Add github actions. Build to dapla-pseudo-maven repo in AR (#15)

* Add github actions. Build to dapla-pseudo-maven repo in AR * Use zulu jdk 21 * Bump lombok to JDK 21 compatible version * Also upload assets to GitHub release
statisticsnorway · Nov 8, 2023 · 5a88709 · 5a88709
1 parent ace240a
commit 5a88709
Show file tree

Hide file tree

Showing 7 changed files with 327 additions and 9 deletions.
diff --git a/.github/labels.yml b/.github/labels.yml
@@ -0,0 +1,66 @@
+---
+# Labels names are important as they are used by Release Drafter to decide
+# regarding where to record them in changelog or if to skip them.
+#
+# The repository labels will be automatically configured using this file and
+# the GitHub Action https://github.com/marketplace/actions/github-labeler.
+- name: breaking
+  description: Breaking Changes
+  color: bfd4f2
+- name: bug
+  description: Something isn't working
+  color: d73a4a
+- name: build
+  description: Build System and Dependencies
+  color: bfdadc
+- name: ci
+  description: Continuous Integration
+  color: 4a97d6
+- name: dependencies
+  description: Pull requests that update a dependency file
+  color: 0366d6
+- name: documentation
+  description: Improvements or additions to documentation
+  color: 0075ca
+- name: duplicate
+  description: This issue or pull request already exists
+  color: cfd3d7
+- name: enhancement
+  description: New feature or request
+  color: a2eeef
+- name: github_actions
+  description: Pull requests that update Github_actions code
+  color: "000000"
+- name: good first issue
+  description: Good for newcomers
+  color: 7057ff
+- name: help wanted
+  description: Extra attention is needed
+  color: 008672
+- name: invalid
+  description: This doesn't seem right
+  color: e4e669
+- name: performance
+  description: Performance
+  color: "016175"
+- name: python
+  description: Pull requests that update Python code
+  color: 2b67c6
+- name: question
+  description: Further information is requested
+  color: d876e3
+- name: refactoring
+  description: Refactoring
+  color: ef67c4
+- name: removal
+  description: Removals and Deprecations
+  color: 9ae7ea
+- name: style
+  description: Style
+  color: c120e5
+- name: testing
+  description: Testing
+  color: b1fc6f
+- name: wontfix
+  description: This will not be worked on
+  color: ffffff
diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
@@ -0,0 +1,59 @@
+categories:
+  - title: ":boom: Breaking Changes"
+    label: "breaking"
+  - title: ":rocket: Features"
+    label: "enhancement"
+  - title: ":fire: Removals and Deprecations"
+    label: "removal"
+  - title: ":beetle: Fixes"
+    label: "bug"
+  - title: ":racehorse: Performance"
+    label: "performance"
+  - title: ":rotating_light: Testing"
+    label: "testing"
+  - title: ":construction_worker: Continuous Integration"
+    label: "ci"
+  - title: ":books: Documentation"
+    label: "documentation"
+  - title: ":hammer: Refactoring"
+    label: "refactoring"
+  - title: ":lipstick: Style"
+    label: "style"
+  - title: ":package: Dependencies"
+    labels:
+      - "dependencies"
+      - "build"
+
+autolabeler:
+  - label: 'documentation'
+    branch:
+      - '/docs{0,1}\/.+/'
+  - label: 'bug'
+    branch:
+      - '/fix\/.+/'
+    title:
+      - '/fix/i'
+  - label: 'enhancement'
+    branch:
+      - '/feat\/.+/'
+    body:
+      - '/JIRA-[0-9]{1,4}/'
+  - label: 'refactoring'
+    branch:
+      - '/refactor\/.+/'
+    title:
+      - '/^refactor/i'
+  - label: 'testing'
+    branch:
+      - '/test\/.+/'
+  - label: 'breaking'
+    title:
+      - '/breaking change/i'
+  - label: 'ci'
+    files:
+      - '.github/*'
+
+template: |
+  ## Changes
+
+  $CHANGES
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,49 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+env:
+  REGISTRY: europe-north1-docker.pkg.dev/artifact-registry-5n/dapla-pseudo-maven
+  IMAGE: tink-fpe-java
+  TAG: ${{ github.ref_name }}-${{ github.sha }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v3
+        with:
+          java-version: 21
+          distribution: zulu
+
+      - name: Authenticate to Google Cloud
+        id: auth
+        uses: google-github-actions/[email protected]
+        with:
+          workload_identity_provider: "projects/848539402404/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions"
+          service_account: "gh-actions-dapla-pseudo@artifact-registry-5n.iam.gserviceaccount.com"
+          token_format: access_token
+
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
+      - name: Build with Maven and deploy snapshot
+        run: mvn --batch-mode -P ssb-bip deploy
+
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
@@ -0,0 +1,19 @@
+name: Labeler
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  labeler:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v3
+
+      # Reads labels from .github/labels.yml
+      - name: Run Labeler
+        uses: crazy-max/ghaction-github-labeler@v4
+        with:
+          skip-delete: true
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
@@ -0,0 +1,30 @@
+name: Release Drafter
+
+on:
+  push:
+    branches:
+      - main
+  # pull_request event is required only for autolabeler
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+
+permissions:
+  contents: read
+
+jobs:
+  update_release_draft:
+    permissions:
+      # write permission is required to create a GitHub release
+      contents: write
+      # write permission is required for autolabeler
+      # otherwise, read permission is required at least
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      # Draft the next Release notes as Pull Requests are merged into main
+      - uses: release-drafter/release-drafter@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,100 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - release
+
+env:
+  REGISTRY: europe-north1-docker.pkg.dev/artifact-registry-5n/dapla-pseudo-maven
+  IMAGE: tink-fpe-java
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: refs/heads/main
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v3
+        with:
+          java-version: 21
+          distribution: zulu
+          server-id: github
+
+      - name: Authenticate to Google Cloud
+        id: auth
+        uses: google-github-actions/[email protected]
+        with:
+          workload_identity_provider: "projects/848539402404/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions"
+          service_account: "gh-actions-dapla-pseudo@artifact-registry-5n.iam.gserviceaccount.com"
+          token_format: access_token
+
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
+      - name: Configure Git user
+        run: |
+          git config user.email "[email protected]"
+          git config user.name "GitHub Actions"
+
+      - name: Perform release and publish jar
+        id: release_jar
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          mvn --batch-mode -P ssb-bip -DskipTests release:prepare
+          TAG=$(git describe --abbrev=0 --tags)
+          echo "tag=${TAG}" >> $GITHUB_OUTPUT
+          mvn --batch-mode -P ssb-bip -DskipTests release:perform
+          ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
+          echo "artifact_id=${ARTIFACT_ID}" >> $GITHUB_OUTPUT
+          ARTIFACT_PATH=$(realpath ./target/$ARTIFACT_ID*.jar)
+          echo "artifact_path=${ARTIFACT_PATH}" >> $GITHUB_OUTPUT
+
+      - env:
+          EVENT_CONTEXT: ${{ toJSON(github.event) }}
+        run: |
+          echo $EVENT_CONTEXT
+
+      - name: Create GitHub release draft
+        uses: release-drafter/release-drafter@v5
+        id: create_github_release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag: ${{ steps.release_jar.outputs.tag }}
+
+      - name: Publish GitHub release
+        uses: eregon/publish-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          release_id: ${{ steps.create_github_release.outputs.id }}
+
+      - name: Upload assets to GitHub release
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          asset_path: ${{ steps.release_jar.outputs.artifact_path }}
+          asset_name: ${{ steps.release_jar.outputs.artifact_id }}.jar
+          asset_content_type: application/java-archive
+          upload_url: ${{ steps.create_github_release.outputs.upload_url }}
+
+      - name: Publish GitHub release
+        uses: eregon/publish-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          release_id: ${{ steps.create_github_release.outputs.id }}
diff --git a/pom.xml b/pom.xml
@@ -14,8 +14,7 @@
         <maven.compiler.target>${java.version}</maven.compiler.target>
         <maven.compiler.source>${java.version}</maven.compiler.source>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <artifact-registry.url>artifactregistry://europe-north1-maven.pkg.dev/artifact-registry-14da
-        </artifact-registry.url>
+        <artifact-registry.url>artifactregistry://europe-north1-maven.pkg.dev/artifact-registry-5n/dapla-pseudo-maven</artifact-registry.url>
 
         <!-- Dependency versions -->
         <assertj.version>3.23.1</assertj.version>
@@ -26,7 +25,7 @@
         <jsonassert.version>1.5.1</jsonassert.version>
         <junit5.version>5.9.1</junit5.version>
         <logback.version>1.4.5</logback.version>
-        <lombok.version>1.18.26</lombok.version>
+        <lombok.version>1.18.30</lombok.version>
         <mysto-ff3.version>1.0.3</mysto-ff3.version>
         <protobuf-java.version>3.19.3</protobuf-java.version>
         <slf4j.version>2.0.6</slf4j.version>
@@ -220,9 +219,7 @@
     <repositories>
         <repository>
             <id>artifact-registry</id>
-            <url>
-                artifactregistry://europe-north1-maven.pkg.dev/artifact-registry-14da/maven-releases
-            </url>
+            <url>${artifact-registry.url}/maven-releases</url>
             <releases>
                 <enabled>true</enabled>
             </releases>
@@ -232,9 +229,7 @@
         </repository>
         <repository>
             <id>artifact-registry-snapshot</id>
-            <url>
-                artifactregistry://europe-north1-maven.pkg.dev/artifact-registry-14da/maven-snapshots
-            </url>
+            <url>${artifact-registry.url}/maven-snapshots</url>
             <releases>
                 <enabled>false</enabled>
             </releases>