From 8a6ffe208268c2ceba752f2a956892cacd94052a Mon Sep 17 00:00:00 2001 From: Oliver Weyhmueller Date: Wed, 8 Jan 2025 07:33:11 +0100 Subject: [PATCH] chore: simplify workflows --- .forgejo/workflows/release.yaml | 194 ++++-------------------------- .forgejo/workflows/sonarqube.yaml | 136 ++------------------- 2 files changed, 36 insertions(+), 294 deletions(-) diff --git a/.forgejo/workflows/release.yaml b/.forgejo/workflows/release.yaml index 2d080b9..be3b631 100644 --- a/.forgejo/workflows/release.yaml +++ b/.forgejo/workflows/release.yaml @@ -1,106 +1,26 @@ --- name: release - on: push: branches: - main - jobs: release: name: Release runs-on: ubuntu-latest if: ${{ !startsWith(github.event.head_commit.message, 'Release') }} + env: + JRELEASER_OUTPUT_DIRECTORY: target steps: - - name: Checkout - uses: actions/checkout@v4 + - name: "Initialize Environment" + id: initialize + uses: https://w9r.dev/w9r.dev/action-setup-environment@v1.1.4 with: - fetch-depth: 0 + roleid: ${{ secrets.VAULT_ROLE_ID }} + secretid: ${{ secrets.VAULT_SECRET_ID }} - - name: Set up Environment - run: | - apt update - apt install -y zip - mkdir -p /root/.jreleaser - mkdir -p /root/.m2 - touch /root/.jreleaser/config.properties - - - name: maven-settings-xml-action - uses: https://github.com/whelk-io/maven-settings-xml-action@v22 - with: - repositories: > - [ - { - "id": "maven-releases", - "name": "Releases", - "url": "https://nexus.w9r.dev/repository/maven-releases", - "releases": { - "enabled": "true", - "updatePolicy": "always", - "checksumPolicy": "warn" - }, - "snapshots": { - "enabled": "false", - "updatePolicy": "always", - "checksumPolicy": "fail" - } - }, - { - "id": "maven-snapshots", - "name": "Snapshots", - "url": "https://nexus.w9r.dev/repository/maven-snapshots", - "releases": { - "enabled": "false", - "updatePolicy": "always", - "checksumPolicy": "warn" - }, - "snapshots": { - "enabled": "true", - "updatePolicy": "always", - "checksumPolicy": "warn" - } - } - ] - servers: > - [ - { - "id": "maven-group", - "username": "${{ secrets.NEXUS_USERNAME }}", - "password": "${{ secrets.NEXUS_PASSWORD }}" - }, - { - "id": "maven-snapshots", - "username": "${{ secrets.NEXUS_USERNAME }}", - "password": "${{ secrets.NEXUS_PASSWORD }}" - }, - { - "id": "maven-releases", - "username": "${{ secrets.NEXUS_USERNAME }}", - "password": "${{ secrets.NEXUS_PASSWORD }}" - }, - { - "id": "vulnz", - "username": "${{ secrets.VULNZ_USERNAME }}", - "password": "${{ secrets.VULNZ_PASSWORD }}" - } - ] - mirrors: > - [ - { - "id": "maven-group", - "name": "central", - "mirrorOf": "*", - "url": "https://nexus.w9r.dev/repository/maven-group/" - } - ] - plugin_groups: > - [ - "org.sonarsource.scanner.maven" - ] - output_file: /root/.m2/settings.xml - - - name: Determine next version + - name: "Determine next version" uses: https://github.com/obfu5c8/action-svu@v1 id: generate_next_version with: @@ -113,111 +33,47 @@ jobs: prefix: '' suffix: '' - - name: Install syft - uses: https://github.com/anchore/sbom-action/download-syft@v0 - id: install_syft - with: - syft-version: v1.18.1 - - - name: Set new version + - name: "Set new version" run: | NEW_VERSION=${{steps.generate_next_version.outputs.version}} echo NEW_VERSION=$NEW_VERSION >> "$GITHUB_ENV" + echo JRELEASER_PROJECT_VERSION=$NEW_VERSION >> "$GITHUB_ENV" echo "New version: $NEW_VERSION" + mvn -B --file pom.xml versions:set -DnewVersion=$NEW_VERSION - - name: Cache Java and Maven software - uses: https://github.com/actions/cache@v4 - with: - path: ~/.sdkman - key: ${{ runner.os }}-sdkman-${{ hashFiles('**/.sdkmanrc') }} - restore-keys: | - ${{ runner.os }}-sdkman- - env: - ACTIONS_STEP_DEBUG: true - - - name: Cache local Maven repository - uses: https://github.com/actions/cache@v4 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - env: - ACTIONS_STEP_DEBUG: true - - - name: Install Java & Maven - uses: https://github.com/sdkman/sdkman-action@main - id: sdkman - - - name: Set Version - env: - MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }} - MAVEN_CENTRAL_TOKEN: ${{ secrets.NEXUS_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - run: | - export GPG_TTY=$(tty) - git config user.name "${{ github.event.head_commit.committer.name }}" - git config user.email "${{ github.event.head_commit.committer.email }}" - mvn -B --file pom.xml versions:set -DnewVersion=${{ env.NEW_VERSION }} - - - name: Run JReleaser (Changelog) + - name: "Run JReleaser (Changelog)" uses: https://w9r.dev/actions/release-action@main with: arguments: changelog --debug setup-java: false continue-on-error: true - env: - JRELEASER_OUTPUT_DIRECTORY: target - JRELEASER_PROJECT_VERSION: ${{ env.NEW_VERSION }} - JRELEASER_GITEA_TOKEN: ${{ secrets.JRELEASER_GITEA_TOKEN }} - JRELEASER_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }} - JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - - name: Commit and push changes - run: | - git config user.name "${{ github.event.head_commit.committer.name }}" - git config user.email "${{ github.event.head_commit.committer.email }}" - git add pom.xml CHANGELOG.md - git commit -a -m "Release ${{ env.NEW_VERSION }}" - git push + - name: "Commit and push changes" + uses: https://w9r.dev/w9r.dev/action-git-commit-push@v1.4 + with: + email: ${{ steps.initialize.outputs.gitemail }} + name: ${{ steps.initialize.outputs.gituser }} + commit_message: "Release ${{ env.JRELEASER_PROJECT_VERSION }} [skip ci]" + files: pom.xml CHANGELOG.md + access_token: ${{ env.JRELEASER_GITEA_TOKEN }} + - name: Build package and populate staging area for deployment run: | - mvn -B --file pom.xml package - mvn --file pom.xml -Ppublication + mvn -X -B --file pom.xml package + mvn -X --file pom.xml -Ppublication - - - name: Run JReleaser (Assemble) + - name: "Run JReleaser (Assemble)" uses: https://w9r.dev/actions/release-action@main with: arguments: assemble --debug setup-java: false continue-on-error: true - env: - JRELEASER_OUTPUT_DIRECTORY: target - JRELEASER_PROJECT_VERSION: ${{ env.NEW_VERSION }} - JRELEASER_GITEA_TOKEN: ${{ secrets.JRELEASER_GITEA_TOKEN }} - JRELEASER_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }} - JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - - name: Run JReleaser (Release) + - name: "Run JReleaser (Release)" uses: https://w9r.dev/actions/release-action@main with: arguments: release --debug setup-java: false - env: - JRELEASER_OUTPUT_DIRECTORY: target - JRELEASER_PROJECT_VERSION: ${{ env.NEW_VERSION }} - JRELEASER_GITEA_TOKEN: ${{ secrets.JRELEASER_GITEA_TOKEN }} - JRELEASER_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }} - JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - JRELEASER_ARTIFACTORY_USERNAME: ${{ secrets.NEXUS_USERNAME }} - JRELEASER_ARTIFACTORY_TOKEN: ${{ secrets.NEXUS_PASSWORD }} - - - # Persist logs - name: JReleaser release trace if: always() diff --git a/.forgejo/workflows/sonarqube.yaml b/.forgejo/workflows/sonarqube.yaml index fc84e61..8659467 100644 --- a/.forgejo/workflows/sonarqube.yaml +++ b/.forgejo/workflows/sonarqube.yaml @@ -5,140 +5,26 @@ on: - main pull_request: types: [opened, synchronize, reopened] + workflow_dispatch: name: SonarQube Scan jobs: sonarqube: - name: SonarQube Trigger + name: "SonarQube Trigger" runs-on: ubuntu-latest steps: - - name: Checking out - uses: actions/checkout@v4 + - name: "Initialize Environment" + uses: https://w9r.dev/w9r.dev/action-setup-environment@v1.1.4 with: - fetch-depth: 0 - - name: Set up Environment - run: | - apt update - apt install -y zip - mkdir -p /root/.jreleaser - mkdir -p /root/.m2 - touch /root/.jreleaser/config.properties + roleid: "${{ secrets.VAULT_ROLE_ID }}" + secretid: "${{ secrets.VAULT_SECRET_ID }}" - - name: Install syft - uses: https://github.com/anchore/sbom-action/download-syft@v0 - id: install_syft - with: - syft-version: v1.18.1 - - - name: maven-settings-xml-action - uses: https://github.com/whelk-io/maven-settings-xml-action@v22 - with: - repositories: > - [ - { - "id": "maven-releases", - "name": "Releases", - "url": "https://nexus.w9r.dev/repository/maven-releases", - "releases": { - "enabled": "true", - "updatePolicy": "always", - "checksumPolicy": "warn" - }, - "snapshots": { - "enabled": "false", - "updatePolicy": "always", - "checksumPolicy": "fail" - } - }, - { - "id": "maven-snapshots", - "name": "Snapshots", - "url": "https://nexus.w9r.dev/repository/maven-snapshots", - "releases": { - "enabled": "false", - "updatePolicy": "always", - "checksumPolicy": "warn" - }, - "snapshots": { - "enabled": "true", - "updatePolicy": "always", - "checksumPolicy": "warn" - } - } - ] - servers: > - [ - { - "id": "maven-group", - "username": "${{ secrets.NEXUS_USERNAME }}", - "password": "${{ secrets.NEXUS_PASSWORD }}" - }, - { - "id": "maven-snapshots", - "username": "${{ secrets.NEXUS_USERNAME }}", - "password": "${{ secrets.NEXUS_PASSWORD }}" - }, - { - "id": "maven-releases", - "username": "${{ secrets.NEXUS_USERNAME }}", - "password": "${{ secrets.NEXUS_PASSWORD }}" - }, - { - "id": "vulnz", - "username": "${{ secrets.VULNZ_USERNAME }}", - "password": "${{ secrets.VULNZ_PASSWORD }}" - } - ] - mirrors: > - [ - { - "id": "maven-group", - "name": "central", - "mirrorOf": "*", - "url": "https://nexus.w9r.dev/repository/maven-group/" - } - ] - plugin_groups: > - [ - "org.sonarsource.scanner.maven" - ] - output_file: /root/.m2/settings.xml - - - name: Cache Java and Maven software - uses: https://github.com/actions/cache@v4 - with: - path: ~/.sdkman - key: ${{ runner.os }}-sdkman-${{ hashFiles('**/.sdkmanrc') }} - restore-keys: | - ${{ runner.os }}-sdkman- - env: - ACTIONS_STEP_DEBUG: true - - - name: Cache SonarQube packages + - name: "Cache SonarQube packages" uses: https://github.com/actions/cache@v4 with: path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar + key: "${{ runner.os }}-sonar" + restore-keys: "${{ runner.os }}-sonar" - - name: Cache local Maven repository - uses: https://github.com/actions/cache@v4 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - env: - ACTIONS_STEP_DEBUG: true - - - name: Install Java & Maven - uses: https://github.com/sdkman/sdkman-action@main - id: sdkman - - - name: SonarQube Scan - env: - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - SONAR_HOST_URL: ${{ vars.SONARQUBE_HOST }} - run: > - mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar - -Dsonar.qualitygate.wait=true + - name: "SonarQube Scan" + run: "mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar"