From 788aa92d4721ad03a3b15a0d06085fec779388cc Mon Sep 17 00:00:00 2001 From: Christian Nicolai Date: Tue, 8 Aug 2023 11:17:10 +0200 Subject: [PATCH] chore(ci): migrate to Github Actions --- .ci.consulting | 19 ------- .github/workflows/build-worker.yml | 85 ++++++++++++++++++++++++++++++ .github/workflows/build.yml | 84 +++++++++++++++++++++++++++++ README.md | 16 ++++-- 4 files changed, 182 insertions(+), 22 deletions(-) delete mode 100644 .ci.consulting create mode 100644 .github/workflows/build-worker.yml create mode 100644 .github/workflows/build.yml diff --git a/.ci.consulting b/.ci.consulting deleted file mode 100644 index 091d58f..0000000 --- a/.ci.consulting +++ /dev/null @@ -1,19 +0,0 @@ -@Library(["camunda-ci", "camunda-consulting"]) _ - -def customStageStep = { - withCredentials([file(credentialsId: 'showroom-bucket-auth', variable: 'GOOGLE_APPLICATION_CREDENTIALS')]) { - sh "cp $GOOGLE_APPLICATION_CREDENTIALS ./auth/bucketAuth.json" - } -} - -def settings = [ - isMvn: true, - buildMavenProject: "clean source:jar deploy -DargLine='-Xmx512m -XX:MaxPermSize=128m'", - dockerImage: 'showroom-customer-onboarding', - snapshotName: "1.1.0-SNAPSHOT", - activateNotification: true, - customStageDef: customStageStep, - notificationEmail: "showroom-ci-notifications@camunda.com" -] - -buildAndDeployDockerImage(settings) diff --git a/.github/workflows/build-worker.yml b/.github/workflows/build-worker.yml new file mode 100644 index 0000000..c29a5a1 --- /dev/null +++ b/.github/workflows/build-worker.yml @@ -0,0 +1,85 @@ +--- +name: Build Worker + +on: + push: + branches: + - '**' + # tags: + # - 'v*.*.*' + +defaults: + run: + # use bash shell by default to ensure pipefail behavior is the default + # see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + +env: + IMAGE_NAME: team-consulting/showroom-customer-onboarding-external-nodejs + +jobs: + build: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v3 + + - name: Import Secrets + id: secrets # important to refer to it in later steps + uses: hashicorp/vault-action@v2.7.2 + with: + url: ${{ secrets.VAULT_ADDR }} + method: approle + roleId: ${{ secrets.VAULT_ROLE_ID }} + secretId: ${{ secrets.VAULT_SECRET_ID }} + exportEnv: false # we rely on step outputs, no need for environment variables + secrets: | + secret/data/products/consulting/ci/consulting ARTIFACTS_USR; + secret/data/products/consulting/ci/consulting ARTIFACTS_PSW; + secret/data/products/consulting/ci/consulting SHOWCASE_MAIL_PASSWORD; + + - name: Create mail password + run: | + sed -i "s/${{ steps.secrets.outputs.SHOWCASE_MAIL_PASSWORD }}/\${SHOWCASE_MAIL_PASSWORD}/g" external-task-worker/.env' + + - name: Setup Maven + uses: s4u/setup-maven-action@v1.8.0 + with: + java-version: '8' + java-distribution: 'temurin' + maven-version: '3.3.9' + + # Use CI Nexus as co-located pull-through cache for Maven artifacts via ~/.m2/settings.xml + - name: Create Maven Settings + uses: s4u/maven-settings-action@v2.8.0 + with: + githubServer: false + servers: | + [{ + "id": "camunda-nexus", + "username": "${{ steps.secrets.outputs.ARTIFACTS_USR }}", + "password": "${{ steps.secrets.outputs.ARTIFACTS_PSW }}" + }] + mirrors: '[{"url": "https://repository.nexus.camunda.cloud/content/groups/internal/", "id": "camunda-nexus", "mirrorOf": "*", "name": "Camunda Nexus"}]' + + - name: Run Tests + run: | + cd external-task-worker && mvn clean resources:resources package -B + env: + MAVEN_USERNAME: ${{ steps.secrets.outputs.ARTIFACTS_USR }} + MAVEN_PASSWORD: ${{ steps.secrets.outputs.ARTIFACTS_PSW }} + + - name: Publish Test Results + uses: EnricoMi/publish-unit-test-result-action@v2 + if: always() # Publish results even if the job fails or is canceled + with: + files: | + external-task-worker/**/target/surefire-reports/*.xml + external-task-worker/**/target/failsafe-reports/TEST-*.xml + + - uses: camunda/infra-global-github-actions/build-docker-image@main + with: + registry_host: registry.camunda.cloud + registry_username: ${{ steps.secrets.outputs.ARTIFACTS_USR }} + registry_password: ${{ steps.secrets.outputs.ARTIFACTS_PSW }} + image_name: ${{ env.IMAGE_NAME }} + build_context: external-task-worker diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..693e004 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,84 @@ +--- +name: Build + +on: + push: + branches: + - '**' + tags: + - 'v*.*.*' + +defaults: + run: + # use bash shell by default to ensure pipefail behavior is the default + # see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + +env: + IMAGE_NAME: team-consulting/showroom-customer-onboarding + +jobs: + build: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v3 + + - name: Import Secrets + id: secrets # important to refer to it in later steps + uses: hashicorp/vault-action@v2.7.2 + with: + url: ${{ secrets.VAULT_ADDR }} + method: approle + roleId: ${{ secrets.VAULT_ROLE_ID }} + secretId: ${{ secrets.VAULT_SECRET_ID }} + exportEnv: false # we rely on step outputs, no need for environment variables + secrets: | + secret/data/products/consulting/ci/consulting ARTIFACTS_USR; + secret/data/products/consulting/ci/consulting ARTIFACTS_PSW; + secret/data/products/consulting/ci/consulting SHOWROOM_BUCKET_AUTH_BYTES; + + - name: Setup Maven + uses: s4u/setup-maven-action@v1.8.0 + with: + java-version: '8' + java-distribution: 'temurin' + maven-version: '3.3.9' + + # Use CI Nexus as co-located pull-through cache for Maven artifacts via ~/.m2/settings.xml + - name: Create Maven Settings + uses: s4u/maven-settings-action@v2.8.0 + with: + githubServer: false + servers: | + [{ + "id": "camunda-nexus", + "username": "${{ steps.secrets.outputs.ARTIFACTS_USR }}", + "password": "${{ steps.secrets.outputs.ARTIFACTS_PSW }}" + }] + mirrors: '[{"url": "https://repository.nexus.camunda.cloud/content/groups/internal/", "id": "camunda-nexus", "mirrorOf": "*", "name": "Camunda Nexus"}]' + + - name: Run Tests + run: | + mvn clean resources:resources package -B + env: + MAVEN_USERNAME: ${{ steps.secrets.outputs.ARTIFACTS_USR }} + MAVEN_PASSWORD: ${{ steps.secrets.outputs.ARTIFACTS_PSW }} + + - name: Publish Test Results + uses: EnricoMi/publish-unit-test-result-action@v2 + if: always() # Publish results even if the job fails or is canceled + with: + files: | + **/target/surefire-reports/*.xml + **/target/failsafe-reports/TEST-*.xml + + - name: Create bucket auth secret + run: | + echo "${{ steps.secrets.outputs.SHOWROOM_BUCKET_AUTH_BYTES }}" | base64 -d > ./auth/bucketAuth.json + + - uses: camunda/infra-global-github-actions/build-docker-image@main + with: + registry_host: registry.camunda.cloud + registry_username: ${{ steps.secrets.outputs.ARTIFACTS_USR }} + registry_password: ${{ steps.secrets.outputs.ARTIFACTS_PSW }} + image_name: ${{ env.IMAGE_NAME }} diff --git a/README.md b/README.md index 8a8c6f0..5c41138 100644 --- a/README.md +++ b/README.md @@ -31,10 +31,10 @@ The workflow first executes an automated decision (in DMN), determining if the a The camunda web applications will be accessible under http://localhost:8080/camunda The user/password demo/demo can be used to login. - + # Architecture -The showcase uses Spring Boot and the Camunda Spring boot starters. +The showcase uses Spring Boot and the Camunda Spring boot starters. https://docs.camunda.org/manual/latest/user-guide/spring-boot-integration Spring web is used for the REST services defined in *ApplicationOnlineFacade* @@ -46,7 +46,7 @@ Spring web is used for the REST services defined in *ApplicationOnlineFacade* # How to build and run 1. clone project or download sources 2. build via Maven (*mvn clean package*) -3. run via Spring boot (*mvn spring-boot:run*) +3. run via Spring boot (*mvn spring-boot:run*) During startup the showcase **will generate test data**. This can take a few minutes. You can already use the application during this time. @@ -55,3 +55,13 @@ To start with a fresh database delete /camunda-db.mv.db and /camunda-db.trace.db Alternatively you can play online in the [Showroom](http://showroom.camunda.com/) without installing anything locally. The showroom is password protected and only accessible for camunda partners. +# Releasing + +When you want to release a new Docker image, [create a GitHub release](https://github.com/camunda-consulting/showroom-customer-onboarding/releases/new): +- Choose a tag: enter a new version (e.g. `v1.2.3`) and click `create a tag` +- Target: `main` +- Release title: new version (e.g. `v1.2.3`) +- Description: click `Generate release notes` for GitHub to fill it. +- Click `Publish Release` to release it. + +You can check the [actions page](https://github.com/camunda-consulting/showroom-customer-onboarding/actions) to follow the release.