From 9a28e777bcd45cbbc48403f773818fa48d6d2d85 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 24 Apr 2024 17:42:13 +0200 Subject: [PATCH 01/11] Update java sdk to version bump --- .github/workflows/version-bump.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index b2809518b..179fba61f 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -18,6 +18,7 @@ on: - go-sdk - dotnet-sdk - php-sdk + - java-sdk version_number: description: "New version (example: '2024.1.0')" required: true @@ -140,6 +141,12 @@ jobs: run: | sed -i 's/"version": "[0-9]\.[0-9]\.[0-9]"/"version": "${{ inputs.version_number }}"/' ./languages/php/composer.json + ### java sdk + - name: Bump java-sdk Version + if: ${{ inputs.project == 'java-sdk' }} + run: | + sed -i 's/version = "[0-9]\.[0-9]\.[0-9]"/version = "${{ inputs.version_number }}"/' ./languages/java/build.gradle + ############################ # VERSION BUMP SECTION END # ############################ From eec8e65416ca76b208c585667fa46dd8e7f446fb Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 24 Apr 2024 17:42:27 +0200 Subject: [PATCH 02/11] Update build.gradle file --- languages/java/build.gradle | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/languages/java/build.gradle b/languages/java/build.gradle index ed4a72f22..ae517c2aa 100644 --- a/languages/java/build.gradle +++ b/languages/java/build.gradle @@ -19,14 +19,14 @@ repositories { api 'net.java.dev.jna:jna-platform:5.12.1' } - description = 'BitwardenSDK' + description = 'Bitwarden Secrets Manager Java SDK' java.sourceCompatibility = JavaVersion.VERSION_1_8 publishing { publications { maven(MavenPublication) { groupId = 'com.bitwarden' - artifactId = 'sdk' + artifactId = 'sdk-secrets' // Determine the version from the git history. // @@ -35,13 +35,8 @@ repositories { def branchName = "git branch --show-current".execute().text.trim() - if (branchName == "main") { - def content = ['grep', '-o', '^version = ".*"', '../../Cargo.toml'].execute().text.trim() - def match = ~/version = "(.*)"/ - def matcher = match.matcher(content) - matcher.find() - - version = "${matcher.group(1)}-SNAPSHOT" + if (branchName == "main" || branchName == "rc" || branchName == "hotfix-rc") { + version = "0.1.0" } else { // branchName-SNAPSHOT version = "${branchName.replaceAll('/', '-')}-SNAPSHOT" From 74a1270d659f45b76d4b4bfb2cc70a3844480b42 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 24 Apr 2024 17:42:45 +0200 Subject: [PATCH 03/11] Update build-java.yml workflow file and fix publish argument in Maven job --- .github/workflows/build-java.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-java.yml b/.github/workflows/build-java.yml index 3b3c4ba5a..b1dcfc20b 100644 --- a/.github/workflows/build-java.yml +++ b/.github/workflows/build-java.yml @@ -4,6 +4,9 @@ on: push: branches: - main + - rc + - hotfix-rc + pull_request: workflow_dispatch: jobs: @@ -60,10 +63,10 @@ jobs: name: libbitwarden_c_files-x86_64-pc-windows-msvc path: languages/java/src/main/resources/win32-x86-64 - - name: Publish Maven + - name: Build Maven uses: gradle/actions/setup-gradle@ec92e829475ac0c2315ea8f9eced72db85bb337a # v3.0.0 with: - arguments: publish + arguments: build build-root-directory: languages/java env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 30d35c75d77d44f7b31e3bbd30faec8bc4415c40 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 24 Apr 2024 18:14:17 +0200 Subject: [PATCH 04/11] Change for package --- .github/workflows/build-java.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-java.yml b/.github/workflows/build-java.yml index b1dcfc20b..c9c646157 100644 --- a/.github/workflows/build-java.yml +++ b/.github/workflows/build-java.yml @@ -66,7 +66,7 @@ jobs: - name: Build Maven uses: gradle/actions/setup-gradle@ec92e829475ac0c2315ea8f9eced72db85bb337a # v3.0.0 with: - arguments: build + arguments: package build-root-directory: languages/java env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 7b4f73878dd1b5c95094043335041bdc52ccd572 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 24 Apr 2024 18:18:10 +0200 Subject: [PATCH 05/11] Add publish java pipeline --- .github/workflows/publish-java.yml | 65 ++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 .github/workflows/publish-java.yml diff --git a/.github/workflows/publish-java.yml b/.github/workflows/publish-java.yml new file mode 100644 index 000000000..6a475f9b9 --- /dev/null +++ b/.github/workflows/publish-java.yml @@ -0,0 +1,65 @@ +name: Publish Java SDK +run-name: Publish Java SDK ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + +env: + _KEY_VAULT: "bitwarden-ci" + +jobs: + validate: + name: Setup + runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + echo "===================================" + echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "===================================" + exit 1 + fi + + - name: Get version + id: version + run: | + VERSION=$(cat languages/java/build.gradle | grep -Eo 'version = "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+') + echo "version=$VERSION" >> $GITHUB_OUTPUT + + publish: + name: Publish + runs-on: ubuntu-22.04 + needs: validate + steps: + - name: Checkout Repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Setup java + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 + with: + distribution: temurin + java-version: 17 + + - name: Setup Gradle + uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0 + + - name: Publish package to GitHub Packages + run: ./gradlew publish + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 0e148596255e129152d62e4dd1f31488f5d8bc20 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Thu, 25 Apr 2024 11:06:27 +0200 Subject: [PATCH 06/11] Update Azure login and retrieve secrets in publish-java workflow --- .github/workflows/publish-java.yml | 15 +++++++++++++++ languages/java/build.gradle | 8 ++++++++ 2 files changed, 23 insertions(+) diff --git a/.github/workflows/publish-java.yml b/.github/workflows/publish-java.yml index 6a475f9b9..0026fcb78 100644 --- a/.github/workflows/publish-java.yml +++ b/.github/workflows/publish-java.yml @@ -50,6 +50,19 @@ jobs: - name: Checkout Repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Azure login + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: ${{ env._KEY_VAULT }} + secrets: "ossrh-username, + ossrh-password" + - name: Setup java uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 with: @@ -63,3 +76,5 @@ jobs: run: ./gradlew publish env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + MAVEN_USERNAME: ${{ steps.retrieve-secrets.outputs.ossrh-username }} + MAVEN_PASSWORD: ${{ steps.retrieve-secrets.outputs.ossrh-password }} diff --git a/languages/java/build.gradle b/languages/java/build.gradle index ae517c2aa..1499ee00e 100644 --- a/languages/java/build.gradle +++ b/languages/java/build.gradle @@ -56,6 +56,14 @@ repositories { password = System.getenv("GITHUB_TOKEN") } } + maven { + name = "OSSRH" + url = "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/" + credentials { + username = System.getenv("MAVEN_USERNAME") + password = System.getenv("MAVEN_PASSWORD") + } + } } } } From 76379f0c405e782d0953839fb1bb5381aa802692 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Thu, 25 Apr 2024 11:16:36 +0200 Subject: [PATCH 07/11] Update secrets in publish-java workflow --- .github/workflows/publish-java.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-java.yml b/.github/workflows/publish-java.yml index 0026fcb78..ea961fa44 100644 --- a/.github/workflows/publish-java.yml +++ b/.github/workflows/publish-java.yml @@ -60,8 +60,8 @@ jobs: uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: ${{ env._KEY_VAULT }} - secrets: "ossrh-username, - ossrh-password" + secrets: "maven-sonartype-ssrh-username, + maven-sonartype-ossrh-password" - name: Setup java uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 From 77a35ad0ded834e9264e92e7830abc666655d547 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Thu, 25 Apr 2024 11:16:54 +0200 Subject: [PATCH 08/11] Update Maven credentials in publish-java workflow --- .github/workflows/publish-java.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-java.yml b/.github/workflows/publish-java.yml index ea961fa44..1c259936d 100644 --- a/.github/workflows/publish-java.yml +++ b/.github/workflows/publish-java.yml @@ -76,5 +76,5 @@ jobs: run: ./gradlew publish env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - MAVEN_USERNAME: ${{ steps.retrieve-secrets.outputs.ossrh-username }} - MAVEN_PASSWORD: ${{ steps.retrieve-secrets.outputs.ossrh-password }} + MAVEN_USERNAME: ${{ steps.retrieve-secrets.outputs.maven-sonartype-ssrh-username }} + MAVEN_PASSWORD: ${{ steps.retrieve-secrets.outputs.maven-sonartype-ossrh-password }} From 1859d3e3a082067db55192adeb744c151cbef3a0 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Thu, 25 Apr 2024 11:17:22 +0200 Subject: [PATCH 09/11] Update publish-java workflow to conditionally run the package publish step --- .github/workflows/publish-java.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish-java.yml b/.github/workflows/publish-java.yml index 1c259936d..99df6aeda 100644 --- a/.github/workflows/publish-java.yml +++ b/.github/workflows/publish-java.yml @@ -73,6 +73,7 @@ jobs: uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0 - name: Publish package to GitHub Packages + if: ${{ inputs.release_type != 'Dry Run' }} run: ./gradlew publish env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 9916f55aee57045e0f98f09f9d1f6678ea8cb75f Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Tue, 7 May 2024 13:49:08 +0200 Subject: [PATCH 10/11] Fix --- .github/workflows/build-java.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/build-java.yml b/.github/workflows/build-java.yml index c9c646157..dc49b20e2 100644 --- a/.github/workflows/build-java.yml +++ b/.github/workflows/build-java.yml @@ -64,9 +64,4 @@ jobs: path: languages/java/src/main/resources/win32-x86-64 - name: Build Maven - uses: gradle/actions/setup-gradle@ec92e829475ac0c2315ea8f9eced72db85bb337a # v3.0.0 - with: - arguments: package - build-root-directory: languages/java - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: ./gradlew build From 5472112aee34ecb9514eb27ecb56c8b21af47992 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Tue, 7 May 2024 14:05:28 +0200 Subject: [PATCH 11/11] Update build.gradle file to include Javadoc and sources JAR generation --- languages/java/build.gradle | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/languages/java/build.gradle b/languages/java/build.gradle index 1499ee00e..8d91e2e6e 100644 --- a/languages/java/build.gradle +++ b/languages/java/build.gradle @@ -76,6 +76,11 @@ tasks.withType(Javadoc) { options.encoding = 'UTF-8' } +java { + withJavadocJar() + withSourcesJar() +} + // Gradle build requires GitHub workflow to copy native library to resources // Uncomment copyNativeLib and jar tasks to use the local build (modify architecture if needed) //tasks.register('copyNativeLib', Copy) {