Add GitHub Actions and Sonar support (#237)

GH-235
ePages-de · May 15, 2023 · ac1600f · ac1600f
1 parent 0b5d511
commit ac1600f
Show file tree

Hide file tree

Showing 10 changed files with 218 additions and 30 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -0,0 +1,41 @@
+name: Publish
+
+on:
+  push:
+    tags:
+      - "*"
+
+jobs:
+  publish:
+    name: Publish
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: 'temurin'
+      - name: Cache Gradle packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: Test
+        run: ./ci_test.sh
+      - name: Publish to Gradle Plugin Portal
+        env:
+          GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
+          GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
+        run: ./ci_publish_gradle.sh
+      - name: Publish to Maven Central
+        env:
+          FILE_ENCRYPTION_PASSWORD: ${{ secrets.FILE_ENCRYPTION_PASSWORD }}
+          SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
+          SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
+          SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+        run: ./ci_publish.sh -s
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,38 @@
+name: Test
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  build:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: 'temurin'
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Gradle packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: Test
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: ./ci_test.sh
diff --git a/.gitignore b/.gitignore
@@ -2,11 +2,11 @@
 .gradle/
 .*
 !.gitignore
+!.github/
 .settings/
 build/
 out/
 bin/
-gradle.properties
 *.iml
 *.ipr
 *.iws
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -1,19 +1,18 @@
 
 import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
-import org.kt3k.gradle.plugin.CoverallsPluginExtension
 import pl.allegro.tech.build.axion.release.domain.TagNameSerializationConfig
 import pl.allegro.tech.build.axion.release.domain.hooks.HooksConfig
 
 
 plugins {
-    id("com.github.kt3k.coveralls") version "2.12.0"
+    `maven-publish`
     id("io.github.gradle-nexus.publish-plugin") version "1.0.0"
     id("org.jmailen.kotlinter") version "3.3.0" apply false
+    id("org.sonarqube") version "4.0.0.2929"
     id("pl.allegro.tech.build.axion-release") version "1.9.2"
     jacoco
     java
     kotlin("jvm") version "1.7.22" apply false
-    `maven-publish`
 }
 
 repositories {
@@ -85,12 +84,6 @@ subprojects {
     }
 }
 
-//coverall multi module plugin configuration starts here
-configure<CoverallsPluginExtension> {
-    sourceDirs = nonSampleProjects.flatMap { it.sourceSets["main"].allSource.srcDirs }.filter { it.exists() }.map { it.path }
-    jacocoReportPath = "$buildDir/reports/jacoco/jacocoRootReport/jacocoRootReport.xml"
-}
-
 tasks {
     val jacocoMerge by creating(JacocoMerge::class) {
         executionData = files(nonSampleProjects.map { File(it.buildDir, "/jacoco/test.exec") })
@@ -115,11 +108,19 @@ tasks {
             xml.isEnabled = true
         }
     }
-    getByName("coveralls").dependsOn(jacocoRootReport)
+    getByName("sonar").dependsOn(jacocoRootReport)
 }
 
 nexusPublishing {
     repositories {
         sonatype ()
     }
 }
+
+sonar {
+    properties {
+        property("sonar.projectKey", "ePages-de_restdocs-api-spec")
+        property("sonar.organization", "epages-de")
+        property("sonar.host.url", "https://sonarcloud.io")
+    }
+}
diff --git a/ci_build.sh b/ci_build.sh
diff --git a/ci_publish_gradle.sh b/ci_publish_gradle.sh
@@ -1,4 +1,15 @@
 #!/bin/bash
 set -e
 
+function check_variable_set() {
+  _VARIABLE_NAME=$1
+	_VARIABLE_VALUE=${!_VARIABLE_NAME}
+	if [[ -z ${_VARIABLE_VALUE} ]]; then
+		echo "Missing env variable ${_VARIABLE_NAME}"
+		exit 1
+	fi
+}
+check_variable_set GRADLE_PUBLISH_KEY
+check_variable_set GRADLE_PUBLISH_SECRET
+
 ./gradlew publishPlugins -p restdocs-api-spec-gradle-plugin
diff --git a/ci_publish_java.sh b/ci_publish_java.sh
@@ -1,16 +1,102 @@
 #!/bin/bash
-set -e
-
-openssl aes-256-cbc -K $encrypted_7b7bcfd5be68_key -iv $encrypted_7b7bcfd5be68_iv \
-  -in secret-keys.gpg.enc \
-  -out "${SIGNING_KEYRING_FILE}" \
-  -d
-
-./gradlew publishToSonatype \
-  --info \
-  --exclude-task :restdocs-api-spec-gradle-plugin:publishToSonatype \
-  -Dorg.gradle.project.sonatypeUsername="${SONATYPE_USERNAME}" \
-  -Dorg.gradle.project.sonatypePassword="${SONATYPE_PASSWORD}" \
-  -Dorg.gradle.project.signing.keyId="${SIGNING_KEY_ID}" \
-  -Dorg.gradle.project.signing.password="${SIGNING_PASSWORD}" \
-  -Dorg.gradle.project.signing.secretKeyRingFile="${SIGNING_KEYRING_FILE}"
+
+set -e # Exit with nonzero exit code if anything fails
+
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+SECRET_KEYS_FILE="${SCRIPT_DIR}/secret-keys.gpg"
+
+###############################################################################
+# Parameter handling
+###############################################################################
+
+usage () {
+     cat << EOF
+DESCRIPTION:
+The script publishes the Java libraries of this project to Sonatype or
+Maven Local (default).
+ 
+SYNOPSIS:
+$0 [-s] [-h]
+ 
+OPTIONS:
+    -s   Publish to Sonatype     (Default: off)
+    -h   Show this message.
+    -?   Show this message.
+
+REQUIRED ENVIRONMENT VARIABLES:
+- FILE_ENCRYPTION_PASSWORD: Passphrase for decrypting the signing keys
+- SIGNING_KEY_ID
+- SIGNING_PASSWORD
+- SONATYPE_USERNAME
+- SONATYPE_PASSWORD
+
+DEPENDENCIES:
+- gpg: https://help.ubuntu.com/community/GnuPrivacyGuardHowto
+
+EOF
+}
+
+while getopts "s h ?" option ; do
+     case $option in
+          s)   PUBLISH_TO_SONATYPE='true'
+               ;;
+          h )  usage
+               exit 0;;
+          ? )  usage
+               exit 0;;
+     esac
+done
+
+
+###############################################################################
+# Env variables and dependencies
+###############################################################################
+
+function check_variable_set() {
+  _VARIABLE_NAME=$1
+	_VARIABLE_VALUE=${!_VARIABLE_NAME}
+	if [[ -z ${_VARIABLE_VALUE} ]]; then
+		echo "Missing env variable ${_VARIABLE_NAME}"
+		exit 1
+	fi
+}
+check_variable_set FILE_ENCRYPTION_PASSWORD
+check_variable_set SIGNING_KEY_ID
+check_variable_set SIGNING_PASSWORD
+check_variable_set SONATYPE_USERNAME
+check_variable_set SONATYPE_PASSWORD
+
+if ! command -v gpg &> /dev/null; then
+  echo "gpg not installed. See https://help.ubuntu.com/community/GnuPrivacyGuardHowto"
+  exit 1
+fi
+
+###############################################################################
+# Parameter handling
+###############################################################################
+
+# Decrypt signing key
+gpg --quiet --batch --yes --decrypt --passphrase="${FILE_ENCRYPTION_PASSWORD}" \
+	--output ${SECRET_KEYS_FILE} secret-keys.gpg.enc
+
+if [[ ! -f "${SECRET_KEYS_FILE}" ]]; then
+	echo "File ${SECRET_KEYS_FILE} does not exist"
+	exit 1
+fi
+
+# Determine where to publish the Java archives
+if [[ "${PUBLISH_TO_SONATYPE}" == "true" ]]; then
+	PUBLISH_GRADLE_TASK="publishToSonatype"
+else
+	PUBLISH_GRADLE_TASK="publishToMavenLocal"
+fi
+
+# Publish
+./gradlew ${PUBLISH_GRADLE_TASK} \
+	--info \
+     --exclude-task :restdocs-api-spec-gradle-plugin:publishToSonatype \
+	-Dorg.gradle.project.sonatypeUsername="${SONATYPE_USERNAME}" \
+	-Dorg.gradle.project.sonatypePassword="${SONATYPE_PASSWORD}" \
+	-Dorg.gradle.project.signing.keyId="${SIGNING_KEY_ID}" \
+	-Dorg.gradle.project.signing.password="${SIGNING_PASSWORD}" \
+	-Dorg.gradle.project.signing.secretKeyRingFile="${SECRET_KEYS_FILE}"
diff --git a/ci_test.sh b/ci_test.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+set -e # Exit with nonzero exit code if anything fails
+
+if [[ -n "${SONAR_TOKEN}" ]]; then
+  SONAR_GRADLE_TASK="sonar"
+else
+  echo "INFO: Skipping sonar analysis as SONAR_TOKEN is not set"
+fi
+
+./gradlew  \
+  clean \
+  ${SONAR_GRADLE_TASK} \
+  build \
+  --info
diff --git a/gradle.properties b/gradle.properties
@@ -0,0 +1 @@
+org.gradle.jvmargs=-XX:MaxMetaspaceSize=300m -Xms256m -Xmx512m
diff --git a/secret-keys.gpg.enc b/secret-keys.gpg.enc