Skip to content

Commit

Permalink
Issue #217 - Convert and port Gradle to Maven build for web5-kt
Browse files Browse the repository at this point in the history
* No security or license issues
* All modules build and tests pass
* Dependencies all correctly set via dependencyManagement which may be consumed by other projects (ie. tbDEX)
* Ported Dokka to use Dokka CLI in GitHub Actions and instructions to run locally
* Change: API Docs via Dokka now have no left sidebar because Gradle plugin enabled multimodule for us.
* Detekt ported through Maven plugin
* Ported Kover; we have coverage via CodeCov
* Switched to use TBD Artifactory for single repo declaration to get 3rdparty deps not in Maven Central
* Update README to reflect new build usage
* Publish to TBD Artifactory
* While we are at it, renames to GitHub Actions for clarity and correctness
* Set Surefire patterns to run Test Vectors
* Publish every build as a SNAPSHOT in format X.Y.Z-commit-$shortSHA-SNAPSHOT
* Validate that SNAPSHOT publishing has a version defined that ends in -SNAPSHOT

TODO:
* Releasing to Maven Central
* Do not publish to TBD Artifactory twice (the build/test/deploy workflow runs in 2 environments, Ubuntu and MacOS)
* Update the GU Actions workflows to run on main, not this branch, before we merge it

Issue #217: Add Kover
  • Loading branch information
ALRubinger committed Mar 10, 2024
1 parent f3e8a88 commit f30f1cc
Show file tree
Hide file tree
Showing 36 changed files with 2,339 additions and 734 deletions.
123 changes: 123 additions & 0 deletions .github/workflows/build-test-deploy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
name: Build, Test, and Deploy SNAPSHOT

on:
workflow_dispatch:
inputs:
version:
description: 'Version to publish. For example "1.0.0-SNAPSHOT". If not supplied, will default to version specified in the POM.'
required: false
default: '0.0.0-SNAPSHOT'
push:
branches:
- issue-217/maven-build
# Put this back and remove section above before merging to main
#pull_request:
# branches:
# - '*'

jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ ubuntu-latest, macos-latest ]
steps:
- uses: actions/checkout@v4
with:
submodules: true

# https://cashapp.github.io/hermit/usage/ci/
- name: Init Hermit
uses: cashapp/activate-hermit@v1

- uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: hash test inputs
run: |
if ! which sha256sum; then brew install coreutils; fi
sha256sum $(find test-vectors -name '*.json') > test-vector-hashes.txt
- name: Build, Test, and Deploy SNAPSHOT
run: |
# Version resolution: use provided
if [ -n "${{ github.event.inputs.version }}" ]; then
resolvedVersion=${{ github.event.inputs.version }}
# Otherwise, construct a version for deployment in form X.Y.Z-commit-$shortSHA-SNAPSHOT
else
mvnVersion=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
longSHA=$(git rev-parse --verify HEAD)
version=$(echo "$mvnVersion" | cut -d'-' -f1)
shortSHA=$(echo "${longSHA:0:7}")
resolvedVersion="$version-commit-$shortSHA-SNAPSHOT"
echo "Requesting deployment as version: $resolvedVersion"
fi
# Postcondition check; only allow this to proceed if we have a version ending in "-SNAPSHOT"
if [[ ! "$resolvedVersion" =~ -SNAPSHOT$ ]]; then
echo "Error: The version does not end with \"-SNAPSHOT\": $resolvedVersion"
exit 1
fi
# Set newly resolved version in POM config
mvn \
versions:set \
--batch-mode \
-DnewVersion=$resolvedVersion
# Maven deploy lifecycle will build, run tests, verify, and deploy
mvn \
deploy \
--batch-mode \
--settings .maven_settings.xml
env:
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}

# Upload Web5 Vector test resultsß
- uses: actions/upload-artifact@v3
with:
name: test-results
path: |
**/target/surefire-reports/*Web5TestVectors*.xml
test-vector-hashes.txt
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
verbose: true
flags: ${{ runner.os }}

- uses: actions/upload-artifact@v3
with:
name: tests-report-junit
path: |
**/target/surefire-reports/*.xml
- name: Generate an access token to trigger downstream repo
uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2
id: generate_token
if: github.ref == 'refs/heads/main'
with:
app-id: ${{ secrets.CICD_ROBOT_GITHUB_APP_ID }}
private-key: ${{ secrets.CICD_ROBOT_GITHUB_APP_PRIVATE_KEY }}
owner: TBD54566975
repositories: sdk-report-runner

- name: Trigger sdk-report-runner report build
if: github.ref == 'refs/heads/main'
run: |
curl -L \
-H "Authorization: Bearer ${APP_TOKEN}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
-H "Content-Type: application/json" \
--fail \
--data '{"ref": "main"}' \
https://api.github.com/repos/TBD54566975/sdk-report-runner/actions/workflows/build-report.yaml/dispatches
env:
APP_TOKEN: ${{ steps.generate_token.outputs.token }}
81 changes: 0 additions & 81 deletions .github/workflows/ci.yml

This file was deleted.

15 changes: 11 additions & 4 deletions .github/workflows/gh-pages-deploy.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Deploy examples to GitHub Pages
name: Deploy API Docs to GitHub Pages

on:
push:
Expand All @@ -18,14 +18,21 @@ jobs:
# https://cashapp.github.io/hermit/usage/ci/
- name: Init Hermit
uses: cashapp/activate-hermit@v1
- name: Build html
run: gradle dokkaHtmlMultiModule --no-daemon --stacktrace
- name: Set up Dokka CLI
run: |
wget https://repo1.maven.org/maven2/org/jetbrains/dokka/dokka-cli/1.9.20/dokka-cli-1.9.20.jar; \
wget https://repo1.maven.org/maven2/org/jetbrains/dokka/dokka-base/1.9.20/dokka-base-1.9.20.jar; \
wget https://repo1.maven.org/maven2/org/jetbrains/dokka/analysis-kotlin-descriptors/1.9.20/analysis-kotlin-descriptors-1.9.20.jar; \
wget https://repo1.maven.org/maven2/org/jetbrains/kotlinx/kotlinx-html-jvm/0.8.0/kotlinx-html-jvm-0.8.0.jar; \
wget https://repo1.maven.org/maven2/org/freemarker/freemarker/2.3.31/freemarker-2.3.31.jar
- name: Build HTML APIDocs with Dokka CLI
run: java -jar ./dokka-cli.jar dokka-configuration.json
working-directory: .
- name: Upload artifact
uses: actions/upload-artifact@v2
with:
name: docs
path: build/dokka
path: target/apidocs

deploy-examples:
runs-on: ubuntu-latest
Expand Down
45 changes: 31 additions & 14 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
name: Publish package to the Maven Central Repository
name: Release and Publish to Maven Central
on:
workflow_dispatch:
inputs:
version:
description: 'Version to publish. For example "0.0.1"'
description: 'Version to publish. For example "1.0.0 or 1.0.0-SNAPSHOT"'
required: true
default: '0.0.0'
developmentVersion:
description: 'Next development version. For example "1.1.0". The system will append "-SNAPSHOT" to the end of this input to reflect the next development version.'
required: true
default: "0.0.0"
jobs:
Expand All @@ -20,21 +24,34 @@ jobs:

- uses: actions/cache@v3
with:
path: ~/.gradle/caches
key: gradle-ubuntu-latest-${{ hashFiles('**/*.gradle.kts') }}-${{ hashFiles('**/gradle/wrapper/gradle-wrapper.properties') }}-${{ hashFiles('**/versions.properties') }}
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
# Adapted from: https://gist.github.com/sualeh/ae78dc16123899d7942bc38baba5203c
- name: Install gpg secret key
run: |
# Install gpg secret key
cat <(echo -e "${{ secrets.GPG_SECRET_KEY }}") | gpg --batch --import
# Verify gpg secret key
gpg --list-secret-keys --keyid-format LONG
- name: Sonatype Publish Close And Release
# This will set versions, git tag, and publish to TBD Artifactory. Does not release to Maven Central.
- name: Staging - Prepare and Publish Release to TBD Artifactory
run: |
if [ -n "${{ github.event.inputs.version }}" ]; then
gradle -Pversion=${{ github.event.inputs.version }} publishToSonatype closeAndReleaseSonatypeStagingRepository
else
gradle -Pversion=$(echo "${{ github.ref_name }}" | cut -c2-) publishToSonatype closeAndReleaseSonatypeStagingRepository
fi
mvn \
release:prepare \
release:stage \
--batch-mode \
--settings .maven_settings.xml \
-DreleaseVersion=${{ github.event.inputs.version }} \
-DdevelopmentVersion=${{ github.event.inputs.developmentVersion }} \
-Dgpg.passphrase=${{ secrets.GPG_SECRET_PASSPHRASE }} \
-DstagingRepository=https://blockxyz.jfrog.io/artifactory/tbd-oss-releases-maven2
env:
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGKEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGPASSWORD }}
ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.ORG_GRADLE_PROJECT_SONATYPEUSERNAME }}
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.ORG_GRADLE_PROJECT_SONATYPEPASSWORD }}
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}

- name: Create GitHub Release
uses: softprops/action-gh-release@v1
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.

name: Scorecard supply-chain security
name: Open Source Security Foundation Scorecard
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/tests-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ name: Publish Tests Report

on:
workflow_run:
workflows: ["SDK Kotlin CI"]
workflows: ["Build, Test, and Deploy SNAPSHOT"]
types:
- completed

Expand All @@ -28,7 +28,7 @@ jobs:
for project in "${projects[@]}"; do
# Find Tests Reports in each project and store them in an array
files=($(find "${project}/build/test-results/test" -name '*.xml'))
files=($(find "${project}/target/surefire-reports" -name '*.xml'))
# Check if files array is empty
if [ ${#files[@]} -eq 0 ]; then
Expand Down
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ build/
!**/src/test/**/build/
**/cacheDir/

### Maven
**/target

### IntelliJ IDEA ###
.idea
.idea/modules.xml
Expand Down
14 changes: 14 additions & 0 deletions .maven_settings.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
<settings>
<servers>
<server>
<id>tbd-oss-releases</id>
<username>${env.ARTIFACTORY_USERNAME}</username>
<password>${env.ARTIFACTORY_PASSWORD}</password>
</server>
<server>
<id>tbd-oss-snapshots</id>
<username>${env.ARTIFACTORY_USERNAME}</username>
<password>${env.ARTIFACTORY_PASSWORD}</password>
</server>
</servers>
</settings>
Loading

0 comments on commit f30f1cc

Please sign in to comment.