Merge branch 'main' into dependabot/github_actions/actions/setup-java-3

liquibase · Oct 3, 2023 · e724e7e · e724e7e
2 parents 13d1fe3 + ece47ed
commit e724e7e
Show file tree

Hide file tree

Showing 22 changed files with 1,199 additions and 87 deletions.
diff --git a/.github/package-deb-pom.xml b/.github/package-deb-pom.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>${groupId}</groupId>
+ <artifactId>${artifactId}</artifactId>
+ <version>${revision}</version>
+ <description>Universal pom for deb packaging</description>
+
+ <properties>
+ <maven.antrun.version>3.1.0</maven.antrun.version>
+ <org.vafer.jdeb.version>1.10</org.vafer.jdeb.version>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId> 
+ <artifactId>maven-antrun-plugin</artifactId> 
+ <version>${maven.antrun.version}</version> 
+ <executions> 
+ <execution> 
+ <id>unpack</id> 
+ <phase>package</phase> 
+ <configuration> 
+ <target> 
+ <untar src="${project.build.directory}/${project.artifactId}-${project.version}.tar.gz" compression="gzip" dest="${project.build.directory}/dist-unpacked" />
+ </target> 
+ </configuration> 
+ <goals> 
+ <goal>run</goal> 
+ </goals> 
+ </execution> 
+ </executions> 
+ </plugin> 
+ <plugin>
+ <groupId>org.vafer</groupId>
+ <artifactId>jdeb</artifactId>
+ <version>${org.vafer.jdeb.version}</version>
+ <executions>
+ <execution>
+ <id>create-deb</id>
+ <phase>package</phase>
+ <goals>
+ <goal>jdeb</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <deb>${project.build.directory}/${project.artifactId}-${project.version}.deb</deb>
+ <controlDir>${project.basedir}/src/${project.artifactId}/deb/control</controlDir>
+ <dataSet>
+ <data>
+ <src>${project.build.directory}/dist-unpacked</src>
+ <type>directory</type>
+ <mapper>
+ <type>perm</type>
+ <prefix>/usr/bin</prefix>
+ <filemode>755</filemode>
+ </mapper>
+ </data>
+ </dataSet>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/.github/upload_zip.sh b/.github/upload_zip.sh
@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+set -e
+
+if [[ -z "$GITHUB_TOKEN" ]]; then
+ echo "Set the GITHUB_TOKEN env variable."
+ exit 1
+fi
+
+if [[ -z "$ASSET_NAME_PREFIX" ]]; then
+ echo "Set the ASSET_NAME_PREFIX env variable."
+ exit 1
+fi
+
+if [[ -z "$ASSET_DIR" ]]; then
+ echo "Set the ASSET_DIR env variable."
+ exit 1
+fi
+
+VERSION=$1
+if [[ -z "$VERSION" ]]; then
+ echo "Set the VERSION parameter."
+ exit 1
+fi
+
+_DIR=$(dirname "$0")
+UPLOAD_URL=$($_DIR/get_draft_release.sh UPLOAD_URL)
+
+upload_asset() {
+ local file=$1
+ local size=$2
+ local content_type=$3
+ echo "Uploading $file ($size bytes) to $UPLOAD_URL"
+ curl \
+ -H "Authorization: token $GITHUB_TOKEN" \
+ -H "Content-Length: $size"\
+ -H "Content-Type: $content_type" \
+ --data-binary @$file "$UPLOAD_URL?name=$(basename $file)"
+}
+
+EXTENSION=".zip"
+FILE=$ASSET_DIR/$ASSET_NAME_PREFIX$VERSION$EXTENSION
+# Skip if zip files do not exist (some extensions do not generate examples in zip format)
+if [[ ! -f "$FILE" && "$FILE" != *".zip" ]]; then
+ echo "$FILE does not exist."
+fi
+SIZE=$(wc -c $FILE | awk '{print $1}')
+if [[ $SIZE -eq 0 ]]; then
+ echo "$FILE is empty."
+fi
+MIME=$(file -b --mime-type $FILE)
+upload_asset $FILE $SIZE $MIME
+
+
diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
@@ -2,10 +2,10 @@ name: Create Release
 
 on:
  workflow_call:
-
+ 
 jobs:
  sonar:
- uses: liquibase/build-logic/.github/workflows/sonar-push.yml@v0.3.2
+ uses: liquibase/build-logic/.github/workflows/sonar-push.yml@v0.4.5
  secrets: inherit
 
  create-release:

diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml
@@ -0,0 +1,39 @@
+# The name of the workflow
+name: Automerge Dependabot PRs
+
+# The event that triggers the workflow
+on:
+ workflow_call:
+
+jobs:
+ dependabot:
+ # The name of the job
+ name: Merge dependabot
+ # The type of runner that the job will run on
+ runs-on: ubuntu-latest
+ # The permissions for the GITHUB_TOKEN
+ permissions:
+ contents: write
+ pull-requests: write
+ # Conditional statement to run the job only when the event was triggered by 'dependabot[bot]'
+ if: ${{ github.actor == 'dependabot[bot]' }}
+
+ steps:
+ - name: Dependabot metadata
+ id: dependabot-metadata
+ # Use 'dependabot/fetch-metadata' to fetch the metadata about the update
+ uses: dependabot/fetch-metadata@v1.3.1
+
+ - name: Approve patch and minor updates
+ # Conditional statement to run the steps only when the update type is a patch or minor
+ if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}}
+ run: |
+ # Command to merge the PR
+ gh pr merge --auto --merge "$PR_URL"
+ # Command to approve the PR with a custom message
+ gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**"
+ env:
+ # The URL of the PR to be merged and approved
+ PR_URL: ${{github.event.pull_request.html_url}}
+ # The GitHub token secret
+ GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
@@ -2,6 +2,12 @@ name: Attach Artifact to Release
 
 on:
  workflow_call:
+ inputs:
+ zip:
+ description: 'Specify it if you want to attach a zip file to the release'
+ required: false
+ default: 'false'
+ type: string
  secrets:
  BOT_TOKEN:
  description: 'BOT_TOKEN from the caller workflow'
@@ -22,34 +28,38 @@ jobs:
  - run: sleep 30
  - uses: actions/checkout@v3
 
+ - name: Set up JDK 17
+ uses: actions/setup-java@v3
+ with:
+ java-version: 17
+ distribution: 'temurin'
+ cache: 'maven'
+
  - name: Get Reusable Script Files
  run: |
- curl -o $PWD/.github/get_draft_release.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.3.2/.github/get_draft_release.sh
- curl -o $PWD/.github/sign_artifact.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.3.2/.github/sign_artifact.sh
- curl -o $PWD/.github/upload_asset.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.3.2/.github/upload_asset.sh
+ curl -o $PWD/.github/get_draft_release.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.4.5/.github/get_draft_release.sh
+ curl -o $PWD/.github/sign_artifact.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.4.5/.github/sign_artifact.sh
+ curl -o $PWD/.github/upload_asset.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.4.5/.github/upload_asset.sh
  chmod +x $PWD/.github/get_draft_release.sh
  chmod +x $PWD/.github/sign_artifact.sh
  chmod +x $PWD/.github/upload_asset.sh
 
+ - name: Configure Git
+ run: |
+ git config user.name "liquibot"
+ git config user.email "liquibot@liquibase.org"
+
+ - name: Build release artifacts
+ id: build-release-artifacts
+ run: |
+ mvn -B release:clean release:prepare -Dusername=liquibot -Dpassword=$GITHUB_TOKEN -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DreleaseVersion=${{ github.event.inputs.liquibaseVersion }} -DpushChanges=false
+ git reset HEAD~ --hard
+ mvn clean install -DskipTests
+
  - name: Get Artifact ID
  id: get-artifact-id
  run: echo "artifact_id=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)" >> $GITHUB_ENV
 
- - name: Download artifact
- id: download-artifact
- uses: dawidd6/action-download-artifact@v2
- with:
- github_token: ${{secrets.BOT_TOKEN}}
- workflow: test.yml
- pr: ${{github.event.pull_request.number}}
- name: ${{ env.artifact_id }}-artifacts
- path: ./assets
- repo: ${{ github.repository }}
- check_artifacts: true
- skip_unpack: false
- if_no_artifact_found: fail
- workflow_conclusion: ""
-
  - name: Get Release Tag
  id: get-release-tag
  run: echo "release_tag=$(./.github/get_draft_release.sh TAG)" >> $GITHUB_ENV
@@ -64,7 +74,7 @@ jobs:
  tag: ${{ env.release_tag }}
  fail-if-no-assets: false
  fail-if-no-release: false
- assets: "${{ env.artifact_id }}-*"
+ assets: '*.*'
 
  - name: Import GPG key
  id: import_gpg
@@ -77,15 +87,30 @@ jobs:
  run: |
  gpg -K
  version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
- ./.github/sign_artifact.sh ./assets/${{ env.artifact_id }}-${version}.jar
- ./.github/sign_artifact.sh ./assets/${{ env.artifact_id }}-${version}.pom
- ./.github/sign_artifact.sh ./assets/${{ env.artifact_id }}-${version}-javadoc.jar
- ./.github/sign_artifact.sh ./assets/${{ env.artifact_id }}-${version}-sources.jar
+ ./.github/sign_artifact.sh ./target/${{ env.artifact_id }}-${version}.jar
+ ./.github/sign_artifact.sh ./target/${{ env.artifact_id }}-${version}.pom
+ ./.github/sign_artifact.sh ./target/${{ env.artifact_id }}-${version}-javadoc.jar
+ ./.github/sign_artifact.sh ./target/${{ env.artifact_id }}-${version}-sources.jar
 
  - name: Attach Files to Draft Release
  id: upload-release-asset
  run: ./.github/upload_asset.sh $(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
  env:
  GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
  ASSET_NAME_PREFIX: "${{ env.artifact_id }}-"
- ASSET_DIR: ./assets
+ ASSET_DIR: ./target
+
+ - name: Get upload_zip.sh Script File
+ if: inputs.zip == 'true'
+ run: |
+ curl -o $PWD/.github/upload_zip.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.4.5/.github/upload_zip.sh
+ chmod +x $PWD/.github/upload_zip.sh
+ 
+ - name: Attach Zip File to Draft Release
+ if: inputs.zip == 'true'
+ id: upload-release-zip
+ run: ./.github/upload_zip.sh $(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+ env:
+ GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
+ ASSET_NAME_PREFIX: "${{ env.artifact_id }}-"
+ ASSET_DIR: ./target
diff --git a/.github/workflows/extension-release-perform.yml b/.github/workflows/extension-release-perform.yml
diff --git a/.github/workflows/extension-release-prepare.yml b/.github/workflows/extension-release-prepare.yml
@@ -3,6 +3,10 @@ name: Prepare release
 on:
  workflow_call:
 
+permissions:
+ contents: write
+ pull-requests: write
+
 jobs:
  prepare-release:
  name: Prepare release
@@ -12,13 +16,16 @@ jobs:
  steps:
  - name: Checkout code
  uses: actions/checkout@v3
+ with:
+ ref: main
 
  - name: Set up JDK
  uses: actions/setup-java@v3
  with:
  java-version: 17
  distribution: 'temurin'
  cache: 'maven'
+ overwrite-settings: false
 
  - name: Configure Git
  run: |
@@ -27,7 +34,11 @@ jobs:
 
  - name: Prepare Maven Release
  run: |
- mvn -B release:clean release:prepare -Dusername=liquibot -Dpassword=$GITHUB_TOKEN -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DreleaseVersion=${{ github.event.inputs.liquibaseVersion }}
+ mvn -B build-helper:parse-version versions:set release:clean release:prepare \
+ -Dusername=liquibot -Dpassword=$GITHUB_TOKEN \
+ -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" \
+ -DdevelopmentVersion=\${parsedVersion.majorVersion}.\${parsedVersion.nextMinorVersion}.0-SNAPSHOT -DnewVersion=\${parsedVersion.majorVersion}.\${parsedVersion.nextMinorVersion}.\${parsedVersion.incrementalVersion} \
+ -DcheckModificationExcludeList=pom.xml
 
  - name: Save Release files
  uses: actions/upload-artifact@v3
@@ -36,3 +47,9 @@ jobs:
  path: |
  **/pom.xml.*
  **/release.properties
+
+ release-rollback:
+ needs: prepare-release
+ if: ${{ always() && contains(needs.*.result, 'failure') }}
+ uses: liquibase/build-logic/.github/workflows/extension-release-rollback.yml@v0.4.5
+ secrets: inherit