Skip to content

Build Github Actions CI pipeline #8698

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Nov 10, 2020
Merged

Build Github Actions CI pipeline #8698

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
7853e41
Build Github Actions CI pipeline
elliedori Sep 4, 2020
0044018
Remove unneeded comments from clean artifacts workflow
elliedori Sep 5, 2020
d6f0bdc
Make deployArtifacts and finalizeDeployArtifacts not run in parallel
ThomasVitale Sep 30, 2020
8b49052
Update snapshot command
eleftherias Nov 10, 2020
6401811
Use OSSRH token credentials in workflow
eleftherias Nov 10, 2020
0d7792e
Run CI on master branch
eleftherias Nov 10, 2020
5d4d780
Update the README badge to reflect the master branch
eleftherias Nov 10, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions .github/workflows/clean_build_artifacts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: Clean build artifacts
on:
schedule:
- cron: '0 10 * * *' # Once per day at 10am UTC

jobs:
main:
runs-on: ubuntu-latest
steps:
- name: Delete artifacts in cron job
env:
GH_ACTIONS_REPO_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
run: |
echo "Running clean build artifacts logic"
output=$(curl -X GET -H "Authorization: token $GH_ACTIONS_REPO_TOKEN" https://api.github.com/repos/spring-projects/spring-security/actions/artifacts | grep '"id"' | cut -d : -f2 | sed 's/,*$//g')
echo Output is $output
for id in $output; do curl -X DELETE -H "Authorization: token $GH_ACTIONS_REPO_TOKEN" https://api.github.com/repos/spring-projects/spring-security/actions/artifacts/$id; done;
282 changes: 282 additions & 0 deletions .github/workflows/continuous-integration-workflow.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,282 @@
name: CI

on:
push:
branches:
- master
schedule:
- cron: '0 10 * * *' # Once per day at 10am UTC

env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
COMMIT_OWNER: ${{ github.event.pusher.name }}
COMMIT_SHA: ${{ github.sha }}

jobs:
initiate_error_tracking:
name: Initiate job-level error tracking
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Initiate error tracking
uses: spring-projects/track-build-errors-action@v1
with:
job-name: "initiate-error-tracking"
- name: Export errors file
uses: actions/upload-artifact@v2
with:
name: errors
path: job-initiate-error-tracking.txt
build_jdk_8:
name: Build JDK 8
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 8
uses: actions/setup-java@v1
with:
java-version: '8'
- name: Cache Gradle packages
uses: actions/cache@v2
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
- name: Build with Gradle
run: |
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
./gradlew clean build --continue
- name: Track error step
uses: spring-projects/track-build-errors-action@v1
if: ${{ failure() }}
with:
job-name: ${{ github.job }}
- name: Export errors file
uses: actions/upload-artifact@v2
if: ${{ failure() }}
with:
name: errors
path: job-${{ github.job }}.txt
test_alternate_jdks:
name: Test JDK 11 and 12
runs-on: ubuntu-latest
strategy:
matrix:
jdk: [11, 12]
fail-fast: false
steps:
- uses: actions/checkout@v2
- name: Set up JDK ${{ matrix.jdk }}
uses: actions/setup-java@v1
with:
java-version: ${{ matrix.jdk }}
- name: Cache Gradle packages
uses: actions/cache@v2
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
- name: Test with Gradle
run: |
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
./gradlew test --stacktrace
- name: Track error step
uses: spring-projects/track-build-errors-action@v1
if: ${{ failure() }}
with:
job-name: ${{ github.job }}-${{ matrix.jdk }}
- name: Export errors file
uses: actions/upload-artifact@v2
if: ${{ failure() }}
with:
name: errors
path: job-${{ github.job }}-${{ matrix.jdk }}.txt
snapshot_tests:
name: Test against snapshots
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK
uses: actions/setup-java@v1
with:
java-version: '8'
- name: Snapshot Tests
run: |
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
./gradlew test --refresh-dependencies -PforceMavenRepositories=snapshot -PspringVersion='5.+' -PreactorVersion='20+' -PspringDataVersion='Neumann-BUILD-SNAPSHOT' -PrsocketVersion=1.1.0-SNAPSHOT -PspringBootVersion=2.4.0-SNAPSHOT -PlocksDisabled --stacktrace
- name: Track error step
uses: spring-projects/track-build-errors-action@v1
if: ${{ failure() }}
with:
job-name: ${{ github.job }}
- name: Export errors file
uses: actions/upload-artifact@v2
if: ${{ failure() }}
with:
name: errors
path: job-${{ github.job }}.txt
sonar_analysis:
name: Static Code Analysis
runs-on: ubuntu-latest
env:
SONAR_URL: ${{ secrets.SONAR_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
steps:
- uses: actions/checkout@v2
- name: Set up JDK
uses: actions/setup-java@v1
with:
java-version: '8'
- name: Run Sonar on given (non-master) branch
if: ${{ github.ref != 'refs/heads/master' }}
run: |
export BRANCH=${GITHUB_REF#refs/heads/}
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
./gradlew sonarqube -PexcludeProjects='**/samples/**' -Dsonar.projectKey="spring-security-${GITHUB_REF#refs/heads/}" -Dsonar.projectName="spring-security-${GITHUB_REF#refs/heads/}" -Dsonar.host.url="$SONAR_URL" -Dsonar.login="$SONAR_TOKEN" --stacktrace
- name: Run Sonar on master
if: ${{ github.ref == 'refs/heads/master' }}
run: |
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
./gradlew sonarqube -PexcludeProjects='**/samples/**' -Dsonar.host.url="$SONAR_URL" -Dsonar.login="$SONAR_TOKEN" --stacktrace
- name: Track error step
uses: spring-projects/track-build-errors-action@v1
if: ${{ failure() }}
with:
job-name: ${{ github.job }}
- name: Export errors file
uses: actions/upload-artifact@v2
if: ${{ failure() }}
with:
name: errors
path: job-${{ github.job }}.txt
deploy_artifacts:
name: Deploy Artifacts
needs: [build_jdk_8, test_alternate_jdks, snapshot_tests, sonar_analysis]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK
uses: actions/setup-java@v1
with:
java-version: '8'
- name: Deploy artifacts
run: |
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
export VERSION_HEADER=$'Version: GnuPG v2\n\n'
export ORG_GRADLE_PROJECT_signingKey=${GPG_PRIVATE_KEY#"$VERSION_HEADER"}
export ORG_GRADLE_PROJECT_signingPassword="$GPG_PASSPHRASE"
./gradlew deployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace --no-parallel
./gradlew finalizeDeployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace --no-parallel
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_TOKEN_USERNAME }}
OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_TOKEN_PASSWORD }}
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Track error step
uses: spring-projects/track-build-errors-action@v1
if: ${{ failure() }}
with:
job-name: ${{ github.job }}
- name: Export errors file
uses: actions/upload-artifact@v2
if: ${{ failure() }}
with:
name: errors
path: job-${{ github.job }}.txt
deploy_docs:
name: Deploy Docs
needs: [build_jdk_8, test_alternate_jdks, snapshot_tests, sonar_analysis]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK
uses: actions/setup-java@v1
with:
java-version: '8'
- name: Deploy Docs
run: |
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
./gradlew deployDocs -PdeployDocsSshKey="$DOCS_SSH_KEY" -PdeployDocsSshUsername="$DOCS_USERNAME" -PdeployDocsHost="$DOCS_HOST" --stacktrace
env:
DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }}
DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }}
DOCS_HOST: ${{ secrets.DOCS_HOST }}
- name: Track error step
uses: spring-projects/track-build-errors-action@v1
if: ${{ failure() }}
with:
job-name: ${{ github.job }}
- name: Export errors file
uses: actions/upload-artifact@v2
if: ${{ failure() }}
with:
name: errors
path: job-${{ github.job }}.txt
deploy_schema:
name: Deploy Schema
needs: [build_jdk_8, test_alternate_jdks, snapshot_tests, sonar_analysis]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK
uses: actions/setup-java@v1
with:
java-version: '8'
- name: Deploy Schema
run: |
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
./gradlew deploySchema -PdeployDocsSshKey="$DOCS_SSH_KEY" -PdeployDocsSshUsername="$DOCS_USERNAME" -PdeployDocsHost="$DOCS_HOST" --stacktrace --info
env:
DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }}
DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }}
DOCS_HOST: ${{ secrets.DOCS_HOST }}
- name: Track error step
uses: spring-projects/track-build-errors-action@v1
if: ${{ failure() }}
with:
job-name: ${{ github.job }}
- name: Export errors file
uses: actions/upload-artifact@v2
if: ${{ failure() }}
with:
name: errors
path: job-${{ github.job }}.txt
notify_result:
name: Check for failures
needs: [build_jdk_8, test_alternate_jdks, snapshot_tests, sonar_analysis, deploy_artifacts, deploy_docs, deploy_schema]
if: always()
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Download errors folder
uses: actions/download-artifact@v2
with:
name: errors
- name: Send Slack message
uses: spring-projects/notify-slack-errors-action@v1
with:
slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
branch-name: ${{ github.ref }}
commit-sha: ${{ github.sha }}
commit-owner: ${{ github.actor }}
repo-name: ${{ github.repository }}
run-id: ${{ github.run_id }}
Loading