-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CAD-691] GitHub actions migration #368
Changes from all commits
a194e57
0ae72f1
4409f80
84d79a7
deaed50
3291ffd
88e227c
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
run-name: Run Build | ||
|
||
on: | ||
push | ||
|
||
jobs: | ||
run_checks: | ||
uses: ./.github/workflows/run_checks.yaml | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
run-name: Jackdaw build | ||
|
||
on: | ||
push: | ||
tags: | ||
- '[0-9]+.[0-9]+.[0-9]+' | ||
- '*publish-snapshot*' | ||
|
||
jobs: | ||
run_checks: | ||
uses: ./.github/workflows/run_checks.yaml | ||
deploy: | ||
needs: run_checks | ||
runs-on: ubuntu-latest | ||
container: | ||
image: clojure:latest | ||
environment: clojars_deploy | ||
steps: | ||
- name: checkout | ||
uses: actions/checkout@v4 | ||
- name: deploy | ||
env: | ||
CLOJARS_USERNAME: ${{ secrets.CLOJARS_USERNAME }} | ||
CLOJARS_PASSWORD: ${{ secrets.CLOJARS_PASSWORD }} | ||
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | ||
run: | | ||
# https://github.com/actions/runner/issues/2033 | ||
git config --global --add safe.directory /__w/jackdaw/jackdaw | ||
apt-get update | ||
apt-get install -y gpg | ||
echo $GPG_PRIVATE_KEY |base64 --decode |gpg --yes --batch --import | ||
export LEIN_GPG=/__w/jackdaw/jackdaw/bin/gpg | ||
export REAL_GPG=$(which gpg) | ||
lein do jar, pom, deploy clojars | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
run-name: Run checks | ||
|
||
on: | ||
workflow_call: | ||
|
||
jobs: | ||
RunChecks: | ||
runs-on: ubuntu-latest | ||
container: | ||
image: clojure:latest | ||
options: --user 1001 # don't run as root | ||
services: | ||
kafka: | ||
image: confluentinc/cp-kafka:5.1.3 | ||
env: | ||
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:9092 | ||
KAFKA_AUTO_CREATE_TOPICS_ENABLE: true | ||
KAFKA_BROKER_ID: 1 | ||
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT | ||
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | ||
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 | ||
KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 0 | ||
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1 | ||
KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1 | ||
schema-registry: | ||
image: confluentinc/cp-schema-registry:5.1.2 | ||
env: | ||
SCHEMA_REGISTRY_HOST_NAME: schema-registry | ||
SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL: 'zookeeper:2181' | ||
kafka-rest: | ||
image: confluentinc/cp-kafka-rest:6.1.1 | ||
env: | ||
KAFKA_REST_ZOOKEEPER_CONNECT: zookeeper:2181 | ||
KAFKA_REST_BOOTSTRAP_SERVERS: kafka:9092 | ||
KAFKA_REST_LISTENERS: http://0.0.0.0:8082 | ||
KAFKA_REST_SCHEMA_REGISTRY: http://schema-registry:8081 | ||
KAFKA_REST_HOST_NAME: kafka-rest | ||
zookeeper: | ||
image: confluentinc/cp-zookeeper:5.1.3 | ||
env: | ||
ZOOKEEPER_CLIENT_PORT: 2181 | ||
ZOOKEEPER_TICK_TIME: 2000 | ||
steps: | ||
- name: checkout | ||
uses: actions/checkout@v4 | ||
with: | ||
# do not fetch tags if the trigger event is a tag push | ||
fetch-tags: ${{ startsWith(github.ref, 'refs/tags') != true }} | ||
fetch-depth: 100 | ||
- name: build | ||
run: | | ||
lein kaocha | ||
env: | ||
KAFKA_BOOTSTRAP_SERVERS: kafka | ||
ZOOKEEPER_HOST: zoopkeeper | ||
SCHEMA_REGISTRY_HOST: schema-registry | ||
KAFKA_REST_PROXY_HOST: kafka-rest | ||
- name: lint | ||
run: lein clj-kondo --lint src test || true |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
#!/bin/sh | ||
# | ||
# Invoked by `LEIN_GPG=$app/.circleci/bin/gpg lein deploy clojars` | ||
# Invoked by `LEIN_GPG=$app/bin/gpg lein deploy clojars` | ||
|
||
echo $GPG_PASSPHRASE \ | ||
| $REAL_GPG --pinentry-mode loopback --yes --batch --passphrase-fd=0 $@ |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,8 @@ | ||
(defproject fundingcircle/jackdaw "_" | ||
:description "A Clojure library for the Apache Kafka distributed streaming platform." | ||
|
||
:license {:name "BSD 3-clause" :url "http://opensource.org/licenses/BSD-3-Clause"} | ||
|
||
:scm {:name "git" :url "https://github.com/fundingcircle/jackdaw"} | ||
|
||
:url "https://github.com/FundingCircle/jackdaw/" | ||
|
@@ -33,12 +35,13 @@ | |
|
||
:aliases {"kaocha" ["run" "-m" "kaocha.runner"]} | ||
:aot [jackdaw.serdes.edn2 jackdaw.serdes.fressian jackdaw.serdes.fn-impl] | ||
:plugins [[me.arrdem/lein-git-version "2.0.8"]] | ||
:plugins [[me.arrdem/lein-git-version "2.0.8"] | ||
[com.github.clj-kondo/lein-clj-kondo "0.2.5"]] | ||
|
||
:git-version | ||
{:status-to-version | ||
(fn [{:keys [tag branch ahead? dirty?] :as git}] | ||
(if (and tag (not ahead?) (not dirty?)) | ||
(if (and tag (not ahead?) (not dirty?) (= "master" branch)) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should this be handled with trigger filters in the workflow def? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Added to make more explicit that all non-master builds are marked snapshot; it should be handled already by the current setup, happy to remove it if it adds confusion. |
||
tag | ||
(let [[_ prefix patch] (re-find #"(\d+\.\d+)\.(\d+)" tag) | ||
patch (Long/parseLong patch) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this mean anyone can publish a snapshot release with any version they want?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Described slightly higher in the README, deploy env is protected, deploy step cannot run without approval from jackdaw or credit-applications team review.
In any case outside contributors don't have write access, PR's are opened via forks.