Pipelines to Maven Central (#9)

* update cryptobox version

* first draft of pipeline

* trigger the release workflow

* delete the trigger on push

* fix typo

* fix jar signing issue

* dispatch the maven release workflow only on releases

* update junit to latest version

* make tests more robust

* update cryptobox image to JVM 11

* release with jvm 11 pipeline

.github/workflows/maven-release.yml

@@ -0,0 +1,73 @@
+name: Release to Maven Central
+
+on:
+  workflow_dispatch:
+  release:
+    types: [ published ]
+
+jobs:
+  tests:
+    runs-on: ubuntu-20.04
+    container: wirebot/cryptobox:latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Execute Tests
+        run: |
+          mvn test -DargLine="-Djava.library.path=$LD_LIBRARY_PATH"
+
+      - name: Try to create package
+        run: |
+          mvn package -DskipTests
+
+      - name: Webhook to Wire
+        uses: 8398a7/action-slack@v2
+        with:
+          status: ${{ job.status }}
+          author_name: Test execution before release
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.WEBHOOK_CI }}
+        if: failure()
+
+  release:
+    needs: [ tests ]
+    name: Release on Sonatype OSS
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: 1.8
+
+      - name: Build with Maven
+        run: mvn -DskipTests package
+
+      - name: Set up Apache Maven Central
+        uses: actions/setup-java@v1
+        with: # running setup-java again overwrites the settings.xml
+          java-version: 1.8
+          server-id: ossrh
+          server-username: OSSRH_USERNAME
+          server-password: OSSRH_PASSWORD
+          gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
+
+      - name: Publish to Apache Maven Central
+        run: mvn -DskipTests deploy
+        env:
+          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+
+      # Send webhook to Wire using Slack Bot
+      - name: Webhook to Wire
+        uses: 8398a7/action-slack@v2
+        with:
+          status: ${{ job.status }}
+          author_name: Release to Maven Central
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.WEBHOOK_CI }}
+        # Send message only if previous step failed
+        if: always()

dockerfiles/Dockerfile.cryptobox

@@ -21,11 +21,11 @@ RUN apt-get install -qqy --no-install-recommends \
     	libc6-dev-i386 \
     	sudo \
     	curl \
-    	openjdk-8-jdk \
+    	openjdk-11-jdk \
     	maven
 
-# set correct java home for Java 8 and select it as correct java
-ENV JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
+# set correct java home for Java 11
+ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
 ENV PATH="$JAVA_HOME/bin:$PATH"
 
 # install rust

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.wire</groupId>
     <artifactId>cryptobox4j</artifactId>
-    <version>0.5.0</version>
+    <version>0.5.2</version>
 
     <name>Cryptobox4J</name>
     <description>CryptoBox for Wire Bots</description>
@@ -58,7 +58,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 
-        <junit.version>5.7.0</junit.version>
+        <junit.version>5.7.1</junit.version>
     </properties>
 
     <dependencies>
@@ -121,6 +121,13 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-gpg-plugin</artifactId>
                 <version>1.6</version>
+                <configuration>
+                    <!-- Prevent gpg from using pinentry programs -->
+                    <gpgArguments>
+                        <arg>--pinentry-mode</arg>
+                        <arg>loopback</arg>
+                    </gpgArguments>
+                </configuration>
                 <executions>
                     <execution>
                         <id>sign-artifacts</id>

src/main/java/com/wire/bots/cryptobox/CryptoBox.java

@@ -19,25 +19,25 @@
 
 /**
  * <p>
- * A <tt>CryptoBox</tt> is an opaque container of all the necessary key material
+ * A {@code CryptoBox} is an opaque container of all the necessary key material
  * needed for exchanging end-to-end encrypted messages with peers for a single,
  * logical client or device. It maintains a pool of {@link CryptoSession}s for
  * all remote peers.
  * </p>
  * <p>Every cryptographic session with a peer is represented by a {@link CryptoSession}.
- * These sessions are pooled by a <tt>CryptoBox</tt>, i.e. if a session with the
+ * These sessions are pooled by a {@code CryptoBox}, i.e. if a session with the
  * same session ID is requested multiple times, the same instance is returned.
- * Consequently, <tt>CryptoSession</tt>s are kept in memory once loaded. They
+ * Consequently, {@code CryptoSession}s are kept in memory once loaded. They
  * can be explicitly closed through  or {@link CryptoBox}.
  * All loaded sessions are implicitly closed
- * when the <tt>CryptoBox</tt> itself is closed via {@link CryptoBox#close()}.
- * Note that it is considered programmer error to let a <tt>CryptoBox</tt>
+ * when the {@code CryptoBox} itself is closed via {@link CryptoBox#close()}.
+ * Note that it is considered programmer error to let a {@code CryptoBox}
  * become unreachable and thus eligible for garbage collection without having
  * called {@link CryptoBox#close()}, even though this class overrides {@link Object#finalize()}
  * as an additional safety net for deallocating all native resources.
  * </p>
  *
- * <p>A <tt>CryptoBox</tt> is thread-safe.</p>
+ * <p>A {@code CryptoBox} is thread-safe.</p>
  *
  * @see CryptoSession
  */
@@ -71,7 +71,7 @@ private CryptoBox(long ptr) {
     }
 
     /**
-     * Open a <tt>CryptoBox</tt> that operates on the given directory.
+     * Open a {@code CryptoBox} that operates on the given directory.
      * <p>
      * The given directory must exist and be writeable.
      * </p>
@@ -90,11 +90,11 @@ public static CryptoBox open(String dir) throws CryptoException {
     }
 
     /**
-     * Open a <tt>CryptoBox</tt> that operates on the given directory, using
+     * Open a {@code CryptoBox} that operates on the given directory, using
      * an existing external identity.
      * <p>
      * The given identity must match the (public or complete) identity that
-     * the <tt>CryptoBox</tt> already has, if any.
+     * the {@code CryptoBox} already has, if any.
      * </p>
      * <p>The given directory must exist and be writeable.</p>
      * <p>Note: Do not open multiple boxes that operate on the same or
@@ -162,7 +162,7 @@ public static byte[] getFingerprintFromPrekey(PreKey preKey) throws CryptoExcept
     private native static void jniClose(long ptr);
 
     /**
-     * Copy the long-term identity from this <tt>CryptoBox</tt>.
+     * Copy the long-term identity from this {@code CryptoBox}.
      *
      * @return The opaque, serialised identity to be stored in a safe place or
      * transmitted over a safe channel for subsequent use with
@@ -203,9 +203,9 @@ private static void errorOnNull(Object data, String paramName) {
     /**
      * Generate a new batch of ephemeral prekeys.
      * <p>
-     * If <tt>start + num {@literal >} {@link #MAX_PREKEY_ID}</tt> the IDs wrap around and start
+     * If {@code start + num {@literal >} {@link #MAX_PREKEY_ID}} the IDs wrap around and start
      * over at 0. Thus after any valid invocation of this method, the last generated
-     * prekey ID is always <tt>(start + num) % ({@link #MAX_PREKEY_ID} + 1)</tt>. The caller
+     * prekey ID is always {@code (start + num) % ({@link #MAX_PREKEY_ID} + 1)}. The caller
      * can remember that ID and feed it back into this method as the start
      * ID when the next batch of ephemeral keys needs to be generated.
      *
@@ -358,10 +358,10 @@ private CryptoSession tryGetSession(String sid) throws CryptoException {
     }
 
     /**
-     * Close the <tt>CryptoBox</tt>.
+     * Close the {@code CryptoBox}.
      *
      * <p>Note: After a box has been closed, any operations other than
-     * <tt>close</tt> are considered programmer error and result in
+     * {@code close} are considered programmer error and result in
      * an {@link IllegalStateException}.</p>
      *
      * <p>If the box is already closed, this is a no-op.</p>
@@ -408,7 +408,7 @@ private void deleteSession(String sid) throws CryptoException {
     }
 
     @Override
-    protected void finalize() throws Throwable {
+    protected void finalize() {
         close();
     }
 

src/main/java/com/wire/bots/cryptobox/CryptoSession.java

@@ -18,11 +18,11 @@
 import java.io.Closeable;
 
 /**
- * A <tt>CryptoSession</tt> represents a cryptographic session with a peer
+ * A {@code CryptoSession} represents a cryptographic session with a peer
  * (e.g. client or device) and is used to encrypt and decrypt messages sent
  * and received, respectively.
  * <p>
- * <p>A <tt>CryptoSession</tt> is thread-safe.</p>
+ * <p>A {@code CryptoSession} is thread-safe.</p>
  */
 final class CryptoSession implements Closeable {
     private final long boxPtr;
@@ -126,7 +126,7 @@ byte[] decrypt(byte[] cipher) throws CryptoException {
     }
 
     @Override
-    protected void finalize() throws Throwable {
+    protected void finalize() {
         close();
     }
 

src/main/java/com/wire/bots/cryptobox/PreKey.java

@@ -16,7 +16,7 @@
 package com.wire.bots.cryptobox;
 
 /**
- * A <tt>PreKey</tt> contains all the necessary public key material
+ * A {@code PreKey}contains all the necessary public key material
  * for a remote peer to initiate a session with the owner of the prekey.
  */
 final public class PreKey {

src/test/java/com/wire/bots/cryptobox/CryptoMemoryConcurrentTest.java

@@ -2,6 +2,7 @@
 
 
 import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
@@ -10,6 +11,7 @@
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
 
 public class CryptoMemoryConcurrentTest {
     private String bobId;
@@ -43,11 +45,12 @@ public void clean() {
 
     @Test
     public void testConcurrentSessions() throws Exception {
-        byte[] b = alice.encryptFromPreKeys(bobId, bobKeys[0], "Hello".getBytes());
+        byte[] b = alice.encryptFromPreKeys(bobId, bobKeys[0], "Hello Bob!".getBytes());
         bob.decrypt(aliceId, b);
-        b = bob.encryptFromPreKeys(aliceId, aliceKeys[0], "Hello".getBytes());
+        b = bob.encryptFromPreKeys(aliceId, aliceKeys[0], "Hello Alice!".getBytes());
         alice.decrypt(bobId, b);
 
+        AtomicBoolean testFailed = new AtomicBoolean(false);
         for (int i = 0; i < 5000; i++) {
             executor.execute(() -> {
                 try {
@@ -57,12 +60,16 @@ public void testConcurrentSessions() throws Exception {
                     alice.decrypt(bobId, cipher);
                 } catch (Exception e) {
                     e.printStackTrace();
+                    testFailed.set(true);
                 }
             });
         }
         executor.shutdown();
         //noinspection ResultOfMethodCallIgnored
         executor.awaitTermination(20, TimeUnit.SECONDS);
+        if (testFailed.get()) {
+            Assertions.fail("See logs.");
+        }
     }
 
     static class _Storage implements IStorage {

src/test/java/com/wire/bots/cryptobox/CryptoMemoryVolumeTest.java

@@ -1,6 +1,7 @@
 package com.wire.bots.cryptobox;
 
 
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
@@ -11,6 +12,7 @@
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicInteger;
 
 public class CryptoMemoryVolumeTest {
@@ -49,13 +51,15 @@ public void testConcurrentMultipleSessions() throws Exception {
         }
 
         Date s = new Date();
+        AtomicBoolean testFailed = new AtomicBoolean(false);
         for (CryptoDb bob : boxes) {
             executor.execute(() -> {
                 try {
                     bob.encryptFromSession(aliceId, bytes);
                     counter.getAndIncrement();
                 } catch (Exception e) {
                     e.printStackTrace();
+                    testFailed.set(true);
                 }
             });
         }
@@ -73,5 +77,9 @@ public void testConcurrentMultipleSessions() throws Exception {
         for (CryptoDb bob : boxes) {
             bob.close();
         }
+
+        if (testFailed.get()) {
+            Assertions.fail("See logs");
+        }
     }
 }

src/test/java/com/wire/bots/cryptobox/CryptoboxTest.java

@@ -13,6 +13,7 @@
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicInteger;
 
 import static com.wire.bots.cryptobox.Util.assertDecrypted;
@@ -145,6 +146,7 @@ public void testConcurrentMultipleSessions() throws Exception {
 
         ScheduledExecutorService executor = new ScheduledThreadPoolExecutor(12);
         Date s = new Date();
+        AtomicBoolean testFailed = new AtomicBoolean(false);
         for (CryptoBox bob : boxes) {
             executor.execute(() -> {
                 try {
@@ -153,6 +155,7 @@ public void testConcurrentMultipleSessions() throws Exception {
                 } catch (CryptoException e) {
                     System.out.println("testConcurrentDifferentCBSessions: " + e.getMessage());
                     e.printStackTrace();
+                    testFailed.set(true);
                 }
             });
         }
@@ -171,6 +174,10 @@ public void testConcurrentMultipleSessions() throws Exception {
             bob.close();
         }
         alice.close();
+
+        if (testFailed.get()) {
+            Assertions.fail("See logs");
+        }
     }
 
     private static String hexify(byte[] bytes) {