DWN-37110: CCI migration openid-connect-server

.circleci/cci_create_release_and_snapshot.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+REPOSITORY=https://github.com/gresham-computing/openid-connect-server
+MASTER_BRANCH=1.3.x
+
+function get_version {
+    local currentVersion=$(mvn -Dexec.executable='echo' -Dexec.args='${project.version}' --non-recursive exec:exec -q)
+    IFS='-' read -r -a parts <<< "$currentVersion"
+
+    local NEXT_NUMBER="$((${parts[1]} + 1))"
+    RELEASE_VERSION="${parts[0]}"-"${parts[1]}"
+    NEXT_SNAPSHOT_VERSION="${parts[0]}"-$NEXT_NUMBER-SNAPSHOT
+}
+
+function bump_to_release {
+    mvn -s gresham-nexus-settings/ctc.plugins.settings.xml versions:set -DnewVersion=$RELEASE_VERSION
+    git tag v$RELEASE_VERSION
+    echo -e "\nopenid-connect-server release: $RELEASE_VERSION\n"
+}
+
+function bump_to_next_snapshot {
+    mvn -s gresham-nexus-settings/ctc.plugins.settings.xml versions:set -DnewVersion=$NEXT_SNAPSHOT_VERSION
+    echo -e "\nopenid-connect-server snapshot: $NEXT_SNAPSHOT_VERSION\n"
+}
+
+function commit_changes {
+    git commit -a -m "$1"
+}
+
+function push_changes {
+    git push $REPOSITORY $MASTER_BRANCH --tags
+}
+
+get_version
+bump_to_release
+commit_changes "New openid-connect-server release: ${RELEASE_VERSION}"
+push_changes
+bump_to_next_snapshot
+commit_changes "Next openid-connect-server snapshot: $NEXT_SNAPSHOT_VERSION"
+push_changes

.circleci/cci_generate_artifact_links.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+HOME=~/project
+DOWNLOAD_PAGE=$HOME/download.html
+LOG=$HOME/mavenOutput.log
+SEARCH_TERMS=(openid-connect uma)
+
+function generate_artifact_links {
+    EXTENSION=$1
+    echo "<!DOCTYPE html><html><body><h2>Last Deployed Artifacts</h2>" >> $DOWNLOAD_PAGE
+
+    for searchTerm in ${SEARCH_TERMS[@]}; do
+        jarUrls+=($(grep -Eo '(http|https).*'${searchTerm}'.*[^-sources].'${EXTENSION}' | sort --unique' $LOG))
+    done
+
+    if [[ ! -z $jarUrls ]]; then
+        echo "<ul>" >> $DOWNLOAD_PAGE
+
+        for jarUrl in "${jarUrls[@]}"; do
+            jarName=$(basename $jarUrl)
+            echo "<li><a href="$jarUrl">$jarName</a></li>" >> $DOWNLOAD_PAGE
+        done
+        echo "</ul>" >> $DOWNLOAD_PAGE
+    else 
+        echo "No uploaded artifacts found." >> $DOWNLOAD_PAGE
+    fi
+
+    echo "<h2>Last Deployed Sources</h2>" >> $DOWNLOAD_PAGE
+
+    # get all sources upload URLs into an array.
+    for searchTerm in ${SEARCH_TERMS[@]}; do
+        sourceUrls+=($(grep -Eo '(http|https).*'${searchTerm}'.*[-sources].'${EXTENSION}' | sort --unique' $LOG))
+    done
+
+    #if download links are found
+    if [[ ! -z $sourceUrls ]]; then
+        echo "<ul>" >> $DOWNLOAD_PAGE
+
+        # write each array entry as a list item URL
+        for sourceUrl in "${sourceUrls[@]}"
+        do 
+            sourceName=$(basename $sourceUrl)
+            echo "<li><a href="$sourceUrl">$sourceName</a></li>" >> $DOWNLOAD_PAGE
+        done
+        echo "</ul>" >> $DOWNLOAD_PAGE
+    else
+        echo "No uploaded artifacts found." >> $DOWNLOAD_PAGE
+    fi
+    echo "</body></html>" >> $DOWNLOAD_PAGE
+}
+
+generate_artifact_links $@ 

.circleci/config.yml

@@ -0,0 +1,188 @@
+version: 2.1
+
+parameters:
+  release:
+    type: boolean
+    default: false
+
+orbs:
+  aws-white-list-circleci-ip: configure/aws-white-list-circleci-ip@1.0.1
+
+executors:
+  docker-executor:
+    docker:
+      - image: 455456581940.dkr.ecr.eu-west-1.amazonaws.com/circleci-build-images:corretto-8u275
+        aws_auth:
+          aws_access_key_id: $AWS_ACCESS_KEY_ID
+          aws_secret_access_key: $AWS_SECRET_ACCESS_KEY
+
+jobs:
+  build-and-deploy:
+    executor: docker-executor
+    steps:
+      - checkout
+      - get-maven-settings-file
+      - restore-cache
+      - whitelist-add
+      - run:
+          name: "Setting Maven version"
+          command: |
+            MASTER_BRANCH=1.3.x
+            VERSION=$(mvn -s gresham-nexus-settings/ctc.plugins.settings.xml -Dexec.executable='echo' -Dexec.args='${project.version}' --non-recursive exec:exec -q)
+            if [[ "${CIRCLE_BRANCH}" != "${MASTER_BRANCH}" && "${VERSION}" == *-SNAPSHOT ]]; then
+              mvn -s gresham-nexus-settings/ctc.plugins.settings.xml versions:set -DnewVersion=${CIRCLE_BRANCH}.GRESHAM-SNAPSHOT -B
+            fi
+      - run:
+          name: "Running Maven build and deploy"
+          command: |
+            MASTER_BRANCH=1.3.x
+            REPOSITORY=altSnapshotDeploymentRepository=snapshots::default::https://nexus.greshamtech.com/repository/thirdparty-maven-snapshots/
+
+            # if on 1.3.x but not snapshot (i.e building a release)
+            if [[ "${CIRCLE_BRANCH}" == "${MASTER_BRANCH}" && "${VERSION}" != *-SNAPSHOT ]]; then
+              REPOSITORY=altReleaseDeploymentRepository=releases::default::https://nexus.greshamtech.com/repository/thirdparty-maven-releases/
+            fi
+
+            # deploy to appropriate repo
+            mvn -s gresham-nexus-settings/ctc.plugins.settings.xml clean deploy \
+              -B -V -U -DskipTests -DskipITs \
+              -D$REPOSITORY \
+              |& tee -a /home/circleci/project/mavenOutput.log
+      - generate-download-urls:
+          extension: jar
+      - save-cache
+      - whitelist-remove
+      - persist-workspace
+
+  test:
+    executor: docker-executor
+    steps:
+      - attach_workspace:
+          at: .
+      - restore-cache
+      - whitelist-add
+      - run:
+          name: "Running tests"
+          command: mvn -fae -s gresham-nexus-settings/ctc.plugins.settings.xml test -B -V -U
+      - save-test-results
+      - save-cache
+      - persist-workspace
+      - whitelist-remove
+
+  release:
+    executor: docker-executor
+    steps:
+      - checkout
+      - get-maven-settings-file
+      - whitelist-add
+      - restore-cache
+      - run:
+          name: Creating openid-connect-server release and next snapshot
+          command: chmod +x .circleci/cci_create_release_and_snapshot.sh && .circleci/cci_create_release_and_snapshot.sh
+      - save-cache
+      - whitelist-remove
+
+workflows:
+  build-and-test:
+    unless: << pipeline.parameters.release >>
+    jobs:
+      - build-and-deploy:
+          context:
+            - gresham-aws
+            - CTC
+            - CircleCi-Gresham-Credentials
+      - test:
+          requires:
+            - build-and-deploy
+          context:
+            - gresham-aws
+            - CTC
+            - CircleCi-Gresham-Credentials
+
+  build-release:
+    when: << pipeline.parameters.release >>
+    jobs:
+      - release:
+          context:
+            - gresham-aws
+            - CTC
+            - CircleCi-Gresham-Credentials
+          filters:
+            branches:
+              only: 1.3.x
+
+commands:
+  setup-git-credentials:
+    steps:
+      - run:
+          name: Setting up Git credentials
+          command: |
+            git config --global user.name "CircleCI"
+            git config --global user.email "$GITHUB_GRESHAM_USER"
+
+  get-maven-settings-file:
+    steps:
+      - setup-git-credentials
+      - run:
+          name: Getting Maven settings file
+          command: |
+            git config --global url."https://api:${GITHUB_GRESHAM_PW}@github.com/".insteadOf "https://github.com/"
+            git clone https://github.com/gresham-computing/gresham-nexus-settings
+
+  whitelist-add:
+    steps:
+      - aws-white-list-circleci-ip/add:
+          description: "CTC-CircleCI"
+          tag-key: "Name"
+          tag-value: "Nexus-ELB-SG"
+
+  whitelist-remove:
+    steps:
+      - aws-white-list-circleci-ip/remove:
+          description: "CTC-CircleCI"
+          tag-key: "Name"
+          tag-value: "Nexus-ELB-SG"
+
+  save-cache:
+    steps:
+      - save_cache:
+          paths:
+            - ~/.m2
+          key: v1-m2-{{ .Branch }}-{{ .Environment.CIRCLE_JOB }}-{{ checksum "pom.xml" }}
+
+  restore-cache:
+    steps:
+      - restore_cache:
+          keys:
+            - v1-m2-{{ .Branch }}-{{ .Environment.CIRCLE_JOB }}-{{ checksum "pom.xml" }}
+            - v1-m2-{{ .Branch }}-{{ .Environment.CIRCLE_JOB }}
+            - v1-m2-
+
+  persist-workspace:
+    steps:
+      - persist_to_workspace:
+          root: .
+          paths:
+            - .
+
+  generate-download-urls:
+    parameters:
+      extension:
+        type: string
+    steps:
+      - run:
+          name: "Generating artifact download URLs"
+          command: chmod +x .circleci/cci_generate_artifact_links.sh && .circleci/cci_generate_artifact_links.sh << parameters.extension >>
+      - store_artifacts:
+          path: download.html
+
+  save-test-results:
+    steps:
+      - run:
+          name: Save test results
+          command: |
+            mkdir -p ~/test-results/junit/
+            find . -type f -regex ".*/target/surefire-reports/.*xml" -exec cp {} ~/test-results/junit/ \;
+          when: always
+      - store_test_results:
+          path: ~/test-results

.circleci/run_release_workflow.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+if [[ -z "${CIRCLE_TOKEN}" ]]; then
+  echo Cannot trigger release workflow. CircleCI user token not found.
+  exit 1
+fi
+
+BRANCH=1.3.x
+
+echo -e "\nTriggering release workflow on branch: ${BRANCH}.\n" 
+
+status_code=$(curl --request POST \
+  --url https://circleci.com/api/v2/project/github/gresham-computing/openid-connect-server/pipeline \
+  --header 'Circle-Token: '${CIRCLE_TOKEN}'' \
+  --header 'content-type: application/json' \
+  --data '{"branch":"'${BRANCH}'","parameters":{"release": true}}' \
+  -o response.json \
+  -w "%{http_code}")
+
+  if [ "${status_code}" -ge "200" ] && [ "${status_code}" -lt "300" ]; then
+      echo -e "\nAPI call succeeded [${status_code}]. Response:\n"
+      cat response.json
+      rm response.json
+  else
+      echo -e "\nAPI call failed [${status_code}]. Response:\n"
+      cat response.json
+      rm response.json
+      exit 1
+  fi

README.md

@@ -34,6 +34,4 @@ Copyright ©2017, [MIT Internet Trust Consortium](http://www.trust.mit.edu/)
 
 Here at Gresham, we use this component for a base for the auth server, our developing branch is 1.3.x and any feature branches should be made off of that branch.
 
-In order to release a new version of the open-id-connect component, run the `Build with Parameters` on Jenkins ticking the release checkbox as part of the build.
-
-This will release the next release version (the current version less the -SNAPSHOT), run a build with the tests and then bump the 1.3.x branch to the next snapshot version of the repository 
+A release build can be invoked by running .circleci/run_release_workflow.sh shell script. It uses CircleCI API to trigger the release workflow and it requires a CIRCLE_TOKEN environment variable with a personal CircleCI API token to be set. Once triggered, the build will bump appropriate versions to release and then proceed to bump them to next snapshot.

pom.xml

@@ -72,6 +72,7 @@
 	<properties>
 		<java-version>1.8</java-version>
 		<org.slf4j-version>1.7.25</org.slf4j-version>
+		<generateBackupPoms>false</generateBackupPoms>
 	</properties>
 	<description>A reference implementation of OpenID Connect (http://openid.net/connect/), OAuth 2.0, and UMA built on top of Java, Spring, and Spring Security. The project contains a fully functioning server, client, and utility library.</description>
 	<url>https://github.com/mitreid-connect</url>