From b7d4880a601c1a38067212962b700ad9ef6027df Mon Sep 17 00:00:00 2001 From: Joe Waters Date: Thu, 18 Apr 2024 14:50:31 -0500 Subject: [PATCH 1/5] STUD-5585: Migrate to GHA Remove dockerfile and skynet.yaml, add sbom and ci workflows --- .github/workflows/ci.yaml | 68 +++++++++++++++++++++++++++++ .github/workflows/publish-sbom.yaml | 26 +++++++++++ Dockerfile | 28 ------------ skynet.yaml | 24 ---------- 4 files changed, 94 insertions(+), 52 deletions(-) create mode 100644 .github/workflows/ci.yaml create mode 100644 .github/workflows/publish-sbom.yaml delete mode 100644 Dockerfile delete mode 100644 skynet.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..18d3f03 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,68 @@ +name: flip-tables CI + +on: + pull_request: + branches: [ '*' ] + push: + branches: [ 'master' ] + tags: [ '*' ] + +permissions: + contents: read + id-token: write + +jobs: + gradle-build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-java@v4 + with: + distribution: 'corretto' + java-version: '8' + - uses: gradle/actions/setup-gradle@v3 + + - name: Build Release Version + if: ${{ github.ref_type == 'tag' }} + run: ./gradlew clean assemble --info -Dorg.gradle.project.version=${{ github.ref_name }} + + - name: Build Non-Release Version + if: ${{ github.ref_type != 'tag' }} + run: ./gradlew clean assemble --info + + - name: Bundle/TAR up JAR files + run: | + tar -cvzf ./build/libs/java.tar.gz ./build/libs/*.jar + ls -ls ./build/libs + + - name: Publish Artifacts + uses: Workiva/gha-store-artifacts@v2.0.1 + with: + JAVA: ./build/libs/connector-sdk-java-*.*.jar + VERACODE: ./build/libs/java.tar.gz + + # this step is for publishing versions suffixed with '-SNAPSHOT' (if present) to the maven dev repo + # PR branches will publish them at a URL like the following: + # https://workivaeast.jfrog.io/ui/native/maven-dev/com/workiva/chains/connector-sdk-java/*-SNAPSHOT/ + # its useful if you want to consume a published WIP sdk jar in a connector locally for testing + # if the connector is configured to check the wk maven-dev repository for dependencies + # then all you need to do is update the connector sdk version to x.x.x-SNAPSHOT and it will find it + - name: Conditionally Publish Java SNAPSHOT + if: ${{ github.ref_type != 'tag' && github.ref_name != 'master' && hashFiles('./build/libs/*-SNAPSHOT.jar') != '' }} + uses: Workiva/gha-deploy-component@v2.0.1 + with: + JAVA-SNAPSHOT: ./build/libs/*-SNAPSHOT.jar + + Unit-Test: + runs-on: ubuntu-latest + steps: + - uses: Workiva/gha-setup-credentials@v2.0.2 + - uses: actions/checkout@v4 + - uses: actions/setup-java@v4 + with: + distribution: 'corretto' + java-version: '8' + - uses: gradle/actions/setup-gradle@v3 + + - name: Run Tests + run: ./gradlew --no-daemon --console=plain test diff --git a/.github/workflows/publish-sbom.yaml b/.github/workflows/publish-sbom.yaml new file mode 100644 index 0000000..e65810f --- /dev/null +++ b/.github/workflows/publish-sbom.yaml @@ -0,0 +1,26 @@ +name: Publish SBOM + +on: + push: + tags: + # Releases + - '[0-9]+.[0-9]+.[0-9]+' + +# Permissions should look like this +permissions: + contents: write + id-token: write + pull-requests: write + +jobs: + create-sbom-release-asset: + name: Create SBOM Release Asset + runs-on: ubuntu-latest + steps: + # If you don't check the code out, the SBOM will be empty + - uses: actions/checkout@v4 + - name: Publish SBOM to Release Assets + uses: anchore/sbom-action@v0 + with: + path: ./ # actions/checkout default location + format: cyclonedx-json diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 6f6878b..0000000 --- a/Dockerfile +++ /dev/null @@ -1,28 +0,0 @@ -FROM amazoncorretto:8 AS build -WORKDIR /build - -RUN yum install tar gzip -y - -COPY settings.gradle build.gradle gradlew ./ -COPY gradle gradle - -# run to pull down the gradle wrapper and cache that on its own layer -RUN ./gradlew --version - -COPY . . - -ARG GIT_BRANCH -ARG GIT_TAG - -# Build the application. -# -RUN ./scripts/build.sh -# Collect assembled jar for publishing -ARG BUILD_ARTIFACTS_JAVA=/build/build/libs/*.jar - -# Generate Veracode Artifact -RUN tar -cvzf /java.tar.gz /build/build/libs/ -ARG BUILD_ARTIFACTS_VERACODE=/java.tar.gz - -# We only care about publishing a jar -FROM scratch diff --git a/skynet.yaml b/skynet.yaml deleted file mode 100644 index e4b64d0..0000000 --- a/skynet.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Testing with Skynet - https://github.com/Workiva/skynet/tree/master/docs -name: flip-tables-tests -image: amazoncorretto:8 -description: run flip-tables unit tests -timeout: 300 #5 minutes -size: small -contact: support-onecloud - -run: - on-pull-request: yes - on-tag: yes - when-branch-name-is: - - .*_debug - - ^refs/tags/.+ - - master - -artifacts: - - /testing/build/test-results/test - -test-reports: - - /testing/build/test-results/test - -scripts: - - ./gradlew --no-daemon --console=plain test From 6c41fd9bc1554ad698c18ff9fb12e0096f01c9c8 Mon Sep 17 00:00:00 2001 From: Joe Waters Date: Thu, 18 Apr 2024 14:59:21 -0500 Subject: [PATCH 2/5] STUD-5585: Remove wk actions --- .github/workflows/ci.yaml | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 18d3f03..d816f5e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -35,28 +35,22 @@ jobs: tar -cvzf ./build/libs/java.tar.gz ./build/libs/*.jar ls -ls ./build/libs - - name: Publish Artifacts - uses: Workiva/gha-store-artifacts@v2.0.1 + - name: Publish Artifact + uses: actions/upload-artifact@v3 with: - JAVA: ./build/libs/connector-sdk-java-*.*.jar - VERACODE: ./build/libs/java.tar.gz + name: java + path: ./build/libs/connector-sdk-java-*.*.jar - # this step is for publishing versions suffixed with '-SNAPSHOT' (if present) to the maven dev repo - # PR branches will publish them at a URL like the following: - # https://workivaeast.jfrog.io/ui/native/maven-dev/com/workiva/chains/connector-sdk-java/*-SNAPSHOT/ - # its useful if you want to consume a published WIP sdk jar in a connector locally for testing - # if the connector is configured to check the wk maven-dev repository for dependencies - # then all you need to do is update the connector sdk version to x.x.x-SNAPSHOT and it will find it - - name: Conditionally Publish Java SNAPSHOT + - name: Publish Snapshot if: ${{ github.ref_type != 'tag' && github.ref_name != 'master' && hashFiles('./build/libs/*-SNAPSHOT.jar') != '' }} - uses: Workiva/gha-deploy-component@v2.0.1 + uses: actions/upload-artifact@v3 with: - JAVA-SNAPSHOT: ./build/libs/*-SNAPSHOT.jar + name: java-snapshot + path: ./build/libs/*-SNAPSHOT.jar Unit-Test: runs-on: ubuntu-latest steps: - - uses: Workiva/gha-setup-credentials@v2.0.2 - uses: actions/checkout@v4 - uses: actions/setup-java@v4 with: From 139b78f6227e86c469e9764a91f3864203684f5a Mon Sep 17 00:00:00 2001 From: Joe Waters Date: Thu, 18 Apr 2024 15:11:16 -0500 Subject: [PATCH 3/5] STUD-5585: Update version of upload-artifact --- .github/workflows/ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d816f5e..3c8eed9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -36,14 +36,14 @@ jobs: ls -ls ./build/libs - name: Publish Artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: java path: ./build/libs/connector-sdk-java-*.*.jar - name: Publish Snapshot if: ${{ github.ref_type != 'tag' && github.ref_name != 'master' && hashFiles('./build/libs/*-SNAPSHOT.jar') != '' }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: java-snapshot path: ./build/libs/*-SNAPSHOT.jar From f3b6a3bf8e89c9c5ffca002881fa2629f91ca634 Mon Sep 17 00:00:00 2001 From: Joe Waters Date: Thu, 18 Apr 2024 15:51:09 -0500 Subject: [PATCH 4/5] STUD-5585: Fix artifact name Add CODEOWNERS --- .github/CODEOWNERS | 2 ++ .github/workflows/ci.yaml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 .github/CODEOWNERS diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..282a791 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,2 @@ +# Only allow Workiva employees to alter GHA workflows +/.github/ @Workiva/cloud42 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3c8eed9..48dc1a2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -39,7 +39,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: java - path: ./build/libs/connector-sdk-java-*.*.jar + path: ./build/libs/flip-tables-*.*.jar - name: Publish Snapshot if: ${{ github.ref_type != 'tag' && github.ref_name != 'master' && hashFiles('./build/libs/*-SNAPSHOT.jar') != '' }} From 420ce6d472a603c124918258c711b8d1363d547a Mon Sep 17 00:00:00 2001 From: Joe Waters Date: Thu, 18 Apr 2024 15:53:49 -0500 Subject: [PATCH 5/5] STUD-5585: Modify artifact name --- .github/workflows/ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 48dc1a2..1d447de 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -38,14 +38,14 @@ jobs: - name: Publish Artifact uses: actions/upload-artifact@v4 with: - name: java + name: flip-tables path: ./build/libs/flip-tables-*.*.jar - name: Publish Snapshot if: ${{ github.ref_type != 'tag' && github.ref_name != 'master' && hashFiles('./build/libs/*-SNAPSHOT.jar') != '' }} uses: actions/upload-artifact@v4 with: - name: java-snapshot + name: flip-tables-snapshot path: ./build/libs/*-SNAPSHOT.jar Unit-Test: