Merge pull request #18 from dm-drogeriemarkt/github-actions

use GitHub actions for CI/CD

.travis/mvnsettings.xml → .github/mvnsettings.xml

@@ -19,7 +19,7 @@
             </activation>
             <properties>
                 <gpg.executable>gpg</gpg.executable>
-                <gpg.keyname>${env.GPG_KEY_NAME}</gpg.keyname>
+                <gpg.keyname>${env.GPG_KEYNAME}</gpg.keyname>
                 <gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
             </properties>
 

.github/secrets.md

@@ -0,0 +1,28 @@
+# Secrets needed for deployment
+
+Secrets are stored in an environment for Github Actions to deploy to the Sonatype OSS repo.
+
+## GPG_KEYNAME
+
+The name of the GPG key used for signing. See `gpg -K` for key names.
+
+## GPG_KEY_BASE64
+
+Base64-encoded key export of the signing key.
+
+```shell
+gpg --export-secret-keys ${GPG_KEYNAME} | base64
+```
+
+## GPG_PASSPHRASE
+
+Passphrase of the GPG key
+
+## OSSRH_JIRA_USERNAME
+
+User name used for authenticating at the Sonatype OSS repo. Same as the Password used to log in
+at https://issues.sonatype.org
+
+## OSSRH_JIRA_PASSWORD
+
+Password used for authenticating at the Sonatype OSS repo.

.github/sign_and_deploy.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+KEY_FILE='daniel.flassak.open.source.private.key'
+
+echo $GPG_KEY_BASE64 | base64 -d  > ${KEY_FILE}
+gpg --passphrase "${GPG_PASSPHRASE}" --batch --yes --fast-import ${KEY_FILE}
+
+if [[ "${REF_TYPE}" == "tag" ]]; then
+    # 'install' cannot be used in addition to 'deploy', because that makes the signatures invalid by re-creating jars
+    # after they have been signed.
+    #
+    # So we can **only** call the 'deploy' target here, which is why 'source:jar' and 'javadoc:jar' are called
+    # explicitly before 'deploy' so that their artifacts are signed, too.
+    #
+    # '-P sign' is used here instead of 'gpg:sign', because 'gpg:sign' seemingly has the same effect as 'install'
+    # (invalid signatures to to re-created jars)
+    #
+    # There may be an easier way to sign and deploy all the artifacts (sources, javadoc, binaries and pom), but after
+    # four hours of debugging this, I'm satisfied that it works at all.
+    mvn --batch-mode -DskipTests=true -Dproject.version=${REF_NAME} -P sign clean source:jar javadoc:jar deploy
+    SUCCESS=$?
+else
+    echo "this should only be run for tags"
+    SUCCESS=1
+fi
+
+# just to be safe, although this deleting these should not be necessary
+rm ${KEY_FILE}
+rm -rf ~/.gnupg
+
+exit ${SUCCESS}

.github/workflows/build-and-deploy.yml

@@ -0,0 +1,25 @@
+name: Build and deploy to Sonatype OSS repo
+
+on:
+  push:
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+'
+      - '[0-9]+.[0-9]+.[0-9]+-SNAPSHOT'
+
+jobs:
+  build:
+    uses: ./.github/workflows/run-with-maven.yml
+    with:
+      COMMAND: mvn --batch-mode -Dmaven.compiler.showDeprecation=true -Dmaven.compiler.showWarnings=true clean verify
+  deploy:
+    needs: build
+    uses: ./.github/workflows/run-with-maven.yml
+    with:
+      ENVIRONMENT: sonatype-oss
+      COMMAND: ./.github/sign_and_deploy.sh
+    secrets:
+      GPG_KEYNAME: ${{ secrets.GPG_KEYNAME }}
+      GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+      GPG_KEY_BASE64: ${{ secrets.GPG_KEY_BASE64 }}
+      OSSRH_JIRA_PASSWORD: ${{ secrets.OSSRH_JIRA_PASSWORD }}
+      OSSRH_JIRA_USERNAME: ${{ secrets.OSSRH_JIRA_USERNAME}}

.github/workflows/build.yml

@@ -0,0 +1,11 @@
+name: Build
+
+on:
+  push:
+
+jobs:
+  build:
+    uses: ./.github/workflows/run-with-maven.yml
+    with:
+      COMMAND: >
+        mvn --batch-mode -Dmaven.compiler.showDeprecation=true -Dmaven.compiler.showWarnings=true -Dproject.version=0.0.0-SNAPSHOT clean install

.github/workflows/run-with-maven.yml

@@ -0,0 +1,61 @@
+name: Java CI with Maven
+
+on:
+  workflow_call:
+    inputs:
+      COMMAND:
+        description: command to execute in mvn context
+        type: string
+        required: true
+      ENVIRONMENT:
+        type: string
+        required: false
+    secrets:
+      GPG_KEYNAME:
+        required: false
+      GPG_PASSPHRASE:
+        required: false
+      GPG_KEY_BASE64:
+        required: false
+      OSSRH_JIRA_PASSWORD:
+        required: false
+      OSSRH_JIRA_USERNAME:
+        required: false
+
+jobs:
+  run-with-maven:
+    runs-on: ubuntu-latest
+
+    environment: ${{ inputs.ENVIRONMENT }}
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Cache local Maven repository
+        uses: actions/cache@v2
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+
+      - name: Set up JDK 8
+        uses: actions/setup-java@v2
+        with:
+          java-version: '8'
+          distribution: 'adopt'
+          cache: maven
+
+      - name: Run with mvn context
+        env:
+          GPG_KEYNAME: ${{ secrets.GPG_KEYNAME }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+          GPG_KEY_BASE64: ${{ secrets.GPG_KEY_BASE64 }}
+          OSSRH_JIRA_PASSWORD: ${{ secrets.OSSRH_JIRA_PASSWORD }}
+          OSSRH_JIRA_USERNAME: ${{ secrets.OSSRH_JIRA_USERNAME}}
+          COMMAND: ${{ inputs.COMMAND }}
+          REF_TYPE: ${{ github.ref_type }}
+          REF_NAME: ${{ github.ref_name }}
+
+        run:
+          cp .github/mvnsettings.xml ~/.m2/settings.xml && eval "${COMMAND}"

checkstyle.xml

@@ -126,7 +126,7 @@
         <module name="MethodParamPad"/>
         <module name="ParenPad"/>
         <module name="OperatorWrap">
-            <property name="option" value="NL"/>
+            <property name="option" value="EOL"/>
             <property name="tokens"
                       value="BAND, BOR, BSR, BXOR, DIV, EQUAL, GE, GT, LAND, LE, LITERAL_INSTANCEOF, LOR, LT, MINUS, MOD, NOT_EQUAL, PLUS, QUESTION, SL, SR, STAR, METHOD_REF "/>
         </module>
@@ -210,6 +210,7 @@
         <module name="SimplifyBooleanReturn"/>
         <module name="StringLiteralEquality"/>
         <module name="FinalClass"/>
+        <module name="HideUtilityClassConstructor"/>
         <module name="CyclomaticComplexity">
             <property name="switchBlockAsSingleDecisionPoint" value="true"/>
         </module>

pom.xml

@@ -5,7 +5,7 @@
 
     <groupId>de.dm.infrastructure</groupId>
     <artifactId>structured-logging</artifactId>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>${project.version}</version>
 
     <name>structured-logging</name>
     <description>Structured logging and log testing</description>
@@ -29,6 +29,8 @@
     </developers>
 
     <properties>
+        <project.version>2.0.2-SNAPSHOT</project.version>
+
         <java.version>1.8</java.version>
         <encoding>UTF-8</encoding>
         <logstash-logback-encoder.version>7.2</logstash-logback-encoder.version>
@@ -41,15 +43,15 @@
         <assertj.version>3.17.2</assertj.version>
         <mockito.version>3.5.13</mockito.version>
         <log-capture.version>3.5.0</log-capture.version>
-        <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
-        <maven-javadoc-plugin.version>3.2.0</maven-javadoc-plugin.version>
+        <maven-compiler-plugin.version>3.10.1</maven-compiler-plugin.version>
+        <maven-javadoc-plugin.version>3.3.2</maven-javadoc-plugin.version>
         <maven-source-plugin.version>3.2.1</maven-source-plugin.version>
         <maven-checkstyle-plugin.version>3.1.1</maven-checkstyle-plugin.version>
         <maven-surefire-plugin.version>2.22.2</maven-surefire-plugin.version>
         <maven-release-plugin.version>2.5.3</maven-release-plugin.version>
-        <maven-gpg-plugin.version>1.6</maven-gpg-plugin.version>
-        <nexus-staging-maven-plugin.version>${maven-gpg-plugin.version}.8</nexus-staging-maven-plugin.version>
-        <checkstyle.version>8.36.2</checkstyle.version>
+        <maven-gpg-plugin.version>3.0.1</maven-gpg-plugin.version>
+        <nexus-staging-maven-plugin.version>1.6.8</nexus-staging-maven-plugin.version>
+        <checkstyle.version>8.45.1</checkstyle.version>
     </properties>
 
     <dependencies>
@@ -239,14 +241,6 @@
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-source-plugin</artifactId>
                         <version>${maven-source-plugin.version}</version>
-                        <executions>
-                            <execution>
-                                <id>attach-sources</id>
-                                <goals>
-                                    <goal>jar-no-fork</goal>
-                                </goals>
-                            </execution>
-                        </executions>
                     </plugin>
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
@@ -256,7 +250,8 @@
                             <source>${java.version}</source>
                             <encoding>${encoding}</encoding>
                         </configuration>
-                        <executions>
+                        <executions><!-- not actually for needed for deployment (called explicitly in sign_and_deploy.sh)
+                         - but it's nice to get javadoc warnings/errors on plain 'mvn clean verify' -->
                             <execution>
                                 <id>attach-javadocs</id>
                                 <goals>