        uses: actions/download-artifact@v4.0.0
+        with:
+          name: x86_64-apple-darwin-dylib
+          path: bound/kt/src/main/resources/
+      - name: Download Linux x86_64 GNU Native Library
+        uses: actions/download-artifact@v4.0.0
+        with:
+          name: x86_64-unknown-linux-gnu-so
+          path: bound/kt/src/main/resources/
+      - name: Download Linux x86_64 MUSL Native Library
+        uses: actions/download-artifact@v4.0.0
+        with:
+          name: x86_64-unknown-linux-musl-so
+          path: bound/kt/src/main/resources/
+
       - name: Build and Test Kotlin Project
-        working-directory: bound/kt
         run: |
-          mkdir -p test-results
-          mvn test
+
+          # cd into the Kotlin project
+          cd bound/kt/
+
+          # Set newly resolved version in POM config
+          mvn \
+            versions:set \
+            --batch-mode \
+            -DnewVersion=${{ steps.resolve_version.outputs.resolved_version }}
+
+          # Only attempt to publish artifact if we have credentials
+          if [ -n "${{ secrets.ARTIFACTORY_PASSWORD }}" ]; then
+            # Maven deploy lifecycle will build, run tests, verify, sign, and deploy
+            mvn deploy --batch-mode --settings .maven_settings.xml -P sign-artifacts
+          else
+            # Otherwise, Maven verify lifecycle will build, run tests, and verify
+            mvn verify --batch-mode
+          fi
+          
+        env:
+          ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
+          ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
+          SIGN_KEY_PASS: ${{ secrets.GPG_SECRET_PASSPHRASE }}
+          SIGN_KEY: ${{ secrets.GPG_SECRET_KEY }}
+
       - name: Upload Kotlin Test Results
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4.0.0
         with:
           name: kotlin-test-results
           path: bound/kt/target/surefire-reports/*.xml
 
-  rust-test:
-    runs-on: macos-latest
+      - name: Upload tbDEX w/ Dependencies JAR
+        uses: actions/upload-artifact@v4.0.0
+        with:
+          name: tbdex-with-dependencies-jar
+          path: bound/kt/target/*-with-dependencies.jar
+
+  kotlin-acceptance-test:
+    needs: kotlin-build-test-deploy-snapshot
+    strategy:
+      matrix:
+        os: [ ubuntu-latest, macos-latest, macos-12 ]
+    runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
         with:
           submodules: true
-      - name: Init Hermit
-        uses: cashapp/activate-hermit@v1
+      - name: Set up JDK 11
+        uses: actions/setup-java@v3
         with:
-          cache: true
-      - name: Setup
-        run: just setup
-      - name: Install Nextest
-        run: cargo install cargo-nextest
-      - name: Create nextest.toml
-        run: |
-          echo '[profile.ci.junit]' > nextest.toml
-          echo 'path = "junit.xml"' >> nextest.toml
-          echo 'store-success-output = true' >> nextest.toml
-          echo 'store-failure-output = true' >> nextest.toml
-      - name: Run Rust Tests
-        run: |
-          mkdir -p test-results
-          cargo nextest run --profile ci --config-file ./nextest.toml
-      - name: Modify testsuite name in XML for test runner consumption
+          distribution: "adopt"
+          java-version: "11"
+      - name: Download tbDEX w/ Dependencies JAR
+        uses: actions/download-artifact@v4.0.0
+        with:
+          name: tbdex-with-dependencies-jar
+          path: tests/jvm
+      - name: Run Acceptance Tests
         run: |
-          sed -i '' 's/<testsuite name="tbdex"/<testsuite name="TbdexTestVectorsProtocolTest"/' target/nextest/ci/junit.xml
-      - name: Move Test Results
-        run: mv target/nextest/ci/junit.xml test-results/rust-test-results.xml
-      - name: Upload Rust Test Results
-        uses: actions/upload-artifact@v3
-        with:
-          name: rust-test-results
-          path: test-results/rust-test-results.xml
+          cd tests/jvm
+          mv *-with-dependencies.jar tbdex-with-dependencies.jar
+          javac TbdexAcceptanceTest.java \
+            -cp tbdex-with-dependencies.jar
+          java -classpath tbdex-with-dependencies.jar:. \
+            TbdexAcceptanceTest
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -17,29 +17,6 @@ on:
   workflow_dispatch:
 
 jobs:
-  # Snyk does not support rustlang yet
-  # snyk:
-  #   runs-on: ubuntu-latest
-
-  #   steps:
-  #     - name: Checkout
-  #       uses: actions/checkout@v4
-  #       with:
-  #         ref: ${{ github.head_ref }}
-
-  #     - name: Install Snyk
-  #       uses: snyk/actions/setup@master
-
-  #     - name: Snyk VULN and License Check Test
-  #       run: snyk test --all-projects --sarif-file-output=snyk.sarif
-  #       env:
-  #         SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-
-  #     - name: Upload SARIF result to GitHub Code Scanning
-  #       uses: github/codeql-action/upload-sarif@v2
-  #       if: always()
-  #       with:
-  #         sarif_file: snyk.sarif
 
   fossa:
     runs-on: ubuntu-latest