diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml index 6ea76fd783a..0a9b6632cc6 100644 --- a/.github/workflows/maven-publish.yml +++ b/.github/workflows/maven-publish.yml @@ -19,10 +19,14 @@ jobs: id-token: write contents: write + # Set credentials once at the job level + env: + SNAPSHOT_REPO_URL: https://aws.oss.sonatype.org/content/repositories/snapshots/ + steps: - uses: actions/setup-java@v3 with: - distribution: temurin # Temurin is a distribution of adoptium + distribution: temurin java-version: 21 - uses: actions/checkout@v3 - uses: aws-actions/configure-aws-credentials@v1.7.0 @@ -30,33 +34,178 @@ jobs: role-to-assume: ${{ secrets.PUBLISH_SNAPSHOTS_ROLE }} aws-region: us-east-1 - # Create the initial direct-query directory structure - - name: Create direct-query directory structure in repository + # Get and mask credentials once in a dedicated step + - name: Setup publishing credentials + id: creds run: | - # Get credentials for publishing - export SONATYPE_USERNAME=$(aws secretsmanager get-secret-value --secret-id maven-snapshots-username --query SecretString --output text) - export SONATYPE_PASSWORD=$(aws secretsmanager get-secret-value --secret-id maven-snapshots-password --query SecretString --output text) + SONATYPE_USERNAME=$(aws secretsmanager get-secret-value --secret-id maven-snapshots-username --query SecretString --output text) + SONATYPE_PASSWORD=$(aws secretsmanager get-secret-value --secret-id maven-snapshots-password --query SecretString --output text) echo "::add-mask::$SONATYPE_USERNAME" echo "::add-mask::$SONATYPE_PASSWORD" + echo "SONATYPE_USERNAME=$SONATYPE_USERNAME" >> $GITHUB_ENV + echo "SONATYPE_PASSWORD=$SONATYPE_PASSWORD" >> $GITHUB_ENV + + # Capture the commit ID for metadata purposes + - name: Set commit ID + id: set_commit + run: | + COMMIT_ID=$(git log -1 --format='%H') + echo "commit_id=${COMMIT_ID}" >> $GITHUB_OUTPUT + echo "Using commit ID: ${COMMIT_ID}" + + # Extract version information from build.gradle + - name: Extract version from build.gradle + id: extract_version + run: | + # Extract the base OpenSearch version from build.gradle + OPENSEARCH_VERSION=$(grep -o 'opensearch_version = System.getProperty("opensearch.version", "[^"]*' build.gradle | sed 's/.*"\(.*\)"/\1/') + + # Extract the base version without snapshot or other qualifiers + BASE_VERSION=$(echo $OPENSEARCH_VERSION | cut -d'-' -f1) + + # OpenSearch SQL version follows pattern: .0 + VERSION="${BASE_VERSION}.0" + + # Check if it's a snapshot (true by default in build.gradle) + IS_SNAPSHOT=$(grep -o 'isSnapshot = "[^"]*' build.gradle | sed 's/.*"\(.*\)"/\1/') + if [[ "$IS_SNAPSHOT" == "true" ]]; then + VERSION="${VERSION}-SNAPSHOT" + fi + + # Check for version qualifier + BUILD_VERSION_QUALIFIER=$(grep -o 'buildVersionQualifier = System.getProperty("build.version_qualifier", "[^"]*' build.gradle | sed 's/.*"\(.*\)"/\1/') + if [[ -n "$BUILD_VERSION_QUALIFIER" ]]; then + # Insert qualifier before -SNAPSHOT if present + if [[ "$VERSION" == *"-SNAPSHOT"* ]]; then + VERSION="${VERSION/-SNAPSHOT/}" + VERSION="${VERSION}-${BUILD_VERSION_QUALIFIER}-SNAPSHOT" + else + VERSION="${VERSION}-${BUILD_VERSION_QUALIFIER}" + fi + fi + + echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT + echo "Extracted version: ${VERSION}" + + - name: Build and publish shadow JAR + run: | + # Build the shadow JAR + ./gradlew :async-query-core:shadowJar + + # Define constants + ARTIFACT_ID="async-query-core" + DIR_NAME="direct-query" + GROUP_PATH="org/opensearch" + VERSION="${{ steps.extract_version.outputs.VERSION }}" + + # Find the generated shadow JAR + SHADOW_JAR=$(find ./async-query-core/build/libs/ -name "*-all.jar" | head -n 1) + + if [ -z "$SHADOW_JAR" ]; then + echo "Error: Shadow JAR not found!" + exit 1 + fi + + # Create directory structure in local Maven repository + MAVEN_LOCAL_PATH="${HOME}/.m2/repository/${GROUP_PATH}/${DIR_NAME}/${VERSION}" + mkdir -p "${MAVEN_LOCAL_PATH}" + + # Copy the shadow JAR to the local Maven repository with proper naming + MAVEN_JAR_NAME="${ARTIFACT_ID}-${VERSION}.jar" + cp "${SHADOW_JAR}" "${MAVEN_LOCAL_PATH}/${MAVEN_JAR_NAME}" + + # Generate a POM file + cat > "${MAVEN_LOCAL_PATH}/${ARTIFACT_ID}-${VERSION}.pom" << EOF + + + 4.0.0 + org.opensearch + ${ARTIFACT_ID} + ${VERSION} + + EOF + + echo "Shadow JAR and POM published to local Maven repository for version ${VERSION}" + + # Checkout opensearch-build-libraries repository for publishing scripts + - uses: actions/checkout@v4 + with: + repository: 'opensearch-project/opensearch-build-libraries' + path: 'build' + + - name: Generate SHA checksums for JAR and POM files + run: | + for i in `find ${HOME}/.m2/repository/org/opensearch/ -name "*.pom" -type f`; do sha512sum "$i" | awk '{print $1}' >> "$i.sha512"; done + for i in `find ${HOME}/.m2/repository/org/opensearch/ -name "*.jar" -type f`; do sha512sum "$i" | awk '{print $1}' >> "$i.sha512"; done + for i in `find ${HOME}/.m2/repository/org/opensearch/ -name "*.pom" -type f`; do sha256sum "$i" | awk '{print $1}' >> "$i.sha256"; done + for i in `find ${HOME}/.m2/repository/org/opensearch/ -name "*.jar" -type f`; do sha256sum "$i" | awk '{print $1}' >> "$i.sha256"; done + + - name: Install XML tools + run: sudo apt-get update && sudo apt-get install -y xmlstarlet + + - name: Publish snapshots to maven + run: | + # Publish snapshots to maven + cd build/resources/publish/ + cp -a $HOME/.m2/repository/* ./ + ./publish-snapshot.sh ./ + + - name: Update version metadata with commit ID + run: | + COMMIT_ID="${{ steps.set_commit.outputs.commit_id }}" + DIR_NAME="direct-query" + + VERSION="${{ steps.extract_version.outputs.VERSION }}" + + # Add commit ID to version-specific metadata file + echo "Processing commit ID for version: ${VERSION}" - # Create a placeholder file TEMP_DIR=$(mktemp -d) - echo "Directory placeholder - $(date)" > "${TEMP_DIR}/.placeholder" + METADATA_FILE="${TEMP_DIR}/maven-metadata.xml" + + # Download metadata from repository + META_URL="${SNAPSHOT_REPO_URL}org/opensearch/${DIR_NAME}/${VERSION}/maven-metadata.xml" + echo "Downloading metadata from ${META_URL}" + + # Try to download the metadata file + curl -s -u "${SONATYPE_USERNAME}:${SONATYPE_PASSWORD}" -o "${METADATA_FILE}" "${META_URL}" - # Upload the placeholder file to create the directory structure - echo "Creating initial directory structure..." - curl -X PUT -u "${SONATYPE_USERNAME}:${SONATYPE_PASSWORD}" \ - --upload-file "${TEMP_DIR}/.placeholder" \ - "https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/direct-query/.placeholder" + # If successful, modify and upload back + if [ -s "${METADATA_FILE}" ]; then + echo "Modifying metadata for ${VERSION}" + cp "${METADATA_FILE}" "${METADATA_FILE}.bak" + + awk -v commit="${COMMIT_ID}" ' + // { + print $0 + print " " commit "" + next + } + {print} + ' "${METADATA_FILE}.bak" > "${METADATA_FILE}" + + # Upload modified file back + curl -X PUT -u "${SONATYPE_USERNAME}:${SONATYPE_PASSWORD}" --upload-file "${METADATA_FILE}" "${META_URL}" + + # Update the SHA checksums (the publishing script might not have created these) + cd "${TEMP_DIR}" + sha256sum "maven-metadata.xml" | awk '{print $1}' > "maven-metadata.xml.sha256" + sha512sum "maven-metadata.xml" | awk '{print $1}' > "maven-metadata.xml.sha512" + + # Upload the checksums + curl -X PUT -u "${SONATYPE_USERNAME}:${SONATYPE_PASSWORD}" --upload-file "maven-metadata.xml.sha256" "${META_URL}.sha256" + curl -X PUT -u "${SONATYPE_USERNAME}:${SONATYPE_PASSWORD}" --upload-file "maven-metadata.xml.sha512" "${META_URL}.sha512" + cd - + + echo "Updated metadata and checksums for ${VERSION}" + else + echo "Failed to download metadata for ${VERSION}" + exit 1 + fi # Clean up rm -rf "${TEMP_DIR}" - echo "Directory structure created" - - - name: publish snapshots to maven - run: | - export SONATYPE_USERNAME=$(aws secretsmanager get-secret-value --secret-id maven-snapshots-username --query SecretString --output text) - export SONATYPE_PASSWORD=$(aws secretsmanager get-secret-value --secret-id maven-snapshots-password --query SecretString --output text) - echo "::add-mask::$SONATYPE_USERNAME" - echo "::add-mask::$SONATYPE_PASSWORD" - ./gradlew publishPluginZipPublicationToSnapshotsRepository + + echo "Version metadata updated with commit ID" \ No newline at end of file