Tessera Release Build #110
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tessera Release Build | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release-version: | |
| description: "(WARNING: WILL TRIGGER A SONATYPE/DOCKER RELEASE) Release version - checked against version.txt" | |
| required: true | |
| type: string | |
| env: | |
| SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} | |
| SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| GPG_EXECUTABLE: ${{ secrets.GPG_EXECUTABLE }} | |
| GPG_SECRET_KEYS: ${{ secrets.GPG_SECRET_KEYS }} | |
| TESSERA_DOCKER_IMAGE_NAME: quorumengineering/tessera | |
| jobs: | |
| check-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| full-version: ${{ steps.version.outputs.full-version }} | |
| minor-version: ${{ steps.version.outputs.minor-version }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Get release version | |
| id: version | |
| run: | | |
| # 1.2.3-SNAPSHOT --> 1.2.3 | |
| FULL_VERSION=$(cat version.txt | cut -d '-' -f 1) | |
| # 1.2.3 --> 1.2 | |
| MINOR_VERSION=$(echo $FULL_VERSION | cut -d '.' -f 1,2) | |
| echo "full-version=${FULL_VERSION}" | |
| echo "minor-version=${MINOR_VERSION}" | |
| echo "::set-output name=full-version::$FULL_VERSION" | |
| echo "::set-output name=minor-version::$MINOR_VERSION" | |
| - name: Check release version | |
| env: | |
| USER_VERSION: ${{ github.event.inputs.release-version }} | |
| TAG_VERSION: ${{ steps.version.outputs.full-version }} | |
| run: | | |
| # simple sanity check to help prevent accidentally releasing the wrong branch | |
| if [ $USER_VERSION = $TAG_VERSION ] | |
| then | |
| exit 0 | |
| fi | |
| echo "user-provided version ($USER_VERSION) does not match version.txt ($TAG_VERSION), exiting" | |
| exit 1 | |
| check-dependencies: | |
| needs: [ check-version ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-java@v1 | |
| with: | |
| java-version: 17 | |
| - run: ./gradlew dependencyCheckAnalyze -x test | |
| release-sonatype: | |
| needs: [ check-dependencies, check-version ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v1 | |
| with: | |
| java-version: 17 | |
| - name: Release | |
| id: release | |
| env: | |
| TAG_NAME: tessera-${{ needs.check-version.outputs.full-version }} | |
| FULL_VERSION: ${{ needs.check-version.outputs.full-version }} | |
| MINOR_VERSION: ${{ needs.check-version.outputs.minor-version }} | |
| run: | | |
| echo "Releasing $FULL_VERSION" | |
| git config user.name "quorumbot" | |
| now=`date +%Y%m%d%H%M%S` | |
| echo "Creating tag $TAG_NAME" | |
| echo "$FULL_VERSION" > version.txt | |
| git add version.txt | |
| git commit -m "Change to release version $FULL_VERSION" | |
| git tag -a $TAG_NAME -m "Release tessera $FULL_VERSION" | |
| git push --tags | |
| echo "${GPG_SECRET_KEYS}" | base64 --decode | gpg --import --no-tty --batch --yes | |
| echo $GPG_OWNERTRUST | base64 --decode | gpg --import-ownertrust | |
| pubkey=`gpg --list-keys -a [email protected]|head -2|tail -1|xargs` | |
| ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository -PsonatypeUsername=$SONATYPE_USERNAME -PsonatypePassword=$SONATYPE_PASSWORD -Psigning.gnupg.keyName=$pubkey -Psigning.gnupg.passphrase=${GPG_PASSPHRASE} --info | |
| ./gradlew incrementProjectVersion --info | |
| git add version.txt | |
| git commit -m "Change version to next development version" | |
| echo ::set-output name=branch-name::release-$now | |
| - name: Create PR to update development version | |
| uses: peter-evans/create-pull-request@v3 | |
| with: | |
| branch: ${{ steps.release.outputs.branch-name }} | |
| title: Update development version | |
| body: Triggered by release https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| - name: Upload tessera dists | |
| uses: actions/upload-artifact@v2 | |
| if: success() | |
| with: | |
| name: tessera-dists | |
| path: tessera-dist/build/distributions/ | |
| - name: Upload enclave dists | |
| uses: actions/upload-artifact@v2 | |
| if: success() | |
| with: | |
| name: enclave-dists | |
| path: enclave/enclave-jaxrs/build/distributions/ | |
| - name: Upload azure-key-vault dists | |
| uses: actions/upload-artifact@v2 | |
| if: success() | |
| with: | |
| name: azure-key-vault-dists | |
| path: key-vault/azure-key-vault/build/distributions/ | |
| - name: Upload aws-key-vault dists | |
| uses: actions/upload-artifact@v2 | |
| if: success() | |
| with: | |
| name: aws-key-vault-dists | |
| path: key-vault/aws-key-vault/build/distributions/ | |
| - name: Upload hashicorp-key-vault dists | |
| uses: actions/upload-artifact@v2 | |
| if: success() | |
| with: | |
| name: hashicorp-key-vault-dists | |
| path: key-vault/hashicorp-key-vault/build/distributions/ | |
| release-docker: | |
| needs: [check-version, release-sonatype] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code from SCM | |
| uses: actions/checkout@v2 | |
| - name: Download tessera dists | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: tessera-dists | |
| path: tessera-dist/build/distributions/ | |
| - name: Download enclave dists | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: enclave-dists | |
| path: enclave/enclave-jaxrs/build/distributions/ | |
| - name: Download azure-key-vault dists | |
| uses: actions/download-artifact@v2 | |
| if: success() | |
| with: | |
| name: azure-key-vault-dists | |
| path: key-vault/azure-key-vault/build/distributions/ | |
| - name: Download aws-key-vault dists | |
| uses: actions/download-artifact@v2 | |
| if: success() | |
| with: | |
| name: aws-key-vault-dists | |
| path: key-vault/aws-key-vault/build/distributions/ | |
| - name: Download hashicorp-key-vault dists | |
| uses: actions/download-artifact@v2 | |
| if: success() | |
| with: | |
| name: hashicorp-key-vault-dists | |
| path: key-vault/hashicorp-key-vault/build/distributions/ | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v1 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_ACCESS_TOKEN }} | |
| - name: Get current date-time (RFC 3339 standard) | |
| id: date | |
| run: | | |
| echo "::set-output name=now::$(date -u '+%Y-%m-%dT%H:%M:%SZ')" | |
| - name: Build and push standalone tessera images | |
| uses: docker/build-push-action@v2 | |
| with: | |
| tags: | | |
| ${{ env.TESSERA_DOCKER_IMAGE_NAME }}:latest | |
| ${{ env.TESSERA_DOCKER_IMAGE_NAME }}:${{ needs.check-version.outputs.minor-version }} | |
| ${{ env.TESSERA_DOCKER_IMAGE_NAME }}:${{ needs.check-version.outputs.full-version }} | |
| labels: | | |
| org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.created=${{ steps.date.outputs.now }} | |
| push: true | |
| file: docker/tessera.Dockerfile | |
| # context must be explicitly provided to prevent docker/build-push-action checking out the repo again and deleting the downloaded artifacts | |
| context: . | |
| - name: Build and push tessera+azure images | |
| uses: docker/build-push-action@v2 | |
| with: | |
| tags: | | |
| ${{ env.TESSERA_DOCKER_IMAGE_NAME }}:azure-latest | |
| ${{ env.TESSERA_DOCKER_IMAGE_NAME }}:azure-${{ needs.check-version.outputs.minor-version }} | |
| ${{ env.TESSERA_DOCKER_IMAGE_NAME }}:azure-${{ needs.check-version.outputs.full-version }} | |
| labels: | | |
| org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.created=${{ steps.date.outputs.now }} | |
| push: true | |
| file: docker/tessera.azure.Dockerfile | |
| # context must be explicitly provided to prevent docker/build-push-action checking out the repo again and deleting the downloaded artifacts | |
| context: . | |
| - name: Build and push tessera+aws images | |
| uses: docker/build-push-action@v2 | |
| with: | |
| tags: | | |
| ${{ env.TESSERA_DOCKER_IMAGE_NAME }}:aws-latest | |
| ${{ env.TESSERA_DOCKER_IMAGE_NAME }}:aws-${{ needs.check-version.outputs.minor-version }} | |
| ${{ env.TESSERA_DOCKER_IMAGE_NAME }}:aws-${{ needs.check-version.outputs.full-version }} | |
| labels: | | |
| org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.created=${{ steps.date.outputs.now }} | |
| push: true | |
| file: docker/tessera.aws.Dockerfile | |
| # context must be explicitly provided to prevent docker/build-push-action checking out the repo again and deleting the downloaded artifacts | |
| context: . | |
| - name: Build and push tessera+hashicorp images | |
| uses: docker/build-push-action@v2 | |
| with: | |
| tags: | | |
| ${{ env.TESSERA_DOCKER_IMAGE_NAME }}:hashicorp-latest | |
| ${{ env.TESSERA_DOCKER_IMAGE_NAME }}:hashicorp-${{ needs.check-version.outputs.minor-version }} | |
| ${{ env.TESSERA_DOCKER_IMAGE_NAME }}:hashicorp-${{ needs.check-version.outputs.full-version }} | |
| labels: | | |
| org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.created=${{ steps.date.outputs.now }} | |
| push: true | |
| file: docker/tessera.hashicorp.Dockerfile | |
| # context must be explicitly provided to prevent docker/build-push-action checking out the repo again and deleting the downloaded artifacts | |
| context: . | |
| - name: Build and push standalone enclave images | |
| uses: docker/build-push-action@v2 | |
| with: | |
| tags: | | |
| ${{ env.TESSERA_DOCKER_IMAGE_NAME }}:enclave-latest | |
| ${{ env.TESSERA_DOCKER_IMAGE_NAME }}:enclave-${{ needs.check-version.outputs.minor-version }} | |
| ${{ env.TESSERA_DOCKER_IMAGE_NAME }}:enclave-${{ needs.check-version.outputs.full-version }} | |
| labels: | | |
| org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.created=${{ steps.date.outputs.now }} | |
| push: true | |
| file: docker/enclave.Dockerfile | |
| # context must be explicitly provided to prevent docker/build-push-action checking out the repo again and deleting the downloaded artifacts | |
| context: . |