From d6e4fbbc2d71fa2ced8ce762dc46233bb240d2c6 Mon Sep 17 00:00:00 2001 From: kcs-bandihareesh Date: Mon, 7 Oct 2024 15:04:11 +0530 Subject: [PATCH] updated workflow with workload identity federation --- .github/workflows/database-goodies.yaml | 133 ++++++++++++------------ pom.xml | 63 +---------- travis/maven-settings.xml | 37 ++----- 3 files changed, 76 insertions(+), 157 deletions(-) diff --git a/.github/workflows/database-goodies.yaml b/.github/workflows/database-goodies.yaml index 931a2f9..9db44d6 100644 --- a/.github/workflows/database-goodies.yaml +++ b/.github/workflows/database-goodies.yaml @@ -4,85 +4,88 @@ on: push: pull_request: workflow_dispatch: + schedule: + - cron: "0 0 * * *" jobs: test: runs-on: ubuntu-latest - services: - postgres: - image: postgres:9.6 - ports: - - 5432:5432 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres - options: >- - --health-cmd="pg_isready" - --health-interval=10s - --health-timeout=5s - --health-retries=5 steps: - - name: Checkout code - uses: actions/checkout@v4 + - name: Checkout code + uses: actions/checkout@v4 - - name: Set up JDK 8 - uses: actions/setup-java@v3 - with: - java-version: '8' - distribution: 'adopt' + - name: Set up Oracle JDK 8 + uses: actions/setup-java@v3 + with: + java-version: 8 + distribution: 'zulu' + cache: maven - - name: Cache Maven dependencies - uses: actions/cache@v3 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- + - name: Copy Maven settings + run: | + mkdir -p $HOME/.m2 + cp ./travis/maven-settings.xml $HOME/.m2/settings.xml - - name: Set up Maven settings - run: | - mkdir -p ~/.m2 - cp ./travis/maven-settings.xml ~/.m2/settings.xml - sed -i "s/-SNAPSHOT/-github-build-${{ github.run_number }}/" pom.xml + - name: Update pom.xml version + run: | + sed -i "s/-SNAPSHOT/-build-${{ github.run_number }}/" pom.xml - - name: Create test database and user in PostgreSQL - run: | - psql -U postgres -c "create user test with password 'test';" - psql -c 'create database test owner test;' -U postgres - env: - PGPASSWORD: postgres + - name: Disable SourceClear except for cron jobs + run: | + if [ "${{ github.event_name }}" != "schedule" ]; then + export NOSCAN=1 + fi - - name: Run tests - run: | - mvn -e test - mvn -e -Ppostgresql -Dpostgres.database.url=jdbc:postgresql:test \ - -Dpostgres.database.user=test -Dpostgres.database.password=test verify + - name: Install PostgreSQL 9.6 + run: | + sudo apt-get update + sudo apt-get install -y postgresql-9.6 postgresql-contrib-9.6 - - name: Print Surefire reports on failure - if: failure() - run: | - echo "\n=== SUREFIRE REPORTS ===\n" - for F in target/surefire-reports/*.txt; do echo $F; cat $F; echo; done + - name: Set up PostgreSQL 9.6 + run: | + sudo service postgresql start + sudo -u postgres psql -c "create user test with password 'test';" + sudo -u postgres psql -c "create database test owner test;" - deploy_snapshots: + - name: Run tests + run: | + mvn -e test + mvn -e -Ppostgresql -Dpostgres.database.url=jdbc:postgresql:test -Dpostgres.database.user=test -Dpostgres.database.password=test verify + + - name: Show test reports on failure + if: failure() + run: | + echo "\n=== SUREFIRE REPORTS ===\n" + for F in target/surefire-reports/*.txt; do echo $F; cat $F; echo; done + + deploy-snapshots: runs-on: ubuntu-latest - if: github.ref == 'refs/heads/master' && github.event_name == 'push' steps: - - name: Checkout code - uses: actions/checkout@v4 + - name: Checkout code + uses: actions/checkout@v4 + + - name: Authenticate to Google Cloud + uses: google-github-actions/auth@v2 + with: + project_id: 'som-rit-infrastructure-prod' + workload_identity_provider: 'projects/294515190965/locations/global/workloadIdentityPools/github/providers/susom-github' + + - name: Set up Oracle JDK 8 + uses: actions/setup-java@v3 + with: + java-version: 8 + distribution: 'zulu' + cache: maven - - name: Set up JDK 8 - uses: actions/setup-java@v3 - with: - java-version: '8' - distribution: 'adopt' + - name: Copy Maven settings + run: | + mkdir -p $HOME/.m2 + cp ./travis/maven-settings.xml $HOME/.m2/settings.xml - - name: Set up Maven settings - run: | - mkdir -p ~/.m2 - cp ./travis/maven-settings.xml ~/.m2/settings.xml - sed -i "s/-SNAPSHOT/-github-build-${{ github.run_number }}/" pom.xml + - name: Update pom.xml version + run: | + sed -i "s/-SNAPSHOT/-build-${{ github.run_number }}/" pom.xml - - name: Deploy Snapshots - run: | - mvn --batch-mode -e -DskipTests=true deploy \ No newline at end of file + - name: Deploy snapshots + run: | + mvn --batch-mode -e -DskipTests=true deploy \ No newline at end of file diff --git a/pom.xml b/pom.xml index 076ef2e..9eb670f 100644 --- a/pom.xml +++ b/pom.xml @@ -1,4 +1,3 @@ - 4.0.0 @@ -175,22 +174,6 @@ - - - - org.apache.maven.plugins - maven-release-plugin - 2.5.3 - - true - false - release - deploy - - @@ -422,49 +405,5 @@ - - - release - - gpg - ${env.GPG_KEY_NAME} - ${env.GPG_PASSPHRASE} - - - - ossrh - https://oss.sonatype.org/service/local/staging/deploy/maven2/ - - - - - - org.apache.maven.plugins - maven-gpg-plugin - 1.6 - - - sign-artifacts - verify - - sign - - - - - - org.sonatype.plugins - nexus-staging-maven-plugin - 1.6.6 - true - - ossrh - https://oss.sonatype.org/ - true - - - - - - + \ No newline at end of file diff --git a/travis/maven-settings.xml b/travis/maven-settings.xml index bd818c5..a2ad448 100644 --- a/travis/maven-settings.xml +++ b/travis/maven-settings.xml @@ -1,7 +1,6 @@ + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> @@ -9,9 +8,10 @@ https://repo.maven.apache.org/maven2/ + - travis-ci + ci-build artifact-registry @@ -35,39 +35,16 @@ https://repo.maven.apache.org/maven2 - - - travis-ci + + ci-build - - artifact-registry - - - - true - - - true - - - - - http.protocol.expect-continue - false - - - - - - _json_key_base64 - ${env.ARTIFACT_REGISTRY_KEY} - + ossrh ${env.OSSRH_USERNAME}