Add more Maven workflows

artembilan · artembilan · commit fa76df8a01d5 · 2023-11-16T17:55:29.000-05:00
* Make Gradle Enterprise secrets as optional (Maven don't need them)
* Add `verifyStagedWorkflow` release workflow optional input with a `verify-staged-artifacts.yml` by default
* Fix `README.md` for current state of workflows
diff --git a/.github/workflows/spring-artifactory-maven-snapshot.yml b/.github/workflows/spring-artifactory-maven-snapshot.yml
@@ -0,0 +1,58 @@
+name: CI Artifactory SNAPSHOT Build for Maven
+
+on:
+  workflow_call:
+    inputs:
+      mavenArgs:
+        description: 'Additional mvn command arguments: goals, plugins etc. The `install` is included.'
+        required: false
+        type: string
+
+    secrets:
+      JF_ARTIFACTORY_SPRING:
+        required: true
+
+env:
+  JF_ENV_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}
+
+jobs:
+  build_snapshot:
+    runs-on: ubuntu-latest
+    name: CI Build SNAPSHOT for ${{ github.ref_name }}
+    steps:
+
+      - uses: actions/checkout@v3
+
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          distribution: adopt
+          java-version: 17
+          cache: 'maven'
+
+      - uses: jfrog/setup-jfrog-cli@v3
+
+      - name: Configure JFrog Cli
+        run: |
+          jf mvnc \
+            --use-wrapper=true \
+            --repo-resolve-releases=libs-milestone \
+            --repo-resolve-snapshots=snapshot \
+            --repo-deploy-releases=libs-milestone-local \
+            --repo-deploy-snapshots=libs-snapshot-local
+          echo JFROG_CLI_BUILD_NAME=${{ github.event.repository.name }}-${{ github.ref_name }} >> $GITHUB_ENV
+          echo JFROG_CLI_BUILD_NUMBER=$GITHUB_RUN_NUMBER >> $GITHUB_ENV
+
+      - name: Build and Publish
+        run: |
+          jf mvn install -B -ntp ${{ inputs.mavenArgs }}
+          jf rt build-publish
+
+      - name: Capture Test Results
+        if: failure()
+        uses: actions/upload-artifact@v3
+        with:
+          name: test-results
+          path: '**/target/surefire-reports/**/*.*'
+          retention-days: 3
+
diff --git a/.github/workflows/spring-artifactory-release.yml b/.github/workflows/spring-artifactory-release.yml
@@ -7,15 +7,20 @@ on:
         description: 'Additional Maven or Gradle command arguments: tasks, goals, plugins etc. The `install` for Maven is included. The `build` and `artifactoryPublish` for Gradle are included.'
         required: false
         type: string
+      verifyStagedWorkflow:
+        description: 'A workflow name in the target project to dispatch against staged artifacts. The `releaseVersion` must be a workflow input.'
+        required: false
+        type: string
+        default: verify-staged-artifacts.yml
 
     secrets:
-      GH_ACTIONS_REPO_TOKEN:
-        required: true
       GRADLE_ENTERPRISE_CACHE_USER:
-        required: true
+        required: false
       GRADLE_ENTERPRISE_CACHE_PASSWORD:
-        required: true
+        required: false
       GRADLE_ENTERPRISE_SECRET_ACCESS_KEY:
+        required: false
+      GH_ACTIONS_REPO_TOKEN:
         required: true
       OSSRH_URL:
         required: true
@@ -87,7 +92,7 @@ jobs:
       - name: Call smoke tests workflow
         uses: aurelien-baudet/workflow-dispatch@v2
         with:
-          workflow: verify-staged-artifacts.yml
+          workflow: ${{ inputs.verifyStagedWorkflow }}
           wait-for-completion-interval: 30s
           display-workflow-run-url-interval: 5s
           token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
diff --git a/.github/workflows/spring-maven-pull-request-build.yml b/.github/workflows/spring-maven-pull-request-build.yml
@@ -0,0 +1,31 @@
+name: Pull Request Build with Maven
+
+on:
+  workflow_call:
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - uses: actions/checkout@v3
+
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          distribution: adopt
+          java-version: 17
+          cache: 'maven'
+
+      - name: Build with Maven
+        run: ./mvnw verify -B -ntp
+
+      - name: Capture Test Results
+        if: failure()
+        uses: actions/upload-artifact@v3
+        with:
+          name: test-results
+          path: '**/target/surefire-reports/**/*.*'
+          retention-days: 3
diff --git a/README.md b/README.md
@@ -17,19 +17,34 @@ jobs:
     uses: artembilan/spring-messaging-build-tools/.github/workflows/spring-artifactory-release.yml@main
     with:
       buildToolArgs: dist
-    secrets: inherit
+      verifyStagedWorkflow: verify-staged-artifacts.yml
+    secrets:
+      GH_ACTIONS_REPO_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
+      GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
+      GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
+      GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
+      JF_ARTIFACTORY_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}
+      SPRING_RELEASE_SLACK_WEBHOOK_URL: ${{ secrets.SPRING_RELEASE_SLACK_WEBHOOK_URL }}
+      OSSRH_URL: ${{ secrets.OSSRH_URL }}
+      OSSRH_S01_TOKEN_USERNAME: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }}
+      OSSRH_S01_TOKEN_PASSWORD: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }}
+      OSSRH_STAGING_PROFILE_NAME: ${{ secrets.OSSRH_STAGING_PROFILE_NAME }}
+      GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+      GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
 ```
 on every branch which is supposed to be released via GitHub actions.
 
 The `buildToolArgs` parameter for this job means extra build tool arguments.
 For example, the mentioned `dist` value is a Gradle task in the project.
 Can be any Maven goal or other command line arguments.
 
+The mentioned secrets must be passed explicitly since these reusable workflows might be in different GitHub org than target project. 
+
 When a release workflow is dispatched, the `releaseVersion` job determines the milestone to release against the current SNAPSHOT version in the branch.
 If no milestone scheduled, the whole workflow is cancelled.
 Then `staging` job uses the `releaseVersion` output from the previous `releaseVersion` job and dispatch the work to Gradle or Maven jobs according to the project build tool.
-The `verify-staged` requires a `verify-staged-artifacts.yml` workflow present in the project.
-For example, [Spring Integation for AWS](https://github.com/spring-projects/spring-integration-aws) use `jfrog rt download` command to verify that released `spring-integration-aws.jar` is valid.
+The `verify-staged` expects an optional `verifyStagedWorkflow` input (the `verify-staged-artifacts.yml`, by default) workflow supplied from the target project.
+For example, [Spring Integration for AWS](https://github.com/spring-projects/spring-integration-aws) use `jfrog rt download` command to verify that released `spring-integration-aws.jar` is valid.
 Other projects may check out their samples repository and setup release version to perform smoke tests against just staged artifacts.
 
 The next job in the workflow is to promote release from staging either to `libs-milestone-local` or `libs-release-local`(and Maven Central) according to the releasing version schema.
