From 39b31a37542cb042862247b6bfa7b6a39880f3d9 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Thu, 7 Nov 2024 14:32:17 +0100 Subject: [PATCH 01/50] ci: add get-newest-artifact composite action --- README.md | 6 ++--- actions/get-newest-artifact/action.yml | 32 ++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 actions/get-newest-artifact/action.yml diff --git a/README.md b/README.md index be171e2..7f508e1 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ This repository contains a collection of custom GitHub Actions and Github Workfl ### Actions: +- **get-newest-artifact**: Get artifacts from the last success run of a specified workflow - **python-ql**: Performs linting, code formatting, security scanning, and custom integration testing for Python projects. #### Usage: @@ -27,7 +28,7 @@ jobs: uses: actions/checkout@v2 - name: Run action1 - uses: aktin/aktin-github-actions/action1@main + uses: aktin/aktin-github-scripts/action1@main with: parameter1: 'value1' parameter2: 'value2 value3 value4' @@ -35,7 +36,6 @@ jobs: ### Workflows: -- #### Usage: @@ -51,7 +51,7 @@ on: jobs: call-reusable-workflow: - uses: aktin/aktin-github-actions/workflows/workflow1.yml@main + uses: aktin/aktin-github-scripts/workflows/workflow1.yml@main with: input1: 'value1' input2: 'value2' diff --git a/actions/get-newest-artifact/action.yml b/actions/get-newest-artifact/action.yml new file mode 100644 index 0000000..d01647f --- /dev/null +++ b/actions/get-newest-artifact/action.yml @@ -0,0 +1,32 @@ +name: Get Newest Artifact + +description: 'Get artifacts from the last success run of a specified workflow' + +inputs: + workflow: + description: 'Workflow filename' + required: true + repository: + description: 'Repository name with owner' + default: ${{ github.repository }} + artifact: + description: 'Artifacts that match glob pattern' + required: true + path: + description: 'The directory to download artifacts into (default ".")' + default: '.' + + +runs: + using: 'composite' + steps: + - name: Download Latest Successful Build Artifact + run: | + newest_success=$(gh run list -R ${{ inputs.repository }} -w ${{ inputs.workflow }} \ + --json conclusion,headBranch,databaseId \ + --jq 'first(.[] | select(.conclusion | contains("success"))) | .databaseId') + [ -z "$newest_success" ] && echo "No successful run found" && exit 1 || true + gh run download $newest_success -p ${{ inputs.artifact }} -D ${{ inputs.path }} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + shell: bash \ No newline at end of file From c5219bf67c1404042c1d18554284685ddb0523b0 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Thu, 7 Nov 2024 16:12:58 +0100 Subject: [PATCH 02/50] WIP ci: add build & deploy workflows for AKTIN Maven, Debian, and Docker projects --- README.md | 7 +++ workflows/debian-build.yml | 82 +++++++++++++++++++++++++++ workflows/debian-deploy-gh.yml | 44 +++++++++++++++ workflows/debian-deploy-override.yml | 77 ++++++++++++++++++++++++++ workflows/debian-deploy.yml | 61 ++++++++++++++++++++ workflows/docker-build.yml | 53 ++++++++++++++++++ workflows/docker-deploy.yml | 62 +++++++++++++++++++++ workflows/maven-build-deploy.yml | 83 ++++++++++++++++++++++++++++ 8 files changed, 469 insertions(+) create mode 100644 workflows/debian-build.yml create mode 100644 workflows/debian-deploy-gh.yml create mode 100644 workflows/debian-deploy-override.yml create mode 100644 workflows/debian-deploy.yml create mode 100644 workflows/docker-build.yml create mode 100644 workflows/docker-deploy.yml create mode 100644 workflows/maven-build-deploy.yml diff --git a/README.md b/README.md index 7f508e1..30317b8 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,13 @@ jobs: ### Workflows: +- **debian-build.yml**: Build a debian package, run integration tests, upload DEB as build artifact +- **debian-depoly.yml**: Retrieve DEB build artifact and add it to a remote debian repository with reprepro +- **debian-depoly-gh.yml**: Retrieve DEB build artifact and add it to debian repository hosted in the repository which calls debian-deploy.yml +- **debian-depoly-override.yml**: Retrieve DEB build artifacts, create new reprepro debian repository, and push it to a remote server (i2b2 DEb is >100MB) +- **docker-build.yml**: Build docker images and upload Dockerfiles, etc. as build artifact +- **docker-deploy.yml**: Retrieve Dockerfile build artifacts and publish them to the GitHub Container Registry +- **maven-build-deploy.yml**: Build maven project, run integration test, optionally deploy JAR/WAR/EAR to AKTIN maven repository #### Usage: diff --git a/workflows/debian-build.yml b/workflows/debian-build.yml new file mode 100644 index 0000000..90d5523 --- /dev/null +++ b/workflows/debian-build.yml @@ -0,0 +1,82 @@ +name: AKTIN Build Debian + +on: + workflow_call: + inputs: + artifact-name: + description: 'Artifact name' + default: 'debian-package' + type: string + name-base: + description: 'Prefix of the docker tags (either aktin-notaufnahme-i2b2 or aktin-notaufnahme-dwh)' + required: true + type: string + download-i2b2: + description: 'Download i2b2 update ZIP when building notaufnahme-i2b2 debian package' + default: false + type: boolean + + +jobs: + debian-build: + runs-on: ubuntu-latest + defaults: + run: + working-directory: src/debian + steps: + - name: Prepare Version Variable - Deployment + if: startsWith(github.ref, 'refs/tags/v') + run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV + + - name: Prepare Version Variable - Testing + if: ! startsWith(github.ref, 'refs/tags/v') + run: echo "VERSION=0-$GITHUB_REF_NAME" >> $GITHUB_ENV + + - uses: actions/checkout@v4 + + - name: Retrieve Cached Downloads + if: inputs.download-i2b2 + uses: actions/cache@v4 + with: + path: src/downloads/ + key: downloads + + - name: Retrieve i2b2 Update + if: steps.i2b2-cache.outputs.cache-hit != 'true' && inputs.download-i2b2 + run: # TODO + + - name: Build Debian + run: build.sh $VERSION + +# Note: Because no tests are implemented yet, installation of the debian packages are not required yet +# +# - name: Retrieve Cached GPG Public Key +# if: inputs.name-base == 'aktin-notaufnahme-dwh' +# uses: actions/cache@v4 +# with: +# path: /etc/apt/trusted.gpg.d/aktin.gpg +# key: aktin-debian-repository-gpg-public-key +# +# - name: Install aktin-notaufnahme-i2b2 from AKTIN Repository +# if: inputs.name-base == 'aktin-notaufnahme-dwh' +# run: | +# sudo apt install -y openjdk-11-jre-headless +# sudo wget -O - https://www.aktin.org/software/repo/org/apt/conf/aktin.gpg.key | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/aktin.gpg +# echo "deb https://www.aktin.org/software/repo/org/apt focal main" > /etc/apt/sources.list.d/aktin.list +# sudo apt update +# sudo apt install -y aktin-notaufnahme-i2b2 +# +# - name: Install +# run: | +# sudo apt install -y openjdk-11-jre-headless +# sudo apt install -y "build/${{ inputs.name-base }}_$VERSION.deb" +# sudo service wildfly restart +# +# - name: Test +# run: # TODO + + - name: Upload Build Artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.artifact-name }} + path: build/${{ inputs.name-base }}_$VERSION.deb \ No newline at end of file diff --git a/workflows/debian-deploy-gh.yml b/workflows/debian-deploy-gh.yml new file mode 100644 index 0000000..702bb87 --- /dev/null +++ b/workflows/debian-deploy-gh.yml @@ -0,0 +1,44 @@ +name: AKTIN Deploy Debian + +on: + workflow_call: + inputs: + artifact-name: + description: 'Artifact name' + default: 'debian-package' + type: string + codename: + description: 'OS codename' + default: 'noble' + type: string + +jobs: + debian-deploy: + runs-on: ubuntu-latest + needs: debian-build + steps: + - uses: actions/checkout@v4 + + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.DEBIAN_GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.DEBIAN_GPG_PASSPHRASE }} + + - name: Download Build Artifact + uses: actions/download-artifact@v4 + with: + pattern: ${{ inputs.artifact-name }} + + - name: Import Debian Packages + run: | + sudo apt install -y reprepro + reprepro -b "." includedeb ${{ inputs.codename }} aktin-notaufnahme-*.deb + + - name: Cleanup Workspace + run: rm aktin-notaufnahme-*.deb + + # TODO push / pr workspace to repo + # - https://stackoverflow.com/questions/57921401/push-to-origin-from-github-action/58393457#58393457 + # - https://github.com/peter-evans/create-pull-request + # - https://github.com/stefanzweifel/git-auto-commit-action \ No newline at end of file diff --git a/workflows/debian-deploy-override.yml b/workflows/debian-deploy-override.yml new file mode 100644 index 0000000..eb90821 --- /dev/null +++ b/workflows/debian-deploy-override.yml @@ -0,0 +1,77 @@ +name: AKTIN Deploy Debian + +on: + workflow_call: + inputs: + artifact-pattern: + description: 'Pattern of artifact names' + default: 'debian-package-*' + type: string + codename: + description: 'OS codename' + default: 'noble' + type: string + secrets: + SSH_USER: + description: 'Username for the server hosting the APT repository' + required: true + # TODO PASSPHRASE or PRIVATE_KEY authentication + SSH_PASSPHRASE: + description: 'Passphrase for authenticating with the server hosting the APT repository' + required: true + SSH_PRIVATE_KEY: + description: 'Private Key for authenticating with the server hosting the APT repository' + required: true + +jobs: + debian-deploy: + runs-on: ubuntu-latest + needs: debian-build + if: ${{ startsWith(github.ref, 'refs/tags/v') }} + env: + REPREPRO_HOME: # TODO + steps: + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.PASSPHRASE }} + + - name: Install reprepro + run: | + mkdir -p $REPREPRO_HOME/conf + + cat > $REPREPRO_HOME/conf/distributions << EOL + Origin: aktin + Suite: stable + Codename: ${{ inputs.codename }} + Architectures: amd64 i386 + Components: main + Description: Apt repository for AKTIN + SignWith: yes + + sudo apt install -y reprepro + + - name: Download Build Artifact + uses: actions/download-artifact@v4 + with: + pattern: ${{ inputs.artifact-pattern }} + + - name: Import Debian Packages + run: reprepro -b "$REPREPRO_HOME" includedeb ${{ inputs.codename }} aktin-notaufnahme-*.deb + + # TODO decide on variant + # variant: private key authentication + # Requirement: authentication public key is in .ssh/authorized_keys of remote + - name: Setup SSH Key + uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} + - name: Deploy APT Repository + run: scp -r "$REPREPRO_HOME" "${{ secrets.SSH_USER }}@aktin.org:/$REPREPRO_HOME" + + # variant: passphrase authentication + - name: Deploy APT Repository + run: | + sudo apt install -y sshpass + sshpass -p "${{ secrets.SSH_PASSPHRASE }}" scp -r "$REPREPRO_HOME" "${{ secrets.SSH_USER }}@aktin.org:/$REPREPRO_HOME" \ No newline at end of file diff --git a/workflows/debian-deploy.yml b/workflows/debian-deploy.yml new file mode 100644 index 0000000..50a3c43 --- /dev/null +++ b/workflows/debian-deploy.yml @@ -0,0 +1,61 @@ +name: AKTIN Deploy Debian + +on: + workflow_call: + inputs: + artifact-name: + description: 'Artifact name' + default: 'debian-package' + type: string + codename: + description: 'OS codename' + default: 'noble' + type: string + secrets: + SSH_USER: + SSH_PASSPHRASE: + SSH_PRIVATE_KEY: + +jobs: + debian-deploy: + runs-on: ubuntu-latest + needs: debian-build + if: ${{ startsWith(github.ref, 'refs/tags/v') }} + env: + REPREPRO_HOME: # TODO + steps: + - name: Download Build Artifact + uses: actions/download-artifact@v4 + with: + name: ${{ inputs.artifact-name }} + + + # TODO decide on variant + # variant: private key authentication + # Requirement: authentication public key is in .ssh/authorized_keys of remote + - name: Setup SSH Key + uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} + - name: Deploy Debian Package + run: scp aktin-notaufnahme-*.deb "${{ secrets.SSH_USER }}@aktin.org:/$REPREPRO_HOME/" + - name: Import Debian Packages + run: ssh ${{ secrets.SSH_USER }}@aktin.org "reprepro -b '$REPREPRO_HOME' includedeb ${{ inputs.codename }} aktin-notaufnahme-*.deb" + - name: Update OS Codename in "conf/distributions" + run: | + ssh ${{ secrets.SSH_USER }}@aktin.org "sed -i '0,/Codename: [a-z]*/s//Codename: ${{ inputs.codename }}/' conf/distributions" + + + # variant: passphrase authentication + - name: Deploy Debian Package + run: | + sudo apt install -y sshpass + sshpass -p "${{ secrets.SSH_PASSPHRASE }}" scp aktin-notaufnahme-*.deb "${{ secrets.SSH_USER }}@aktin.org:/$REPREPRO_HOME/" + - name: Import Debian Packages + run: | + sshpass -p "${{ secrets.SSH_PASSPHRASE }}" ssh ${{ secrets.SSH_USER }}@aktin.org \ + "reprepro -b '$REPREPRO_HOME' includedeb ${{ inputs.codename }} aktin-notaufnahme-*.deb" + - name: Update OS Codename in "conf/distributions" + run: | + sshpass -p "${{ secrets.SSH_PASSPHRASE }}" ssh ${{ secrets.SSH_USER }}@aktin.org \ + "sed -i '0,/Codename: [a-z]*/s//Codename: ${{ inputs.codename }}/' conf/distributions" \ No newline at end of file diff --git a/workflows/docker-build.yml b/workflows/docker-build.yml new file mode 100644 index 0000000..cb7e7db --- /dev/null +++ b/workflows/docker-build.yml @@ -0,0 +1,53 @@ +name: AKTIN Build Docker + +on: + workflow_call: + inputs: + artifact-name: + description: 'Artifact name' + default: 'dockerfiles' + type: string + download-i2b2: + description: 'Download i2b2 update ZIP when building notaufnahme-i2b2 docker image' + default: false + type: boolean + + +jobs: + docker-build: + runs-on: ubuntu-latest + defaults: + run: + working-directory: src/docker + steps: + - uses: actions/checkout@v4 + + - name: Retrieve Cached Downloads + uses: actions/cache@v4 + with: + path: src/downloads/ + key: downloads + + - name: Retrieve i2b2 Update + if: steps.i2b2-cache.outputs.cache-hit != 'true' && inputs.download-i2b2 + run: # TODO + + - name: Build Dockerfiles + run: build.sh + +# - name: Install +# run: | +# docker compose build +# docker compose -f sample/docker-compose.yml up -d +# +# - name: Test +# run: # TODO + + - name: Upload Build Artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.artifact-name }} + path: | + database/ + httpd/ + wildfly/ \ No newline at end of file diff --git a/workflows/docker-deploy.yml b/workflows/docker-deploy.yml new file mode 100644 index 0000000..ec72b42 --- /dev/null +++ b/workflows/docker-deploy.yml @@ -0,0 +1,62 @@ +name: AKTIN Deploy Docker + +on: + workflow_call: + inputs: + artifact-name: + description: 'Name of the artifact to download' + default: 'dockerfiles' + type: string + tag-base: + description: 'Prefix of the docker tags (either ghcr.io/aktin/notaufnahme-i2b2 or ghcr.io/aktin/notaufnahme-dwh)' + required: true + type: string + + +jobs: + docker-deploy: + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/tags/v') + steps: + - name: Prepare Version Variable + run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV + + - name: Download Build Artifact + uses: actions/download-artifact@v4 + with: + name: ${{ inputs.artifact-name }} + + - name: Login to GitHub Docker Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push docker image for ${{ github.job }} [httpd] + uses: docker/build-push-action@v6 + with: + context: httpd/ + tags: | + ${{ inputs.tag-base }}-httpd:latest + ${{ inputs.tag-base }}-httpd:$VERSION + push: true + + - name: Build and push docker image for ${{ github.job }} [database] + uses: docker/build-push-action@v6 + with: + context: database/ + tags: | + ${{ inputs.tag-base }}-database:latest + ${{ inputs.tag-base }}-database:$VERSION + push: true + + - name: Build and push docker image for ${{ github.job }} [wildfly] + uses: docker/build-push-action@v6 + with: + context: wildfly/ + tags: | + ${{ inputs.tag-base }}-wildfly:latest + ${{ inputs.tag-base }}-wildfly:$VERSION + push: true + diff --git a/workflows/maven-build-deploy.yml b/workflows/maven-build-deploy.yml new file mode 100644 index 0000000..f3d533a --- /dev/null +++ b/workflows/maven-build-deploy.yml @@ -0,0 +1,83 @@ +name: AKTIN Build & Deploy Maven + +on: + workflow_call: + inputs: + java-version: + description: 'Java version number' + required: true + type: number + java-distribution: + description: 'Java distribution' + default: 'temurin' + required: false + type: string + install-r: + description: 'Whether to install r-base and r-cran-tidyverse before testing' + default: false + required: false + type: boolean + secrets: + AKTIN_MAVEN_USERNAME: + description: 'Maven repository username' + required: false + AKTIN_MAVEN_PASSPHRASE: + description: 'Maven repository passphrase' + required: false + AKTIN_MAVEN_GPG_PASSPHRASE: + description: 'Passphrase for the maven repositories GPG private key' + required: false + AKTIN_MAVEN_GPG_PRIVATE_KEY: + description: 'Content of the maven repositories GPG private key' + required: false + + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Prepare Working Directory Variable + run: echo "WORK_DIR=${GITHUB_REPOSITORY#aktin/}" >> $GITHUB_ENV + + - name: Checkout parent POM + uses: actions/checkout@v4 + with: + repository: aktin/aktin + + - name: Checkout project + uses: actions/checkout@v4 + with: + path: ${{ env.WORK_DIR }} + + - name: Set up JDK ${{ inputs.java-version }} + uses: actions/setup-java@v4 + with: + java-version: ${{ inputs.java-version }} + distribution: ${{ inputs.java-distribution }} + cache: maven + server-id: aktinupload.software.magdeburg # value of the distributionManagement/repository/id field of the pom.xml + server-username: MAVEN_USERNAME # env variable for username in deploy + server-password: MAVEN_PASSPHRASE # env variable for token/password in deploy + gpg-private-key: ${{ secrets.AKTIN_MAVEN_GPG_PRIVATE_KEY }} # value of the GPG private key to import + gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase + + - name: Install APT Dependencies + if: inputs.install-r + run: sudo apt install -y r-base r-cran-tidyverse + + - name: Build & (Unit-)Test +# run: mvn -B package -Dchangelist=-SNAPSHOT+${{ github.run_number }} + run: mvn -B package + working-directory: ${{ env.WORK_DIR }} + + - name: Deploy + if: startsWith(github.ref, 'refs/tags/v') +# run: mvn deploy -Drevision=${GITHUB_REF_NAME#v} -Dchangelist= + run: | + mvn versions:set -DnewVersion=${GITHUB_REF_NAME#v} + mvn deploy + working-directory: ${{ env.WORK_DIR }} + env: + MAVEN_USERNAME: ${{ secrets.AKTIN_MAVEN_USERNAME }} + MAVEN_PASSPHRASE: ${{ secrets.AKTIN_MAVEN_PASSPHRASE }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.AKTIN_MAVEN_GPG_PASSPHRASE }} \ No newline at end of file From 85c4901f294bf1b41641bed46d5caa7e565b54f7 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Thu, 7 Nov 2024 16:44:22 +0100 Subject: [PATCH 03/50] WIP fix: workflows must be rooted in .github/workflows directory --- {workflows => .github/workflows}/debian-build.yml | 0 {workflows => .github/workflows}/debian-deploy-gh.yml | 0 {workflows => .github/workflows}/debian-deploy-override.yml | 0 {workflows => .github/workflows}/debian-deploy.yml | 0 {workflows => .github/workflows}/docker-build.yml | 0 {workflows => .github/workflows}/docker-deploy.yml | 0 {workflows => .github/workflows}/maven-build-deploy.yml | 0 7 files changed, 0 insertions(+), 0 deletions(-) rename {workflows => .github/workflows}/debian-build.yml (100%) rename {workflows => .github/workflows}/debian-deploy-gh.yml (100%) rename {workflows => .github/workflows}/debian-deploy-override.yml (100%) rename {workflows => .github/workflows}/debian-deploy.yml (100%) rename {workflows => .github/workflows}/docker-build.yml (100%) rename {workflows => .github/workflows}/docker-deploy.yml (100%) rename {workflows => .github/workflows}/maven-build-deploy.yml (100%) diff --git a/workflows/debian-build.yml b/.github/workflows/debian-build.yml similarity index 100% rename from workflows/debian-build.yml rename to .github/workflows/debian-build.yml diff --git a/workflows/debian-deploy-gh.yml b/.github/workflows/debian-deploy-gh.yml similarity index 100% rename from workflows/debian-deploy-gh.yml rename to .github/workflows/debian-deploy-gh.yml diff --git a/workflows/debian-deploy-override.yml b/.github/workflows/debian-deploy-override.yml similarity index 100% rename from workflows/debian-deploy-override.yml rename to .github/workflows/debian-deploy-override.yml diff --git a/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml similarity index 100% rename from workflows/debian-deploy.yml rename to .github/workflows/debian-deploy.yml diff --git a/workflows/docker-build.yml b/.github/workflows/docker-build.yml similarity index 100% rename from workflows/docker-build.yml rename to .github/workflows/docker-build.yml diff --git a/workflows/docker-deploy.yml b/.github/workflows/docker-deploy.yml similarity index 100% rename from workflows/docker-deploy.yml rename to .github/workflows/docker-deploy.yml diff --git a/workflows/maven-build-deploy.yml b/.github/workflows/maven-build-deploy.yml similarity index 100% rename from workflows/maven-build-deploy.yml rename to .github/workflows/maven-build-deploy.yml From 616c0772bd22f3f373c1a31e4bb86cc0140b1bd9 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 17 Dec 2024 15:00:52 +0100 Subject: [PATCH 04/50] feat: set "downloads" cache key based on versions file --- .github/workflows/debian-build.yml | 5 ++++- .github/workflows/docker-build.yml | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 90d5523..0610929 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -34,12 +34,15 @@ jobs: - uses: actions/checkout@v4 + - name: Generate Cache Name + run: echo "CACHE=${sort versions | awk '!/(^[[:space:]]*$|PACKAGE_VERSION=)/' ORS='--'}" >> $GITHUB_ENV + - name: Retrieve Cached Downloads if: inputs.download-i2b2 uses: actions/cache@v4 with: path: src/downloads/ - key: downloads + key: downloads--${{ env.CACHE }} - name: Retrieve i2b2 Update if: steps.i2b2-cache.outputs.cache-hit != 'true' && inputs.download-i2b2 diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index cb7e7db..eab3953 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -22,11 +22,14 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Generate Cache Name + run: echo "CACHE=${sort versions | awk '!/(^[[:space:]]*$|PACKAGE_VERSION=)/' ORS='--'}" >> $GITHUB_ENV + - name: Retrieve Cached Downloads uses: actions/cache@v4 with: path: src/downloads/ - key: downloads + key: downloads--${{ env.CACHE }} - name: Retrieve i2b2 Update if: steps.i2b2-cache.outputs.cache-hit != 'true' && inputs.download-i2b2 From f827f79e8b1caf7946a1ac70c0b0cad3e0f9bd9b Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 17 Dec 2024 15:22:53 +0100 Subject: [PATCH 05/50] refactor!: remove steps related to i2b2 download i2b2 docker and debian build.sh now integrate the downloads fo i2b2 files. BREAKING CHANGE: reusable workflow input "download-i2b2" removed --- .github/workflows/debian-build.yml | 9 --------- .github/workflows/docker-build.yml | 9 --------- 2 files changed, 18 deletions(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 0610929..74dd27b 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -11,10 +11,6 @@ on: description: 'Prefix of the docker tags (either aktin-notaufnahme-i2b2 or aktin-notaufnahme-dwh)' required: true type: string - download-i2b2: - description: 'Download i2b2 update ZIP when building notaufnahme-i2b2 debian package' - default: false - type: boolean jobs: @@ -38,16 +34,11 @@ jobs: run: echo "CACHE=${sort versions | awk '!/(^[[:space:]]*$|PACKAGE_VERSION=)/' ORS='--'}" >> $GITHUB_ENV - name: Retrieve Cached Downloads - if: inputs.download-i2b2 uses: actions/cache@v4 with: path: src/downloads/ key: downloads--${{ env.CACHE }} - - name: Retrieve i2b2 Update - if: steps.i2b2-cache.outputs.cache-hit != 'true' && inputs.download-i2b2 - run: # TODO - - name: Build Debian run: build.sh $VERSION diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index eab3953..93d3f29 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -7,11 +7,6 @@ on: description: 'Artifact name' default: 'dockerfiles' type: string - download-i2b2: - description: 'Download i2b2 update ZIP when building notaufnahme-i2b2 docker image' - default: false - type: boolean - jobs: docker-build: @@ -31,10 +26,6 @@ jobs: path: src/downloads/ key: downloads--${{ env.CACHE }} - - name: Retrieve i2b2 Update - if: steps.i2b2-cache.outputs.cache-hit != 'true' && inputs.download-i2b2 - run: # TODO - - name: Build Dockerfiles run: build.sh From e324e43b852a36304bedfae1aed7e7ae7aea0c53 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 17 Dec 2024 15:40:53 +0100 Subject: [PATCH 06/50] refactor: remove passphrase authentication for SSH Both passphrase and private key authentication were implemented but only private key authentication will be used. --- .github/workflows/debian-deploy-override.yml | 14 +----------- .github/workflows/debian-deploy.yml | 23 ++------------------ 2 files changed, 3 insertions(+), 34 deletions(-) diff --git a/.github/workflows/debian-deploy-override.yml b/.github/workflows/debian-deploy-override.yml index eb90821..80e6979 100644 --- a/.github/workflows/debian-deploy-override.yml +++ b/.github/workflows/debian-deploy-override.yml @@ -15,10 +15,6 @@ on: SSH_USER: description: 'Username for the server hosting the APT repository' required: true - # TODO PASSPHRASE or PRIVATE_KEY authentication - SSH_PASSPHRASE: - description: 'Passphrase for authenticating with the server hosting the APT repository' - required: true SSH_PRIVATE_KEY: description: 'Private Key for authenticating with the server hosting the APT repository' required: true @@ -60,18 +56,10 @@ jobs: - name: Import Debian Packages run: reprepro -b "$REPREPRO_HOME" includedeb ${{ inputs.codename }} aktin-notaufnahme-*.deb - # TODO decide on variant - # variant: private key authentication - # Requirement: authentication public key is in .ssh/authorized_keys of remote - name: Setup SSH Key uses: webfactory/ssh-agent@v0.9.0 with: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - - name: Deploy APT Repository - run: scp -r "$REPREPRO_HOME" "${{ secrets.SSH_USER }}@aktin.org:/$REPREPRO_HOME" - # variant: passphrase authentication - name: Deploy APT Repository - run: | - sudo apt install -y sshpass - sshpass -p "${{ secrets.SSH_PASSPHRASE }}" scp -r "$REPREPRO_HOME" "${{ secrets.SSH_USER }}@aktin.org:/$REPREPRO_HOME" \ No newline at end of file + run: scp -r "$REPREPRO_HOME" "${{ secrets.SSH_USER }}@aktin.org:/$REPREPRO_HOME" diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index 50a3c43..4ba510e 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -13,7 +13,6 @@ on: type: string secrets: SSH_USER: - SSH_PASSPHRASE: SSH_PRIVATE_KEY: jobs: @@ -29,33 +28,15 @@ jobs: with: name: ${{ inputs.artifact-name }} - - # TODO decide on variant - # variant: private key authentication - # Requirement: authentication public key is in .ssh/authorized_keys of remote - name: Setup SSH Key uses: webfactory/ssh-agent@v0.9.0 with: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} + - name: Deploy Debian Package run: scp aktin-notaufnahme-*.deb "${{ secrets.SSH_USER }}@aktin.org:/$REPREPRO_HOME/" - name: Import Debian Packages run: ssh ${{ secrets.SSH_USER }}@aktin.org "reprepro -b '$REPREPRO_HOME' includedeb ${{ inputs.codename }} aktin-notaufnahme-*.deb" - name: Update OS Codename in "conf/distributions" run: | - ssh ${{ secrets.SSH_USER }}@aktin.org "sed -i '0,/Codename: [a-z]*/s//Codename: ${{ inputs.codename }}/' conf/distributions" - - - # variant: passphrase authentication - - name: Deploy Debian Package - run: | - sudo apt install -y sshpass - sshpass -p "${{ secrets.SSH_PASSPHRASE }}" scp aktin-notaufnahme-*.deb "${{ secrets.SSH_USER }}@aktin.org:/$REPREPRO_HOME/" - - name: Import Debian Packages - run: | - sshpass -p "${{ secrets.SSH_PASSPHRASE }}" ssh ${{ secrets.SSH_USER }}@aktin.org \ - "reprepro -b '$REPREPRO_HOME' includedeb ${{ inputs.codename }} aktin-notaufnahme-*.deb" - - name: Update OS Codename in "conf/distributions" - run: | - sshpass -p "${{ secrets.SSH_PASSPHRASE }}" ssh ${{ secrets.SSH_USER }}@aktin.org \ - "sed -i '0,/Codename: [a-z]*/s//Codename: ${{ inputs.codename }}/' conf/distributions" \ No newline at end of file + ssh ${{ secrets.SSH_USER }}@aktin.org "sed -i '0,/Codename: [a-z]*/s//Codename: ${{ inputs.codename }}/' conf/distributions" \ No newline at end of file From 12d5c9f4f4372d36a29b64db6aaa8782aa2b1f8a Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 17 Dec 2024 15:42:32 +0100 Subject: [PATCH 07/50] refactor: update remote address for debian deployment --- .github/workflows/debian-deploy-override.yml | 2 +- .github/workflows/debian-deploy.yml | 16 +++++++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/.github/workflows/debian-deploy-override.yml b/.github/workflows/debian-deploy-override.yml index 80e6979..9718958 100644 --- a/.github/workflows/debian-deploy-override.yml +++ b/.github/workflows/debian-deploy-override.yml @@ -62,4 +62,4 @@ jobs: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - name: Deploy APT Repository - run: scp -r "$REPREPRO_HOME" "${{ secrets.SSH_USER }}@aktin.org:/$REPREPRO_HOME" + run: scp -r "$REPREPRO_HOME" "${{ secrets.SSH_USER }}@a2f8a.netcupt.net:/$REPREPRO_HOME" diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index 4ba510e..d701aef 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -12,8 +12,12 @@ on: default: 'noble' type: string secrets: - SSH_USER: - SSH_PRIVATE_KEY: + SSH_USER: + description: 'Username for the server hosting the APT repository' + required: true + SSH_PRIVATE_KEY: + description: 'Private Key for authenticating with the server hosting the APT repository' + required: true jobs: debian-deploy: @@ -34,9 +38,11 @@ jobs: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - name: Deploy Debian Package - run: scp aktin-notaufnahme-*.deb "${{ secrets.SSH_USER }}@aktin.org:/$REPREPRO_HOME/" + run: scp aktin-notaufnahme-*.deb "${{ secrets.SSH_USER }}@a2f8a.netcupt.net:/$REPREPRO_HOME/" + - name: Import Debian Packages - run: ssh ${{ secrets.SSH_USER }}@aktin.org "reprepro -b '$REPREPRO_HOME' includedeb ${{ inputs.codename }} aktin-notaufnahme-*.deb" + run: ssh ${{ secrets.SSH_USER }}@a2f8a.netcupt.net "reprepro -b '$REPREPRO_HOME' includedeb ${{ inputs.codename }} aktin-notaufnahme-*.deb" + - name: Update OS Codename in "conf/distributions" run: | - ssh ${{ secrets.SSH_USER }}@aktin.org "sed -i '0,/Codename: [a-z]*/s//Codename: ${{ inputs.codename }}/' conf/distributions" \ No newline at end of file + ssh ${{ secrets.SSH_USER }}@a2f8a.netcupt.net "sed -i '0,/Codename: [a-z]*/s//Codename: ${{ inputs.codename }}/' conf/distributions" \ No newline at end of file From a6a7ae5968f3d5a929acb7801e882818e09ed80e Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 17 Dec 2024 15:51:44 +0100 Subject: [PATCH 08/50] fix: actually make use of cached AKTIN repo public key --- .github/workflows/debian-build.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 74dd27b..26decc5 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -45,19 +45,24 @@ jobs: # Note: Because no tests are implemented yet, installation of the debian packages are not required yet # # - name: Retrieve Cached GPG Public Key +# id: gpg-key-cache # if: inputs.name-base == 'aktin-notaufnahme-dwh' # uses: actions/cache@v4 # with: # path: /etc/apt/trusted.gpg.d/aktin.gpg # key: aktin-debian-repository-gpg-public-key # -# - name: Install aktin-notaufnahme-i2b2 from AKTIN Repository -# if: inputs.name-base == 'aktin-notaufnahme-dwh' +# - name: Download GPG Public Key +# if: inputs.name-base == 'aktin-notaufnahme-dwh' && steps.gpg-key-cache.outputs.cache-hit # run: | -# sudo apt install -y openjdk-11-jre-headless # sudo wget -O - https://www.aktin.org/software/repo/org/apt/conf/aktin.gpg.key | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/aktin.gpg # echo "deb https://www.aktin.org/software/repo/org/apt focal main" > /etc/apt/sources.list.d/aktin.list # sudo apt update +# +# - name: Install aktin-notaufnahme-i2b2 from AKTIN Repository +# if: inputs.name-base == 'aktin-notaufnahme-dwh' +# run: | +# sudo apt install -y openjdk-11-jre-headless # sudo apt install -y aktin-notaufnahme-i2b2 # # - name: Install From 029f89d8ab273d52ca78461dd6cc541571fd6783 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 17 Dec 2024 16:00:19 +0100 Subject: [PATCH 09/50] refactor!: rename input for debian-build.yml For consistency we use the same term as AKTIN debian build.sh which use "PACKAGE_NAME". BREAKING CHANGE: reusable workflow input "name-base" renamed to "package-name" --- .github/workflows/debian-build.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 26decc5..89b4862 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -7,8 +7,8 @@ on: description: 'Artifact name' default: 'debian-package' type: string - name-base: - description: 'Prefix of the docker tags (either aktin-notaufnahme-i2b2 or aktin-notaufnahme-dwh)' + package-name: + description: 'Name of the debian package (either aktin-notaufnahme-i2b2 or aktin-notaufnahme-dwh)' required: true type: string @@ -46,21 +46,21 @@ jobs: # # - name: Retrieve Cached GPG Public Key # id: gpg-key-cache -# if: inputs.name-base == 'aktin-notaufnahme-dwh' +# if: inputs.package-name == 'aktin-notaufnahme-dwh' # uses: actions/cache@v4 # with: # path: /etc/apt/trusted.gpg.d/aktin.gpg # key: aktin-debian-repository-gpg-public-key # # - name: Download GPG Public Key -# if: inputs.name-base == 'aktin-notaufnahme-dwh' && steps.gpg-key-cache.outputs.cache-hit +# if: inputs.package-name == 'aktin-notaufnahme-dwh' && steps.gpg-key-cache.outputs.cache-hit # run: | # sudo wget -O - https://www.aktin.org/software/repo/org/apt/conf/aktin.gpg.key | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/aktin.gpg # echo "deb https://www.aktin.org/software/repo/org/apt focal main" > /etc/apt/sources.list.d/aktin.list # sudo apt update # # - name: Install aktin-notaufnahme-i2b2 from AKTIN Repository -# if: inputs.name-base == 'aktin-notaufnahme-dwh' +# if: inputs.package-name == 'aktin-notaufnahme-dwh' # run: | # sudo apt install -y openjdk-11-jre-headless # sudo apt install -y aktin-notaufnahme-i2b2 @@ -68,7 +68,7 @@ jobs: # - name: Install # run: | # sudo apt install -y openjdk-11-jre-headless -# sudo apt install -y "build/${{ inputs.name-base }}_$VERSION.deb" +# sudo apt install -y "build/${{ inputs.package-name }}_$VERSION.deb" # sudo service wildfly restart # # - name: Test @@ -78,4 +78,4 @@ jobs: uses: actions/upload-artifact@v4 with: name: ${{ inputs.artifact-name }} - path: build/${{ inputs.name-base }}_$VERSION.deb \ No newline at end of file + path: build/${{ inputs.package-name }}_$VERSION.deb \ No newline at end of file From d5f125e4bb36ddded2accc1fc2fa19336a8988ca Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Wed, 18 Dec 2024 09:57:22 +0100 Subject: [PATCH 10/50] refactor: uncomment pre-testing installation steps --- .github/workflows/debian-build.yml | 56 ++++++++++++++---------------- .github/workflows/docker-build.yml | 10 +++--- 2 files changed, 32 insertions(+), 34 deletions(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 89b4862..94acd2f 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -42,35 +42,33 @@ jobs: - name: Build Debian run: build.sh $VERSION -# Note: Because no tests are implemented yet, installation of the debian packages are not required yet -# -# - name: Retrieve Cached GPG Public Key -# id: gpg-key-cache -# if: inputs.package-name == 'aktin-notaufnahme-dwh' -# uses: actions/cache@v4 -# with: -# path: /etc/apt/trusted.gpg.d/aktin.gpg -# key: aktin-debian-repository-gpg-public-key -# -# - name: Download GPG Public Key -# if: inputs.package-name == 'aktin-notaufnahme-dwh' && steps.gpg-key-cache.outputs.cache-hit -# run: | -# sudo wget -O - https://www.aktin.org/software/repo/org/apt/conf/aktin.gpg.key | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/aktin.gpg -# echo "deb https://www.aktin.org/software/repo/org/apt focal main" > /etc/apt/sources.list.d/aktin.list -# sudo apt update -# -# - name: Install aktin-notaufnahme-i2b2 from AKTIN Repository -# if: inputs.package-name == 'aktin-notaufnahme-dwh' -# run: | -# sudo apt install -y openjdk-11-jre-headless -# sudo apt install -y aktin-notaufnahme-i2b2 -# -# - name: Install -# run: | -# sudo apt install -y openjdk-11-jre-headless -# sudo apt install -y "build/${{ inputs.package-name }}_$VERSION.deb" -# sudo service wildfly restart -# + - name: Retrieve Cached GPG Public Key + id: gpg-key-cache + if: inputs.package-name == 'aktin-notaufnahme-dwh' + uses: actions/cache@v4 + with: + path: /etc/apt/trusted.gpg.d/aktin.gpg + key: aktin-debian-repository-gpg-public-key + + - name: Download GPG Public Key + if: inputs.package-name == 'aktin-notaufnahme-dwh' && steps.gpg-key-cache.outputs.cache-hit + run: | + sudo wget -O - https://www.aktin.org/software/repo/org/apt/conf/aktin.gpg.key | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/aktin.gpg + echo "deb https://www.aktin.org/software/repo/org/apt focal main" > /etc/apt/sources.list.d/aktin.list + sudo apt update + + - name: Install aktin-notaufnahme-i2b2 from AKTIN Repository + if: inputs.package-name == 'aktin-notaufnahme-dwh' + run: | + sudo apt install -y openjdk-11-jre-headless + sudo apt install -y aktin-notaufnahme-i2b2 + + - name: Install + run: | + sudo apt install -y openjdk-11-jre-headless + sudo apt install -y "build/${{ inputs.package-name }}_$VERSION.deb" + sudo service wildfly restart + # - name: Test # run: # TODO diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 93d3f29..41ed653 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -29,11 +29,11 @@ jobs: - name: Build Dockerfiles run: build.sh -# - name: Install -# run: | -# docker compose build -# docker compose -f sample/docker-compose.yml up -d -# + - name: Install + run: | + docker compose build + docker compose -f sample/docker-compose.yml up -d + # - name: Test # run: # TODO From f088ec075bd1309dc8f63a7fcdd306d07479ca37 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Wed, 18 Dec 2024 09:59:14 +0100 Subject: [PATCH 11/50] refactor: add REPREPRO_HOME value --- .github/workflows/debian-deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index d701aef..518fa87 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -25,7 +25,7 @@ jobs: needs: debian-build if: ${{ startsWith(github.ref, 'refs/tags/v') }} env: - REPREPRO_HOME: # TODO + REPREPRO_HOME: /software/repo/org/apt # local directory containing conf, db, dists, and pool directories) steps: - name: Download Build Artifact uses: actions/download-artifact@v4 @@ -38,7 +38,7 @@ jobs: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - name: Deploy Debian Package - run: scp aktin-notaufnahme-*.deb "${{ secrets.SSH_USER }}@a2f8a.netcupt.net:/$REPREPRO_HOME/" + run: scp aktin-notaufnahme-*.deb "${{ secrets.SSH_USER }}@a2f8a.netcupt.net:$REPREPRO_HOME/" - name: Import Debian Packages run: ssh ${{ secrets.SSH_USER }}@a2f8a.netcupt.net "reprepro -b '$REPREPRO_HOME' includedeb ${{ inputs.codename }} aktin-notaufnahme-*.deb" From 02215604c551b2411f392b4b42d0aeeb8f64ce1d Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Wed, 18 Dec 2024 10:00:25 +0100 Subject: [PATCH 12/50] docs: correct workflow directory in example --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 30317b8..e2162e7 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ on: jobs: call-reusable-workflow: - uses: aktin/aktin-github-scripts/workflows/workflow1.yml@main + uses: aktin/aktin-github-scripts/.github/workflows/workflow1.yml@main with: input1: 'value1' input2: 'value2' From 422543145c30172ef9ce8bc519500c65c0ba97dd Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Wed, 8 Jan 2025 14:44:45 +0100 Subject: [PATCH 13/50] fix(debian build): remove build script version parameter The build.sh now retrieves the version from a versions file instead of from script parameter. --- .github/workflows/debian-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 94acd2f..6c00399 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -40,7 +40,7 @@ jobs: key: downloads--${{ env.CACHE }} - name: Build Debian - run: build.sh $VERSION + run: build.sh - name: Retrieve Cached GPG Public Key id: gpg-key-cache From 57015cdcf41a4dabddaa05a3cb2fa19549346482 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Wed, 8 Jan 2025 14:49:19 +0100 Subject: [PATCH 14/50] refactor(debian build): remove installation and testing steps The debian testing will be handled in the repositories of the debian packages. --- .github/workflows/debian-build.yml | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 6c00399..0814955 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -42,36 +42,6 @@ jobs: - name: Build Debian run: build.sh - - name: Retrieve Cached GPG Public Key - id: gpg-key-cache - if: inputs.package-name == 'aktin-notaufnahme-dwh' - uses: actions/cache@v4 - with: - path: /etc/apt/trusted.gpg.d/aktin.gpg - key: aktin-debian-repository-gpg-public-key - - - name: Download GPG Public Key - if: inputs.package-name == 'aktin-notaufnahme-dwh' && steps.gpg-key-cache.outputs.cache-hit - run: | - sudo wget -O - https://www.aktin.org/software/repo/org/apt/conf/aktin.gpg.key | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/aktin.gpg - echo "deb https://www.aktin.org/software/repo/org/apt focal main" > /etc/apt/sources.list.d/aktin.list - sudo apt update - - - name: Install aktin-notaufnahme-i2b2 from AKTIN Repository - if: inputs.package-name == 'aktin-notaufnahme-dwh' - run: | - sudo apt install -y openjdk-11-jre-headless - sudo apt install -y aktin-notaufnahme-i2b2 - - - name: Install - run: | - sudo apt install -y openjdk-11-jre-headless - sudo apt install -y "build/${{ inputs.package-name }}_$VERSION.deb" - sudo service wildfly restart - -# - name: Test -# run: # TODO - - name: Upload Build Artifact uses: actions/upload-artifact@v4 with: From 5274501e70eebf824e1302f09f537b2a0880aba6 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Wed, 8 Jan 2025 14:54:07 +0100 Subject: [PATCH 15/50] refactor(debian build): exclude lines starting with # from cache name The versions file now contains comments which use # as first character of the line. --- .github/workflows/debian-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 0814955..435df0a 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -31,7 +31,7 @@ jobs: - uses: actions/checkout@v4 - name: Generate Cache Name - run: echo "CACHE=${sort versions | awk '!/(^[[:space:]]*$|PACKAGE_VERSION=)/' ORS='--'}" >> $GITHUB_ENV + run: echo "CACHE=${sort versions | awk '!/(^[[:space:]]*$|PACKAGE_VERSION=|#)/' ORS='--'}" >> $GITHUB_ENV - name: Retrieve Cached Downloads uses: actions/cache@v4 From 88db8c8d946bc2ad7824096fe66ef6a6661d116c Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Wed, 8 Jan 2025 15:00:14 +0100 Subject: [PATCH 16/50] refactor(debian build): use version from versions file instead of git tag The build.sh now retrieves the version from a versions file instead of from script parameter. This version contains ~ to indicate unstable releases as per debian versioning guidelines. The ~ are not contained in the git tag, which are the previous source of the version. --- .github/workflows/debian-build.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 435df0a..e87b17a 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -22,7 +22,10 @@ jobs: steps: - name: Prepare Version Variable - Deployment if: startsWith(github.ref, 'refs/tags/v') - run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV + run: | + STR=$(grep "PACKAGE_VERSION=" versions) + echo "VERSION=${STR#PACKAGE_VERSION=}" >> $GITHUB_ENV + working-directory: src/resources - name: Prepare Version Variable - Testing if: ! startsWith(github.ref, 'refs/tags/v') From 2b6cb8f59063187257b90a7f8245e9724189f381 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Wed, 8 Jan 2025 15:04:09 +0100 Subject: [PATCH 17/50] refactor(debian deploy): remove manipulation of the distributions file --- .github/workflows/debian-deploy.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index 518fa87..c6805de 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -42,7 +42,3 @@ jobs: - name: Import Debian Packages run: ssh ${{ secrets.SSH_USER }}@a2f8a.netcupt.net "reprepro -b '$REPREPRO_HOME' includedeb ${{ inputs.codename }} aktin-notaufnahme-*.deb" - - - name: Update OS Codename in "conf/distributions" - run: | - ssh ${{ secrets.SSH_USER }}@a2f8a.netcupt.net "sed -i '0,/Codename: [a-z]*/s//Codename: ${{ inputs.codename }}/' conf/distributions" \ No newline at end of file From fcf9be33aa968e637845c493ba5ffffb2c930fe5 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Wed, 8 Jan 2025 15:26:28 +0100 Subject: [PATCH 18/50] refactor(docker): remove docker build and deploy workflows The docker build and deploy workflows are moved into the docker repository. They are to specific to be reusable especially because now we only create DWH images and not i2b2 and DWH images. --- .github/workflows/docker-build.yml | 47 ---------------------- .github/workflows/docker-deploy.yml | 62 ----------------------------- README.md | 2 - 3 files changed, 111 deletions(-) delete mode 100644 .github/workflows/docker-build.yml delete mode 100644 .github/workflows/docker-deploy.yml diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml deleted file mode 100644 index 41ed653..0000000 --- a/.github/workflows/docker-build.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: AKTIN Build Docker - -on: - workflow_call: - inputs: - artifact-name: - description: 'Artifact name' - default: 'dockerfiles' - type: string - -jobs: - docker-build: - runs-on: ubuntu-latest - defaults: - run: - working-directory: src/docker - steps: - - uses: actions/checkout@v4 - - - name: Generate Cache Name - run: echo "CACHE=${sort versions | awk '!/(^[[:space:]]*$|PACKAGE_VERSION=)/' ORS='--'}" >> $GITHUB_ENV - - - name: Retrieve Cached Downloads - uses: actions/cache@v4 - with: - path: src/downloads/ - key: downloads--${{ env.CACHE }} - - - name: Build Dockerfiles - run: build.sh - - - name: Install - run: | - docker compose build - docker compose -f sample/docker-compose.yml up -d - -# - name: Test -# run: # TODO - - - name: Upload Build Artifact - uses: actions/upload-artifact@v4 - with: - name: ${{ inputs.artifact-name }} - path: | - database/ - httpd/ - wildfly/ \ No newline at end of file diff --git a/.github/workflows/docker-deploy.yml b/.github/workflows/docker-deploy.yml deleted file mode 100644 index ec72b42..0000000 --- a/.github/workflows/docker-deploy.yml +++ /dev/null @@ -1,62 +0,0 @@ -name: AKTIN Deploy Docker - -on: - workflow_call: - inputs: - artifact-name: - description: 'Name of the artifact to download' - default: 'dockerfiles' - type: string - tag-base: - description: 'Prefix of the docker tags (either ghcr.io/aktin/notaufnahme-i2b2 or ghcr.io/aktin/notaufnahme-dwh)' - required: true - type: string - - -jobs: - docker-deploy: - runs-on: ubuntu-latest - if: startsWith(github.ref, 'refs/tags/v') - steps: - - name: Prepare Version Variable - run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV - - - name: Download Build Artifact - uses: actions/download-artifact@v4 - with: - name: ${{ inputs.artifact-name }} - - - name: Login to GitHub Docker Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push docker image for ${{ github.job }} [httpd] - uses: docker/build-push-action@v6 - with: - context: httpd/ - tags: | - ${{ inputs.tag-base }}-httpd:latest - ${{ inputs.tag-base }}-httpd:$VERSION - push: true - - - name: Build and push docker image for ${{ github.job }} [database] - uses: docker/build-push-action@v6 - with: - context: database/ - tags: | - ${{ inputs.tag-base }}-database:latest - ${{ inputs.tag-base }}-database:$VERSION - push: true - - - name: Build and push docker image for ${{ github.job }} [wildfly] - uses: docker/build-push-action@v6 - with: - context: wildfly/ - tags: | - ${{ inputs.tag-base }}-wildfly:latest - ${{ inputs.tag-base }}-wildfly:$VERSION - push: true - diff --git a/README.md b/README.md index e2162e7..790d4e0 100644 --- a/README.md +++ b/README.md @@ -40,8 +40,6 @@ jobs: - **debian-depoly.yml**: Retrieve DEB build artifact and add it to a remote debian repository with reprepro - **debian-depoly-gh.yml**: Retrieve DEB build artifact and add it to debian repository hosted in the repository which calls debian-deploy.yml - **debian-depoly-override.yml**: Retrieve DEB build artifacts, create new reprepro debian repository, and push it to a remote server (i2b2 DEb is >100MB) -- **docker-build.yml**: Build docker images and upload Dockerfiles, etc. as build artifact -- **docker-deploy.yml**: Retrieve Dockerfile build artifacts and publish them to the GitHub Container Registry - **maven-build-deploy.yml**: Build maven project, run integration test, optionally deploy JAR/WAR/EAR to AKTIN maven repository #### Usage: From bbcc093e8bcd8f356afeadd3fc21fc2dcbf91e2b Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Thu, 9 Jan 2025 11:34:54 +0100 Subject: [PATCH 19/50] fix(debian build): move working-directory from job to step The actions "cache" and "upload-artifact" are sensitive to the working directory of the job, which was not considered consistently. Due to previous refactoring, a job wide working directory might be less readable while providing little benefit. --- .github/workflows/debian-build.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index e87b17a..d2e2e32 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -16,9 +16,6 @@ on: jobs: debian-build: runs-on: ubuntu-latest - defaults: - run: - working-directory: src/debian steps: - name: Prepare Version Variable - Deployment if: startsWith(github.ref, 'refs/tags/v') @@ -44,9 +41,10 @@ jobs: - name: Build Debian run: build.sh + working-directory: src/debian - name: Upload Build Artifact uses: actions/upload-artifact@v4 with: name: ${{ inputs.artifact-name }} - path: build/${{ inputs.package-name }}_$VERSION.deb \ No newline at end of file + path: src/debian/build/${{ inputs.package-name }}_$VERSION.deb \ No newline at end of file From eb3ba1cce5e6dd26f16c495df975a7114d6d04d4 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Thu, 9 Jan 2025 13:20:49 +0100 Subject: [PATCH 20/50] feat(debian deploy)!: determine deployed package from inputs Avoiding glob (*.deb) in package name. BREAKING CHANGE: new required inputs package-name and package-version --- .github/workflows/debian-deploy.yml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index c6805de..9d8817e 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -11,6 +11,14 @@ on: description: 'OS codename' default: 'noble' type: string + package-name: + description: 'Name of the debian package (either aktin-notaufnahme-i2b2 or aktin-notaufnahme-dwh)' + required: true + type: string + package-version: + description: 'Version of the debian package' + required: true + type: string secrets: SSH_USER: description: 'Username for the server hosting the APT repository' @@ -26,6 +34,7 @@ jobs: if: ${{ startsWith(github.ref, 'refs/tags/v') }} env: REPREPRO_HOME: /software/repo/org/apt # local directory containing conf, db, dists, and pool directories) + PACKAGE: "${{ inputs.package-name }}_${{ inputs.package-version }}.deb" steps: - name: Download Build Artifact uses: actions/download-artifact@v4 @@ -38,7 +47,7 @@ jobs: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - name: Deploy Debian Package - run: scp aktin-notaufnahme-*.deb "${{ secrets.SSH_USER }}@a2f8a.netcupt.net:$REPREPRO_HOME/" + run: scp $PACKAGE "${{ secrets.SSH_USER }}@a2f8a.netcupt.net:$REPREPRO_HOME/" - name: Import Debian Packages - run: ssh ${{ secrets.SSH_USER }}@a2f8a.netcupt.net "reprepro -b '$REPREPRO_HOME' includedeb ${{ inputs.codename }} aktin-notaufnahme-*.deb" + run: ssh ${{ secrets.SSH_USER }}@a2f8a.netcupt.net "reprepro -b '$REPREPRO_HOME' includedeb ${{ inputs.codename }} $PACKAGE" From 402cfbef6ecf066564d949e451cb0c0d4b43cc51 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Thu, 9 Jan 2025 14:37:25 +0100 Subject: [PATCH 21/50] feat(debian build): package version as workflow output Avoiding glob (*.deb) in package name in other workflows. --- .github/workflows/debian-build.yml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index d2e2e32..8538918 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -11,17 +11,26 @@ on: description: 'Name of the debian package (either aktin-notaufnahme-i2b2 or aktin-notaufnahme-dwh)' required: true type: string + outputs: + package-version: + description: 'Version of the debian package' + value: ${{ jobs.debian-build.outputs.version }} jobs: debian-build: runs-on: ubuntu-latest + outputs: + version: ${{ steps.prep-version.outputs.version }} steps: - name: Prepare Version Variable - Deployment + id: prep-version if: startsWith(github.ref, 'refs/tags/v') run: | - STR=$(grep "PACKAGE_VERSION=" versions) - echo "VERSION=${STR#PACKAGE_VERSION=}" >> $GITHUB_ENV + STR=$(grep "PACKAGE_VERSION=" versions) + VERSION=${STR#PACKAGE_VERSION=} + echo "VERSION=$VERSION" >> $GITHUB_ENV + echo "version=$VERSION" >> $GITHUB_OUTPUT working-directory: src/resources - name: Prepare Version Variable - Testing From 44ec78244a180471087b14fbfcf6c6863145b811 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Thu, 9 Jan 2025 15:19:18 +0100 Subject: [PATCH 22/50] refactor(debian build): always get package version from versions file Discussions about how versions should be formed have been postponed. --- .github/workflows/debian-build.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 8538918..5502428 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -23,9 +23,8 @@ jobs: outputs: version: ${{ steps.prep-version.outputs.version }} steps: - - name: Prepare Version Variable - Deployment + - name: Prepare Version Variable id: prep-version - if: startsWith(github.ref, 'refs/tags/v') run: | STR=$(grep "PACKAGE_VERSION=" versions) VERSION=${STR#PACKAGE_VERSION=} @@ -36,6 +35,9 @@ jobs: - name: Prepare Version Variable - Testing if: ! startsWith(github.ref, 'refs/tags/v') run: echo "VERSION=0-$GITHUB_REF_NAME" >> $GITHUB_ENV +# - name: Prepare Version Variable - Testing +# if: ! startsWith(github.ref, 'refs/tags/v') +# run: echo "VERSION=0-$GITHUB_REF_NAME" >> $GITHUB_ENV - uses: actions/checkout@v4 From b67916dff1a3a4989da5a9f86a5cc6e088e96420 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 14 Jan 2025 14:37:30 +0100 Subject: [PATCH 23/50] fix(debian deploy): remove "needs" section from deploy job This line was accidentally left in from when the build and the deploy job were in the same workflow file. --- .github/workflows/debian-deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index 9d8817e..4f9b971 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -30,7 +30,6 @@ on: jobs: debian-deploy: runs-on: ubuntu-latest - needs: debian-build if: ${{ startsWith(github.ref, 'refs/tags/v') }} env: REPREPRO_HOME: /software/repo/org/apt # local directory containing conf, db, dists, and pool directories) From 2d64f08c21afca33bb224540b0aa6706b63ecd93 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Wed, 15 Jan 2025 12:50:52 +0100 Subject: [PATCH 24/50] docs(debian): fix some spelling errors and rephrase description of workflow inputs and names --- .github/workflows/debian-build.yml | 6 +++--- .github/workflows/debian-deploy.yml | 10 +++++----- README.md | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 5502428..0cdc501 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -1,14 +1,14 @@ -name: AKTIN Build Debian +name: Build Debian Package on: workflow_call: inputs: artifact-name: - description: 'Artifact name' + description: 'Name of the artifact which contains the debian package' default: 'debian-package' type: string package-name: - description: 'Name of the debian package (either aktin-notaufnahme-i2b2 or aktin-notaufnahme-dwh)' + description: 'Name of the debian package' required: true type: string outputs: diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index 4f9b971..e532cd5 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -1,4 +1,4 @@ -name: AKTIN Deploy Debian +name: AKTIN Deploy Debian Package on: workflow_call: @@ -12,7 +12,7 @@ on: default: 'noble' type: string package-name: - description: 'Name of the debian package (either aktin-notaufnahme-i2b2 or aktin-notaufnahme-dwh)' + description: 'Name of the debian package' required: true type: string package-version: @@ -21,10 +21,10 @@ on: type: string secrets: SSH_USER: - description: 'Username for the server hosting the APT repository' + description: 'Username for the server hosting the AKTIN APT repository' required: true SSH_PRIVATE_KEY: - description: 'Private Key for authenticating with the server hosting the APT repository' + description: 'Private Key for authenticating with the server hosting the AKTIN APT repository' required: true jobs: @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest if: ${{ startsWith(github.ref, 'refs/tags/v') }} env: - REPREPRO_HOME: /software/repo/org/apt # local directory containing conf, db, dists, and pool directories) + REPREPRO_HOME: /software/repo/org/apt # local directory containing conf, db, dists, and pool directories PACKAGE: "${{ inputs.package-name }}_${{ inputs.package-version }}.deb" steps: - name: Download Build Artifact diff --git a/README.md b/README.md index 790d4e0..2e963e4 100644 --- a/README.md +++ b/README.md @@ -37,9 +37,9 @@ jobs: ### Workflows: - **debian-build.yml**: Build a debian package, run integration tests, upload DEB as build artifact -- **debian-depoly.yml**: Retrieve DEB build artifact and add it to a remote debian repository with reprepro -- **debian-depoly-gh.yml**: Retrieve DEB build artifact and add it to debian repository hosted in the repository which calls debian-deploy.yml -- **debian-depoly-override.yml**: Retrieve DEB build artifacts, create new reprepro debian repository, and push it to a remote server (i2b2 DEb is >100MB) +- **debian-deploy.yml**: Retrieve DEB build artifact and add it to a remote debian repository with reprepro +- **debian-deploy-gh.yml**: Retrieve DEB build artifact and add it to debian repository hosted in the repository which calls debian-deploy.yml +- **debian-deploy-override.yml**: Retrieve DEB build artifacts, create new reprepro debian repository, and push it to a remote server (i2b2 DEb is >100MB) - **maven-build-deploy.yml**: Build maven project, run integration test, optionally deploy JAR/WAR/EAR to AKTIN maven repository #### Usage: From 49fecc184603ecaf9b5f2aaf7e97ed3d722db85f Mon Sep 17 00:00:00 2001 From: akomii Date: Tue, 21 Jan 2025 12:55:32 +0100 Subject: [PATCH 25/50] updated readme --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 2e963e4..f49a336 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ This repository contains a collection of custom GitHub Actions and Github Workfl ### Actions: - **get-newest-artifact**: Get artifacts from the last success run of a specified workflow -- **python-ql**: Performs linting, code formatting, security scanning, and custom integration testing for Python projects. +- **python-ql**: Performs linting, code formatting, security scanning, and custom integration testing for Python projects #### Usage: @@ -36,11 +36,11 @@ jobs: ### Workflows: -- **debian-build.yml**: Build a debian package, run integration tests, upload DEB as build artifact -- **debian-deploy.yml**: Retrieve DEB build artifact and add it to a remote debian repository with reprepro -- **debian-deploy-gh.yml**: Retrieve DEB build artifact and add it to debian repository hosted in the repository which calls debian-deploy.yml -- **debian-deploy-override.yml**: Retrieve DEB build artifacts, create new reprepro debian repository, and push it to a remote server (i2b2 DEb is >100MB) -- **maven-build-deploy.yml**: Build maven project, run integration test, optionally deploy JAR/WAR/EAR to AKTIN maven repository +- **debian-build**: Builds a Debian package, runs integration tests, and uploads the `.deb` as a build artifact +- **debian-deploy**: Retrieves the `.deb` build artifact and adds it to a remote Debian repository using `reprepro` +- **debian-deploy-gh**: Retrieves the `.deb` build artifact and adds it to a Debian repository within the same repository that invokes `debian-deploy` +- **debian-deploy-override**: Retrieves `.deb` build artifacts, creates a new `reprepro`-based Debian repository, and pushes it to a remote server (i2b2 Debian package exceeds 100MB) +- **maven-build-deploy**: Builds a Maven project, runs integration tests, and optionally deploys `.jar`/`.war`/`.ear` files to the AKTIN Maven repository #### Usage: From b4dca9416f19e3a05eb46e8d86c8d7f139ebe612 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Wed, 15 Jan 2025 17:38:21 +0100 Subject: [PATCH 26/50] feat(debian build): fail if artifact contains no files --- .github/workflows/debian-build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 0cdc501..5ff0a5b 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -58,4 +58,5 @@ jobs: uses: actions/upload-artifact@v4 with: name: ${{ inputs.artifact-name }} - path: src/debian/build/${{ inputs.package-name }}_$VERSION.deb \ No newline at end of file + path: src/debian/build/${{ inputs.package-name }}_$VERSION.deb + if-no-files-found: 'error' \ No newline at end of file From 0711fcc9b9981065993ad7cc1147dc1774ac10c5 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 21 Jan 2025 14:27:46 +0100 Subject: [PATCH 27/50] refactor: remove unused workflow versions for deployment of debian files --- .github/workflows/debian-deploy-gh.yml | 44 ------------- .github/workflows/debian-deploy-override.yml | 65 -------------------- README.md | 2 - 3 files changed, 111 deletions(-) delete mode 100644 .github/workflows/debian-deploy-gh.yml delete mode 100644 .github/workflows/debian-deploy-override.yml diff --git a/.github/workflows/debian-deploy-gh.yml b/.github/workflows/debian-deploy-gh.yml deleted file mode 100644 index 702bb87..0000000 --- a/.github/workflows/debian-deploy-gh.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: AKTIN Deploy Debian - -on: - workflow_call: - inputs: - artifact-name: - description: 'Artifact name' - default: 'debian-package' - type: string - codename: - description: 'OS codename' - default: 'noble' - type: string - -jobs: - debian-deploy: - runs-on: ubuntu-latest - needs: debian-build - steps: - - uses: actions/checkout@v4 - - - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@v6 - with: - gpg_private_key: ${{ secrets.DEBIAN_GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.DEBIAN_GPG_PASSPHRASE }} - - - name: Download Build Artifact - uses: actions/download-artifact@v4 - with: - pattern: ${{ inputs.artifact-name }} - - - name: Import Debian Packages - run: | - sudo apt install -y reprepro - reprepro -b "." includedeb ${{ inputs.codename }} aktin-notaufnahme-*.deb - - - name: Cleanup Workspace - run: rm aktin-notaufnahme-*.deb - - # TODO push / pr workspace to repo - # - https://stackoverflow.com/questions/57921401/push-to-origin-from-github-action/58393457#58393457 - # - https://github.com/peter-evans/create-pull-request - # - https://github.com/stefanzweifel/git-auto-commit-action \ No newline at end of file diff --git a/.github/workflows/debian-deploy-override.yml b/.github/workflows/debian-deploy-override.yml deleted file mode 100644 index 9718958..0000000 --- a/.github/workflows/debian-deploy-override.yml +++ /dev/null @@ -1,65 +0,0 @@ -name: AKTIN Deploy Debian - -on: - workflow_call: - inputs: - artifact-pattern: - description: 'Pattern of artifact names' - default: 'debian-package-*' - type: string - codename: - description: 'OS codename' - default: 'noble' - type: string - secrets: - SSH_USER: - description: 'Username for the server hosting the APT repository' - required: true - SSH_PRIVATE_KEY: - description: 'Private Key for authenticating with the server hosting the APT repository' - required: true - -jobs: - debian-deploy: - runs-on: ubuntu-latest - needs: debian-build - if: ${{ startsWith(github.ref, 'refs/tags/v') }} - env: - REPREPRO_HOME: # TODO - steps: - - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@v6 - with: - gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.PASSPHRASE }} - - - name: Install reprepro - run: | - mkdir -p $REPREPRO_HOME/conf - - cat > $REPREPRO_HOME/conf/distributions << EOL - Origin: aktin - Suite: stable - Codename: ${{ inputs.codename }} - Architectures: amd64 i386 - Components: main - Description: Apt repository for AKTIN - SignWith: yes - - sudo apt install -y reprepro - - - name: Download Build Artifact - uses: actions/download-artifact@v4 - with: - pattern: ${{ inputs.artifact-pattern }} - - - name: Import Debian Packages - run: reprepro -b "$REPREPRO_HOME" includedeb ${{ inputs.codename }} aktin-notaufnahme-*.deb - - - name: Setup SSH Key - uses: webfactory/ssh-agent@v0.9.0 - with: - ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - - - name: Deploy APT Repository - run: scp -r "$REPREPRO_HOME" "${{ secrets.SSH_USER }}@a2f8a.netcupt.net:/$REPREPRO_HOME" diff --git a/README.md b/README.md index f49a336..a242d84 100644 --- a/README.md +++ b/README.md @@ -38,8 +38,6 @@ jobs: - **debian-build**: Builds a Debian package, runs integration tests, and uploads the `.deb` as a build artifact - **debian-deploy**: Retrieves the `.deb` build artifact and adds it to a remote Debian repository using `reprepro` -- **debian-deploy-gh**: Retrieves the `.deb` build artifact and adds it to a Debian repository within the same repository that invokes `debian-deploy` -- **debian-deploy-override**: Retrieves `.deb` build artifacts, creates a new `reprepro`-based Debian repository, and pushes it to a remote server (i2b2 Debian package exceeds 100MB) - **maven-build-deploy**: Builds a Maven project, runs integration tests, and optionally deploys `.jar`/`.war`/`.ear` files to the AKTIN Maven repository #### Usage: From 842d22eea44083067264808adfe068d18bcbec27 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 21 Jan 2025 14:34:29 +0100 Subject: [PATCH 28/50] refactor: remove unused action "get-newest-artifact" --- README.md | 1 - actions/get-newest-artifact/action.yml | 32 -------------------------- 2 files changed, 33 deletions(-) delete mode 100644 actions/get-newest-artifact/action.yml diff --git a/README.md b/README.md index a242d84..e42a815 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,6 @@ This repository contains a collection of custom GitHub Actions and Github Workfl ### Actions: -- **get-newest-artifact**: Get artifacts from the last success run of a specified workflow - **python-ql**: Performs linting, code formatting, security scanning, and custom integration testing for Python projects #### Usage: diff --git a/actions/get-newest-artifact/action.yml b/actions/get-newest-artifact/action.yml deleted file mode 100644 index d01647f..0000000 --- a/actions/get-newest-artifact/action.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Get Newest Artifact - -description: 'Get artifacts from the last success run of a specified workflow' - -inputs: - workflow: - description: 'Workflow filename' - required: true - repository: - description: 'Repository name with owner' - default: ${{ github.repository }} - artifact: - description: 'Artifacts that match glob pattern' - required: true - path: - description: 'The directory to download artifacts into (default ".")' - default: '.' - - -runs: - using: 'composite' - steps: - - name: Download Latest Successful Build Artifact - run: | - newest_success=$(gh run list -R ${{ inputs.repository }} -w ${{ inputs.workflow }} \ - --json conclusion,headBranch,databaseId \ - --jq 'first(.[] | select(.conclusion | contains("success"))) | .databaseId') - [ -z "$newest_success" ] && echo "No successful run found" && exit 1 || true - gh run download $newest_success -p ${{ inputs.artifact }} -D ${{ inputs.path }} - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - shell: bash \ No newline at end of file From eb15457890ba729c616f3e5d2f74305f98944afa Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 21 Jan 2025 14:46:25 +0100 Subject: [PATCH 29/50] fix(debian build): use checkout action as first step / before version preparation With the new way of retrieving the versions (from version files instead for git tag) checkout needs to happen prior to version preparation. --- .github/workflows/debian-build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 5ff0a5b..1641408 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -23,6 +23,8 @@ jobs: outputs: version: ${{ steps.prep-version.outputs.version }} steps: + - uses: actions/checkout@v4 + - name: Prepare Version Variable id: prep-version run: | @@ -39,8 +41,6 @@ jobs: # if: ! startsWith(github.ref, 'refs/tags/v') # run: echo "VERSION=0-$GITHUB_REF_NAME" >> $GITHUB_ENV - - uses: actions/checkout@v4 - - name: Generate Cache Name run: echo "CACHE=${sort versions | awk '!/(^[[:space:]]*$|PACKAGE_VERSION=|#)/' ORS='--'}" >> $GITHUB_ENV From c7d8aa0f2153b58605621906d9ab10094c8b25f9 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 21 Jan 2025 15:26:00 +0100 Subject: [PATCH 30/50] feat(debian build): ensure that build.sh is executable --- .github/workflows/debian-build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 1641408..af257fc 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -51,7 +51,9 @@ jobs: key: downloads--${{ env.CACHE }} - name: Build Debian - run: build.sh + run: | + chmod +x build.sh + build.sh working-directory: src/debian - name: Upload Build Artifact From f8c9a3ba435f1d8178b8af4bd499a5e94caa39fc Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 21 Jan 2025 15:31:34 +0100 Subject: [PATCH 31/50] refactor(debian build): remove obsolete version generation step for non-deployment cases --- .github/workflows/debian-build.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index af257fc..ba9f7a7 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -34,13 +34,6 @@ jobs: echo "version=$VERSION" >> $GITHUB_OUTPUT working-directory: src/resources - - name: Prepare Version Variable - Testing - if: ! startsWith(github.ref, 'refs/tags/v') - run: echo "VERSION=0-$GITHUB_REF_NAME" >> $GITHUB_ENV -# - name: Prepare Version Variable - Testing -# if: ! startsWith(github.ref, 'refs/tags/v') -# run: echo "VERSION=0-$GITHUB_REF_NAME" >> $GITHUB_ENV - - name: Generate Cache Name run: echo "CACHE=${sort versions | awk '!/(^[[:space:]]*$|PACKAGE_VERSION=|#)/' ORS='--'}" >> $GITHUB_ENV From 4b5cb33a9d15c9d86f84e90bed1175384a0917bd Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 21 Jan 2025 15:39:40 +0100 Subject: [PATCH 32/50] docs(debian build): rephrase description for output "package-version" --- .github/workflows/debian-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index ba9f7a7..8f12b3b 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -13,7 +13,7 @@ on: type: string outputs: package-version: - description: 'Version of the debian package' + description: 'Version of the built debian package' value: ${{ jobs.debian-build.outputs.version }} From 5ea789f0bbc0dca38d47ba6aeedc07b66fb4bd81 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:01:24 +0100 Subject: [PATCH 33/50] refactor(debian deploy): downgrade default OS to Ubuntu 22.04 --- .github/workflows/debian-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index e532cd5..23127ad 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -9,7 +9,7 @@ on: type: string codename: description: 'OS codename' - default: 'noble' + default: 'jammy' type: string package-name: description: 'Name of the debian package' From f059c1a03d047bf8dfce076e65e42a88023391b6 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:09:08 +0100 Subject: [PATCH 34/50] feat(debian deploy): hostname of apt repo server as secret --- .github/workflows/debian-deploy.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index 23127ad..71221f0 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -26,6 +26,9 @@ on: SSH_PRIVATE_KEY: description: 'Private Key for authenticating with the server hosting the AKTIN APT repository' required: true + SSH_REMOTE: + description: 'Hostname of the server hosting the AKTIN APT repository' + required: true jobs: debian-deploy: @@ -46,7 +49,7 @@ jobs: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - name: Deploy Debian Package - run: scp $PACKAGE "${{ secrets.SSH_USER }}@a2f8a.netcupt.net:$REPREPRO_HOME/" + run: scp $PACKAGE "${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }}:$REPREPRO_HOME/" - name: Import Debian Packages - run: ssh ${{ secrets.SSH_USER }}@a2f8a.netcupt.net "reprepro -b '$REPREPRO_HOME' includedeb ${{ inputs.codename }} $PACKAGE" + run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }} "reprepro -b '$REPREPRO_HOME' includedeb ${{ inputs.codename }} $PACKAGE" From 909c01839112a87041b4444294b6f28ede1ff9da Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Wed, 22 Jan 2025 16:13:27 +0100 Subject: [PATCH 35/50] refactor(debian deploy): add path to repository as an input Having the path to the repository (formerly REPREPRO_HOME) as an input is more generic. --- .github/workflows/debian-deploy.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index 71221f0..a4a029e 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -19,6 +19,10 @@ on: description: 'Version of the debian package' required: true type: string + repository-path: + description: 'Local directory containing conf, db, dists, and pool directories' + default: '/software/repo/org/apt' + type: string secrets: SSH_USER: description: 'Username for the server hosting the AKTIN APT repository' @@ -49,7 +53,7 @@ jobs: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - name: Deploy Debian Package - run: scp $PACKAGE "${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }}:$REPREPRO_HOME/" + run: scp $PACKAGE "${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }}:${{ inputs.repository-path }}/" - name: Import Debian Packages - run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }} "reprepro -b '$REPREPRO_HOME' includedeb ${{ inputs.codename }} $PACKAGE" + run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }} "reprepro -b '${{ inputs.repository-path }}' includedeb ${{ inputs.codename }} $PACKAGE" From c09303b28e099eb86484d3777711cc536ce8a9bb Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Wed, 22 Jan 2025 17:10:50 +0100 Subject: [PATCH 36/50] refactor(maven)!: change "install-r" workflow to input for generic apt dependencies Make workflow more generic. BREAKING CHANGE: removes reusable workflow input "install-r" --- .github/workflows/maven-build-deploy.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/maven-build-deploy.yml b/.github/workflows/maven-build-deploy.yml index f3d533a..e2cfd7c 100644 --- a/.github/workflows/maven-build-deploy.yml +++ b/.github/workflows/maven-build-deploy.yml @@ -12,11 +12,10 @@ on: default: 'temurin' required: false type: string - install-r: - description: 'Whether to install r-base and r-cran-tidyverse before testing' - default: false + apt-dependencies: + description: 'Dependencies installed via apt (as space separated list)' required: false - type: boolean + type: string secrets: AKTIN_MAVEN_USERNAME: description: 'Maven repository username' @@ -62,8 +61,8 @@ jobs: gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase - name: Install APT Dependencies - if: inputs.install-r - run: sudo apt install -y r-base r-cran-tidyverse + if: inputs.apt-dependencies + run: sudo apt install -y ${{ inputs.apt-dependencies }} - name: Build & (Unit-)Test # run: mvn -B package -Dchangelist=-SNAPSHOT+${{ github.run_number }} From fdf7b00e7ef3ad056e1e300c1af035b2b0a63061 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Wed, 22 Jan 2025 17:33:00 +0100 Subject: [PATCH 37/50] feat(maven): add workflow secret "AKTIN_MAVEN_REPOSITORY" Allows the keep the hostname of the maven repository confidential. Note: It requires that the "MAVEN_REPOSITORY" environment variable is used as value of the distributionManagement/repository/id field of the pom.xml, or it will have no effect. --- .github/workflows/maven-build-deploy.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/maven-build-deploy.yml b/.github/workflows/maven-build-deploy.yml index e2cfd7c..16f30a0 100644 --- a/.github/workflows/maven-build-deploy.yml +++ b/.github/workflows/maven-build-deploy.yml @@ -29,6 +29,9 @@ on: AKTIN_MAVEN_GPG_PRIVATE_KEY: description: 'Content of the maven repositories GPG private key' required: false + AKTIN_MAVEN_REPOSITORY: + description: 'Hostname of the server hosting the maven repository' + required: false jobs: @@ -79,4 +82,5 @@ jobs: env: MAVEN_USERNAME: ${{ secrets.AKTIN_MAVEN_USERNAME }} MAVEN_PASSPHRASE: ${{ secrets.AKTIN_MAVEN_PASSPHRASE }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.AKTIN_MAVEN_GPG_PASSPHRASE }} \ No newline at end of file + MAVEN_GPG_PASSPHRASE: ${{ secrets.AKTIN_MAVEN_GPG_PASSPHRASE }} + MAVEN_REPOSITORY: ${{ secrets.AKTIN_MAVEN_REPOSITORY }} \ No newline at end of file From 757b6c4906c4c5474b5d593b63ce99efae7ecf66 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Thu, 23 Jan 2025 10:51:45 +0100 Subject: [PATCH 38/50] refactor(debian deploy): remove unused environment variable REPREPRO_HOME Accidentally not removed in 909c0183. --- .github/workflows/debian-deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index a4a029e..db64236 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -39,7 +39,6 @@ jobs: runs-on: ubuntu-latest if: ${{ startsWith(github.ref, 'refs/tags/v') }} env: - REPREPRO_HOME: /software/repo/org/apt # local directory containing conf, db, dists, and pool directories PACKAGE: "${{ inputs.package-name }}_${{ inputs.package-version }}.deb" steps: - name: Download Build Artifact From a10154debdf76568938ed7bea183137e61d1fccf Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Thu, 23 Jan 2025 10:56:41 +0100 Subject: [PATCH 39/50] fix(debian deploy)!: preset and remove GPG passphrase in remote gpg-agent BREAKING CHANGE: adds required secrets "GPG_PASSPHRASE" and "GPG_KEYGRIP" --- .github/workflows/debian-deploy.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index db64236..bcad986 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -33,6 +33,12 @@ on: SSH_REMOTE: description: 'Hostname of the server hosting the AKTIN APT repository' required: true + GPG_PASSPHRASE: + description: 'Passphrase for GPG private key used for signing the published debian packages' + required: true + GPG_KEYGRIP: + description: 'Keygrip identifier of the GPG private key' + required: true jobs: debian-deploy: @@ -55,4 +61,10 @@ jobs: run: scp $PACKAGE "${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }}:${{ inputs.repository-path }}/" - name: Import Debian Packages - run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }} "reprepro -b '${{ inputs.repository-path }}' includedeb ${{ inputs.codename }} $PACKAGE" + run: > # use folded block style (>) because this is one long command + ssh "${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }}" + " + /usr/lib/gnupg/gpg-preset-passphrase -c -P '${{ secrets.GPG_PASSPHRASE }}' '${{ secrets.GPG_KEYGRIP }}'; + reprepro -b '${{ inputs.repository-path }}' includedeb '${{ inputs.codename }}' $PACKAGE; + gpg-connect-agent reloadagent /bye + " From fb3da6b76d5b8fcee0cac99d27697ad4e20928a8 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Thu, 23 Jan 2025 11:02:53 +0100 Subject: [PATCH 40/50] fix(debian deploy): add " around environment variable --- .github/workflows/debian-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index bcad986..a1e7e2d 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -58,7 +58,7 @@ jobs: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - name: Deploy Debian Package - run: scp $PACKAGE "${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }}:${{ inputs.repository-path }}/" + run: scp "$PACKAGE" "${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }}:${{ inputs.repository-path }}/" - name: Import Debian Packages run: > # use folded block style (>) because this is one long command From 43a6446daf827839fd37af5b9c4a1a6823629796 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Thu, 23 Jan 2025 11:20:04 +0100 Subject: [PATCH 41/50] docs(debian deploy): rephrase step names --- .github/workflows/debian-deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index a1e7e2d..6ad17ad 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -57,10 +57,10 @@ jobs: with: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - - name: Deploy Debian Package + - name: Transfer Debian Package to Remote run: scp "$PACKAGE" "${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }}:${{ inputs.repository-path }}/" - - name: Import Debian Packages + - name: Include Debian Package in APT Repository run: > # use folded block style (>) because this is one long command ssh "${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }}" " From f5c495030439d95307453f4510a026bd0e7a7551 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 28 Jan 2025 13:48:18 +0100 Subject: [PATCH 42/50] feat(debian deploy): list available packages after deployment --- .github/workflows/debian-deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index 6ad17ad..5d97b82 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -66,5 +66,6 @@ jobs: " /usr/lib/gnupg/gpg-preset-passphrase -c -P '${{ secrets.GPG_PASSPHRASE }}' '${{ secrets.GPG_KEYGRIP }}'; reprepro -b '${{ inputs.repository-path }}' includedeb '${{ inputs.codename }}' $PACKAGE; + reprepro -b '${{ inputs.repository-path }}' list '${{ inputs.codename }}' gpg-connect-agent reloadagent /bye " From 85a73268274a7c01293cf24d25e820990fa3539e Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 28 Jan 2025 14:38:17 +0100 Subject: [PATCH 43/50] docs(maven): java version description LTS only --- .github/workflows/maven-build-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/maven-build-deploy.yml b/.github/workflows/maven-build-deploy.yml index 16f30a0..c8dd8d4 100644 --- a/.github/workflows/maven-build-deploy.yml +++ b/.github/workflows/maven-build-deploy.yml @@ -4,7 +4,7 @@ on: workflow_call: inputs: java-version: - description: 'Java version number' + description: 'Java LTS version' required: true type: number java-distribution: From 539bb5d4f3b026ab37337e9d809960ee03483454 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 28 Jan 2025 14:40:08 +0100 Subject: [PATCH 44/50] feat(maven): suppress download progress during build and deploy --- .github/workflows/maven-build-deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/maven-build-deploy.yml b/.github/workflows/maven-build-deploy.yml index c8dd8d4..ecf34f5 100644 --- a/.github/workflows/maven-build-deploy.yml +++ b/.github/workflows/maven-build-deploy.yml @@ -69,7 +69,7 @@ jobs: - name: Build & (Unit-)Test # run: mvn -B package -Dchangelist=-SNAPSHOT+${{ github.run_number }} - run: mvn -B package + run: mvn -B package --no-transfer-progress working-directory: ${{ env.WORK_DIR }} - name: Deploy @@ -77,7 +77,7 @@ jobs: # run: mvn deploy -Drevision=${GITHUB_REF_NAME#v} -Dchangelist= run: | mvn versions:set -DnewVersion=${GITHUB_REF_NAME#v} - mvn deploy + mvn deploy --no-transfer-progress working-directory: ${{ env.WORK_DIR }} env: MAVEN_USERNAME: ${{ secrets.AKTIN_MAVEN_USERNAME }} From 43b10e323c696078ba6313cb609913b7f2f37bf0 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 28 Jan 2025 14:45:29 +0100 Subject: [PATCH 45/50] fix(debian build): add working directory to cache generation step --- .github/workflows/debian-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 8f12b3b..09b5598 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -36,6 +36,7 @@ jobs: - name: Generate Cache Name run: echo "CACHE=${sort versions | awk '!/(^[[:space:]]*$|PACKAGE_VERSION=|#)/' ORS='--'}" >> $GITHUB_ENV + working-directory: src/resources - name: Retrieve Cached Downloads uses: actions/cache@v4 From 8d818dacc58621aea9d74f4c8a3dca9bae7bcd9d Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 28 Jan 2025 14:48:10 +0100 Subject: [PATCH 46/50] style(debian build): use ${{env.VERSION}} not $VERSION More consistent look. --- .github/workflows/debian-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 09b5598..1be3551 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -54,5 +54,5 @@ jobs: uses: actions/upload-artifact@v4 with: name: ${{ inputs.artifact-name }} - path: src/debian/build/${{ inputs.package-name }}_$VERSION.deb + path: src/debian/build/${{ inputs.package-name }}_${{ env.VERSION }}.deb if-no-files-found: 'error' \ No newline at end of file From 77be07317a26dca9967c04e93e9b8a9a0dae3c8c Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 28 Jan 2025 14:51:30 +0100 Subject: [PATCH 47/50] refactor(maven) remove commented out lines --- .github/workflows/maven-build-deploy.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/maven-build-deploy.yml b/.github/workflows/maven-build-deploy.yml index ecf34f5..04b3d10 100644 --- a/.github/workflows/maven-build-deploy.yml +++ b/.github/workflows/maven-build-deploy.yml @@ -68,13 +68,11 @@ jobs: run: sudo apt install -y ${{ inputs.apt-dependencies }} - name: Build & (Unit-)Test -# run: mvn -B package -Dchangelist=-SNAPSHOT+${{ github.run_number }} run: mvn -B package --no-transfer-progress working-directory: ${{ env.WORK_DIR }} - name: Deploy if: startsWith(github.ref, 'refs/tags/v') -# run: mvn deploy -Drevision=${GITHUB_REF_NAME#v} -Dchangelist= run: | mvn versions:set -DnewVersion=${GITHUB_REF_NAME#v} mvn deploy --no-transfer-progress From 41a090e3fc06e8a49fee6e886f097274fc015f71 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 28 Jan 2025 14:55:38 +0100 Subject: [PATCH 48/50] style: consistent use of free lines and empty last lines --- .github/workflows/debian-build.yml | 3 +-- .github/workflows/maven-build-deploy.yml | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/debian-build.yml b/.github/workflows/debian-build.yml index 1be3551..4002da9 100644 --- a/.github/workflows/debian-build.yml +++ b/.github/workflows/debian-build.yml @@ -16,7 +16,6 @@ on: description: 'Version of the built debian package' value: ${{ jobs.debian-build.outputs.version }} - jobs: debian-build: runs-on: ubuntu-latest @@ -55,4 +54,4 @@ jobs: with: name: ${{ inputs.artifact-name }} path: src/debian/build/${{ inputs.package-name }}_${{ env.VERSION }}.deb - if-no-files-found: 'error' \ No newline at end of file + if-no-files-found: 'error' diff --git a/.github/workflows/maven-build-deploy.yml b/.github/workflows/maven-build-deploy.yml index 04b3d10..f945eb7 100644 --- a/.github/workflows/maven-build-deploy.yml +++ b/.github/workflows/maven-build-deploy.yml @@ -33,7 +33,6 @@ on: description: 'Hostname of the server hosting the maven repository' required: false - jobs: build: runs-on: ubuntu-latest @@ -81,4 +80,4 @@ jobs: MAVEN_USERNAME: ${{ secrets.AKTIN_MAVEN_USERNAME }} MAVEN_PASSPHRASE: ${{ secrets.AKTIN_MAVEN_PASSPHRASE }} MAVEN_GPG_PASSPHRASE: ${{ secrets.AKTIN_MAVEN_GPG_PASSPHRASE }} - MAVEN_REPOSITORY: ${{ secrets.AKTIN_MAVEN_REPOSITORY }} \ No newline at end of file + MAVEN_REPOSITORY: ${{ secrets.AKTIN_MAVEN_REPOSITORY }} From 61d3a4bceef92574194e3746a67af1691b5ac085 Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 28 Jan 2025 15:38:55 +0100 Subject: [PATCH 49/50] feat(debian deploy): add cleanup on remote --- .github/workflows/debian-deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index 5d97b82..dcd70aa 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -67,5 +67,6 @@ jobs: /usr/lib/gnupg/gpg-preset-passphrase -c -P '${{ secrets.GPG_PASSPHRASE }}' '${{ secrets.GPG_KEYGRIP }}'; reprepro -b '${{ inputs.repository-path }}' includedeb '${{ inputs.codename }}' $PACKAGE; reprepro -b '${{ inputs.repository-path }}' list '${{ inputs.codename }}' + rm '${{ inputs.repository-path }}/$PACKAGE' gpg-connect-agent reloadagent /bye " From 31e999e95b31933d6106d35cb4f78dffe91c975f Mon Sep 17 00:00:00 2001 From: Emily Wedek <170527786+bunbry@users.noreply.github.com> Date: Tue, 28 Jan 2025 15:41:31 +0100 Subject: [PATCH 50/50] fix(debian deploy): explicit path to package --- .github/workflows/debian-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/debian-deploy.yml b/.github/workflows/debian-deploy.yml index dcd70aa..52dc9bd 100644 --- a/.github/workflows/debian-deploy.yml +++ b/.github/workflows/debian-deploy.yml @@ -65,7 +65,7 @@ jobs: ssh "${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }}" " /usr/lib/gnupg/gpg-preset-passphrase -c -P '${{ secrets.GPG_PASSPHRASE }}' '${{ secrets.GPG_KEYGRIP }}'; - reprepro -b '${{ inputs.repository-path }}' includedeb '${{ inputs.codename }}' $PACKAGE; + reprepro -b '${{ inputs.repository-path }}' includedeb '${{ inputs.codename }}' '${{ inputs.repository-path }}/$PACKAGE'; reprepro -b '${{ inputs.repository-path }}' list '${{ inputs.codename }}' rm '${{ inputs.repository-path }}/$PACKAGE' gpg-connect-agent reloadagent /bye