Initial version of new ci scripts

2020-11-10 22:26:26 +01:00 · 2020-11-10 22:26:26 +01:00 · 3d4928dfbb
commit 3d4928dfbb
parent 154f9387b2
14 changed files with 348 additions and 30 deletions
--- a/.ci/README.md
+++ b/.ci/README.md
@ -0,0 +1,16 @@
+## PMD CI Scripts
+
+This folder contains scripts used for CI.
+
+## Secrets
+
+One secret is required for decrypting the GPG Key with which the PMD Releases are signed and
+for a ssh key, which is used to copy files to sourceforge.
+
+## Environment variables
+
+* `PMD_CI_SECRET_PASSPHRASE`
+* `CI_DEPLOY_PASSWORD`
+* `CI_SIGN_PASSPHRASE`
+
+
--- a/.ci/build.sh
+++ b/.ci/build.sh
@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+source $(dirname $0)/logger.inc
+source ${HOME}/java.env
+
+set -e
+
+# configure maven
+# probably not needed? echo "MAVEN_OPTS='-Xms1g -Xmx1g'" > ${HOME}/.mavenrc
+mkdir -p ${HOME}/.m2
+cp .ci/maven-settings.xml ${HOME}/.m2/settings.xml
+
+
+#MVN_BUILD_FLAGS="-B -V  -Djava7.home=${HOME}/oraclejdk7"
+MVN_BUILD_FLAGS="-B -V"
+
+log_info "This is a snapshot build"
+./mvnw deploy -Possrh,sign $MVN_BUILD_FLAGS
+
+# Deploy to sourceforge files
+#sourceforge_uploadFile "${VERSION}" "pmd-dist/target/pmd-bin-${VERSION}.zip"
+#sourceforge_uploadFile "${VERSION}" "pmd-dist/target/pmd-src-${VERSION}.zip"
+
+#regression-tester_uploadBaseline
+
+#build and upload doc
--- a/.ci/check-environment.sh
+++ b/.ci/check-environment.sh
@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+#
+# This script should check, that all needed commands are available
+# and are in the correct version.
+#
+
+source logger.inc
+
+set -e
+
+ruby --version | grep "ruby 2.7" || (log_error "Ruby is missing"; exit 1)
--- a/.ci/id_rsa.gpg
+++ b/.ci/id_rsa.gpg
--- a/.ci/id_rsa.pub
+++ b/.ci/id_rsa.pub
@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yHVLHYDsKui8tYg/sFvkDqcs97pEZz0BzK9HtBF4O+/It1drRYRdUAFfjoImfprpKSxkJCTglHixGRp24eNaZ6woWVJ4/bmiMkEqEZAjr1NZ3qw7zIruMJMSkCV+YTtmL4cYcZlvMRPzzOZOnFbV05oi79oy41MUFHYjolK9QxMFNsVNN5iyzFxM3HqSFozz+ylKbFBtDk6ZHZQNRL/Xl2V9DJ69fVzjG4OZfcWNGmmKHHARmsnJyUOMeeKpLjDOe1M6ZdI8HkXWac8yCr9JTETNZZwemZAcS/RKoKCDqfIUOzkZfIPmyaznfVetTGsMi7yQrJhAyjznuNGF4+3lfgTcmRF8wz5FCeUkdYTmy2wNSFi5HiLPfC5OgRtjKzC6yb8rbRjDx6XQ2ph15PKOaXwzk49TaMc0xJvoiGDMZaTU0iTm3Y1/QUtfLvo3/jGMbtUdV3soWpuBAV2JUI4aB5xdLX9iNmcrVzoUe3y9DWuuTX46eoCvpUNXv/DXKhQw1D7xd7J67db5qUck/Akiqi0JR+e0SoBJvZFtYwVNLGC2bIJ/s8SR8X5Zp+1+ypf3WYjIylxQTkO1r4NfI0Cd9qXg7nmUrHAU7Z6xtJmUK8ZWzSST4wul8WkRJURtODLxt5firtlKhyZ93t9Mjuk6mATIPxr/b3x20T+IH463kw== ssh key for pmd. used for travis accessing sourceforge and github.
--- a/.ci/install-openjdk.sh
+++ b/.ci/install-openjdk.sh
@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+
+#
+# Downloads openjdk from AdoptOpenJDK by accessing the API.
+# The API is documented at https://api.adoptopenjdk.net/swagger-ui/
+#
+
+source $(dirname $0)/logger.inc
+
+
+case "$(uname)" in
+    Linux*)
+        JDK_OS=linux
+        JDK_EXT=tar.gz
+        COMPONENTS_TO_STRIP=1 # e.g. openjdk-11.0.3+7/bin/java
+        ;;
+    Darwin*)
+        JDK_OS=mac
+        JDK_EXT=tar.gz
+        COMPONENTS_TO_STRIP=3 # e.g. jdk-11.0.3+7/Contents/Home/bin/java
+    ;;
+    CYGWIN*|MINGW*)
+        JDK_OS=windows
+        JDK_EXT=zip
+    ;;
+    *)
+        
+    ;;
+esac
+
+
+JDK_VERSION=11
+DOWNLOAD_URL=https://api.adoptopenjdk.net/v3/binary/latest/${JDK_VERSION}/ga/${JDK_OS}/x64/jdk/hotspot/normal/adoptopenjdk?project=jdk
+OPENJDK_ARCHIVE=openjdk-${JDK_VERSION}-${JDK_OS}.${JDK_EXT}
+
+CACHE_DIR=${HOME}/.cache/openjdk
+TARGET_DIR=${HOME}/openjdk${OPENJDK_VERSION}
+
+mkdir -p ${CACHE_DIR}
+mkdir -p ${TARGET_DIR}
+
+if [ ! -e ${CACHE_DIR}/${OPENJDK_ARCHIVE} ]; then
+    log_info "Downloading from ${DOWNLOAD_URL} to ${CACHE_DIR}"
+    wget --directory-prefix=${CACHE_DIR} --timestamping --continue --output-document=${OPENJDK_ARCHIVE} ${DOWNLOAD_URL}
+else
+    log_info "Skipped download, file ${CACHE_DIR}/${OPENJDK_ARCHIVE} already exists"
+fi
+
+log_info "Extracting to ${TARGET_DIR}"
+
+if [ "${JDK_EXT}" = "zip" ]; then
+    7z x ${CACHE_DIR}/${OPENJDK_ARCHIVE} -o${TARGET_DIR}
+    mv ${TARGET_DIR}/*/* ${TARGET_DIR}/
+else
+    tar --extract --file ${CACHE_DIR}/${OPENJDK_ARCHIVE} -C ${TARGET_DIR} --strip-components=${COMPONENTS_TO_STRIP}
+fi
+
+cat > ${HOME}/java.env <<EOF
+export JAVA_HOME="${TARGET_DIR}"
+export PATH="${TARGET_DIR}/bin:${PATH}"
+java -version
+EOF
+
+log_info "OpenJDK can be used via ${HOME}/java.env"
+cat ${HOME}/java.env
+source ${HOME}/java.env
+
--- a/.ci/logger.inc
+++ b/.ci/logger.inc
@ -0,0 +1,21 @@
+COL_GREEN="\e[32m"
+COL_RED="\e[31m"
+COL_RESET="\e[0m"
+COL_YELLOW="\e[33;1m"
+
+function log_error() {
+    echo -e "${COL_RED}[ERROR  ] $*${COL_RESET}"
+}
+
+function log_info() {
+    echo -e "${COL_YELLOW}[INFO   ] $*${COL_RESET}"
+}
+
+function log_success() {
+    echo -e "${COL_GREEN}[SUCCESS] $*${COL_RESET}"
+}
+
+function log_debug() {
+    #true
+    echo -e "[DEBUG  ] $*"
+}
--- a/.ci/maven-settings.xml
+++ b/.ci/maven-settings.xml
@ -0,0 +1,31 @@
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
+                      http://maven.apache.org/xsd/settings-1.0.0.xsd">
+  <localRepository/>
+  <interactiveMode/>
+  <usePluginRegistry/>
+  <offline/>
+  <pluginGroups>
+    <pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
+  </pluginGroups>
+  <servers>
+    <server>
+      <id>ossrh</id>
+      <username>adangel</username>
+      <password>${env.CI_DEPLOY_PASSWORD}</password>
+    </server>
+  </servers>
+  <mirrors/>
+  <proxies/>
+  <profiles>
+    <profile>
+      <id>ossrh</id>
+      <properties>
+        <gpg.keyname>0xD0BF1D737C9A1C22</gpg.keyname>
+        <gpg.passphrase>${env.CI_SIGN_PASSPHRASE}</gpg.passphrase>
+      </properties>
+    </profile>
+  </profiles>
+  <activeProfiles/>
+</settings>
--- a/.ci/release-signing-key-D0BF1D737C9A1C22.gpg.gpg
+++ b/.ci/release-signing-key-D0BF1D737C9A1C22.gpg.gpg
--- a/.ci/setup-secrets.sh
+++ b/.ci/setup-secrets.sh
@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+
+source $(dirname $0)/logger.inc
+
+log_info "Setting up secrets..."
+
+mkdir -p ${HOME}/.ssh
+chmod 700 "${HOME}/.ssh"
+gpg --symmetric --cipher-algo AES256 --batch --passphrase="$PMD_CI_SECRET_PASSPHRASE" \
+    --decrypt --output ${HOME}/id_rsa .ci/id_rsa.gpg
+chmod 600 "${HOME}/.ssh/id_rsa"
+
+mkdir -p "${HOME}/.gpg"
+gpg --symmetric --cipher-algo AES256 --batch --passphrase="$PMD_CI_SECRET_PASSPHRASE" \
+    --decrypt --output .ci/release-signing-key-D0BF1D737C9A1C22.gpg .ci/release-signing-key-D0BF1D737C9A1C22.gpg.gpg
+gpg --batch --import .ci/release-signing-key-D0BF1D737C9A1C22.gpg
+rm .ci/release-signing-key-D0BF1D737C9A1C22.gpg
+
+log_info "Setting up .ssh/known_hosts..."
+#
+# https://sourceforge.net/p/forge/documentation/SSH%20Key%20Fingerprints/
+#
+# run locally:
+# ssh-keyscan web.sourceforge.net | tee -a known_hosts
+#
+# verify fingerprints:
+# ssh-keygen -F web.sourceforge.net -l -f known_hosts 
+# # Host web.sourceforge.net found: line 1 
+# web.sourceforge.net RSA SHA256:xB2rnn0NUjZ/E0IXQp4gyPqc7U7gjcw7G26RhkDyk90 
+# # Host web.sourceforge.net found: line 2 
+# web.sourceforge.net ECDSA SHA256:QAAxYkf0iI/tc9oGa0xSsVOAzJBZstcO8HqGKfjpxcY 
+# # Host web.sourceforge.net found: line 3 
+# web.sourceforge.net ED25519 SHA256:209BDmH3jsRyO9UeGPPgLWPSegKmYCBIya0nR/AWWCY 
+#
+# then add output of `ssh-keygen -F web.sourceforge.net -f known_hosts`
+#
+echo 'web.sourceforge.net ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2uifHZbNexw6cXbyg1JnzDitL5VhYs0E65Hk/tLAPmcmm5GuiGeUoI/B0eUSNFsbqzwgwrttjnzKMKiGLN5CWVmlN1IXGGAfLYsQwK6wAu7kYFzkqP4jcwc5Jr9UPRpJdYIK733tSEmzab4qc5Oq8izKQKIaxXNe7FgmL15HjSpatFt9w/ot/CHS78FUAr3j3RwekHCm/jhPeqhlMAgC+jUgNJbFt3DlhDaRMa0NYamVzmX8D47rtmBbEDU3ld6AezWBPUR5Lh7ODOwlfVI58NAf/aYNlmvl2TZiauBCTa7OPYSyXJnIPbQXg6YQlDknNCr0K769EjeIlAfY87Z4tw==' >> "$HOME/.ssh/known_hosts"
+echo 'web.sourceforge.net ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCwsY6sZT4MTTkHfpRzYjxG7mnXrGL74RCT2cO/NFvRrZVNB5XNwKNn7G5fHbYLdJ6UzpURDRae1eMg92JG0+yo=' >> "$HOME/.ssh/known_hosts"
+echo 'web.sourceforge.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQD35Ujalhh+JJkPvMckDlhu4dS7WH6NsOJ15iGCJLC' >> "$HOME/.ssh/known_hosts"
+
+# add pmd-code.org (ssh-keyscan pmd-code.org)
+echo 'pmd-code.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVsIeF6xU0oPb/bMbxG1nU1NDyBpR/cBEPZcm/PuJwdI9B0ydPHA6FysqAnt32fNFznC2SWisnWyY3iNsP3pa8RQJVwmnnv9OboGFlW2/61o3iRyydcpPbgl+ADdt8iU9fmMI7dC04UqgHGBoqOwVNna9VylTjp5709cK2qHnwU450F6YcOEiOKeZfJvV4PmpJCz/JcsUVqft6StviR31jKnqbnkZdP8qNoTbds6WmGKyXkhHdLSZE7X1CFQH28tk8XFqditX93ezeCiThFL7EleDexV/3+2+cs5878sDMUMzHS5KShTjkxzhHaodhtIEdNesinq/hOPbxAGkQ0FbD' >> $HOME/.ssh/known_hosts
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -1,30 +0,0 @@
-name: Java CI
-
-on: [push, pull_request]
-
-jobs:
-  build:
-    runs-on: ${{ matrix.os }}
-    continue-on-error: ${{ matrix.experimental }}
-    if: "!contains(github.event.head_commit.message, '[skip ci]')"
-    strategy:
-      matrix:
-        os: [ ubuntu-latest , windows-latest , macos-latest ]
-        java: [ 11 ]
-        experimental: [ false ]
-
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
-      - name: Set up JDK ${{ matrix.java }}
-        uses: actions/setup-java@v1
-        with:
-          java-version: ${{ matrix.java }}
-      - name: Build with mvnw
-        run: |
-          ./mvnw -V clean install
--- a/.github/workflows/pull-requests.yml
+++ b/.github/workflows/pull-requests.yml
@ -0,0 +1,30 @@
+name: Pull Requests
+
+on: pull_request
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    continue-on-error: false
+    if: "!contains(github.event.head_commit.message, '[skip ci]')"
+    strategy:
+      matrix:
+        os: [ ubuntu-latest, windows-latest, macos-latest ]
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.m2/repository
+            ~/.cache
+          key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-
+      - name: Install OpenJDK
+        run: .ci/install-openjdk.sh
+        shell: bash
+      - name: Build with mvnw
+        run: |
+          source ${HOME}/java.env
+          ./mvnw -V clean install
--- a/.github/workflows/pushes.yml
+++ b/.github/workflows/pushes.yml
@ -0,0 +1,85 @@
+name: Pushes
+on:
+  push:
+    branches:
+      - main
+      - master
+  schedule:
+    # build it monthly: At 04:00 on day-of-month 1.
+    - cron:  '0 4 1 * *'
+
+jobs:
+  linux:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.m2/repository
+            ~/.cache
+          key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-
+      - name: Set up Ruby 2.7
+        uses: actions/setup-ruby@v1
+        with:
+          ruby-version: 2.7
+      - name: Check Environment
+        run: .ci/check-environment.sh
+        shell: bash
+      - name: Setup Secrets
+        run: .ci/setup-secrets.sh
+        shell: bash
+        env:
+          PMD_CI_SECRET_PASSPHRASE: ${{ secrets.PMD_CI_SECRET_PASSPHRASE }}
+      - name: Install OpenJDK
+        run: .ci/install-openjdk.sh
+        shell: bash
+      - name: build
+        run: .ci/build.sh
+        shell: bash
+        env:
+          PMD_CI_SECRET_PASSPHRASE: ${{ secrets.PMD_CI_SECRET_PASSPHRASE }}
+          CI_DEPLOY_PASSWORD: ${{ secrets.CI_DEPLOY_PASSWORD }}
+          CI_SIGN_PASSPHRASE: ${{ secrets.CI_SIGN_PASSPHRASE }}
+
+  windows:
+    runs-on: windows-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.m2/repository
+            ~/.cache
+          key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-
+      - name: Install OpenJDK
+        run: .ci/install-openjdk.sh
+        shell: bash
+      - name: Build with mvnw
+        run: |
+          source ${HOME}/java.env
+          ./mvnw -V clean install
+
+  macos:
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.m2/repository
+            ~/.cache
+          key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-
+      - name: Install OpenJDK
+        run: .ci/install-openjdk.sh
+        shell: bash
+      - name: Build with mvnw
+        run: |
+          source ${HOME}/java.env
+          ./mvnw -V clean install
--- a/.github/workflows/releases.yml
+++ b/.github/workflows/releases.yml
@ -0,0 +1,17 @@
+name: Release Builds
+on:
+  push:
+    tags:
+      - 'pmd_releases/*'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    continue-on-error: false
+    steps:
+      - uses: actions/checkout@v2
+      - name: Run Release Script
+        run: .ci/release.sh
+        shell: bash
+        env:
+          PMD_CI_SECRET_PASSPHRASE: ${{ secrets.PMD_CI_SECRET_PASSPHRASE }}
				`@ -0,0 +1 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yHVLHYDsKui8tYg/sFvkDqcs97pEZz0BzK9HtBF4O+/It1drRYRdUAFfjoImfprpKSxkJCTglHixGRp24eNaZ6woWVJ4/bmiMkEqEZAjr1NZ3qw7zIruMJMSkCV+YTtmL4cYcZlvMRPzzOZOnFbV05oi79oy41MUFHYjolK9QxMFNsVNN5iyzFxM3HqSFozz+ylKbFBtDk6ZHZQNRL/Xl2V9DJ69fVzjG4OZfcWNGmmKHHARmsnJyUOMeeKpLjDOe1M6ZdI8HkXWac8yCr9JTETNZZwemZAcS/RKoKCDqfIUOzkZfIPmyaznfVetTGsMi7yQrJhAyjznuNGF4+3lfgTcmRF8wz5FCeUkdYTmy2wNSFi5HiLPfC5OgRtjKzC6yb8rbRjDx6XQ2ph15PKOaXwzk49TaMc0xJvoiGDMZaTU0iTm3Y1/QUtfLvo3/jGMbtUdV3soWpuBAV2JUI4aB5xdLX9iNmcrVzoUe3y9DWuuTX46eoCvpUNXv/DXKhQw1D7xd7J67db5qUck/Akiqi0JR+e0SoBJvZFtYwVNLGC2bIJ/s8SR8X5Zp+1+ypf3WYjIylxQTkO1r4NfI0Cd9qXg7nmUrHAU7Z6xtJmUK8ZWzSST4wul8WkRJURtODLxt5firtlKhyZ93t9Mjuk6mATIPxr/b3x20T+IH463kw== ssh key for pmd. used for travis accessing sourceforge and github.