-
Notifications
You must be signed in to change notification settings - Fork 0
Reusable Workflows for building and deployment #2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
50 commits
Select commit
Hold shift + click to select a range
39b31a3
ci: add get-newest-artifact composite action
bunbry c5219bf
WIP ci: add build & deploy workflows for AKTIN Maven, Debian, and Doc…
bunbry 85c4901
WIP fix: workflows must be rooted in .github/workflows directory
bunbry 616c077
feat: set "downloads" cache key based on versions file
bunbry f827f79
refactor!: remove steps related to i2b2 download
bunbry e324e43
refactor: remove passphrase authentication for SSH
bunbry 12d5c9f
refactor: update remote address for debian deployment
bunbry a6a7ae5
fix: actually make use of cached AKTIN repo public key
bunbry 029f89d
refactor!: rename input for debian-build.yml
bunbry d5f125e
refactor: uncomment pre-testing installation steps
bunbry f088ec0
refactor: add REPREPRO_HOME value
bunbry 0221560
docs: correct workflow directory in example
bunbry 4225431
fix(debian build): remove build script version parameter
bunbry 57015cd
refactor(debian build): remove installation and testing steps
bunbry 5274501
refactor(debian build): exclude lines starting with # from cache name
bunbry 88db8c8
refactor(debian build): use version from versions file instead of git…
bunbry 2b6cb8f
refactor(debian deploy): remove manipulation of the distributions file
bunbry fcf9be3
refactor(docker): remove docker build and deploy workflows
bunbry bbcc093
fix(debian build): move working-directory from job to step
bunbry eb3ba1c
feat(debian deploy)!: determine deployed package from inputs
bunbry 402cfbe
feat(debian build): package version as workflow output
bunbry 44ec782
refactor(debian build): always get package version from versions file
bunbry b67916d
fix(debian deploy): remove "needs" section from deploy job
bunbry 2d64f08
docs(debian): fix some spelling errors and rephrase description of wo…
bunbry 49fecc1
updated readme
akomii b4dca94
feat(debian build): fail if artifact contains no files
bunbry 0711fcc
refactor: remove unused workflow versions for deployment of debian files
bunbry 842d22e
refactor: remove unused action "get-newest-artifact"
bunbry eb15457
fix(debian build): use checkout action as first step / before version…
bunbry c7d8aa0
feat(debian build): ensure that build.sh is executable
bunbry f8c9a3b
refactor(debian build): remove obsolete version generation step for n…
bunbry 4b5cb33
docs(debian build): rephrase description for output "package-version"
bunbry 5ea789f
refactor(debian deploy): downgrade default OS to Ubuntu 22.04
bunbry f059c1a
feat(debian deploy): hostname of apt repo server as secret
bunbry 909c018
refactor(debian deploy): add path to repository as an input
bunbry c09303b
refactor(maven)!: change "install-r" workflow to input for generic ap…
bunbry fdf7b00
feat(maven): add workflow secret "AKTIN_MAVEN_REPOSITORY"
bunbry 757b6c4
refactor(debian deploy): remove unused environment variable REPREPRO_…
bunbry a10154d
fix(debian deploy)!: preset and remove GPG passphrase in remote gpg-a…
bunbry fb3da6b
fix(debian deploy): add " around environment variable
bunbry 43a6446
docs(debian deploy): rephrase step names
bunbry f5c4950
feat(debian deploy): list available packages after deployment
bunbry 85a7326
docs(maven): java version description LTS only
bunbry 539bb5d
feat(maven): suppress download progress during build and deploy
bunbry 43b10e3
fix(debian build): add working directory to cache generation step
bunbry 8d818da
style(debian build): use ${{env.VERSION}} not $VERSION
bunbry 77be073
refactor(maven) remove commented out lines
bunbry 41a090e
style: consistent use of free lines and empty last lines
bunbry 61d3a4b
feat(debian deploy): add cleanup on remote
bunbry 31e999e
fix(debian deploy): explicit path to package
bunbry File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| name: Build Debian Package | ||
|
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| artifact-name: | ||
| description: 'Name of the artifact which contains the debian package' | ||
| default: 'debian-package' | ||
| type: string | ||
| package-name: | ||
| description: 'Name of the debian package' | ||
| required: true | ||
| type: string | ||
| outputs: | ||
| package-version: | ||
| description: 'Version of the built debian package' | ||
| value: ${{ jobs.debian-build.outputs.version }} | ||
|
|
||
| jobs: | ||
| debian-build: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| version: ${{ steps.prep-version.outputs.version }} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Prepare Version Variable | ||
| id: prep-version | ||
| run: | | ||
| STR=$(grep "PACKAGE_VERSION=" versions) | ||
| VERSION=${STR#PACKAGE_VERSION=} | ||
| echo "VERSION=$VERSION" >> $GITHUB_ENV | ||
| echo "version=$VERSION" >> $GITHUB_OUTPUT | ||
| working-directory: src/resources | ||
|
|
||
| - name: Generate Cache Name | ||
| run: echo "CACHE=${sort versions | awk '!/(^[[:space:]]*$|PACKAGE_VERSION=|#)/' ORS='--'}" >> $GITHUB_ENV | ||
akomii marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| working-directory: src/resources | ||
|
|
||
| - name: Retrieve Cached Downloads | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: src/downloads/ | ||
| key: downloads--${{ env.CACHE }} | ||
|
|
||
| - name: Build Debian | ||
| run: | | ||
| chmod +x build.sh | ||
| build.sh | ||
| working-directory: src/debian | ||
|
|
||
| - name: Upload Build Artifact | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: ${{ inputs.artifact-name }} | ||
| path: src/debian/build/${{ inputs.package-name }}_${{ env.VERSION }}.deb | ||
| if-no-files-found: 'error' | ||
akomii marked this conversation as resolved.
Show resolved
Hide resolved
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,72 @@ | ||
| name: AKTIN Deploy Debian Package | ||
|
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| artifact-name: | ||
| description: 'Artifact name' | ||
| default: 'debian-package' | ||
| type: string | ||
| codename: | ||
| description: 'OS codename' | ||
| default: 'jammy' | ||
| type: string | ||
| package-name: | ||
| description: 'Name of the debian package' | ||
| required: true | ||
| type: string | ||
| package-version: | ||
| description: 'Version of the debian package' | ||
| required: true | ||
| type: string | ||
| repository-path: | ||
| description: 'Local directory containing conf, db, dists, and pool directories' | ||
| default: '/software/repo/org/apt' | ||
| type: string | ||
| secrets: | ||
| SSH_USER: | ||
| description: 'Username for the server hosting the AKTIN APT repository' | ||
| required: true | ||
| SSH_PRIVATE_KEY: | ||
| description: 'Private Key for authenticating with the server hosting the AKTIN APT repository' | ||
| required: true | ||
| SSH_REMOTE: | ||
| description: 'Hostname of the server hosting the AKTIN APT repository' | ||
| required: true | ||
| GPG_PASSPHRASE: | ||
| description: 'Passphrase for GPG private key used for signing the published debian packages' | ||
| required: true | ||
| GPG_KEYGRIP: | ||
| description: 'Keygrip identifier of the GPG private key' | ||
| required: true | ||
|
|
||
| jobs: | ||
| debian-deploy: | ||
| runs-on: ubuntu-latest | ||
| if: ${{ startsWith(github.ref, 'refs/tags/v') }} | ||
| env: | ||
| PACKAGE: "${{ inputs.package-name }}_${{ inputs.package-version }}.deb" | ||
| steps: | ||
| - name: Download Build Artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: ${{ inputs.artifact-name }} | ||
|
|
||
| - name: Setup SSH Key | ||
| uses: webfactory/ssh-agent@v0.9.0 | ||
| with: | ||
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | ||
|
|
||
| - name: Transfer Debian Package to Remote | ||
| run: scp "$PACKAGE" "${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }}:${{ inputs.repository-path }}/" | ||
|
|
||
| - name: Include Debian Package in APT Repository | ||
| run: > # use folded block style (>) because this is one long command | ||
| ssh "${{ secrets.SSH_USER }}@${{ secrets.SSH_REMOTE }}" | ||
| " | ||
| /usr/lib/gnupg/gpg-preset-passphrase -c -P '${{ secrets.GPG_PASSPHRASE }}' '${{ secrets.GPG_KEYGRIP }}'; | ||
| reprepro -b '${{ inputs.repository-path }}' includedeb '${{ inputs.codename }}' '${{ inputs.repository-path }}/$PACKAGE'; | ||
| reprepro -b '${{ inputs.repository-path }}' list '${{ inputs.codename }}' | ||
| rm '${{ inputs.repository-path }}/$PACKAGE' | ||
| gpg-connect-agent reloadagent /bye | ||
| " |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| name: AKTIN Build & Deploy Maven | ||
|
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| java-version: | ||
| description: 'Java LTS version' | ||
| required: true | ||
| type: number | ||
| java-distribution: | ||
| description: 'Java distribution' | ||
| default: 'temurin' | ||
| required: false | ||
| type: string | ||
| apt-dependencies: | ||
| description: 'Dependencies installed via apt (as space separated list)' | ||
| required: false | ||
| type: string | ||
| secrets: | ||
| AKTIN_MAVEN_USERNAME: | ||
| description: 'Maven repository username' | ||
| required: false | ||
| AKTIN_MAVEN_PASSPHRASE: | ||
| description: 'Maven repository passphrase' | ||
| required: false | ||
| AKTIN_MAVEN_GPG_PASSPHRASE: | ||
| description: 'Passphrase for the maven repositories GPG private key' | ||
| required: false | ||
| AKTIN_MAVEN_GPG_PRIVATE_KEY: | ||
| description: 'Content of the maven repositories GPG private key' | ||
| required: false | ||
| AKTIN_MAVEN_REPOSITORY: | ||
| description: 'Hostname of the server hosting the maven repository' | ||
| required: false | ||
|
|
||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Prepare Working Directory Variable | ||
| run: echo "WORK_DIR=${GITHUB_REPOSITORY#aktin/}" >> $GITHUB_ENV | ||
|
|
||
| - name: Checkout parent POM | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| repository: aktin/aktin | ||
|
|
||
| - name: Checkout project | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| path: ${{ env.WORK_DIR }} | ||
|
|
||
| - name: Set up JDK ${{ inputs.java-version }} | ||
| uses: actions/setup-java@v4 | ||
| with: | ||
| java-version: ${{ inputs.java-version }} | ||
| distribution: ${{ inputs.java-distribution }} | ||
| cache: maven | ||
| server-id: aktinupload.software.magdeburg # value of the distributionManagement/repository/id field of the pom.xml | ||
akomii marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| server-username: MAVEN_USERNAME # env variable for username in deploy | ||
| server-password: MAVEN_PASSPHRASE # env variable for token/password in deploy | ||
| gpg-private-key: ${{ secrets.AKTIN_MAVEN_GPG_PRIVATE_KEY }} # value of the GPG private key to import | ||
| gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase | ||
akomii marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| - name: Install APT Dependencies | ||
| if: inputs.apt-dependencies | ||
| run: sudo apt install -y ${{ inputs.apt-dependencies }} | ||
|
|
||
| - name: Build & (Unit-)Test | ||
| run: mvn -B package --no-transfer-progress | ||
| working-directory: ${{ env.WORK_DIR }} | ||
|
|
||
| - name: Deploy | ||
| if: startsWith(github.ref, 'refs/tags/v') | ||
| run: | | ||
| mvn versions:set -DnewVersion=${GITHUB_REF_NAME#v} | ||
akomii marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| mvn deploy --no-transfer-progress | ||
| working-directory: ${{ env.WORK_DIR }} | ||
| env: | ||
| MAVEN_USERNAME: ${{ secrets.AKTIN_MAVEN_USERNAME }} | ||
| MAVEN_PASSPHRASE: ${{ secrets.AKTIN_MAVEN_PASSPHRASE }} | ||
| MAVEN_GPG_PASSPHRASE: ${{ secrets.AKTIN_MAVEN_GPG_PASSPHRASE }} | ||
| MAVEN_REPOSITORY: ${{ secrets.AKTIN_MAVEN_REPOSITORY }} | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.