diff --git a/github/GitHub-Action-Modell.excalidraw b/GitHub-Action-Modell.excalidraw similarity index 100% rename from github/GitHub-Action-Modell.excalidraw rename to GitHub-Action-Modell.excalidraw diff --git a/github/actions/add-helm-repositories/action.yml b/github/actions/add-helm-repositories/action.yml deleted file mode 100644 index 3b738c3..0000000 --- a/github/actions/add-helm-repositories/action.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: 'Setup Helm repositories' -description: 'Sets up Helm repositories' -inputs: - username: - description: 'The username for accessing Helm repositories' - password: - description: 'The password for accessing Helm repositories' - force-update: - description: 'Whether to force update the repositories' - required: false - default: 'true' - repositories: - description: 'A JSON list of Helm repository objects with `name` and `url` keys.' - required: false - default: | - [ - { - "name": "inventage-portal-helm", - "url": "https://nexus3.inventage.com/repository/inventage-portal-helm/" - }, - { - "name": "inventage-portal-helm-staging", - "url": "https://nexus3.inventage.com/repository/inventage-portal-helm-staging/" - } - ] - -runs: - using: 'composite' - steps: - - name: Add Helm repositories - shell: bash - if: ${{ inputs.repositories != '[]' }} - run: | - echo '${{ inputs.repositories }}' | jq -c '.[]' | while IFS= read -r repo_json; do - repo_name=$(echo "$repo_json" | jq -r .name) - repo_url=$(echo "$repo_json" | jq -r .url) - - # Build the helm command with conditional --force-update flag - helm_cmd="helm repo add \"$repo_name\" \"$repo_url\" --username \"${{ inputs.username }}\" --password \"${{ inputs.password }}\"" - if [[ "${{ inputs.force-update }}" == "true" ]]; then - helm_cmd="$helm_cmd --force-update" - fi - - eval "$helm_cmd" - done diff --git a/github/actions/disable-man-db-triggers/action.yml b/github/actions/disable-man-db-triggers/action.yml deleted file mode 100644 index 7d1cf0d..0000000 --- a/github/actions/disable-man-db-triggers/action.yml +++ /dev/null @@ -1,12 +0,0 @@ -# @see https://github.com/actions/runner-images/issues/10977#issuecomment-2681219742 -name: Disable man-db triggers -description: Disables man-db triggers on Linux runners to optimize GitHub Actions -runs: - using: composite - steps: - - name: Disable man-db triggers on Linux - if: runner.os == 'Linux' - run: | - echo 'set man-db/auto-update false' | sudo debconf-communicate >/dev/null - sudo dpkg-reconfigure man-db - shell: bash diff --git a/github/actions/ensure-no-uncommitted-code/action.yml b/github/actions/ensure-no-uncommitted-code/action.yml deleted file mode 100644 index 67054d0..0000000 --- a/github/actions/ensure-no-uncommitted-code/action.yml +++ /dev/null @@ -1,9 +0,0 @@ -name: Check uncommitted code -description: Checks if there is uncommitted code in the working directory - -runs: - using: composite - steps: - - name: Check uncommitted code - shell: bash - run: ${{ github.action_path }}/check_clean_working_directory.sh diff --git a/github/actions/ensure-no-uncommitted-code/check_clean_working_directory.sh b/github/actions/ensure-no-uncommitted-code/check_clean_working_directory.sh deleted file mode 100755 index f4535e5..0000000 --- a/github/actions/ensure-no-uncommitted-code/check_clean_working_directory.sh +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/bin/env bash -# -# check_clean_working_directory.sh -# -# This script checks for uncommitted changes in a git repository, -# specifically looking for uncommitted generated code. It allows -# for certain file patterns (like pom.xml) to be excluded from the check. -# -# Usage: -# ./check_clean_working_directory.sh -# -# Environment Variables: -# EXCLUDED_PATTERNS - Optional. Colon-separated list of regex patterns -# for files to exclude from checks. -# Example: ".*pom\.xml$:.*\.properties$" -# -# Exit Codes: -# 0 - No uncommitted changes found (or only in excluded files) -# 1 - Uncommitted changes found in non-excluded files -# -set -EeuCo pipefail - -# Ensures the working directory is clean - -# Default patterns to exclude (if not set via environment variable) -DEFAULT_EXCLUDED_PATTERNS=( - ".*pom\.xml$" - ".*\.npmrc$" - # ".*\.properties$" - # ".*\.lock$" - # ".*package-lock\.json$" -) - -# Check if EXCLUDED_PATTERNS is set as an environment variable -if [[ -n "${EXCLUDED_PATTERNS:-}" ]]; then - # Convert environment variable string to array (expecting colon-separated values) - IFS=':' read -ra EXCLUDED_PATTERNS_ARRAY <<< "$EXCLUDED_PATTERNS" - echo "Using excluded patterns from environment: ${EXCLUDED_PATTERNS_ARRAY[*]}" -else - # Use default patterns if environment variable is not set - EXCLUDED_PATTERNS_ARRAY=("${DEFAULT_EXCLUDED_PATTERNS[@]}") - echo "Using default excluded patterns: ${EXCLUDED_PATTERNS_ARRAY[*]}" -fi - -# Join patterns with | to create a single regex pattern -EXCLUDED_REGEX=$(IFS="|"; echo "(${EXCLUDED_PATTERNS_ARRAY[*]})") - -git_status_output=$(git status --porcelain --untracked-files=no) - -# Check if git status returned anything -if [[ -z "$git_status_output" ]]; then - echo "No changes detected by git status." - exit 0 -fi - -while IFS= read -r line; do - # Skip empty lines - if [[ -z "$line" ]]; then - continue - fi - - echo "$line" - # Extract the file path - handle different status output formats - file=$(echo "$line" | awk '{print $NF}') - - # Ensure file path is not empty - if [[ -z "$file" ]]; then - echo "Warning: Could not extract file path from status line: '$line'" - continue - fi - - if [[ "$file" =~ $EXCLUDED_REGEX ]]; then - echo "Skipping diff check for excluded file: $file" - continue # Skip processing and diff for excluded files - fi - - # Check if the file exists before trying to get diff - if [[ ! -f "$file" ]]; then - echo "Warning: File '$file' does not exist or is not a regular file. Skipping diff." - continue - fi - - git_diff_output=$(git diff --ignore-space-at-eol --ignore-space-change -- "$file") - if [[ -n "$git_diff_output" ]]; then - echo "$git_diff_output" - echo "ERROR: You have uncommitted generated code in $file!" >&2 - exit 1 - fi -done <<< "$git_status_output" - -exit 0 diff --git a/github/actions/parse-version/action.yml b/github/actions/parse-version/action.yml deleted file mode 100644 index cfb789f..0000000 --- a/github/actions/parse-version/action.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: Parse Version -description: Parses a version string against the format semver-date-build_number-git_short_sha - -inputs: - version: - description: 'Version string to parse (e.g., 9.5.0-202504221620-1321-d65d211b)' - required: true - -outputs: - sem_ver: - description: the semantic version in the version string - value: ${{ steps.version.outputs.SEM_VER }} - build_date: - description: the build date in the version string - value: ${{ steps.version.outputs.BUILD_DATE }} - run_id: - description: the run id in the version string - value: ${{ steps.version.outputs.RUN_ID }} - commit_sha: - description: the commit sha in the version string - value: ${{ steps.version.outputs.COMMIT_SHA }} - major: - description: the major version in the version string - value: ${{ steps.semver.outputs.MAJOR }} - minor: - description: The minor version in the version string - value: ${{ steps.semver.outputs.MINOR }} - patch: - description: The patch version in the version string - value: ${{ steps.semver.outputs.PATCH }} - -runs: - using: composite - steps: - - name: Parse version - id: version - shell: bash - run: | - IFS=- read SEM_VER BUILD_DATE RUN_ID COMMIT_SHA <<< "${{ inputs.version }}" - - cat >> $GITHUB_OUTPUT <> $GITHUB_OUTPUT </dev/null 2>&1 -} - -# Function to initialize Maven command -function init_maven_command() { - local mvnw_found=false - local mvn_found=false - - # First, try to find the repository root and mvnw - REPO_ROOT=$(git rev-parse --show-toplevel 2>/dev/null) - git_exit_code=$? - - if [[ $git_exit_code -eq 0 && -n "${REPO_ROOT}" ]]; then - # We're in a git repository - readonly MVNW_PATH="${REPO_ROOT}/mvnw" - - if [[ -f "${MVNW_PATH}" && -x "${MVNW_PATH}" ]]; then - mvnw_found=true - print_info "Found Maven wrapper at: ${MVNW_PATH}" - fi - else - print_error "Error: Could not determine repository root. Ensure the script is run in a Git repository." - exit 1 - fi - - # Change to the repository root to ensure consistent path resolution - cd "${REPO_ROOT}" - - # Check for globally installed mvn - if command_exists mvn; then - mvn_found=true - print_info "Found globally installed Maven: $(which mvn)" - fi - - # Decide which Maven command to use based on preference and availability - if [[ "${mvnw_found}" == true ]]; then - MVN_CMD="${MVNW_PATH}" - print_success "Using Maven wrapper from repository" - elif [[ "${mvn_found}" == true ]]; then - MVN_CMD="mvn" - print_success "Using globally installed Maven" - else - print_error "Error: Neither maven wrapper (mvnw) nor globally installed maven (mvn) found!" - print_error "Please ensure either:" - print_error " 1. You're in a Git repository with mvnw in the root, or" - print_error " 2. Maven is installed globally and available in PATH" - exit 1 - fi - - # Check for custom Maven settings file - if [[ -n "${MAVEN_SETTINGS_PATH}" ]]; then - # Resolve relative paths against REPO_ROOT - if [[ "${MAVEN_SETTINGS_PATH}" != /* ]]; then - MAVEN_SETTINGS_PATH="${REPO_ROOT}/${MAVEN_SETTINGS_PATH}" - fi - print_info "Resolved MAVEN_SETTINGS_PATH: ${MAVEN_SETTINGS_PATH}" - if [[ -f "${MAVEN_SETTINGS_PATH}" ]]; then - MVN_SETTINGS="--settings ${MAVEN_SETTINGS_PATH}" - print_success "Using custom Maven settings file: ${MAVEN_SETTINGS_PATH}" - else - print_error "Error: Specified Maven settings file '${MAVEN_SETTINGS_PATH}' not found!" - exit 1 - fi - fi -} - -# Updates all parent version in pom.xml files. -function updateParentVersions() { - local version="$1" - - # shellcheck disable=SC2086 - "${MVN_CMD}" ${MVN_SETTINGS} -B -q build-helper:parse-version versions:set \ - -DnewVersion="${version}" \ - -DprocessFromLocalAggregationRoot=true \ - -DprocessParent=true \ - -DgenerateBackupPoms=false \ - -DprocessProject=true -} - -# Prints the project version of the maven module in the current directory. -function getModuleVersion() { - # shellcheck disable=SC2086 - "${MVN_CMD}" ${MVN_SETTINGS} -B help:evaluate -Dexpression=project.version -q -DforceStdout -} - -# Updates the version of a single module, this does not use the global version, only its suffix (build metadata) -function updateSingleModule() { - # shellcheck disable=SC2086 - "${MVN_CMD}" ${MVN_SETTINGS} -B build-helper:parse-version versions:set \ - -DnewVersion="\${parsedVersion.majorVersion}.\${parsedVersion.minorVersion}.\${parsedVersion.incrementalVersion}-${suffix}" \ - -DgenerateBackupPoms=false \ - -DprocessProject=true \ - -DprocessParent=false -} - -function getModules() { - sed -n '/^ */s/^ *\(.*\)<\/module>/\1/p' pom.xml -} - -function updateModule() { - local moduleVersion - - moduleVersion=$(getModuleVersion) - - if [[ "${moduleVersion}" != "${PROJECT_VERSION}" ]]; then - print_info "Module version (=${moduleVersion}) is different than project version (=${PROJECT_VERSION})" - updateSingleModule - else - print_info "Module has same version as project/parent - skipping version update" - fi - - subModules=() - while IFS='' read -r line; do subModules+=("$line"); done < <(getModules) - - if [[ "${#subModules[@]}" -gt 0 ]]; then - print_info "Module has submodules:" - printf '\t%s\n' "${subModules[@]}" - - for subModule in "${subModules[@]}"; do - print_info "Inspecting sub module '${subModule}'" - - pushd "${subModule}" - updateModule - popd - done - else - print_info "Module has no submodules" - fi -} - -function printUsage { - cat <.*SNAPSHOT<\/version>/ {gsub(/.*|<\/version>.*/, ""); print; exit}' pom.xml) - - # Validate version - if [[ -z "$VERSION" ]]; then - echo "Error: Version is empty" >&2 - exit 1 - fi - - # Version without -SNAPSHOT - SEMVER=$(echo "$VERSION" | sed 's/-SNAPSHOT$//') - - # Get current date and time in YYYYMMDDHHMM format - BUILD_DATE=$(date +%Y%m%d%H%M) - - # Full sha - FULL_SHA="${{ github.sha }}" - - # Git sha short - SHORT_SHA=$(echo "$FULL_SHA" | cut -c 1-7) - - # Construct VERSION_SUFFIX: date-buildNumber-shortSha - VERSION_SUFFIX="${BUILD_DATE}-${{ github.run_number }}-${SHORT_SHA}" - - # Construct RC_VERSION - RC_VERSION="${SEMVER}-${VERSION_SUFFIX}" - - # Read other attributes from pom.xml - GROUP_ID=$(awk '// {gsub(/.*|<\/groupId>.*/, ""); print; exit}' pom.xml) - - # Save outputs - echo "REACTOR_VERSION=$VERSION" >> $GITHUB_OUTPUT - echo "SEMVER=$SEMVER" >> $GITHUB_OUTPUT - echo "VERSION_SUFFIX=$VERSION_SUFFIX" >> $GITHUB_OUTPUT - echo "RC_VERSION=$RC_VERSION" >> $GITHUB_OUTPUT - echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_OUTPUT - echo "FULL_SHA=$FULL_SHA" >> $GITHUB_OUTPUT - echo "GROUP_ID=$GROUP_ID" >> $GITHUB_OUTPUT - - - name: Summary - shell: bash - run: | - echo "## Setup Maven Build Variables (Action)" >> $GITHUB_STEP_SUMMARY - echo "### Outputs" >> $GITHUB_STEP_SUMMARY - echo "- **REACTOR_VERSION**: \`${{ steps.vars.outputs.REACTOR_VERSION }}\`" >> $GITHUB_STEP_SUMMARY - echo "- **SEMVER**: \`${{ steps.vars.outputs.SEMVER }}\`" >> $GITHUB_STEP_SUMMARY - echo "- **VERSION_SUFFIX**: \`${{ steps.vars.outputs.VERSION_SUFFIX }}\`" >> $GITHUB_STEP_SUMMARY - echo "- **RC_VERSION**: \`${{ steps.vars.outputs.RC_VERSION }}\`" >> $GITHUB_STEP_SUMMARY - echo "- **SHORT_SHA**: \`${{ steps.vars.outputs.SHORT_SHA }}\`" >> $GITHUB_STEP_SUMMARY - echo "- **FULL_SHA**: \`${{ steps.vars.outputs.FULL_SHA }}\`" >> $GITHUB_STEP_SUMMARY - echo "- **GROUP_ID**: \`${{ steps.vars.outputs.GROUP_ID }}\`" >> $GITHUB_STEP_SUMMARY diff --git a/github/actions/setup-npm-nexus-access/action.yml b/github/actions/setup-npm-nexus-access/action.yml deleted file mode 100644 index 5bd1bd0..0000000 --- a/github/actions/setup-npm-nexus-access/action.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: 'Setup NPM Nexus Access' -description: 'Sets an access token for a NPM repository on Nexus' - -inputs: - token: - description: 'The NPM token to setup' - repository: - description: 'The Nexus repository to use' - nexus-url: - description: 'The Nexus base URL' - required: true - default: 'nexus3.inventage.com' - auth-file: - description: 'The target .npmrc file where authentication will be saved. Defaults to ~/.npmrc' - required: true - default: '${{ github.workspace }}/.npmrc' - -runs: - using: 'composite' - steps: - - name: Add Nexus NPM credentials - shell: bash - run: | - if [ -z "${NPM_TOKEN}" ]; then - echo "NPM token not set — skipping Nexus NPM setup." - exit 0 - fi - cat << EOF >> '${{ inputs.auth-file }}' - //$NEXUS_URL/repository/$NPM_REPOSITORY/:_authToken=$NPM_TOKEN - EOF - cat '${{ inputs.auth-file }}' - env: - NPM_TOKEN: ${{ inputs.token }} - NPM_REPOSITORY: ${{ inputs.repository }} - NEXUS_URL: ${{ inputs.nexus-url }} diff --git a/github/actions/validate-version/action.yml b/github/actions/validate-version/action.yml deleted file mode 100644 index d8ea7b5..0000000 --- a/github/actions/validate-version/action.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Validate Version -description: Validates a version string against the format semver-date-build_number-git_short_sha -inputs: - version: - description: 'Version string to validate (e.g., 9.5.0-202504221620-1321-d65d211b)' - required: true - -runs: - using: composite - steps: - # Validate version format using inline Bash logic - - name: Validate version format - shell: bash - env: - VERSION: ${{ inputs.version }} - run: | - REGEX="^[0-9]+\.[0-9]+\.[0-9]+-[0-9]{12,14}-[0-9]+-[0-9a-f]{7,8}$" - if [[ ! $VERSION =~ $REGEX ]]; then - echo "Error: Version '$VERSION' does not match the expected format 'semver-date-build_number-git_short_sha' (e.g., 9.5.0-202504221620-1321-d65d211b)" - exit 1 - else - echo "Version '$VERSION' is valid" - fi diff --git a/github/workflows/build-pipeline.yml b/github/workflows/build-pipeline.yml deleted file mode 100644 index 7f7daef..0000000 --- a/github/workflows/build-pipeline.yml +++ /dev/null @@ -1,117 +0,0 @@ -name: Common Build Pipeline -run-name: 'Main build workflow #${{ github.run_number }} triggered by ${{ github.actor }} on ${{ github.ref }}' - -on: - workflow_call: - inputs: - # === Required === - component_name: - description: 'Component name for deployment and archetype' - required: true - type: string - - # === Deployment Options === - deploy_to_dev: - description: 'Deploy to development environment' - required: false - type: boolean - default: true - deploy_branch: - description: 'Branch to use in deployment repository' - required: false - type: string - default: 'main' - - # === Archetype Options === - update_archetype: - description: 'Whether to update the uniport archetype' - required: false - type: boolean - default: true - - # === Tagging Options === - tag_docker: - description: 'Tag Docker artifacts in Nexus' - required: false - type: boolean - default: true - tag_maven: - description: 'Tag Maven artifacts in Nexus' - required: false - type: boolean - default: true - tag_npm: - description: 'Tag NPM artifacts in Nexus' - required: false - type: boolean - default: false - tag_helm: - description: 'Tag Helm artifacts in Nexus' - required: false - type: boolean - default: false - secrets: - NEXUS3_PW: - required: true - NEXUS_NPM_TOKEN_READ_ONLY: - required: true - MACDUFF_KEYCHAIN_PASSWORD: - required: true - UNIPORT_APP_PRIVATE_KEY: - required: true - NEXUS_NPM_TOKEN_WRITE: - required: false - -# Prevent running builds for the same branch in parallel -# New workflows will cancel existing workflows -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - maven: - name: Maven Build - uses: uniport/workflows/github/workflows/maven-build.yml@main - secrets: - NEXUS3_PW: ${{ secrets.NEXUS3_PW }} - NEXUS_NPM_TOKEN_READ_ONLY: ${{ secrets.NEXUS_NPM_TOKEN_READ_ONLY }} - MACDUFF_KEYCHAIN_PASSWORD: ${{ secrets.MACDUFF_KEYCHAIN_PASSWORD }} - NEXUS_NPM_TOKEN_WRITE: ${{ secrets.NEXUS_NPM_TOKEN_WRITE }} - - deploy: - name: Deploy to Development - if: ${{ github.event_name == 'push' || github.event_name == 'schedule' || inputs.deploy_to_dev }} - needs: [maven] - uses: uniport/workflows/github/workflows/deploy-dev.yml@main - with: - version: ${{ needs.maven.outputs.VERSION }} - component_name: ${{ inputs.component_name }} - branch: ${{ inputs.deploy_branch }} - secrets: - UNIPORT_APP_PRIVATE_KEY: ${{ secrets.UNIPORT_APP_PRIVATE_KEY }} - - archetype: - name: Update Archetype - if: ${{ github.event_name == 'push' || github.event_name == 'schedule' || inputs.update_archetype }} - needs: [maven] - uses: uniport/workflows/github/workflows/update-archetype.yml@main - with: - version: ${{ needs.maven.outputs.VERSION }} - component_name: ${{ inputs.component_name }} - secrets: - UNIPORT_APP_PRIVATE_KEY: ${{ secrets.UNIPORT_APP_PRIVATE_KEY }} - - tag: - name: Tag Nexus Artifacts - if: ${{ inputs.tag_docker || inputs.tag_maven || inputs.tag_npm || inputs.tag_helm}} - needs: [maven] - uses: uniport/workflows/github/workflows/tag-nexus-artifacts.yml@main - with: - version: ${{ needs.maven.outputs.VERSION }} - group_id: ${{ needs.maven.outputs.GROUP_ID }} - tag_docker: ${{ inputs.tag_docker }} - tag_maven: ${{ inputs.tag_maven }} - tag_npm: ${{ inputs.tag_npm }} - tag_helm: ${{ inputs.tag_helm }} - secrets: - NEXUS3_PW: ${{ secrets.NEXUS3_PW }} diff --git a/github/workflows/deploy-dev.yml b/github/workflows/deploy-dev.yml deleted file mode 100644 index 1abf11f..0000000 --- a/github/workflows/deploy-dev.yml +++ /dev/null @@ -1,90 +0,0 @@ -# Workflow for deploying a component version to the DEV environment -name: Deploy DEV -run-name: 'DEV deployment #${{ github.run_number }} triggered by ${{ github.actor }} on ${{ github.ref }}' - -on: - workflow_call: - secrets: - UNIPORT_APP_PRIVATE_KEY: - required: true - inputs: - version: - description: 'The version string' - required: true - type: string - component_name: - description: 'Portal component name to update its version in the deployment repository' - required: true - type: string - branch: - description: 'The branch to use in the deployment repository' - type: string - default: 'main' - workflow_dispatch: - inputs: - version: - description: 'The version string' - required: true - type: string - component_name: - description: 'Portal component name to update its version in the deployment repository' - required: true - type: string - branch: - description: 'The branch to use in the deployment repository' - required: true - type: choice - options: - - main - default: 'main' - -jobs: - deploy: - name: Deploy - runs-on: ubuntu-latest - environment: - name: development - url: https://ips.inventage.dev/ - - steps: - - name: Validate version format - uses: uniport/workflows/github/actions/validate-version@main - with: - version: ${{ inputs.version }} - - # Generate a token for the Uniport GitHub App - - name: Generate GitHub App Token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3 - id: app-token - with: - app-id: ${{ vars.UNIPORT_APP_ID }} - private-key: ${{ secrets.UNIPORT_APP_PRIVATE_KEY }} - owner: ${{ github.repository_owner }} - repositories: | - uniport-deployment - - - name: Checkout deployment repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - with: - repository: uniport/uniport-deployment - token: ${{ steps.app-token.outputs.token }} - ref: main - path: deployment-repo - - - name: Configure Git user - run: | - cd deployment-repo - git config user.name "${{ github.actor }}" - git config user.email "${{ github.actor }}@users.noreply.github.com" - - - name: Configure deployment - run: | - cd deployment-repo - ./updateVersion.sh "${{ inputs.component_name }}" "${{ inputs.version }}" - git push origin ${{ inputs.branch }} - - - name: Summary - run: | - echo "## Deploy DEV Details" >> $GITHUB_STEP_SUMMARY - echo "- **version**: \`${{ inputs.version }}\`" >> $GITHUB_STEP_SUMMARY - echo "- **branch**: \`${{ inputs.branch }}\`" >> $GITHUB_STEP_SUMMARY diff --git a/github/workflows/maven-build.yml b/github/workflows/maven-build.yml deleted file mode 100644 index 6d68d22..0000000 --- a/github/workflows/maven-build.yml +++ /dev/null @@ -1,154 +0,0 @@ -name: maven.yml -run-name: 'Maven build workflow #${{ github.run_number }} triggered by ${{ github.actor }} on ${{ github.ref }}' - -on: - workflow_dispatch: - workflow_call: - inputs: - has_frontend: - description: 'Boolean if the module has a frontend' - required: true - type: boolean - secrets: - NEXUS3_PW: - required: true - NEXUS_NPM_TOKEN_READ_ONLY: - required: true - MACDUFF_KEYCHAIN_PASSWORD: - required: true - NEXUS_NPM_TOKEN_WRITE: - required: false - outputs: - VERSION: - description: 'Build version' - value: ${{ jobs.maven.outputs.VERSION }} - GROUP_ID: - description: 'The maven groupId attribute' - value: ${{ jobs.maven.outputs.GROUP_ID }} - run_id: - description: 'The run-id of the job that uploaded the build artifact' - value: ${{ github.run_id }} - branch_name_slug: - description: 'The slug of the current branch' - value: ${{ jobs.maven.outputs.branch_name_slug }} - -env: - DOCKER_CONFIG_DIRECTORY: '${{ github.workspace }}/.docker' - -jobs: - maven: - name: Deploy - runs-on: macduff - timeout-minutes: 60 - env: - CI_AUTH_USR: ${{ vars.NEXUS3_USER }} - CI_AUTH_PSW: ${{ secrets.NEXUS3_PW }} - HELM_REGISTRY_CONFIG: '~/.docker/config.json' - outputs: - VERSION: ${{ steps.vars.outputs.RC_VERSION }} - GROUP_ID: ${{ steps.vars.outputs.GROUP_ID }} - branch_name_slug: ${{ steps.slug.outputs.branch-name-slug }} - - steps: - - name: Checkout Repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - with: - # Need to fetch everything, otherwise "spotless-maven-plugin" fails because we reference origin/master branch in the configuration - fetch-depth: 0 - - - name: Setup Variables - id: vars - uses: ./github/actions/setup-maven-build-variables@main - - - uses: gacts/github-slug@v1 - id: slug - - - name: Disable man-db triggers - uses: ./github/actions/disable-man-db-triggers@main - - - name: Setup Java - uses: ./github/actions/setup-java@main - with: - architecture: ${{ contains(runner.name, 'macduff') && 'aarch64' || '' }} - cache-maven: ${{ !contains(runner.name, 'macduff') }} - java-version: 17 - - - name: Unlock keychain - if: ${{ contains(runner.name, 'macduff') }} - run: | - security unlock-keychain -p "${{ secrets.MACDUFF_KEYCHAIN_PASSWORD }}" - - - name: Setup Helm - uses: ./github/actions/add-helm-repositories@main - with: - username: ${{ env.CI_AUTH_USR }} - password: ${{ env.CI_AUTH_PSW }} - - - name: Login to Nexus Docker Registry - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 - with: - registry: uniportcr.artifacts.inventage.com - username: ${{ env.CI_AUTH_USR }} - password: ${{ env.CI_AUTH_PSW }} - logout: ${{ !contains(runner.name, 'macduff') }} - - - name: Setup NPM Access - uses: ./github/actions/setup-npm-nexus-access@main - with: - token: ${{ secrets.NEXUS_NPM_TOKEN_READ_ONLY }} - repository: inventage-portal-npm-group - auth-file: frontend/src/main/web/.npmrc - - - name: Setup NPM Access (staging) - if: ${{ secrets.NEXUS_NPM_TOKEN_WRITE != '' }} - uses: ./github/actions/setup-npm-nexus-access@main - with: - token: ${{ secrets.NEXUS_NPM_TOKEN_WRITE }} - repository: inventage-portal-npm-staging - auth-file: frontend/src/main/web/.npmrc - - - name: Set version - uses: ./github/actions/set-maven-project-version@main - with: - version: ${{ steps.vars.outputs.RC_VERSION }} - settings-file: .github/settings.xml - script: true - - - name: Copy .docker directory - run: | - cp -Rpf ~/.docker ${{ env.DOCKER_CONFIG_DIRECTORY }} - - - name: Maven build - run: | - mvn -B -V --no-transfer-progress --update-snapshots --settings .github/settings.xml -DmultiArchBuild=true deploy -Ddocker.dockerStateDir=${{ env.DOCKER_CONFIG_DIRECTORY }} - env: - PACKAGE_VERSION: ${{ steps.vars.outputs.RC_VERSION }} - - # Needs to run after the build, otherwise some dependencies are missing for maven… ¯\_(ツ)_/¯ - - name: Checkstyle - run: | - mvn -B -V --no-transfer-progress --settings .github/settings.xml initialize checkstyle:check - - # Needs to run after the build, otherwise some dependencies are missing for maven… ¯\_(ツ)_/¯ - - name: Spotbugs - run: | - mvn -B -V --no-transfer-progress --settings .github/settings.xml initialize spotbugs:check - - - name: Check uncommitted code - uses: ./github/actions/ensure-no-uncommitted-code@main - - - name: Frontend Test Coverage - if: ${{ inputs.has_frontend }} - uses: livewing/lcov-job-summary@v1.2.0 - with: - lcov: frontend/src/main/web/coverage/lcov.info - - - name: Summary - run: | - cat >> $GITHUB_STEP_SUMMARY <- if not provided)' - type: string - required: false - tag_maven: - description: 'Enable or disable tagging of maven artifacts' - type: boolean - required: false - default: false - tag_docker: - description: 'Enable or disable tagging of Docker artifacts' - type: boolean - required: false - default: false - tag_helm: - description: 'Enable or disable tagging of Helm artifacts' - type: boolean - required: false - default: false - tag_npm: - description: 'Enable or disable tagging of NPM artifacts' - type: boolean - required: false - default: false - workflow_dispatch: - inputs: - version: - description: 'The version to create a tag and associate components for' - type: string - required: true - group_id: - description: 'The group ID attribute' - type: string - required: true - tag_name: - description: 'The tag name to create (defaults to - if not provided)' - type: string - required: false - tag_maven: - description: 'Enable or disable tagging of Maven artifacts' - type: boolean - required: false - default: false - tag_docker: - description: 'Enable or disable tagging of Docker artifacts' - type: boolean - required: false - default: false - tag_helm: - description: 'Enable or disable tagging of Helm artifacts' - type: boolean - required: false - default: false - tag_npm: - description: 'Enable or disable tagging of NPM artifacts' - type: boolean - required: false - default: false - -env: - TAG_NAME_SUFFIX_HELM: ${{ vars.TAG_NAME_SUFFIX_HELM || '_helm' }} - TAG_NAME_SUFFIX_DOCKER: ${{ vars.TAG_NAME_SUFFIX_DOCKER || '_docker' }} - TAG_NAME_SUFFIX_MAVEN: ${{ vars.TAG_NAME_SUFFIX_MAVEN || '_maven' }} - TAG_NAME_SUFFIX_NPM: ${{ vars.TAG_NAME_SUFFIX_NPM || '_npm' }} - STAGING_REPO_HELM: ${{ vars.STAGING_REPO_HELM }} - STAGING_REPO_DOCKER: ${{ vars.STAGING_REPO_DOCKER }} - STAGING_REPO_MAVEN: ${{ vars.STAGING_REPO_MAVEN }} - STAGING_REPO_NPM: ${{ vars.STAGING_REPO_NPM }} - -jobs: - tag: - name: Setup Tag Name - runs-on: ubuntu-latest - outputs: - TAG_NAME: ${{ steps.tag.outputs.TAG_NAME }} - TAG_NAME_MAVEN: ${{ steps.tag.outputs.TAG_NAME_MAVEN }} - TAG_NAME_DOCKER: ${{ steps.tag.outputs.TAG_NAME_DOCKER }} - TAG_NAME_HELM: ${{ steps.tag.outputs.TAG_NAME_HELM }} - TAG_NAME_NPM: ${{ steps.tag.outputs.TAG_NAME_NPM }} - STAGING_REPO_MAVEN: ${{ env.STAGING_REPO_MAVEN }} - STAGING_REPO_DOCKER: ${{ env.STAGING_REPO_DOCKER }} - STAGING_REPO_HELM: ${{ env.STAGING_REPO_HELM }} - STAGING_REPO_NPM: ${{ env.STAGING_REPO_NPM }} - ALL_ARTIFACTS_VERSION: ${{ steps.tag.outputs.ALL_ARTIFACTS_VERSION }} - steps: - - name: Parse version string - id: parse - uses: uniport/workflows/github/actions/parse-version@main - with: - version: ${{ inputs.version }} - - - name: Set Tag Name - id: tag - run: | - TAG_NAME=${{ inputs.tag_name }} - if [ -z "$TAG_NAME" ]; then - TAG_NAME="${{ inputs.group_id }}_${{ inputs.version }}" - fi - - TAG_NAME_MAVEN="${TAG_NAME}${{ env.TAG_NAME_SUFFIX_MAVEN }}" # Calculate all tag names - TAG_NAME_DOCKER="${TAG_NAME}${{ env.TAG_NAME_SUFFIX_DOCKER }}" - TAG_NAME_HELM="${TAG_NAME}${{ env.TAG_NAME_SUFFIX_HELM }}" - TAG_NAME_NPM="${TAG_NAME}${{ env.TAG_NAME_SUFFIX_NPM }}" - - VERSION_SUFFIX="${{ steps.parse.outputs.build_date }}-${{ steps.parse.outputs.run_id }}-${{ steps.parse.outputs.commit_sha }}" - ALL_ARTIFACTS_VERSION="*-${VERSION_SUFFIX}" - - cat >> $GITHUB_OUTPUT <> $GITHUB_STEP_SUMMARY <