-
Notifications
You must be signed in to change notification settings - Fork 15
141 lines (129 loc) · 6.57 KB
/
deploy-artifact.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# If this workflow is triggered by a push to main, it deploys a SNAPSHOT
# If this workflow is triggered manually, it deploys a SNAPSHOT
# If this workflow is triggered by publishing a Release, it
# deploys a RELEASE with the selected version
# updates the project version by incrementing the patch version
# commits the version update change to the repository's default branch (main).
name: Deploy artifacts
on:
push:
branches: [main]
release:
types: [published]
jobs:
test:
uses: ./.github/workflows/build-test.yml
deploy:
runs-on: ubuntu-latest
needs: [test]
env:
OWNER: "camunda"
IMAGE_NAME: "zeebe-process-test-engine"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Import Secrets
id: secrets
uses: hashicorp/[email protected]
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
secret/data/products/zeebe/ci/zeebe-process-test REGISTRY_HUB_DOCKER_COM_USR;
secret/data/products/zeebe/ci/zeebe-process-test REGISTRY_HUB_DOCKER_COM_PSW;
secret/data/products/zeebe/ci/zeebe-process-test ARTIFACTS_USR;
secret/data/products/zeebe/ci/zeebe-process-test ARTIFACTS_PSW;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_DEPLOYMENT_USR;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_DEPLOYMENT_PSW;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_GPG_SIGNING_KEY_SEC;
- name: Set up Java environment
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 21
cache: maven
- name: Build jar
run: |
mvn clean package -DskipTests -P !localBuild -pl :zeebe-process-test-engine-agent -am
# We build a docker image with a specific tag. There are 2 possible scenarios here.
# 1. The workflow is triggered manually or by a change on the main branch. The tag should be equal to the project.version.
# 2. The workflow is triggered by a new release. The tag should be the version of the release.
- name: Build Docker image
run: |
if ! [ -z "${{ github.event.release.tag_name }}" ]; then
TAG="${{ github.event.release.tag_name }}"
else
TAG=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
fi
cd engine-agent
docker build . -t $IMAGE_NAME:$TAG
# We push the docker image to dockerhub
- name: Push Docker image
run: |
if ! [ -z "${{ github.event.release.tag_name }}" ]; then
TAG="${{ github.event.release.tag_name }}"
else
TAG=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
fi
echo '${{ steps.secrets.outputs.REGISTRY_HUB_DOCKER_COM_PSW }}' | docker login -u '${{ steps.secrets.outputs.REGISTRY_HUB_DOCKER_COM_USR }}' --password-stdin
echo $IMAGE_NAME
echo $TAG
IMAGE_ID=$OWNER/$IMAGE_NAME
echo $IMAGE_ID
docker tag $IMAGE_NAME:$TAG $IMAGE_ID:$TAG
docker push $IMAGE_ID:$TAG
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_SEC }}
passphrase: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE }}
# We want the community-action-maven-release to update the versions on the correct branch. For
# this reason an extra step is introduced to decide what branch we should pass to this action.
# In the case of a push to the main branch, or an alpha release we should update the main branch.
# In other cases a stable/major.minor branch should be available. In this step we first find
# the major and minor versions of this tag. If we found them we will set the BRANCH env variable
# to stable/major.minor.
- name: Decide git branch
id: branch
run: |
if ! [ -z "${{ github.event.release.tag_name }}" ] && [[ "${{ github.event.release.tag_name }}" != *"alpha"* ]]; then
MAJOR_MINOR_VERSION=$(echo ${{ github.event.release.tag_name }} | sed -rn 's/^([0-9]+.[0-9]+).[0-9]+.*$/\1/p')
test -z "${MAJOR_MINOR_VERSION}" && echo "::error::Tag ${{ github.event.release.tag_name }} does not adhere to semantic versioning" && exit 1
echo "branch=stable/${MAJOR_MINOR_VERSION}" >> $GITHUB_OUTPUT
echo "Branch = stable/${MAJOR_MINOR_VERSION}"
else
echo "branch=${{ github.event.repository.default_branch }}" >> $GITHUB_OUTPUT
echo "Branch = ${{ github.event.repository.default_branch }}"
fi
# In extension-testcontainer we have a config file which contains the image tag. This is managed by maven and
# maven will set this to the project version in this step, unless the placeholder (${project.version}) has been
# overridden by the "Update tag in config" step. This happens when the workflow is triggered by a change on the
# main branch.
- name: Build and deploy to Maven
id: release
uses: camunda-community-hub/community-action-maven-release@v1
with:
release-version: ${{ github.event.release.tag_name }}
release-profile: community-action-maven-release
nexus-usr: ${{ steps.secrets.outputs.ARTIFACTS_USR }}
nexus-psw: ${{ steps.secrets.outputs.ARTIFACTS_PSW }}
maven-usr: ${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_USR }}
maven-psw: ${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_PSW }}
maven-gpg-passphrase: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE }}
maven-url: s01.oss.sonatype.org
github-token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ steps.branch.outputs.branch }}
- name: Attach artifacts to GitHub Release (Release only)
if: github.event.release
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: ${{ steps.release.outputs.artifacts_archive_path }}
asset_name: ${{ steps.release.outputs.artifacts_archive_path }}
asset_content_type: application/zip