diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml new file mode 100644 index 0000000..4002da9 --- /dev/null +++ b/.github/workflows/debian-build.yml @@ -0,0 +1,57 @@ +name: Build Debian Package + +on: + workflow_call: + inputs: + artifact-name: + description: 'Name of the artifact which contains the debian package' + default: 'debian-package' + type: string + package-name: + description: 'Name of the debian package' + required: true + type: string + outputs: + package-version: + description: 'Version of the built debian package' + value: ${{ jobs.debian-build.outputs.version }} + +jobs: + debian-build: + runs-on: ubuntu-latest + outputs: + version: ${{ steps.prep-version.outputs.version }} + steps: + - uses: actions/checkout@v4 + + - name: Prepare Version Variable + id: prep-version + run: | + STR=$(grep "PACKAGE_VERSION=" versions) + VERSION=${STR#PACKAGE_VERSION=} + echo "VERSION=$VERSION" >> $GITHUB_ENV + echo "version=$VERSION" >> $GITHUB_OUTPUT + working-directory: src/resources + + - name: Generate Cache Name + run: echo "CACHE=${sort versions | awk '!/(^[[:space:]]*$|PACKAGE_VERSION=|#)/' ORS='--'}" >> $GITHUB_ENV + working-directory: src/resources + + - name: Retrieve Cached Downloads + uses: actions/cache@v4 + with: + path: src/downloads/ + key: downloads--${{ env.CACHE }} + + - name: Build Debian + run: | + chmod +x build.sh + build.sh + working-directory: src/debian + + - name: Upload Build Artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.artifact-name }} + path: src/debian/build/${{ inputs.package-name }}_${{ env.VERSION }}.deb + if-no-files-found: 'error' diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml new file mode 100644 index 0000000..52dc9bd --- /dev/null +++ b/.github/workflows/debian-deploy.yml @@ -0,0 +1,72 @@ +name: AKTIN Deploy Debian Package + +on: + workflow_call: + inputs: + artifact-name: + description: 'Artifact name' + default: 'debian-package' + type: string + codename: + description: 'OS codename' + default: 'jammy' + type: string + package-name: + description: 'Name of the debian package' + required: true + type: string + package-version: + description: 'Version of the debian package' + required: true + type: string + repository-path: + description: 'Local directory containing conf, db, dists, and pool directories' + default: '/software/repo/org/apt' + type: string + secrets: + SSH_USER: + description: 'Username for the server hosting the AKTIN APT repository' + required: true + SSH_PRIVATE_KEY: + description: 'Private Key for authenticating with the server hosting the AKTIN APT repository' + required: true + SSH_REMOTE: + description: 'Hostname of the server hosting the AKTIN APT repository' + required: true + GPG_PASSPHRASE: + description: 'Passphrase for GPG private key used for signing the published debian packages' + required: true + GPG_KEYGRIP: + description: 'Keygrip identifier of the GPG private key' + required: true + +jobs: + debian-deploy: + runs-on: ubuntu-latest + if: ${{ startsWith(github.ref, 'refs/tags/v') }} + env: + PACKAGE: "${{ inputs.package-name }}_${{ inputs.package-version }}.deb" + steps: + - name: Download Build Artifact + uses: actions/download-artifact@v4 + with: + name: ${{ inputs.artifact-name }} + + - name: Setup SSH Key + uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} + + - name: Transfer Debian Package to Remote + run: scp "$PACKAGE" "${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }}:${{ inputs.repository-path }}/" + + - name: Include Debian Package in APT Repository + run: > # use folded block style (>) because this is one long command + ssh "${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }}" + " + /usr/lib/gnupg/gpg-preset-passphrase -c -P '${{ secrets.GPG_PASSPHRASE }}' '${{ secrets.GPG_KEYGRIP }}'; + reprepro -b '${{ inputs.repository-path }}' includedeb '${{ inputs.codename }}' '${{ inputs.repository-path }}/$PACKAGE'; + reprepro -b '${{ inputs.repository-path }}' list '${{ inputs.codename }}' + rm '${{ inputs.repository-path }}/$PACKAGE' + gpg-connect-agent reloadagent /bye + " diff --git a/.github/workflows/maven-build-deploy.yml b/.github/workflows/maven-build-deploy.yml new file mode 100644 index 0000000..f945eb7 --- /dev/null +++ b/.github/workflows/maven-build-deploy.yml @@ -0,0 +1,83 @@ +name: AKTIN Build & Deploy Maven + +on: + workflow_call: + inputs: + java-version: + description: 'Java LTS version' + required: true + type: number + java-distribution: + description: 'Java distribution' + default: 'temurin' + required: false + type: string + apt-dependencies: + description: 'Dependencies installed via apt (as space separated list)' + required: false + type: string + secrets: + AKTIN_MAVEN_USERNAME: + description: 'Maven repository username' + required: false + AKTIN_MAVEN_PASSPHRASE: + description: 'Maven repository passphrase' + required: false + AKTIN_MAVEN_GPG_PASSPHRASE: + description: 'Passphrase for the maven repositories GPG private key' + required: false + AKTIN_MAVEN_GPG_PRIVATE_KEY: + description: 'Content of the maven repositories GPG private key' + required: false + AKTIN_MAVEN_REPOSITORY: + description: 'Hostname of the server hosting the maven repository' + required: false + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Prepare Working Directory Variable + run: echo "WORK_DIR=${GITHUB_REPOSITORY#aktin/}" >> $GITHUB_ENV + + - name: Checkout parent POM + uses: actions/checkout@v4 + with: + repository: aktin/aktin + + - name: Checkout project + uses: actions/checkout@v4 + with: + path: ${{ env.WORK_DIR }} + + - name: Set up JDK ${{ inputs.java-version }} + uses: actions/setup-java@v4 + with: + java-version: ${{ inputs.java-version }} + distribution: ${{ inputs.java-distribution }} + cache: maven + server-id: aktinupload.software.magdeburg # value of the distributionManagement/repository/id field of the pom.xml + server-username: MAVEN_USERNAME # env variable for username in deploy + server-password: MAVEN_PASSPHRASE # env variable for token/password in deploy + gpg-private-key: ${{ secrets.AKTIN_MAVEN_GPG_PRIVATE_KEY }} # value of the GPG private key to import + gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase + + - name: Install APT Dependencies + if: inputs.apt-dependencies + run: sudo apt install -y ${{ inputs.apt-dependencies }} + + - name: Build & (Unit-)Test + run: mvn -B package --no-transfer-progress + working-directory: ${{ env.WORK_DIR }} + + - name: Deploy + if: startsWith(github.ref, 'refs/tags/v') + run: | + mvn versions:set -DnewVersion=${GITHUB_REF_NAME#v} + mvn deploy --no-transfer-progress + working-directory: ${{ env.WORK_DIR }} + env: + MAVEN_USERNAME: ${{ secrets.AKTIN_MAVEN_USERNAME }} + MAVEN_PASSPHRASE: ${{ secrets.AKTIN_MAVEN_PASSPHRASE }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.AKTIN_MAVEN_GPG_PASSPHRASE }} + MAVEN_REPOSITORY: ${{ secrets.AKTIN_MAVEN_REPOSITORY }} diff --git a/README.md b/README.md index be171e2..e42a815 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ This repository contains a collection of custom GitHub Actions and Github Workfl ### Actions: -- **python-ql**: Performs linting, code formatting, security scanning, and custom integration testing for Python projects. +- **python-ql**: Performs linting, code formatting, security scanning, and custom integration testing for Python projects #### Usage: @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v2 - name: Run action1 - uses: aktin/aktin-github-actions/action1@main + uses: aktin/aktin-github-scripts/action1@main with: parameter1: 'value1' parameter2: 'value2 value3 value4' @@ -35,7 +35,9 @@ jobs: ### Workflows: -- +- **debian-build**: Builds a Debian package, runs integration tests, and uploads the `.deb` as a build artifact +- **debian-deploy**: Retrieves the `.deb` build artifact and adds it to a remote Debian repository using `reprepro` +- **maven-build-deploy**: Builds a Maven project, runs integration tests, and optionally deploys `.jar`/`.war`/`.ear` files to the AKTIN Maven repository #### Usage: @@ -51,7 +53,7 @@ on: jobs: call-reusable-workflow: - uses: aktin/aktin-github-actions/workflows/workflow1.yml@main + uses: aktin/aktin-github-scripts/.github/workflows/workflow1.yml@main with: input1: 'value1' input2: 'value2'