From f01c2706d5f0cc105c5ccf7a596525c201a9d5f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Fri, 10 May 2024 16:20:51 +0200 Subject: [PATCH] [DEVOPS-1751] Pipeline for publishing java sdk to gradle (#740) ## Type of change ``` - [ ] Bug fix - [ ] New feature development - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [x] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective ## Code changes - **.github/workflows/build-java.yml:** Run build on `rc` and `hotfix-rc` and on PR. Change Publish task to package. - **.github/workflows/publish-java.yml** Add Publish workflow - **.github/workflows/version-bump.yml** Add Java SDK to version bump workflow - **languages/java/build.gradle** Change name of the package to `sdk-secrets`. Add `https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/` as repository to publish. ## Before you submit - Please add **unit tests** where it makes sense to do so --- .github/workflows/build-java.yml | 13 +++-- .github/workflows/publish-java.yml | 81 ++++++++++++++++++++++++++++++ .github/workflows/version-bump.yml | 7 +++ languages/java/build.gradle | 26 ++++++---- 4 files changed, 111 insertions(+), 16 deletions(-) create mode 100644 .github/workflows/publish-java.yml diff --git a/.github/workflows/build-java.yml b/.github/workflows/build-java.yml index aa798fb4d..5f71969d6 100644 --- a/.github/workflows/build-java.yml +++ b/.github/workflows/build-java.yml @@ -4,6 +4,9 @@ on: push: branches: - main + - rc + - hotfix-rc + pull_request: workflow_dispatch: jobs: @@ -60,10 +63,6 @@ jobs: name: libbitwarden_c_files-x86_64-pc-windows-msvc path: languages/java/src/main/resources/win32-x86-64 - - name: Publish Maven - uses: gradle/actions/setup-gradle@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2 - with: - arguments: publish - build-root-directory: languages/java - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Build Maven + run: ./gradlew build + working-directory: languages/java diff --git a/.github/workflows/publish-java.yml b/.github/workflows/publish-java.yml new file mode 100644 index 000000000..99df6aeda --- /dev/null +++ b/.github/workflows/publish-java.yml @@ -0,0 +1,81 @@ +name: Publish Java SDK +run-name: Publish Java SDK ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + +env: + _KEY_VAULT: "bitwarden-ci" + +jobs: + validate: + name: Setup + runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + echo "===================================" + echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "===================================" + exit 1 + fi + + - name: Get version + id: version + run: | + VERSION=$(cat languages/java/build.gradle | grep -Eo 'version = "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+') + echo "version=$VERSION" >> $GITHUB_OUTPUT + + publish: + name: Publish + runs-on: ubuntu-22.04 + needs: validate + steps: + - name: Checkout Repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Azure login + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: ${{ env._KEY_VAULT }} + secrets: "maven-sonartype-ssrh-username, + maven-sonartype-ossrh-password" + + - name: Setup java + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 + with: + distribution: temurin + java-version: 17 + + - name: Setup Gradle + uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0 + + - name: Publish package to GitHub Packages + if: ${{ inputs.release_type != 'Dry Run' }} + run: ./gradlew publish + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + MAVEN_USERNAME: ${{ steps.retrieve-secrets.outputs.maven-sonartype-ssrh-username }} + MAVEN_PASSWORD: ${{ steps.retrieve-secrets.outputs.maven-sonartype-ossrh-password }} diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index cc453c577..406f3b927 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -18,6 +18,7 @@ on: - go-sdk - dotnet-sdk - php-sdk + - java-sdk - cpp-sdk version_number: description: "New version (example: '2024.1.0')" @@ -141,6 +142,12 @@ jobs: run: | sed -i 's/"version": "[0-9]\.[0-9]\.[0-9]"/"version": "${{ inputs.version_number }}"/' ./languages/php/composer.json + ### java sdk + - name: Bump java-sdk Version + if: ${{ inputs.project == 'java-sdk' }} + run: | + sed -i 's/version = "[0-9]\.[0-9]\.[0-9]"/version = "${{ inputs.version_number }}"/' ./languages/java/build.gradle + ### cpp sdk - name: Bump C++ SDK Version if: ${{ inputs.project == 'cpp-sdk' }} diff --git a/languages/java/build.gradle b/languages/java/build.gradle index ed4a72f22..8d91e2e6e 100644 --- a/languages/java/build.gradle +++ b/languages/java/build.gradle @@ -19,14 +19,14 @@ repositories { api 'net.java.dev.jna:jna-platform:5.12.1' } - description = 'BitwardenSDK' + description = 'Bitwarden Secrets Manager Java SDK' java.sourceCompatibility = JavaVersion.VERSION_1_8 publishing { publications { maven(MavenPublication) { groupId = 'com.bitwarden' - artifactId = 'sdk' + artifactId = 'sdk-secrets' // Determine the version from the git history. // @@ -35,13 +35,8 @@ repositories { def branchName = "git branch --show-current".execute().text.trim() - if (branchName == "main") { - def content = ['grep', '-o', '^version = ".*"', '../../Cargo.toml'].execute().text.trim() - def match = ~/version = "(.*)"/ - def matcher = match.matcher(content) - matcher.find() - - version = "${matcher.group(1)}-SNAPSHOT" + if (branchName == "main" || branchName == "rc" || branchName == "hotfix-rc") { + version = "0.1.0" } else { // branchName-SNAPSHOT version = "${branchName.replaceAll('/', '-')}-SNAPSHOT" @@ -61,6 +56,14 @@ repositories { password = System.getenv("GITHUB_TOKEN") } } + maven { + name = "OSSRH" + url = "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/" + credentials { + username = System.getenv("MAVEN_USERNAME") + password = System.getenv("MAVEN_PASSWORD") + } + } } } } @@ -73,6 +76,11 @@ tasks.withType(Javadoc) { options.encoding = 'UTF-8' } +java { + withJavadocJar() + withSourcesJar() +} + // Gradle build requires GitHub workflow to copy native library to resources // Uncomment copyNativeLib and jar tasks to use the local build (modify architecture if needed) //tasks.register('copyNativeLib', Copy) {