From a30e8dee7854867573a1a5b96619cdedb6b55083 Mon Sep 17 00:00:00 2001 From: Simon Templer Date: Mon, 25 Mar 2024 23:49:55 +0100 Subject: [PATCH] feat!: support semantic release for Gradle libraries BREAKING CHANGE: Configuration of Gradle tasks to run now split into two different inputs. --- .github/workflows/gradle-library-check.yml | 2 +- .github/workflows/gradle-library-publish.yml | 23 +++- .github/workflows/gradle-library.yml | 108 ++++++++++++++++++- 3 files changed, 124 insertions(+), 9 deletions(-) diff --git a/.github/workflows/gradle-library-check.yml b/.github/workflows/gradle-library-check.yml index 76c4c4e..fce6682 100644 --- a/.github/workflows/gradle-library-check.yml +++ b/.github/workflows/gradle-library-check.yml @@ -22,7 +22,7 @@ jobs: check: uses: ./.github/workflows/gradle-library.yml with: - gradle-tasks: ${{ inputs.gradle-tasks != '' && inputs.gradle-tasks || 'clean check' }} + build-tasks: ${{ inputs.gradle-tasks != '' && inputs.gradle-tasks || 'clean check' }} java-version: ${{ inputs.java-version }} multi-module: ${{ inputs.multi-module }} notify-failure: false diff --git a/.github/workflows/gradle-library-publish.yml b/.github/workflows/gradle-library-publish.yml index da09e2e..46f00ce 100644 --- a/.github/workflows/gradle-library-publish.yml +++ b/.github/workflows/gradle-library-publish.yml @@ -9,21 +9,38 @@ on: description: If this is a multi-module project type: boolean default: false - gradle-tasks: - description: Custom Gradle tasks to run + build-tasks: + description: Custom Gradle tasks to run for building and verification required: false type: string default: '' + publish-tasks: + description: Custom Gradle tasks to run for publishing + required: false + type: string + default: '' + semantic-release: + description: State if a release should be created using semantic-release if applicable + default: false + type: boolean + semantic-release-dryrun: + description: If semantic release should do a dryrun + default: false + type: boolean secrets: WETF_ARTIFACTORY_USER: WETF_ARTIFACTORY_PASSWORD: SLACK_NOTIFICATIONS_BOT_TOKEN: + SEMANTIC_RELEASE_GITHUB_TOKEN: jobs: publish: uses: ./.github/workflows/gradle-library.yml with: - gradle-tasks: ${{ inputs.gradle-tasks != '' && inputs.gradle-tasks || 'clean check publishAllPublicationsToMavenRepository' }} + build-tasks: ${{ inputs.build-tasks != '' && inputs.build-tasks || 'clean check' }} + publish-tasks: ${{ inputs.publish-tasks != '' && inputs.publish-tasks || 'publishAllPublicationsToMavenRepository' }} java-version: ${{ inputs.java-version }} multi-module: ${{ inputs.multi-module }} + semantic-release: ${{ inputs.semantic-release }} + semantic-release-dryrun: ${{ inputs.semantic-release-dryrun }} secrets: inherit diff --git a/.github/workflows/gradle-library.yml b/.github/workflows/gradle-library.yml index 11d3307..c297104 100644 --- a/.github/workflows/gradle-library.yml +++ b/.github/workflows/gradle-library.yml @@ -1,10 +1,23 @@ on: workflow_call: inputs: - gradle-tasks: - description: Tasks to run + build-tasks: + description: Gradle tasks to run for building and verifying the project required: true type: string + publish-tasks: + description: Gradle tasks to run for publishing the project + required: false + default: '' + type: string + semantic-release: + description: State if a release should be created using semantic-release if applicable + default: false + type: boolean + semantic-release-dryrun: + description: If semantic release should do a dryrun + default: false + type: boolean java-version: description: Java version to use for build required: true @@ -14,7 +27,7 @@ on: default: true type: boolean skip-build: - description: Skip build and only scan vulnerabilities + description: Skip build/publishing and only scan vulnerabilities default: false type: boolean expect-tests: @@ -58,13 +71,15 @@ on: DOCKER_HUB_PASSWORD: DOCKER_HUB_EMAIL: SLACK_NOTIFICATIONS_BOT_TOKEN: + SEMANTIC_RELEASE_GITHUB_TOKEN: jobs: run: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: ${{ inputs.submodules }} @@ -121,7 +136,7 @@ jobs: ORG_GRADLE_PROJECT_dockerHubPassword: ${{ secrets.DOCKER_HUB_PASSWORD }} ORG_GRADLE_PROJECT_dockerHubEmail: ${{ secrets.DOCKER_HUB_EMAIL }} ORG_GRADLE_PROJECT_dockerHost: "unix:///var/run/docker.sock" - run: ./gradlew ${{ inputs.gradle-tasks }} + run: ./gradlew ${{ inputs.build-tasks }} - name: Upload Gradle test reports uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 @@ -144,6 +159,89 @@ jobs: junit-test-output: "${{ inputs.multi-module && 'trivy-gha-scan/build/test-results/trivy.xml' || 'build/test-results/trivy.xml' }}" # added to unit test report report-retention-days: 30 + # + # Publish or release + # + # This is done before the test report because currently we allow publishing + # even if there are open issues from the scan. + # + + - name: Install NodeJs + if: ${{ !inputs.skip-build && inputs.publish-tasks != '' && inputs.semantic-release }} + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + with: + node-version: 20 + + - name: Release with semantic-release + id: release + if: ${{ !inputs.skip-build && inputs.publish-tasks != '' && inputs.semantic-release }} + uses: cycjimmy/semantic-release-action@61680d0e9b02ff86f5648ade99e01be17f0260a4 # v4.0.0 + env: + # Permissions needed + # contents: write + # issues: write + # pull-requests: write + GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_GITHUB_TOKEN }} + GIT_AUTHOR_NAME: wetransform Bot + GIT_AUTHOR_EMAIL: 113353961+wetransformer@users.noreply.github.com + GIT_COMMITTER_NAME: wetransform Bot + GIT_COMMITTER_EMAIL: 113353961+wetransformer@users.noreply.github.com + RUNNER_DEBUG: 1 + + # Plugin versions + + # renovate: datasource=npm depName=@semantic-release/changelog + SEMANTIC_RELEASE_CHANGELOG_VERSION: 6.0.3 + + # renovate: datasource=npm depName=@semantic-release/exec + SEMANTIC_RELEASE_EXEC_VERSION: 6.0.3 + + # renovate: datasource=npm depName=@semantic-release/git + SEMANTIC_RELEASE_GIT_VERSION: 10.0.1 + + # renovate: datasource=npm depName=conventional-changelog-conventionalcommits + CONVENTIONAL_CHANGELOG_CONVENTIONALCOMMITS_VERSION: 7.0.2 + + # Tasks as environment variable + PUBLISH_TASKS: ${{ inputs.publish-tasks }} + # Mark as release despite repo being dirty during build + RELEASE: 'true' + + # For Gradle execution + ORG_GRADLE_PROJECT_wetfArtifactoryUser: ${{ secrets.WETF_ARTIFACTORY_USER }} + ORG_GRADLE_PROJECT_wetfArtifactoryPassword: ${{ secrets.WETF_ARTIFACTORY_PASSWORD }} + JAVA_TOOL_OPTIONS: ${{ inputs.java-options }} + with: + dry_run: ${{ inputs.semantic-release-dryrun }} + semantic_version: 23.0.5 + + extra_plugins: + "@semantic-release/changelog@\ + ${{ env.SEMANTIC_RELEASE_CHANGELOG_VERSION }} \ + @semantic-release/exec@\ + ${{ env.SEMANTIC_RELEASE_EXEC_VERSION }} \ + @semantic-release/git@\ + ${{ env.SEMANTIC_RELEASE_GIT_VERSION }} \ + conventional-changelog-conventionalcommits@\ + ${{ env.CONVENTIONAL_CHANGELOG_CONVENTIONALCOMMITS_VERSION }} \ + " + + # Run normal publishing if releasing is not enabled or if no release was created + - name: Publish with Gradle + if: ${{ !inputs.skip-build && inputs.publish-tasks != '' && (!inputs.semantic-release || steps.release.outputs.new_release_published == 'false' ) }} + env: + # For Gradle execution + ORG_GRADLE_PROJECT_wetfArtifactoryUser: ${{ secrets.WETF_ARTIFACTORY_USER }} + ORG_GRADLE_PROJECT_wetfArtifactoryPassword: ${{ secrets.WETF_ARTIFACTORY_PASSWORD }} + JAVA_TOOL_OPTIONS: ${{ inputs.java-options }} + + # e.g. for pulling images for testcontainers + # ORG_GRADLE_PROJECT_dockerHubUsername: ${{ secrets.DOCKER_HUB_USERNAME }} + # ORG_GRADLE_PROJECT_dockerHubPassword: ${{ secrets.DOCKER_HUB_PASSWORD }} + # ORG_GRADLE_PROJECT_dockerHubEmail: ${{ secrets.DOCKER_HUB_EMAIL }} + # ORG_GRADLE_PROJECT_dockerHost: "unix:///var/run/docker.sock" + run: ./gradlew ${{ inputs.publish-tasks }} + # # Report on unit tests and critical vulnerabilities #