Skip to content

Commit

Permalink
Add GitHub Actions and Sonar support (#237)
Browse files Browse the repository at this point in the history
  • Loading branch information
jmewes authored May 15, 2023
1 parent 0b5d511 commit ac1600f
Show file tree
Hide file tree
Showing 10 changed files with 218 additions and 30 deletions.
41 changes: 41 additions & 0 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: Publish

on:
push:
tags:
- "*"

jobs:
publish:
name: Publish
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v3
with:
java-version: 17
distribution: 'temurin'
- name: Cache Gradle packages
uses: actions/cache@v3
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
restore-keys: ${{ runner.os }}-gradle
- name: Test
run: ./ci_test.sh
- name: Publish to Gradle Plugin Portal
env:
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
run: ./ci_publish_gradle.sh
- name: Publish to Maven Central
env:
FILE_ENCRYPTION_PASSWORD: ${{ secrets.FILE_ENCRYPTION_PASSWORD }}
SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
run: ./ci_publish.sh -s
38 changes: 38 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
name: Test
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]

jobs:
build:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v3
with:
java-version: 17
distribution: 'temurin'
- name: Cache SonarCloud packages
uses: actions/cache@v3
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Gradle packages
uses: actions/cache@v3
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
restore-keys: ${{ runner.os }}-gradle
- name: Test
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: ./ci_test.sh
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
.gradle/
.*
!.gitignore
!.github/
.settings/
build/
out/
bin/
gradle.properties
*.iml
*.ipr
*.iws
21 changes: 11 additions & 10 deletions build.gradle.kts
Original file line number Diff line number Diff line change
@@ -1,19 +1,18 @@

import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
import org.kt3k.gradle.plugin.CoverallsPluginExtension
import pl.allegro.tech.build.axion.release.domain.TagNameSerializationConfig
import pl.allegro.tech.build.axion.release.domain.hooks.HooksConfig


plugins {
id("com.github.kt3k.coveralls") version "2.12.0"
`maven-publish`
id("io.github.gradle-nexus.publish-plugin") version "1.0.0"
id("org.jmailen.kotlinter") version "3.3.0" apply false
id("org.sonarqube") version "4.0.0.2929"
id("pl.allegro.tech.build.axion-release") version "1.9.2"
jacoco
java
kotlin("jvm") version "1.7.22" apply false
`maven-publish`
}

repositories {
Expand Down Expand Up @@ -85,12 +84,6 @@ subprojects {
}
}

//coverall multi module plugin configuration starts here
configure<CoverallsPluginExtension> {
sourceDirs = nonSampleProjects.flatMap { it.sourceSets["main"].allSource.srcDirs }.filter { it.exists() }.map { it.path }
jacocoReportPath = "$buildDir/reports/jacoco/jacocoRootReport/jacocoRootReport.xml"
}

tasks {
val jacocoMerge by creating(JacocoMerge::class) {
executionData = files(nonSampleProjects.map { File(it.buildDir, "/jacoco/test.exec") })
Expand All @@ -115,11 +108,19 @@ tasks {
xml.isEnabled = true
}
}
getByName("coveralls").dependsOn(jacocoRootReport)
getByName("sonar").dependsOn(jacocoRootReport)
}

nexusPublishing {
repositories {
sonatype ()
}
}

sonar {
properties {
property("sonar.projectKey", "ePages-de_restdocs-api-spec")
property("sonar.organization", "epages-de")
property("sonar.host.url", "https://sonarcloud.io")
}
}
4 changes: 0 additions & 4 deletions ci_build.sh

This file was deleted.

11 changes: 11 additions & 0 deletions ci_publish_gradle.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,15 @@
#!/bin/bash
set -e

function check_variable_set() {
_VARIABLE_NAME=$1
_VARIABLE_VALUE=${!_VARIABLE_NAME}
if [[ -z ${_VARIABLE_VALUE} ]]; then
echo "Missing env variable ${_VARIABLE_NAME}"
exit 1
fi
}
check_variable_set GRADLE_PUBLISH_KEY
check_variable_set GRADLE_PUBLISH_SECRET

./gradlew publishPlugins -p restdocs-api-spec-gradle-plugin
116 changes: 101 additions & 15 deletions ci_publish_java.sh
Original file line number Diff line number Diff line change
@@ -1,16 +1,102 @@
#!/bin/bash
set -e

openssl aes-256-cbc -K $encrypted_7b7bcfd5be68_key -iv $encrypted_7b7bcfd5be68_iv \
-in secret-keys.gpg.enc \
-out "${SIGNING_KEYRING_FILE}" \
-d

./gradlew publishToSonatype \
--info \
--exclude-task :restdocs-api-spec-gradle-plugin:publishToSonatype \
-Dorg.gradle.project.sonatypeUsername="${SONATYPE_USERNAME}" \
-Dorg.gradle.project.sonatypePassword="${SONATYPE_PASSWORD}" \
-Dorg.gradle.project.signing.keyId="${SIGNING_KEY_ID}" \
-Dorg.gradle.project.signing.password="${SIGNING_PASSWORD}" \
-Dorg.gradle.project.signing.secretKeyRingFile="${SIGNING_KEYRING_FILE}"

set -e # Exit with nonzero exit code if anything fails

SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
SECRET_KEYS_FILE="${SCRIPT_DIR}/secret-keys.gpg"

###############################################################################
# Parameter handling
###############################################################################

usage () {
cat << EOF
DESCRIPTION:
The script publishes the Java libraries of this project to Sonatype or
Maven Local (default).
SYNOPSIS:
$0 [-s] [-h]
OPTIONS:
-s Publish to Sonatype (Default: off)
-h Show this message.
-? Show this message.
REQUIRED ENVIRONMENT VARIABLES:
- FILE_ENCRYPTION_PASSWORD: Passphrase for decrypting the signing keys
- SIGNING_KEY_ID
- SIGNING_PASSWORD
- SONATYPE_USERNAME
- SONATYPE_PASSWORD
DEPENDENCIES:
- gpg: https://help.ubuntu.com/community/GnuPrivacyGuardHowto
EOF
}

while getopts "s h ?" option ; do
case $option in
s) PUBLISH_TO_SONATYPE='true'
;;
h ) usage
exit 0;;
? ) usage
exit 0;;
esac
done


###############################################################################
# Env variables and dependencies
###############################################################################

function check_variable_set() {
_VARIABLE_NAME=$1
_VARIABLE_VALUE=${!_VARIABLE_NAME}
if [[ -z ${_VARIABLE_VALUE} ]]; then
echo "Missing env variable ${_VARIABLE_NAME}"
exit 1
fi
}
check_variable_set FILE_ENCRYPTION_PASSWORD
check_variable_set SIGNING_KEY_ID
check_variable_set SIGNING_PASSWORD
check_variable_set SONATYPE_USERNAME
check_variable_set SONATYPE_PASSWORD

if ! command -v gpg &> /dev/null; then
echo "gpg not installed. See https://help.ubuntu.com/community/GnuPrivacyGuardHowto"
exit 1
fi

###############################################################################
# Parameter handling
###############################################################################

# Decrypt signing key
gpg --quiet --batch --yes --decrypt --passphrase="${FILE_ENCRYPTION_PASSWORD}" \
--output ${SECRET_KEYS_FILE} secret-keys.gpg.enc

if [[ ! -f "${SECRET_KEYS_FILE}" ]]; then
echo "File ${SECRET_KEYS_FILE} does not exist"
exit 1
fi

# Determine where to publish the Java archives
if [[ "${PUBLISH_TO_SONATYPE}" == "true" ]]; then
PUBLISH_GRADLE_TASK="publishToSonatype"
else
PUBLISH_GRADLE_TASK="publishToMavenLocal"
fi

# Publish
./gradlew ${PUBLISH_GRADLE_TASK} \
--info \
--exclude-task :restdocs-api-spec-gradle-plugin:publishToSonatype \
-Dorg.gradle.project.sonatypeUsername="${SONATYPE_USERNAME}" \
-Dorg.gradle.project.sonatypePassword="${SONATYPE_PASSWORD}" \
-Dorg.gradle.project.signing.keyId="${SIGNING_KEY_ID}" \
-Dorg.gradle.project.signing.password="${SIGNING_PASSWORD}" \
-Dorg.gradle.project.signing.secretKeyRingFile="${SECRET_KEYS_FILE}"
14 changes: 14 additions & 0 deletions ci_test.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/bin/bash
set -e # Exit with nonzero exit code if anything fails

if [[ -n "${SONAR_TOKEN}" ]]; then
SONAR_GRADLE_TASK="sonar"
else
echo "INFO: Skipping sonar analysis as SONAR_TOKEN is not set"
fi

./gradlew \
clean \
${SONAR_GRADLE_TASK} \
build \
--info
1 change: 1 addition & 0 deletions gradle.properties
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
org.gradle.jvmargs=-XX:MaxMetaspaceSize=300m -Xms256m -Xmx512m
Binary file added secret-keys.gpg.enc
Binary file not shown.

0 comments on commit ac1600f

Please sign in to comment.