Merge pull request #758 from Alfresco/dependabot/maven/org.codehaus.m… #4735
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Alfresco Connector for Hyland Experience Insight CI | |
on: | |
pull_request: | |
branches: | |
- feature/** | |
- fix/** | |
- master | |
- release/** | |
push: | |
branches: | |
- feature/** | |
- fix/** | |
- master | |
- release/** | |
env: | |
# Both variables are required to be set before the release process starts . | |
# As the release is triggered by a commit message with "[release]" keyword on a release branch, | |
# setting these variables to new values can be done in the same commit and will indicate the release and the dev versions in it. | |
DEVELOPMENT_VERSION: "1.0.2-SNAPSHOT" # The version that will be set in pom files after the release (next dev version) | |
RELEASE_VERSION: "1.0.1" # The version of the release (tag). | |
GITHUB_ACTIONS_DEPLOY_TIMEOUT: 60 | |
MAVEN_CLI_OPTS: "-B -e -fae -V -DinstallAtEnd=true -DfailIfNoTests=false -U -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -Pdistribution " | |
MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} | |
MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }} | |
JAVA_VERSION: "17" | |
JAVA_VERSION_SUPPORTED_BY_REPO: "11" | |
S3_BUCKET_REGION: "eu-west-1" | |
jobs: | |
pre_commit: | |
runs-on: ubuntu-latest | |
outputs: | |
java_version: ${{ env.JAVA_VERSION }} | |
java_version_supported_by_repo: ${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
steps: | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- id: changed-files | |
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
with: | |
write-list-to-env: true | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
veracode_sca: | |
name: "Veracode - Source Clear Scan (SCA)" | |
runs-on: ubuntu-latest | |
needs: | |
- pre_commit | |
if: > | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') && | |
!contains(github.event.head_commit.message, '[skip build]') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
continue-on-error: true | |
with: | |
srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }} | |
veracode_sast: | |
name: "Pipeline SAST Scan" | |
runs-on: ubuntu-latest | |
needs: | |
- pre_commit | |
if: > | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') && | |
github.actor != 'dependabot[bot]' && | |
!contains(github.event.head_commit.message, '[skip build]') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
with: | |
token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
repository: "Alfresco/veracode-baseline-archive" | |
file-path: "hxinsight-connector/hxinsight-connector-baseline.json" | |
target: "baseline.json" | |
- name: "Build application" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests | |
- name: "Run SAST Scan" | |
uses: veracode/[email protected] | |
with: | |
vid: ${{ secrets.VERACODE_API_ID }} | |
vkey: ${{ secrets.VERACODE_API_KEY }} | |
file: "distribution/target/alfresco-hxinsight-connector-distribution-*.zip" | |
fail_build: true | |
project_name: hxinsight-connector | |
issue_details: true | |
veracode_policy_name: Alfresco Default | |
summary_output: true | |
summary_output_file: results.json | |
summary_display: true | |
baseline_file: baseline.json | |
- name: "Clean Maven cache" | |
run: bash ./scripts/ci/cleanup_cache.sh | |
pmd_scan: | |
name: "PMD Scan" | |
runs-on: ubuntu-latest | |
if: > | |
github.event_name == 'pull_request' && | |
!contains(github.event.head_commit.message, '[skip pmd]') && | |
!contains(github.event.head_commit.message, '[skip tests]') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/[email protected] | |
test_application: | |
name: "Build and test application" | |
runs-on: ubuntu-latest | |
needs: | |
- pre_commit | |
if: > | |
(github.event_name == 'push' || github.actor == 'dependabot[bot]') && | |
!contains(github.event.head_commit.message, '[skip tests]') && | |
!contains(github.event.head_commit.message, '[skip build]') | |
strategy: | |
fail-fast: false | |
matrix: | |
subproject: [ "bulk-ingester", "common", "common-authentication", "common-test", | |
"live-ingester", "prediction-applier", "hxinsight-extension" ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Test application" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean verify -pl '${{ matrix.subproject }}' -am | |
test_distribution: | |
name: "Build application with distribution profile" | |
runs-on: ubuntu-latest | |
needs: | |
- pre_commit | |
if: > | |
(github.event_name == 'push' || github.actor == 'dependabot[bot]') && | |
!contains(github.event.head_commit.message, '[skip tests]') && | |
!contains(github.event.head_commit.message, '[skip build]') | |
strategy: | |
fail-fast: false | |
matrix: | |
repoVersion: [ 7.3.2, 7.4.2, 23.3.0 ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Build application with distribution profile" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dalfresco-platform.version=${{ matrix.repoVersion }} | |
run_e2e_test: | |
name: "Run e2e tests using ACS ${{ matrix.repoVersion }}" | |
runs-on: ubuntu-latest | |
needs: | |
- pre_commit | |
if: > | |
(github.event_name == 'push' || github.actor == 'dependabot[bot]') && | |
!contains(github.event.head_commit.message, '[skip build]') && | |
!contains(github.event.head_commit.message, '[skip tests]') && | |
!contains(github.event.head_commit.message, '[skip e2es]') | |
strategy: | |
fail-fast: false | |
matrix: | |
repoVersion: [ 7.3.2, 7.4.2, 23.3.0 ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Build application" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dalfresco-platform.version=${{ matrix.repoVersion }} | |
- name: "Build docker images" | |
run: bash ./scripts/ci/buildDockerImages.sh | |
- name: "Run e2e tests" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} verify -pl 'hxinsight-extension,e2e-test' -am -DskipUnitTests -DskipIntegrationTests -Dalfresco-platform.version=${{ matrix.repoVersion }} | |
run_e2e_test_using_older_java: | |
name: "Run e2e tests using ACS ${{ matrix.repoVersion }} on Java ${{ needs.pre_commit.outputs.java_version_supported_by_repo }}" | |
runs-on: ubuntu-latest | |
needs: | |
- pre_commit | |
if: > | |
needs.pre_commit.outputs.java_version_supported_by_repo != needs.pre_commit.outputs.java_version && | |
github.event_name != 'pull_request' && | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
!contains(github.event.head_commit.message, '[skip build]') && | |
!contains(github.event.head_commit.message, '[skip tests]') && | |
!contains(github.event.head_commit.message, '[skip e2es]') | |
strategy: | |
fail-fast: false | |
matrix: | |
repoVersion: [ 7.3.2, 7.4.2 ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Build application" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dalfresco-platform.version=${{ matrix.repoVersion }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
- name: "Build docker images" | |
run: JAVA_VERSION=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} && bash ./scripts/ci/buildDockerImages.sh | |
- name: "Run e2e tests" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} verify -pl 'hxinsight-extension,e2e-test' -am -DskipUnitTests -DskipIntegrationTests -Dalfresco-platform.version=${{ matrix.repoVersion }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
push_docker_images: | |
name: "Push docker images" | |
runs-on: ubuntu-latest | |
needs: | |
- test_application | |
- test_distribution | |
- run_e2e_test | |
if: > | |
github.event_name == 'push' && | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
!(failure() || cancelled()) && | |
!contains(github.event.head_commit.message, '[skip build]') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: docker/setup-qemu-action@v3 | |
- uses: docker/setup-buildx-action@v3 | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Build application" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
- name: "Push docker images" | |
run: bash ./scripts/ci/buildDockerImages.sh -p | |
env: | |
COMMIT_MESSAGE: ${{ github.sha }} | |
- name: "Clean Maven cache" | |
run: bash ./scripts/ci/cleanup_cache.sh | |
publish_snapshot_artifacts: | |
name: "Publish SNAPSHOT artifacts" | |
runs-on: ubuntu-latest | |
needs: | |
- test_application | |
- test_distribution | |
- run_e2e_test | |
if: > | |
!(failure() || cancelled()) && | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
github.event_name != 'pull_request' && | |
!contains(github.event.head_commit.message, '[skip build]') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Publish SNAPSHOT artifacts" | |
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} deploy -DskipTests -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
- name: "Clean Maven cache" | |
run: bash ./scripts/ci/cleanup_cache.sh | |
release_and_deploy_to_nexus_and_s3: | |
name: "Make release and deploy to Nexus and S3 Staging Bucket" | |
runs-on: ubuntu-latest | |
needs: | |
- test_application | |
- test_distribution | |
- run_e2e_test | |
if: > | |
!(failure() || cancelled()) && | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
github.event_name != 'pull_request' && | |
contains(github.event.head_commit.message, '[release]') | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
with: | |
username: ${{ secrets.BOT_GITHUB_USERNAME }} | |
email: ${{ secrets.BOT_GITHUB_EMAIL }} | |
- name: "Build application" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dproject.revision.key=${{ github.sha }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
- name: "Make release and deploy to Nexus" | |
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} -DreleaseVersion="${{ env.RELEASE_VERSION }}" -DdevelopmentVersion="${{ env.DEVELOPMENT_VERSION }}" -Dtag="${{ env.RELEASE_VERSION }}" -Dusername="${{ secrets.BOT_GITHUB_USERNAME }}" -Dpassword="${{ secrets.BOT_GITHUB_TOKEN }}" -DscmCommentPrefix="[maven-release-plugin][skip ci]" -DskipTests -Dproject.revision.key=${{ github.sha }} "-Darguments=-DskipTests -Dadditionalparam=-Xdoclint:none -Dproject.revision.key=${{ github.sha }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }}" release:prepare release:perform | |
- run: mkdir -p deploy_dir/community/hxinsight-connector/${{ env.RELEASE_VERSION }} | |
- name: "Move the final artifacts to a single folder (deploy_dir) to be copied to S3" | |
run: mv "distribution/target/alfresco-hxinsight-connector-distribution-${{ env.RELEASE_VERSION }}.zip" "deploy_dir/community/hxinsight-connector/${{ env.RELEASE_VERSION }}/" | |
- name: "Clone Alfresco/third-party-license-overrides" | |
run: git clone --depth=1 https://github.com/Alfresco/third-party-license-overrides.git | |
- uses: actions/setup-python@v5 | |
- name: "Create third party license csv file and add it to the deploy directory" | |
run: python3 ./third-party-license-overrides/thirdPartyLicenseCSVCreator.py --project "${{ github.workspace }}" --version "${{ env.RELEASE_VERSION }}" --combined --output "deploy_dir/community/hxinsight-connector/${{ env.RELEASE_VERSION }}" | |
- name: "Configure AWS credentials" | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_S3_STAGING_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.AWS_S3_STAGING_SECRET_KEY }} | |
aws-region: ${{ env.S3_BUCKET_REGION }} | |
- name: "Deploy to S3 Staging Bucket" | |
run: aws s3 cp --recursive --acl private ./deploy_dir s3://alfresco-artefacts-staging | |
- name: "Clean Maven cache" | |
run: bash ./scripts/ci/cleanup_cache.sh | |
deploy_release_version_to_quay: | |
name: "Deploy release version to quay.io" | |
runs-on: ubuntu-latest | |
needs: | |
- test_application | |
- test_distribution | |
- run_e2e_test | |
if: > | |
!(failure() || cancelled()) && | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
github.event_name != 'pull_request' && | |
contains(github.event.head_commit.message, '[release]') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: docker/setup-qemu-action@v3 | |
- uses: docker/setup-buildx-action@v3 | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Build application" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dproject.revision.key=${{ github.sha }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
- name: "Deploy release version to quay.io" | |
run: bash ./scripts/ci/releaseDockerImage.sh -v ${{ env.RELEASE_VERSION }} | |
env: | |
COMMIT_MESSAGE: ${{ github.sha }} | |
- name: "Clean Maven cache" | |
run: bash ./scripts/ci/cleanup_cache.sh | |
deploy_release: | |
name: "Copy to S3 Downloads Bucket" | |
runs-on: ubuntu-latest | |
needs: | |
- deploy_release_version_to_quay | |
- release_and_deploy_to_nexus_and_s3 | |
- publish_snapshot_artifacts | |
- push_docker_images | |
if: > | |
!(failure() || cancelled()) && | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
github.event_name != 'pull_request' && | |
contains(github.event.head_commit.message, '[release]') | |
steps: | |
- uses: actions/checkout@v4 | |
- name: "Configure AWS credentials" | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_S3_RELEASE_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_S3_RELEASE_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.S3_BUCKET_REGION }} | |
- run: set -x | |
- name: "Check release version and copy to S3 Downloads Bucket" | |
run: | | |
if [[ ${{ env.RELEASE_VERSION }} =~ ^[0-9]+\.[0-9]+\.[0-9]+(\.[0-9]+)?$ ]]; then | |
aws s3 cp --recursive --acl private --copy-props none "s3://alfresco-artefacts-staging/community/hxinsight-connector/${{ env.RELEASE_VERSION }}/" "s3://eu.dl.alfresco.com/release/community/hxinsight-connector/${{ env.RELEASE_VERSION }}/" | |
fi |