-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
334 lines (290 loc) · 11.4 KB
/
continuous-integration-workflow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
name: Openfire CI
env:
CI: true
on: [push, pull_request]
jobs:
build:
name: Build Openfire from source
runs-on: ubuntu-latest
strategy:
matrix:
java: [ 11, 17 ]
distribution: [ zulu ] # We could add more here: temurin, adopt, liberica, microsoft, corretto
steps:
- uses: actions/checkout@v4
- name: Set up JDK ${{ matrix.java }} ${{ matrix.distribution }}
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: ${{ matrix.distribution }}
cache: maven
- name: Build with Maven
run: |
if [[ ${{ github.ref_name }} == 'main' ]]; then
./mvnw -B package -Pcoverage --file pom.xml
else
./mvnw -B package
fi
- name: Upload failed test reports
uses: actions/upload-artifact@v3
if: always()
with:
name: surefire-reports_java${{ matrix.java }}
path: xmppserver/target/surefire-reports
- name: Upload distribution
if: ${{ matrix.distribution == 'zulu' }}
uses: actions/upload-artifact@v3
with:
name: distribution-java${{ matrix.java }}
path: distribution/target/distribution-base
- name: Upload test files
if: ${{ matrix.distribution == 'zulu' }}
uses: actions/upload-artifact@v3
with:
name: test-files
path: |
runIntegrationTests
runAioxmppIntegrationTests
runConnectivityIntegrationTests
test.gradle
- name: Upload coverage report for 'xmppserver' module
if: ${{ matrix.distribution == 'zulu' && matrix.java == 11 && github.ref_name == 'main'}}
uses: actions/upload-artifact@v3
with:
name: Coverage Report for 'xmppserver' module
path: xmppserver/target/site/jacoco/
aioxmpp:
name: Execute aioxmpp-based CI tests
runs-on: ubuntu-latest
needs: build
steps:
- name: Set JAVA_HOME to use Java 11
run: echo "JAVA_HOME=$(echo $JAVA_HOME_11_X64)" >> $GITHUB_ENV
- name: Download distribution artifact from build job.
uses: actions/download-artifact@v3
with:
name: distribution-java11
path: distribution/target/distribution-base
- name: Download test files from build job.
uses: actions/download-artifact@v3
with:
name: test-files
- name: Fix file permissions
run: |
chmod +x distribution/target/distribution-base/bin/openfire.sh
chmod +x ./runAioxmppIntegrationTests
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: 3.11
check-latest: true # attempt to prevent to use 3.11.3 by enticing the runner to update (to something later)
- name: Run aioxmpp tests
run: ./runAioxmppIntegrationTests -d -l -h example.org -i 127.0.0.1 || ./runAioxmppIntegrationTests -d -l -h example.org -i 127.0.0.1 || ./runAioxmppIntegrationTests -d -l -h example.org -i 127.0.0.1 # Try tests a few times, in case of flakiness
- name: Expose test output
if: always()
uses: actions/upload-artifact@v3
with:
name: aioxmpp test output
path: aioxmpp/output
- name: Expose openfire output
if: always()
uses: actions/upload-artifact@v3
with:
name: openfire logs
path: distribution/target/distribution-base/logs/*
check_branch:
runs-on: ubuntu-latest
outputs:
is_publishable_branch: ${{ steps.check-branch.outputs.is_publishable_branch }}
steps:
- name: check branch ${{ github.ref }} is either main or a version number
id: check-branch
run: |
if [[ ${{ github.ref }} == 'refs/heads/main' || ${{ github.ref }} =~ refs\/heads\/[0-9]+\.[0-9]+ ]]; then
echo "is_publishable_branch=true" >> $GITHUB_OUTPUT
else
echo "is_publishable_branch=false" >> $GITHUB_OUTPUT
fi
connectivity:
name: Execute Connectivity CI tests
runs-on: ubuntu-latest
needs: build
steps:
- name: Set JAVA_HOME to use Java 11
run: echo "JAVA_HOME=$(echo $JAVA_HOME_11_X64)" >> $GITHUB_ENV
- name: Download distribution artifact from build job.
uses: actions/download-artifact@v3
with:
name: distribution-java11
path: distribution/target/distribution-base
- name: Download test files from build job.
uses: actions/download-artifact@v3
with:
name: test-files
- name: Set up Java
uses: actions/setup-java@v4
with:
java-version: 11
distribution: zulu
- name: Fix file permissions
run: |
chmod +x distribution/target/distribution-base/bin/openfire.sh
chmod +x ./runConnectivityIntegrationTests
- name: Run connectivity tests
run: ./runConnectivityIntegrationTests -d -l -i 127.0.0.1
smack:
name: Execute Smack-based CI tests
runs-on: ubuntu-latest
needs: build
steps:
- name: Set JAVA_HOME to use Java 11
run: echo "JAVA_HOME=$(echo $JAVA_HOME_11_X64)" >> $GITHUB_ENV
- name: Download distribution artifact from build job.
uses: actions/download-artifact@v3
with:
name: distribution-java11
path: distribution/target/distribution-base
- name: Download test files from build job.
uses: actions/download-artifact@v3
with:
name: test-files
- name: Set up Java
uses: actions/setup-java@v4
with:
java-version: 11
distribution: zulu
- name: Fix file permissions
run: |
chmod +x distribution/target/distribution-base/bin/openfire.sh
chmod +x ./runIntegrationTests
- name: Run smack tests
run: ./runIntegrationTests -d -l -i 127.0.0.1
publish-maven:
name: Publish to Maven
runs-on: ubuntu-latest
needs: [aioxmpp, connectivity, smack, check_branch]
if: ${{github.repository == 'igniterealtime/Openfire' && github.event_name == 'push' && needs.check_branch.outputs.is_publishable_branch == 'true'}}
steps:
- uses: actions/checkout@v4
with:
# Defend against another commit quickly following the first
# We want the one that's been tested, rather than the head of main
ref: ${{ github.event.push.after }}
- name: Set up Java for publishing
uses: actions/setup-java@v4
with:
java-version: 11
distribution: zulu
cache: maven
server-id: igniterealtime
server-username: IGNITE_REALTIME_MAVEN_USERNAME
server-password: IGNITE_REALTIME_MAVEN_PASSWORD
- name: Publish
run: ./mvnw -B deploy -Pci -Dmaven.test.skip=true
env:
IGNITE_REALTIME_MAVEN_USERNAME: ${{ secrets.IGNITE_REALTIME_MAVEN_USERNAME }}
IGNITE_REALTIME_MAVEN_PASSWORD: ${{ secrets.IGNITE_REALTIME_MAVEN_PASSWORD }}
can-publish-docker:
# Based on https://github.com/GabLeRoux/github-actions-examples/blob/e0468ce2731b08bd8b1f7cd09d0b94c541310693/.github/workflows/secret_based_conditions.yml
name: Check if Docker Hub secrets exist
runs-on: ubuntu-latest
needs: [build, aioxmpp, connectivity, smack]
outputs:
is_DOCKERHUB_SECRET_set: ${{ steps.checksecret_job.outputs.is_DOCKERHUB_SECRET_set }}
steps:
- name: Check whether Docker Publish should be done
id: checksecret_job
env:
DOCKERHUB_SECRET: ${{ secrets.DOCKERHUB_TOKEN }}
run: |
echo "is_DOCKERHUB_SECRET_set: ${{ env.DOCKERHUB_SECRET != '' }}"
echo "is_DOCKERHUB_SECRET_set=${{ env.DOCKERHUB_SECRET != '' }}" >> $GITHUB_OUTPUT
publish-docker:
name: Publish to Docker Hub
runs-on: ubuntu-latest
needs: [can-publish-docker]
if: |
needs.can-publish-docker.outputs.is_DOCKERHUB_SECRET_set == 'true' &&
github.event_name == 'push' &&
(contains(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main')
outputs:
imagedigest: ${{ steps.docker_build.outputs.digest }}
steps:
- name: Set up variables if we're on main
if: ${{ github.ref == 'refs/heads/main' }}
run: echo "SOURCE_TAG=alpha" >> $GITHUB_ENV
- name: Set up variables if we're on a tag
if: ${{ contains(github.ref, 'refs/tags/') }}
run: echo "SOURCE_TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
- uses: actions/checkout@v4
with:
# Defend against another commit quickly following the first
# We want the one that's been tested, rather than the head of main
ref: ${{ github.event.push.after }}
- name: Download distribution artifact from build job.
uses: actions/download-artifact@v3
with:
name: distribution-java11
path: distribution/target/distribution-base
- name: Fix file permissions
run: find . -type f -name '*.sh' -exec chmod +x {} \;
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Cache Docker layers # TODO: Validate that caches are faster than no caches
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push to Docker Hub
id: docker_build
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ secrets.DOCKERHUB_OPENFIREIMAGE }}:${{ env.SOURCE_TAG }}
platforms: linux/amd64,linux/arm64
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
- name: Move cache
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Image digest
run: |
echo Images published:
echo ${{ secrets.DOCKERHUB_OPENFIREIMAGE }}:${{ steps.docker_build.outputs.digest }}
echo ${{ secrets.DOCKERHUB_OPENFIREIMAGE }}:${{ env.SOURCE_TAG }}
test-published-docker:
name: Test tagged images published to Docker Hub
runs-on: ubuntu-latest
needs: [publish-docker]
if: contains(github.ref, 'refs/tags/')
steps:
- name: Launch & Check Openfire
run: |
docker run --name openfire -d -p 9090:9090 ${{ secrets.DOCKERHUB_OPENFIREIMAGE }}@${{needs.publish-docker.outputs.imagedigest}}
attempt_counter=0
max_attempts=30
until $(curl --output /dev/null --silent --head --fail http://127.0.0.1:9090); do
if [ ${attempt_counter} -eq ${max_attempts} ];then
echo "Max attempts reached. Openfire failed to launch."
exit 1
fi
printf '.'
attempt_counter=$(($attempt_counter+1))
sleep 1
done
echo "Openfire Admin is reachable."
docker logs openfire