Skip to content

Added publishing tasks to the build #124

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Oct 16, 2025
Merged

Added publishing tasks to the build #124

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
a0c20c3
Added publishing tasks to the build
rozza Sep 4, 2025
20ca741
Merge branch 'main' into H81
rozza Sep 11, 2025
127e4ef
Update .evergreen/publish.sh
rozza Sep 29, 2025
99fcda2
Undo some documentation changes, exclude some packages
stIncMale Sep 26, 2025
dee169c
Normalize shell scripts shebang
rozza Sep 29, 2025
7660fd7
Added java version comment for the javadoc
rozza Sep 29, 2025
afed3b1
Update the package javadoc
rozza Sep 29, 2025
a6f8aca
Update src/main/java/com/mongodb/hibernate/annotations/package-info.java
rozza Sep 29, 2025
142c5e4
Merge branch 'main' into H81
rozza Sep 29, 2025
78acc90
Add more javadoc links, deal with the warnings
stIncMale Oct 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 55 additions & 3 deletions .evergreen/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ functions:

bootstrap-mongo-orchestration:
- command: subprocess.exec
type: test
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are evergreen validation fixes related to errors produced on line 96 and on line 110 & 124

params:
binary: bash
include_expansions_in_env:
Expand All @@ -54,6 +55,7 @@ functions:
- ${DRIVERS_TOOLS}/.evergreen/run-orchestration.sh
# run-orchestration generates expansion file with the MONGODB_URI for the cluster
- command: expansions.update
type: test
params:
file: mo-expansion.yml

Expand Down Expand Up @@ -93,11 +95,11 @@ post:
#######################################
tasks:
- name: static-analysis
type: test
tags:
- pr
commands:
- command: subprocess.exec
type: test
params:
working_dir: src
binary: bash
Expand All @@ -107,11 +109,11 @@ tasks:
- static-checks.sh

- name: run-unit-tests
type: test
tags:
- pr
commands:
- command: subprocess.exec
type: test
params:
working_dir: src
binary: bash
Expand All @@ -121,12 +123,12 @@ tasks:
- run-unit-tests.sh

- name: run-integration-tests
type: test
tags:
- pr
commands:
- func: bootstrap-mongo-orchestration
- command: subprocess.exec
type: test
params:
working_dir: src
binary: bash
Expand All @@ -135,6 +137,44 @@ tasks:
args:
- run-integration-tests.sh

- name: publish-snapshot
depends_on:
- variant: static-checks
name: static-analysis
commands:
- command: subprocess.exec
params:
working_dir: src
binary: bash
add_to_path:
- .evergreen
env:
NEXUS_USERNAME: ${nexus_username}
NEXUS_PASSWORD: ${nexus_password}
SIGNING_PASSWORD: ${signing_password}
SIGNING_KEY: ${signing_key}
RELEASE: "false"
args:
- .evergreen/publish.sh

- name: publish-release
git_tag_only: true
commands:
- command: subprocess.exec
params:
working_dir: src
binary: bash
add_to_path:
- .evergreen
env:
NEXUS_USERNAME: ${nexus_username}
NEXUS_PASSWORD: ${nexus_password}
SIGNING_PASSWORD: ${signing_password}
SIGNING_KEY: ${signing_key}
RELEASE: "true"
args:
- .evergreen/publish.sh

########################################
# Axes #
########################################
Expand Down Expand Up @@ -199,3 +239,15 @@ buildvariants:
- pr
tasks:
- name: run-integration-tests

- name: publish-snapshot
display_name: "Publish Snapshot"
run_on: rhel80-small
tasks:
- name: publish-snapshot

- name: publish-release
display_name: "Publish Release"
run_on: rhel80-small
tasks:
- name: publish-release
28 changes: 28 additions & 0 deletions .evergreen/publish.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#!/bin/bash

# DO NOT ECHO COMMANDS AS THEY CONTAIN SECRETS!

set -o errexit # Exit the script with error if any of the commands fail

############################################
# Main Program #
############################################
source java-config.sh

RELEASE=${RELEASE:false}

export ORG_GRADLE_PROJECT_nexusUsername=${NEXUS_USERNAME}
export ORG_GRADLE_PROJECT_nexusPassword=${NEXUS_PASSWORD}
export ORG_GRADLE_PROJECT_signingKey="${SIGNING_KEY}"
export ORG_GRADLE_PROJECT_signingPassword=${SIGNING_PASSWORD}

if [ "$RELEASE" == "true" ]; then
TASK="publishArchives closeSonatypeStagingRepository" # TODO - update to closeAndReleaseSonatypeStagingRepository
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This allows for inspection in the maven central portal to manually release.
Eventually this should be updated to automatic close and release via the closeAndReleaseSonatypeStagingRepository commands.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this TODO is something we cannot do now, but should do in the future, then

  1. Let's create a corresponding Jira task, which explains what needs to be done, and addresses when it should be done, as "eventually" is unclear.
  2. Then, if, for example, there is a need to point to a specific line in the codebase, and say that the line is to be changed when working on the task, we should leave a note in the following format: TODO-<HIBERNATE ticket ID> <the text of the note>. Example:

    mongo-hibernate/src/main/java/com/mongodb/hibernate/internal/extension/service/StandardServiceRegistryScopedState.java

    Line 95 in 1396799

    // TODO-HIBERNATE-43 `LOGGER.debug("{} is not detected", ...)`
    .
  3. Leave a note in the description of the ticket, reminding the assignee about the related TODO notes in the code: "Addressing the source code notes tagged with TODO- is in scope of this ticket.". Example: see the description of https://jira.mongodb.org/browse/HIBERNATE-43.

The approach described above was agreed to previously, and is used consistently throughout this codebase and HIBERNATE tickets.

Copy link
Member Author

@rozza rozza Sep 29, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done - added HIBERNATE-128 to track.

else
TASK="publishSnapshots"
fi

SYSTEM_PROPERTIES="-Dorg.gradle.internal.publish.checksums.insecure=true"

./gradlew -version
./gradlew ${SYSTEM_PROPERTIES} --stacktrace --info ${TASK}
22 changes: 22 additions & 0 deletions .github/workflows/bump-and-tag.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/usr/bin/env bash
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy and paste from the java repo

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's decide to use either #!/usr/bin/env bash or #!/bin/bash, and use only one variant in all Bash scripts. I see claims that the first variant is more portable (https://stackoverflow.com/a/10383546/1285873), but also "poses a privilege escalation security threat "

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Opted to use #!/usr/bin/env bash for portability.

The idea of a privilege escalation security threat when executing
a bash script with such a shebang, requires the user to manipulate
the PATH - so realistically the security of the system would have
already been compromised.

set -e

if [ "$#" -ne 3 ]; then
echo "Usage: $0 <current version> <release version> <next version>" >&2
exit 1
fi

CURRENT_VERSION=$1
RELEASE_VERSION=$2
NEXT_VERSION=$3

SCRIPT_DIR=$(dirname ${BASH_SOURCE[0]})

echo "Bump version in gradle.properties to ${RELEASE_VERSION}"
${SCRIPT_DIR}/bump-version.sh "${RELEASE_VERSION_WITHOUT_SUFFIX}-SNAPSHOT" "${RELEASE_VERSION}"

echo "Create release tag for ${RELEASE_VERSION}"
git tag -a -m "${RELEASE_VERSION}" r${RELEASE_VERSION}

echo "Bump to snapshot version for ${NEXT_VERSION}"
${SCRIPT_DIR}/bump-version.sh "${RELEASE_VERSION}" "${NEXT_VERSION}-SNAPSHOT"
13 changes: 13 additions & 0 deletions .github/workflows/bump-version.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!/usr/bin/env bash
set -e

if [ "$#" -ne 2 ]; then
echo "Usage: $0 <old version> <new version>" >&2
exit 1
fi

FROM_VERSION=$1
TO_VERSION=$2

sed --in-place "s/version=${FROM_VERSION}/version=${TO_VERSION}/g" gradle.properties
git commit -m "Version: bump ${TO_VERSION}" gradle.properties
139 changes: 139 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
name: "Release New Version"
run-name: "Release ${{ inputs.version }}"

on:
workflow_dispatch:
inputs:
version:
description: "The version to be released (e.g. 1.2.3)"
required: true
type: "string"

jobs:
prepare-release:
environment: release
name: "Prepare release"
runs-on: ubuntu-latest
permissions:
# Write permission for id-token is necessary to generate a new token for the GitHub App
id-token: write
# Write permission for contents is to ensure we're allowed to push to the repository
contents: write

steps:
- name: "Create release output"
run: echo '🎬 Release process for version ${{ env.RELEASE_VERSION }} started by @${{ github.triggering_actor }}' >> $GITHUB_STEP_SUMMARY

- uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
with:
app_id: ${{ vars.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}

- name: "Store version numbers in env variables"
# The awk command to increase the version number was copied from
# StackOverflow: https://stackoverflow.com/a/61921674/3959933
# Variables set here:
# RELEASE_VERSION: The version the deployment is expected to create
# RELEASE_VERSION_WITHOUT_SUFFIX: The version without any stability
# suffixes. Example: 5.2.0-beta0 => 5.2.0
# NEXT_VERSION: The next version to be released. For pre-releases, the
# next version is a snapshot of the pre-release version. Examples:
# 5.2.0 => 5.2.1; 5.2.0-beta0 => 5.2.0
# RELEASE_BRANCH: The name of the stable branch for this release series
# Example: 5.2.0 => 5.2.x
# Example: 5.2.0-beta1 => <current branch>
run: |
echo RELEASE_VERSION=${{ inputs.version }} >> $GITHUB_ENV
echo RELEASE_VERSION_WITHOUT_SUFFIX=$(echo ${{ inputs.version }} | awk -F- '{print $1}') >> $GITHUB_ENV
if [[ "${{ inputs.version }}" =~ (alpha|beta|rc)[0-9]+$ ]]; then
echo NEXT_VERSION=$(echo ${{ inputs.version }} | awk -F- '{print $1}') >> $GITHUB_ENV
echo RELEASE_BRANCH=${{ github.ref_name }} >> $GITHUB_ENV
else
echo NEXT_VERSION=$(echo ${{ inputs.version }} | awk -F. -v OFS=. '{$NF += 1 ; print}') >> $GITHUB_ENV
echo RELEASE_BRANCH=$(echo ${{ inputs.version }} | awk -F. -v OFS=. '{$NF = "x" ; print}') >> $GITHUB_ENV
fi

- name: "Ensure current snapshot version matches release version"
run: |
grep -q "version=${{ env.RELEASE_VERSION_WITHOUT_SUFFIX }}-SNAPSHOT" gradle.properties
if [[ $? != 0 ]]; then
echo '❌ Release failed: version in gradle.properties is not a snapshot for release version ${{ inputs.version }}' >> $GITHUB_STEP_SUMMARY
exit 1
fi

- name: "Ensure release tag does not already exist"
run: |
if [[ $(git tag -l r${{ env.RELEASE_VERSION }}) == r${{ env.RELEASE_VERSION }} ]]; then
echo '❌ Release failed: tag for version ${{ inputs.version }} already exists' >> $GITHUB_STEP_SUMMARY
exit 1
fi

# For patch releases (A.B.C where C != 0), we expect the release to be
# triggered from the A.B.x maintenance branch. We use the release version
# without suffixes to avoid mistakes when making pre-releases
- name: "Fail if patch release is created from wrong release branch"
if: ${{ !endsWith(env.RELEASE_VERSION_WITHOUT_SUFFIX, '.0') && env.RELEASE_BRANCH != github.ref_name }}
run: |
echo '❌ Release failed due to branch mismatch: expected ${{ inputs.version }} to be released from ${{ env.RELEASE_BRANCH }}, got ${{ github.ref_name }}' >> $GITHUB_STEP_SUMMARY
exit 1

# For non-patch releases (A.B.C where C == 0), we expect the release to
# be triggered from main or the A.B.x maintenance branch. This includes
# pre-releases for any non-patch releases, e.g. 5.2.0-beta1
- name: "Fail if non-patch release is created from wrong release branch"
if: ${{ endsWith(env.RELEASE_VERSION_WITHOUT_SUFFIX, '.0') && env.RELEASE_BRANCH != github.ref_name && github.ref_name != 'main' }}
run: |
echo '❌ Release failed due to branch mismatch: expected ${{ inputs.version }} to be released from ${{ env.RELEASE_BRANCH }} or main, got ${{ github.ref_name }}' >> $GITHUB_STEP_SUMMARY
exit 1

# Set commit author information to the user that triggered the release workflow
- name: "Set git author information"
run: |
GITHUB_USER_NAME=$(gh api users/${{ github.actor }} --jq '.name')
GITHUB_USER_ID=$(gh api users/${{ github.actor }} --jq '.id')
git config user.name "${GITHUB_USER_NAME}"
git config user.email "${GITHUB_USER_ID}+${{ github.actor }}@users.noreply.github.com"

# If a non-patch release is created from a branch other than its
# maintenance branch, create that branch from the current one and push it
# Pre-releases don't have this behaviour, so we can check the full release
# version including stability suffixes to exclude those
- name: "Create new release branch for non-patch release"
if: ${{ endsWith(env.RELEASE_VERSION, '.0') && env.RELEASE_BRANCH != github.ref_name }}
run: |
echo '🆕 Creating new release branch ${{ env.RELEASE_BRANCH }} from ${{ github.ref_name }}' >> $GITHUB_STEP_SUMMARY
git checkout -b ${{ env.RELEASE_BRANCH }}
NEXT_MINOR_VERSION=$(echo "${{ env.RELEASE_VERSION }}" | awk -F. -v OFS=. '{$2 += 1 ; $NF = 0 ; print}')
echo "➡️ Bumping version for ${{ github.ref_name }} branch to ${NEXT_MINOR_VERSION}" >> $GITHUB_STEP_SUMMARY
git checkout ${{ github.ref_name }}
.github/workflows/bump-version.sh "${{ env.RELEASE_VERSION_WITHOUT_SUFFIX }}-SNAPSHOT" "${NEXT_MINOR_VERSION}-SNAPSHOT"
git push origin ${{ github.ref_name }}
git checkout ${{ env.RELEASE_BRANCH }}

# This step bumps version numbers in gradle.properties and creates git artifacts for the release
- name: "Bump version numbers and create release tag"
run: .github/workflows/bump-and-tag.sh "${{ env.RELEASE_VERSION_WITHOUT_SUFFIX }}" "${{ env.RELEASE_VERSION }}" "${{ env.NEXT_VERSION }}"

- name: "Push release branch and tag"
run: |
git push origin ${{ env.RELEASE_BRANCH }}
git push origin r${{ env.RELEASE_VERSION }}

- name: "Create draft release with generated changelog"
run: |
if [[ "${{ inputs.version }}" =~ (alpha|beta|rc) ]]; then
PRERELEASE="--prerelease --latest=false"
fi
echo "RELEASE_URL=$(\
gh release create r${RELEASE_VERSION} \
${PRERELEASE} \
--target ${{ env.RELEASE_BRANCH }} \
--title "Java Driver ${{ env.RELEASE_VERSION }} ($(date '+%B %d, %Y'))" \
--generate-notes \
--draft\
)" >> "$GITHUB_ENV"

- name: "Set summary"
run: |
echo '🚀 Created tag and drafted release for version [${{ env.RELEASE_VERSION }}](${{ env.RELEASE_URL }})' >> $GITHUB_STEP_SUMMARY
echo '✍️ You may now update the release notes and publish the release when ready' >> $GITHUB_STEP_SUMMARY
Loading