2
0

continuous-integration-workflow.yml 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250
  1. name: CI
  2. on:
  3. push:
  4. branches:
  5. - main
  6. schedule:
  7. - cron: '0 10 * * *' # Once per day at 10am UTC
  8. workflow_dispatch: # Manual trigger
  9. env:
  10. SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
  11. GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
  12. GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
  13. GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
  14. COMMIT_OWNER: ${{ github.event.pusher.name }}
  15. COMMIT_SHA: ${{ github.sha }}
  16. ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
  17. ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
  18. jobs:
  19. initiate_error_tracking:
  20. name: Initiate job-level error tracking
  21. runs-on: ubuntu-latest
  22. steps:
  23. - uses: actions/checkout@v2
  24. - name: Initiate error tracking
  25. uses: spring-projects/track-build-errors-action@v1
  26. with:
  27. job-name: "initiate-error-tracking"
  28. - name: Export errors file
  29. uses: actions/upload-artifact@v2
  30. with:
  31. name: errors
  32. path: job-initiate-error-tracking.txt
  33. build_jdk_11:
  34. name: Build JDK 11
  35. runs-on: ubuntu-latest
  36. steps:
  37. - uses: actions/checkout@v2
  38. - name: Set up JDK 11
  39. uses: actions/setup-java@v1
  40. with:
  41. java-version: '11'
  42. - name: Cache Gradle packages
  43. uses: actions/cache@v2
  44. with:
  45. path: ~/.gradle/caches
  46. key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
  47. - name: Build with Gradle
  48. run: |
  49. export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
  50. export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
  51. export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
  52. ./gradlew clean build --continue -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD"
  53. - name: Track error step
  54. uses: spring-projects/track-build-errors-action@v1
  55. if: ${{ failure() }}
  56. with:
  57. job-name: ${{ github.job }}
  58. - name: Export errors file
  59. uses: actions/upload-artifact@v2
  60. if: ${{ failure() }}
  61. with:
  62. name: errors
  63. path: job-${{ github.job }}.txt
  64. snapshot_tests:
  65. name: Test against snapshots
  66. runs-on: ubuntu-latest
  67. steps:
  68. - uses: actions/checkout@v2
  69. - name: Set up JDK
  70. uses: actions/setup-java@v1
  71. with:
  72. java-version: '11'
  73. - name: Snapshot Tests
  74. run: |
  75. export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
  76. export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
  77. export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
  78. ./gradlew test --refresh-dependencies -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" -PforceMavenRepositories=snapshot -PspringVersion='5.+' -PreactorVersion='20+' -PspringDataVersion='Neumann-BUILD-SNAPSHOT' -PrsocketVersion=1.1.0-SNAPSHOT -PspringBootVersion=2.4.0-SNAPSHOT -PlocksDisabled --stacktrace
  79. - name: Track error step
  80. uses: spring-projects/track-build-errors-action@v1
  81. if: ${{ failure() }}
  82. with:
  83. job-name: ${{ github.job }}
  84. - name: Export errors file
  85. uses: actions/upload-artifact@v2
  86. if: ${{ failure() }}
  87. with:
  88. name: errors
  89. path: job-${{ github.job }}.txt
  90. sonar_analysis:
  91. name: Static Code Analysis
  92. runs-on: ubuntu-latest
  93. env:
  94. SONAR_URL: ${{ secrets.SONAR_URL }}
  95. SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
  96. steps:
  97. - uses: actions/checkout@v2
  98. - name: Set up JDK
  99. uses: actions/setup-java@v1
  100. with:
  101. java-version: '11'
  102. - name: Run Sonar on given (non-main) branch
  103. if: ${{ github.ref != 'refs/heads/main' }}
  104. run: |
  105. export BRANCH=${GITHUB_REF#refs/heads/}
  106. export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
  107. export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
  108. export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
  109. ./gradlew sonarqube -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" -PexcludeProjects='**/samples/**' -Dsonar.projectKey="spring-security-${GITHUB_REF#refs/heads/}" -Dsonar.projectName="spring-security-${GITHUB_REF#refs/heads/}" -Dsonar.host.url="$SONAR_URL" -Dsonar.login="$SONAR_TOKEN" --stacktrace
  110. - name: Run Sonar on main
  111. if: ${{ github.ref == 'refs/heads/main' }}
  112. run: |
  113. export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
  114. export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
  115. export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
  116. ./gradlew sonarqube -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" -PexcludeProjects='**/samples/**' -Dsonar.host.url="$SONAR_URL" -Dsonar.login="$SONAR_TOKEN" --stacktrace
  117. - name: Track error step
  118. uses: spring-projects/track-build-errors-action@v1
  119. if: ${{ failure() }}
  120. with:
  121. job-name: ${{ github.job }}
  122. - name: Export errors file
  123. uses: actions/upload-artifact@v2
  124. if: ${{ failure() }}
  125. with:
  126. name: errors
  127. path: job-${{ github.job }}.txt
  128. deploy_artifacts:
  129. name: Deploy Artifacts
  130. needs: [build_jdk_11, snapshot_tests, sonar_analysis]
  131. runs-on: ubuntu-latest
  132. steps:
  133. - uses: actions/checkout@v2
  134. - name: Set up JDK
  135. uses: actions/setup-java@v1
  136. with:
  137. java-version: '11'
  138. - name: Deploy artifacts
  139. run: |
  140. export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
  141. export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
  142. export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
  143. export VERSION_HEADER=$'Version: GnuPG v2\n\n'
  144. export ORG_GRADLE_PROJECT_signingKey=${GPG_PRIVATE_KEY_NO_HEADER#"$VERSION_HEADER"}
  145. export ORG_GRADLE_PROJECT_signingPassword="$GPG_PASSPHRASE"
  146. ./gradlew deployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace --no-parallel
  147. ./gradlew finalizeDeployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace --no-parallel
  148. env:
  149. GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
  150. GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
  151. OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_TOKEN_USERNAME }}
  152. OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_TOKEN_PASSWORD }}
  153. ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
  154. ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
  155. - name: Track error step
  156. uses: spring-projects/track-build-errors-action@v1
  157. if: ${{ failure() }}
  158. with:
  159. job-name: ${{ github.job }}
  160. - name: Export errors file
  161. uses: actions/upload-artifact@v2
  162. if: ${{ failure() }}
  163. with:
  164. name: errors
  165. path: job-${{ github.job }}.txt
  166. deploy_docs:
  167. name: Deploy Docs
  168. needs: [build_jdk_11, snapshot_tests, sonar_analysis]
  169. runs-on: ubuntu-latest
  170. steps:
  171. - uses: actions/checkout@v2
  172. - name: Set up JDK
  173. uses: actions/setup-java@v1
  174. with:
  175. java-version: '11'
  176. - name: Deploy Docs
  177. run: |
  178. export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
  179. export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
  180. export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
  181. ./gradlew deployDocs -PdeployDocsSshKey="$DOCS_SSH_KEY" -PdeployDocsSshUsername="$DOCS_USERNAME" -PdeployDocsHost="$DOCS_HOST" --stacktrace
  182. env:
  183. DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }}
  184. DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }}
  185. DOCS_HOST: ${{ secrets.DOCS_HOST }}
  186. - name: Track error step
  187. uses: spring-projects/track-build-errors-action@v1
  188. if: ${{ failure() }}
  189. with:
  190. job-name: ${{ github.job }}
  191. - name: Export errors file
  192. uses: actions/upload-artifact@v2
  193. if: ${{ failure() }}
  194. with:
  195. name: errors
  196. path: job-${{ github.job }}.txt
  197. deploy_schema:
  198. name: Deploy Schema
  199. needs: [build_jdk_11, snapshot_tests, sonar_analysis]
  200. runs-on: ubuntu-latest
  201. steps:
  202. - uses: actions/checkout@v2
  203. - name: Set up JDK
  204. uses: actions/setup-java@v1
  205. with:
  206. java-version: '11'
  207. - name: Deploy Schema
  208. run: |
  209. export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
  210. export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
  211. export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
  212. ./gradlew deploySchema -PdeployDocsSshKey="$DOCS_SSH_KEY" -PdeployDocsSshUsername="$DOCS_USERNAME" -PdeployDocsHost="$DOCS_HOST" --stacktrace --info
  213. env:
  214. DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }}
  215. DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }}
  216. DOCS_HOST: ${{ secrets.DOCS_HOST }}
  217. - name: Track error step
  218. uses: spring-projects/track-build-errors-action@v1
  219. if: ${{ failure() }}
  220. with:
  221. job-name: ${{ github.job }}
  222. - name: Export errors file
  223. uses: actions/upload-artifact@v2
  224. if: ${{ failure() }}
  225. with:
  226. name: errors
  227. path: job-${{ github.job }}.txt
  228. notify_result:
  229. name: Check for failures
  230. needs: [build_jdk_11, snapshot_tests, sonar_analysis, deploy_artifacts, deploy_docs, deploy_schema]
  231. if: always()
  232. runs-on: ubuntu-latest
  233. steps:
  234. - uses: actions/checkout@v2
  235. - name: Download errors folder
  236. uses: actions/download-artifact@v2
  237. with:
  238. name: errors
  239. - name: Send Slack message
  240. uses: spring-projects/notify-slack-errors-action@v1
  241. with:
  242. slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
  243. branch-name: ${{ github.ref }}
  244. commit-sha: ${{ github.sha }}
  245. commit-owner: ${{ github.actor }}
  246. repo-name: ${{ github.repository }}
  247. run-id: ${{ github.run_id }}