From 3d4928dfbb9fefbd4e7b883710d81f424b5c66f4 Mon Sep 17 00:00:00 2001 From: Andreas Dangel Date: Tue, 10 Nov 2020 22:26:26 +0100 Subject: [PATCH] Initial version of new ci scripts --- .ci/README.md | 16 ++++ .ci/build.sh | 26 ++++++ .ci/check-environment.sh | 12 +++ .ci/id_rsa.gpg | Bin 0 -> 2557 bytes .ci/id_rsa.pub | 1 + .ci/install-openjdk.sh | 67 ++++++++++++++ .ci/logger.inc | 21 +++++ .ci/maven-settings.xml | 31 +++++++ ...lease-signing-key-D0BF1D737C9A1C22.gpg.gpg | Bin 0 -> 8226 bytes .ci/setup-secrets.sh | 42 +++++++++ .github/workflows/build.yml | 30 ------- .github/workflows/pull-requests.yml | 30 +++++++ .github/workflows/pushes.yml | 85 ++++++++++++++++++ .github/workflows/releases.yml | 17 ++++ 14 files changed, 348 insertions(+), 30 deletions(-) create mode 100644 .ci/README.md create mode 100755 .ci/build.sh create mode 100755 .ci/check-environment.sh create mode 100644 .ci/id_rsa.gpg create mode 100644 .ci/id_rsa.pub create mode 100755 .ci/install-openjdk.sh create mode 100644 .ci/logger.inc create mode 100644 .ci/maven-settings.xml create mode 100644 .ci/release-signing-key-D0BF1D737C9A1C22.gpg.gpg create mode 100755 .ci/setup-secrets.sh delete mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/pull-requests.yml create mode 100644 .github/workflows/pushes.yml create mode 100644 .github/workflows/releases.yml diff --git a/.ci/README.md b/.ci/README.md new file mode 100644 index 0000000000..bca56da5cf --- /dev/null +++ b/.ci/README.md @@ -0,0 +1,16 @@ +## PMD CI Scripts + +This folder contains scripts used for CI. + +## Secrets + +One secret is required for decrypting the GPG Key with which the PMD Releases are signed and +for a ssh key, which is used to copy files to sourceforge. + +## Environment variables + +* `PMD_CI_SECRET_PASSPHRASE` +* `CI_DEPLOY_PASSWORD` +* `CI_SIGN_PASSPHRASE` + + diff --git a/.ci/build.sh b/.ci/build.sh new file mode 100755 index 0000000000..295344ded5 --- /dev/null +++ b/.ci/build.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +source $(dirname $0)/logger.inc +source ${HOME}/java.env + +set -e + +# configure maven +# probably not needed? echo "MAVEN_OPTS='-Xms1g -Xmx1g'" > ${HOME}/.mavenrc +mkdir -p ${HOME}/.m2 +cp .ci/maven-settings.xml ${HOME}/.m2/settings.xml + + +#MVN_BUILD_FLAGS="-B -V -Djava7.home=${HOME}/oraclejdk7" +MVN_BUILD_FLAGS="-B -V" + +log_info "This is a snapshot build" +./mvnw deploy -Possrh,sign $MVN_BUILD_FLAGS + +# Deploy to sourceforge files +#sourceforge_uploadFile "${VERSION}" "pmd-dist/target/pmd-bin-${VERSION}.zip" +#sourceforge_uploadFile "${VERSION}" "pmd-dist/target/pmd-src-${VERSION}.zip" + +#regression-tester_uploadBaseline + +#build and upload doc diff --git a/.ci/check-environment.sh b/.ci/check-environment.sh new file mode 100755 index 0000000000..524e3247cf --- /dev/null +++ b/.ci/check-environment.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +# +# This script should check, that all needed commands are available +# and are in the correct version. +# + +source logger.inc + +set -e + +ruby --version | grep "ruby 2.7" || (log_error "Ruby is missing"; exit 1) diff --git a/.ci/id_rsa.gpg b/.ci/id_rsa.gpg new file mode 100644 index 0000000000000000000000000000000000000000..8e68ae0f100435fca4d9c8066e5dbd2117687a73 GIT binary patch literal 2557 zcmV!5$``#6|RLZhUVdBKN+V=w;z99mr9QTC3Z zAe@zNZ~6_Iv1b1cQpVX-o>T!pH@*jfk$6tXh9Wh*$=k5_`Fl|GDKoavxUlA!Ep07e zbb9d9VnagZPnaUm4;v})+Z)46v3E*u(`&M;vpOLWnYt&%)2H5TCj8XzsRN0D^IMAw=(g%pB^cO7PUO%`!e!52(8Nd? zVuj~0yrP1dtqtl9hyRoeu7%6NBUq|=nZqQ-^~|h9u`@~xSU&Ujj&)A_wK{uA4lt-x z*Ljfk9r8IhuM=Z4FI!%LW3g>6e!eysMg^$5=1777L2OlUFJk`RfTZZy8@epgoB6qr4 zg6zy~EgI7tW@Of%RRQGC4XWOiq$gsU9t!~$(^yY!HE5a;?OPhNy%9h~wOFA4!Gh29 z7G)0(Oj;sOh`QS~7UU=0=ub*btn(Fw6UHM^F!+iRgHT9iniv7S@Q?`JJ?frq2h zrxl>dbgVs2U;x*1trEKjhRR$4H$K~689Y4^?Bkdewfd17j8>d=2Jc9ye{-WBsPXpr zV>3_FpkF?H#rXjDT^KrRlBjqD=j?%87OA%z=T{BuWgOSspCqEQwb|@$fH3gd>vPA} z5G=?$0Dz@^OJ}u6@5zaH;nNRWZ%zy88w`)5a0DN`l8HUNU8b{6(>BTJku~T`3AZKM zeliav!l&y`PI!4`>YZic^zDGFq?_d8=#t@@Xx^!|;L{>n^Rj?Yet$Rq?bSr70#_hn zhheYlKFfj{kr><`*e0ulkSK#rRkp=!SlU{nG5Z~+*ft%H=uj)`8#tFfFnP?|KaGjn zfS2~wZfwWFRePmIBF8`tY2@H?q99{ScKV(ueyN9QP1wSQa>co`B0BLKZ~XUil>||m zm+7T@z<0B;avhxJMjcgHLQXQ*czHn*R2BfRN(;WHyZ!XmG_CJdo@}$iV5*lK9BA20 ziLEUTjklY+UNui}ojS1JnY>)FPa@&{E#t316u#mFTy6MZ6a@dTYl#VVien4atgXRCAG){bB3Fh2w?T(wGN zLTDl6oM?R%3?@VH`>pHmoo&dSj^~i*bU$reMC-s z<>o|GB~v>O;}Pd=EM*8DqiJx0KM_Wq2o%9S`g*<-QH}KQ9A~;GyJc2*H)n+y@Jrpo z3E&a*dAlgjaWX7GS&Vdid$-Cce}zMK^~_tuzki+x;$cZyC16Sc`ArfZIWztzhyt>( z($=aY)Z`BwFHp(#?t6s>!x-wS&CpBgCgoxyC1U)mosnZ)>Jn&wDmLnO#P>g>1$R|> zmU?jY>kefOXlJIXWTy?!X5o-WYxEXQAa2=~(H9ko92s6S>p?vS#+OiiW-& z;{lQ4e_IUbR{yyn@sKXLqq-q&Pr}+_T);i#ZC6FRQmMt)$%TM+E;w4DQ64m2+qFP? zBxvMdbc%;d$m0rZ{gCOp_NSPZ{*F?)qc7@D@~$p(61hpEMaL!zOO$ z#nbqs+K8lQ`U(s`FjH%Q+r;z6`0pVbhf+m*oz6HTV4h8&D(c^dw!MNF)djhghFm3n zjm_==z4T5vWr8ItC0zai%4R^|iY$qpbtL9(PVlI#3#P_iDdSZgt4!;hOgLFwObztq zvT9Pn#DoDl)XcM}Voo$3H)t*aVIsHVR;b&%E~AOI4yXU@9D~5dGkKY|qe+l{+1*4pZ94ub;)NC}d9;>@qDJ#R?)dF+T;-qeWdAc?t1qm^k%ZW2DWpS|>o zluFTk1+G2jz2o$v_T?R*eOu?Ers)?3M#qh^vR=8L373S~i<03u+#DCo&`F3=o^gT{N49K|#e$)HI9(>woA zm3Lc8cHs$&YuBh$B|3C(YgLG*3d~X~G}tHOv9r`L63tE~^N! zjXhBCW}kE0AE)q*J0L1tIYMph#ABztuX}J$D0sQ65m|fWOMp)Onq*9N*`jpi}kciBI%~TaH{2H6EV^!t>ISI%8o$t?8>dk)e{BQ!-@l2;;{{oxQHU Ttgvvhf~HU5@82)qpB@Z;=9uuZ literal 0 HcmV?d00001 diff --git a/.ci/id_rsa.pub b/.ci/id_rsa.pub new file mode 100644 index 0000000000..7e1b51e198 --- /dev/null +++ b/.ci/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yHVLHYDsKui8tYg/sFvkDqcs97pEZz0BzK9HtBF4O+/It1drRYRdUAFfjoImfprpKSxkJCTglHixGRp24eNaZ6woWVJ4/bmiMkEqEZAjr1NZ3qw7zIruMJMSkCV+YTtmL4cYcZlvMRPzzOZOnFbV05oi79oy41MUFHYjolK9QxMFNsVNN5iyzFxM3HqSFozz+ylKbFBtDk6ZHZQNRL/Xl2V9DJ69fVzjG4OZfcWNGmmKHHARmsnJyUOMeeKpLjDOe1M6ZdI8HkXWac8yCr9JTETNZZwemZAcS/RKoKCDqfIUOzkZfIPmyaznfVetTGsMi7yQrJhAyjznuNGF4+3lfgTcmRF8wz5FCeUkdYTmy2wNSFi5HiLPfC5OgRtjKzC6yb8rbRjDx6XQ2ph15PKOaXwzk49TaMc0xJvoiGDMZaTU0iTm3Y1/QUtfLvo3/jGMbtUdV3soWpuBAV2JUI4aB5xdLX9iNmcrVzoUe3y9DWuuTX46eoCvpUNXv/DXKhQw1D7xd7J67db5qUck/Akiqi0JR+e0SoBJvZFtYwVNLGC2bIJ/s8SR8X5Zp+1+ypf3WYjIylxQTkO1r4NfI0Cd9qXg7nmUrHAU7Z6xtJmUK8ZWzSST4wul8WkRJURtODLxt5firtlKhyZ93t9Mjuk6mATIPxr/b3x20T+IH463kw== ssh key for pmd. used for travis accessing sourceforge and github. diff --git a/.ci/install-openjdk.sh b/.ci/install-openjdk.sh new file mode 100755 index 0000000000..924fb7e025 --- /dev/null +++ b/.ci/install-openjdk.sh @@ -0,0 +1,67 @@ +#!/usr/bin/env bash + +# +# Downloads openjdk from AdoptOpenJDK by accessing the API. +# The API is documented at https://api.adoptopenjdk.net/swagger-ui/ +# + +source $(dirname $0)/logger.inc + + +case "$(uname)" in + Linux*) + JDK_OS=linux + JDK_EXT=tar.gz + COMPONENTS_TO_STRIP=1 # e.g. openjdk-11.0.3+7/bin/java + ;; + Darwin*) + JDK_OS=mac + JDK_EXT=tar.gz + COMPONENTS_TO_STRIP=3 # e.g. jdk-11.0.3+7/Contents/Home/bin/java + ;; + CYGWIN*|MINGW*) + JDK_OS=windows + JDK_EXT=zip + ;; + *) + + ;; +esac + + +JDK_VERSION=11 +DOWNLOAD_URL=https://api.adoptopenjdk.net/v3/binary/latest/${JDK_VERSION}/ga/${JDK_OS}/x64/jdk/hotspot/normal/adoptopenjdk?project=jdk +OPENJDK_ARCHIVE=openjdk-${JDK_VERSION}-${JDK_OS}.${JDK_EXT} + +CACHE_DIR=${HOME}/.cache/openjdk +TARGET_DIR=${HOME}/openjdk${OPENJDK_VERSION} + +mkdir -p ${CACHE_DIR} +mkdir -p ${TARGET_DIR} + +if [ ! -e ${CACHE_DIR}/${OPENJDK_ARCHIVE} ]; then + log_info "Downloading from ${DOWNLOAD_URL} to ${CACHE_DIR}" + wget --directory-prefix=${CACHE_DIR} --timestamping --continue --output-document=${OPENJDK_ARCHIVE} ${DOWNLOAD_URL} +else + log_info "Skipped download, file ${CACHE_DIR}/${OPENJDK_ARCHIVE} already exists" +fi + +log_info "Extracting to ${TARGET_DIR}" + +if [ "${JDK_EXT}" = "zip" ]; then + 7z x ${CACHE_DIR}/${OPENJDK_ARCHIVE} -o${TARGET_DIR} + mv ${TARGET_DIR}/*/* ${TARGET_DIR}/ +else + tar --extract --file ${CACHE_DIR}/${OPENJDK_ARCHIVE} -C ${TARGET_DIR} --strip-components=${COMPONENTS_TO_STRIP} +fi + +cat > ${HOME}/java.env < + + + + + + org.sonarsource.scanner.maven + + + + ossrh + adangel + ${env.CI_DEPLOY_PASSWORD} + + + + + + + ossrh + + 0xD0BF1D737C9A1C22 + ${env.CI_SIGN_PASSPHRASE} + + + + + diff --git a/.ci/release-signing-key-D0BF1D737C9A1C22.gpg.gpg b/.ci/release-signing-key-D0BF1D737C9A1C22.gpg.gpg new file mode 100644 index 0000000000000000000000000000000000000000..d0b2babc1cc2d12c305e57e27255353877381c8c GIT binary patch literal 8226 zcmV+-Al=`L4Fm}T0uIfVeaeWS$p6yq0mYpTNUZYl9!8YYfmS!?DL1(H#ZUAes$_u3Y5d3}9&m6IiyrQ%@T~;ZR|?3b zq0UP{rRBIhS*?=v;!Bp95gWLDbke@BZj&_%2PkQ1ooWJZd5y}Jc#@oR?le|8gXQcS z$7jW>1i^}<%s#K8OB7I_ow!FR#K4}ZbHbbXG1wG1s)9ZtbIcFPA)o=?ZroS^-c%{t zD;9U&zx*tAdQ)b(vM=)dPiQ$Lw+-CfH*yNQ#NZmm7J7nz6%ccATq1fQdv_(zmznC< z$8#u>Tf;6zU4I*g>B_>1u}ZhQ7@C&p?3jGbM~wX~b=mo|w@?@hro@KEtXKt#`BS&; zaX2-v{-KI{T;r1GD0k((l>>ft`3Mvq44=;7)w$FHUI?unpE3aGSp9p<{n|$pumhBza>#;^G&s~u*`hFL0#De6Wetn+D;(CoAXSkNx z@oW9`ad(oSQ+_ebZ(Urs(*eHVz*hjb%RMbYzAP2SB-qs{p~fUcxjj2ur8Kt#1LbgW zsd=B5qDcG6?+B-1W%?}Iv}{?Fqa4_vrcd-as_$84kEDmru?hP~_VbcHWLVy`yx}&C zxVfdv&dAzT2U%kbI)vs5b2~kHdY?3ao^Se`MQhCsTmovB5-q2k>wS;?hcA zN)tM4i5M258d1PPkf{UFT%Ic0m?HCS$BiWqcCA$JF#L>se=vMxmtcj~$j$2mfU7+D zhX=@fsUFn0N#?DyNyp$Zd{tuLx;zJYA>n@KL1Q2fV~P*5LuuUK(VUN4t?L>doTgv% ztjkssq>D65$=0{+$2#h~80mH6Q5!>0otkOp!(1AF1u7}0i~%z>)^G>q1s{b!L{cw* zm=!`X?%5c%WgWavfN@)~Cvce-TyN_$vmeaOoXhb5{x|fv57{tNt_^10Lpi@cVuiQ9 z>BrSiJD}$4UVeoX+2fMxJr;XllCST;RMor9Pp1fD^5MH{%;O!fF38Vfw$UB@=#FJG`yR`k-b@AOrR zQM*4?;}7?Ti>i=w*qCwW#_KN4VF+TbtcG76ki-158y>9NFcNlRcu*0?tSne##Q{v} zv^*zxgnp41c-(|0@E>fu^eR+VL_(w0FI{OvbICm6fbEQ0%Df=3RR8oDa)O|TeJZw< zl`@Tq^SjGlc7%-G;5C!k?h2Qo8TvT|2C(muJTt`L zIz$~1S}f?HqS5oGwa-p76jBdCvL-tsaJs3vLXe*RFF52}1rq4^G4Ec4za$dRU5dX( zHbJbwdOcU%-%^P{z|!!GhY*n;lwBD1yqh=Hsh3h;{^@J0P`-{!4*)Bn8H&rPo+cf0 z3ET(`{H;Op8HaFkPHV0hckQpX{ONikjQSl@L_o_ZD@3Rb`|NNX+@rM6ZANI)k})DB zC&p*8Ytta27)v@%*T@BkJWO2b)FiTkX%g33-R1j?8lK8uIDKC`XEdH*{o^O!9X#D2 z)!yf$L6lw)y2LB;;cc!SK-ojA`Ad~)988^2)!p>em`vU<)`6TS>GKHa(Ex)pxZ=Ta zgp@E!u3TxJT=#o=W9AeeEG0nPdPpmwG4GTnuIbA};_aj=@LM zd7SOSG)gbWMKRq;l%E&y#ROJvi|mwG$UfH?lEC+PbBb+i;E;oN!Brn5Tdb>N;LX$E zW%7O6E~#xJz0lL5g&U1ZmEGoEGk6+1=E>On>r+YuFLy92Bn?TmxuyA-CFxjR`&RA``eriESPctLnURkf zdR~h2*P=T!y^W;5EE61tZ8m@=c!FcYO$RayspPmXi5e&Ds}a91yR(DXfwkc4B9NJQ z(H|?^mZF%|<-Ohiu>Jkkrf7^GIjD4miB~y!OcM5+N}TOG_717#s8|?+pD5ld%+d3- zcPQRDH5M3K6y6kZqwKmD(}y=KDFn=)8F07AK|e)mFFnbcLdlyyGS$4iDb%dk2 zFFxc)%Rk}uw?1{DZq>N41!#NDCjds=FvRHObeBTHqfGwPo_tPBG@?CuJMmX%O`bvK z8OXxaM@jWo4ZJ<7faY+SfGP1-%SJZNg!H_3@p2Z6H4gt9&R3u#4=eCF93YTrtVswa zm}F_rj(P-kD*eOli%xRuOUfbR*dMlrYpsQ z6oLZGbp!Pp>go+4RpE~oMiVp5AT(d5nk)8nAtDEG>`{U&GMwWfuIzJErTSBKv0Jx` zayLwG`;ZhEbt^bV(q}^aN6BBzo}dlHZ_Kk^9r$X2|5wNsP>Qdq^I7 zbZ5)qwJ+vMX&5nA9j4ecru*QB7G2Oc?MO1kHl-9+R|BEh(T*gv8mLN{Z zzrTA6%DjGxoFiIB4Ta!wz=WG$f5BI!7OW4AV!3ez;7-Xl8+qE)EmV1<%TKqQ2+pGU z8FW7o;*0U-gIjsvf!TN2YMOW7XMZCat5Qct0Fu~~B?MJ8szJPNaxDhGKoS8was>NA z$mvNjWPfn6w}Ug-BQ5|Zn5JJIE%J1NV-wV4ZUC)rmhZ6EL2ecMO(T$Rt`Y>K8v!u> z(+yDt7r5uQBZw)g5KOCtU2otEaAaWn$6y z{f=kvP9ghHU{k&>mHpSL1j&nF3d!7GgS1DRK<;pcl{?>FX-pzFc96dsA1gD{$5&#b zA}f{~5+bBuQOy>qA8u*EN>*CzTvX^~{Au@0Hk+Tg6q@{_EI2n*$$&(>A^wmOGAAY6 z19crvS~&MKxNS@?l>i;RWt*NV@+} zJ1l!B(G|r;KZtv~5a(kBL0eBEJQu1o4qOQx4`#TtJJ>cXoW2H(#>B%gC^~(dqVdMo z=d!KN^cTB7n{NyVGu&EYsC+26vAB_>6-_ipN9~SE2=%o+On3U7?FZhk0q<&jP-Hw{ z{pErXY&JA5o~;OFZJq;5D`eG=6v(Tq62#vcFRW^m1P*~aj$lR8uCQ0PZ4$)ue#HS; zg7qBE;BsaUa({zT3>ks0Wf448WdN{9tegk(dbkDq?hT!F=@M%|V2(Z~P7@|7$`}S9 zhmjXV93=A9dV8^dP z3PAS15{6DpZKEJ&JXHkJcC}&*V?@^YLOP}iIHAyX25|7Ep;>C9c`N`UEAZ%f{~UoJ zg(y-`aT6|Gi|{<|a>U;Ypi-}QDGU9t-ujQ)_fQWaamgO0ae$D!bn5HOjzNTfA|2r} z45UEy8Kq*62DY(Hv)$An=Dx6yq4_Q*4@Mr_F#h*QzY&ftId;j~@Qd{iu!O4AbrS-j zcC7eQHfgb!?EIds`AX2mTft5xE%k7aa@mKE@MQnhKXl@KHx&(F292|_P}_EHq3Ua` z1|CxJ3ShGK?4%e(R;`jp&85^eK+pG*E6&*66UNXd#8M3(v>wUf#y|abL_>6?rR2#O zO^&e|A$ZRcFzGH{nu

if&`bg6%RXx?HNtc)s0>xNVA#Mrf7Z3^whw#AUj5g+ zI-UA8J%EVf)LO$$^xX8S7jfQR4%5>&i}_&!8qtejerqsGG)pqNgTWF#Ox3@Vw&(i~ zjh&Wsus&h;^y}oXHQvSCC+7a>-L(5;C$rb8HMN9Z75P4^9xI3GD(4<`NWX0&p+u^sJih4+ zy$Sy%aYE~?xZA9x;6n;<#Y|Eum(@*iZi zo{+-Bn<4QxgNCPr#%$b+fQFZ}EbM~eBS6j)(Fyksy}_R#y?D4s^(%_AqMv8%u*(kq zp7~dXjn^)Zc6Q=_6|k;YDi(z!!dr@U#-{nqZE%#RrV1HAD1FRQwP{i1*s7kQgE1lf zwsFCn#R(*oIH6pHNh|AZBhrHkF-Cf!)S_?fyk7rH1@m%oWlx%bx&`#^T1jpaofJK){x6# z!P-IeS?xjO1tVEWfgsZHxjPrdVb&*9$&{#h;1`Z^a}&mTkDiBD`OPv&iDUjKCXgBi z-QaPmiZs!j5i&O&o^x$?Blb!FnGbS-S@vb|y0BD`StkhO5zB`3FQlV&Vq-70MhRG%eJrLWr0#ed(vkVw3Z(S)r>3eX#>>yjpDwrDG+xaGk6Kx48SC z?kQzQ$QLx9tG_ZuTITru!Y1q9Q-pZb9FH`>@MygNYadj!JP@Ty5NAMJHl-hV=PpvE zA`&b8qm4dW_*Pf5@WY%E>_H@^`P;__|%QV(|-st!^3u_P~4 zSqDujK8@=$Y-nnl`}7f4!i=g8e;mu5>UCCN$R#1ETE-lI4UUsI+GQ_j)&lJ~Ify>@ zwH5^%9jfIS&Dd`8_l$VkS8z-+;?u*Fdd#d*IdNo9*n9bRX1cqxHG;%p(?VTME16$D zGa$6KP}#nLk8KTBF5f8d2g1ohZ7msyG>{|tw2Ud_R=w94=)Arfbin|caVcSAbRw49 zE>o9pKzIo28c%%|V-*F@Jlk1y)P}=Bat5SREpBBKQ0Q#A{d){Nehe`U!$A|5I6n7~ zQALnB6wi>TZGhn0QhO0_7-gds7Rq+YNj5b3`0ue%-JX;7Z?V;j^NQ{+l-?qwfxk92 zuc8YGh=bW#=Fp&dpdJ7L7^$8Chefual|M(4aqjP|0+gzly%3%xN5r|o%G-$r#SJYo zi|-a>U^}=6HmrYq!4c4VPU)l0M`w4x4 zdQ6{=s*YDx;8W7>z2F-_#xmy(qFNDX=^2N*+`%7%JA^%BPb%{FcoY$dziWNQ(j&bQ zyKXCQ_t15gZiS6$kk9y~mRa4RjrP{y`gv50>B=p9$qqDpI4_u2y(MuX^X@zSMD?3BzUJ{?@O>5B zYC&49vHc8hNx9^Bzd1%*$nn)@#R58<{Zm0{3d6#p zq{4&Dq0e$O)3AT7d3-%fj~jcB*xqiL0p5x8ld8!LisY}E!BUgbOESW8%=o|?=albj zY7y7Q)?xc3xnsSzgH zG}>uo=XKxtNUb`u@>V%ZRH3ad!}#yZ*NMP`&aP_y6Pwv@EqdZjaEH-3tG0|`BI@aB z-Dozju1Onk{X_|Kz6pL= zpG|SxK!wuUq1tj6GD`;bTB`n-owvve)R*ht^DNpwqg3vfh#3MMPdr8NcO&ySWFwaI zsNbx*Qz&`hjos2#^r@PHk|P(;{90BEk^mZ2+ZQ2CUI)tm%|$gmsc{YQNN zN=F?b_~zTG*0w&JQW0gyjQ`~US3t#gS6Wy@_aWMTwY~?_GnuW7SwUq6*_)eU zXY|G7wTkXaw-q>9^Wq*lg6s7wV0;9bMXk7$bY+Wbz*1d~@<2&q%?RrSp$AvG9PL@% z&-Cl<;|+5-Zgp@R@f~i#t7;Z*(bo9j=aOdB-m#4s;0T0ZyYq3jW&l<~YI4`k6NmxP`5-)9 zr9>%2)5&7+fOH$XTbp-Kjq;u1qzahMIKMB=n=BAzS`s z@~xin?17W%f?KPK&YMn%1&79g@9oQo>By3xo3ovD4nDsOL46?2XF+x*Cj!Hi2htl) z5g72pZN{E9(>yK69>Io2sJGMB)zDM-Wa$L~&p`j|Cg32~4$~t0UUWogQgQ_U%0t_v zwkGpmKrcgRmHOA{h?*Kl)}=j% zza;|Tj&qF_jw>rd+V}`K0MrT`nmVGfX5LO0to2o{6CwCDq7El80-r}68p>`3JfG3! zR^BgCqypr2_7~L7-Az&je+Ttz(<=AL&VpA?en*2$J&{&>XsyMnWGbYD#I(zFSIqR6 z3P;aa8~~T3QNOf`Y2#U>u6JcnNkHZm?!a(YK`yb};j*R*KLI{kfz#yCzm4=|x4|ng z3aWruc_exdIDs5@d<@7aZuRhdQMVYz00)U=VT=L%$+=GjC@BfT_^hN>2reC9Cw5Ue z$u)z1=YU&!V1J31a7Csbb(OC@7cxLydKP~Pa_=NV-14OX`&z<7Gb$nk_$0Ac`1t~F zdq&w&5npyH4Jaf+vvR})%?I*5>NpHd-JfE@H-ky1({weUreMnu9&x5gcvyN+YE}G* zt$c$ZrZeDQs6Cq8`%FO1t+~ya{+;`Sk-s>-%~) z5&&ijbBJpEla;`$>FNGvC+@Xh#JogA4Ln;N_;WIIXW5|`^sLr<=5p8>|JB`k1?+)U z(l&S&MOwYmjxMAE&{bFYEq$QCLb%_x+Hur!a8uysNC_1t`j(gDhTGFk3Ujma%CM!7 zhZa+sYKILkL4FKr*bM&D{(Nj@=FXjOHfie2wRz-R4TJn*pLS63V^Qz+amOHf$RB%& zSlp^#p_4|1cp~eMQFdq_KoCVg z)huOF9|2|#mD?(^)rO}(4E6dHWmxN&zQ2%P(E@TrT=r-B6O4^Q18oiUNP<3-gr>vj zFwlYHfo6P&ES zv4A__56A8#d5!+a0t@thz{+eTD5E3db~&6IR20#%TW1Dz6JC7kZC9zz<|L79DAMb# zF&LC*E7~BX-qW{QLqxp}IPeTx!>Ak7RcWdc#YF1Uvi|RGKV##o>5Gdt*M%*y>Xu&(O`LWyj|?ksNkU_yNz?Q^Sh^{2tqCdJnDz zc7)~(VZQidgj^H+SZ=nP3~bJn=QiI1`Di|Ng2MUvbxjQxtygd4q$bnk2cE*d#@DVmyFyuk=Xfzu#(}V4yF(Dt+2o zWj-sz9lLY;GTW6xl6H&mUF<4L6cT61$C9<0BMmvl7)+V_2s}05kkW0?PMctnA6t`v zv{b(L+&GWuEEG-6mrWcNJ}ij)WU?LZ8{-e=g3H4orCkX$@n}F2*C6ME`rb551~&j0ECumAu6 literal 0 HcmV?d00001 diff --git a/.ci/setup-secrets.sh b/.ci/setup-secrets.sh new file mode 100755 index 0000000000..de19cb0b26 --- /dev/null +++ b/.ci/setup-secrets.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash + +source $(dirname $0)/logger.inc + +log_info "Setting up secrets..." + +mkdir -p ${HOME}/.ssh +chmod 700 "${HOME}/.ssh" +gpg --symmetric --cipher-algo AES256 --batch --passphrase="$PMD_CI_SECRET_PASSPHRASE" \ + --decrypt --output ${HOME}/id_rsa .ci/id_rsa.gpg +chmod 600 "${HOME}/.ssh/id_rsa" + +mkdir -p "${HOME}/.gpg" +gpg --symmetric --cipher-algo AES256 --batch --passphrase="$PMD_CI_SECRET_PASSPHRASE" \ + --decrypt --output .ci/release-signing-key-D0BF1D737C9A1C22.gpg .ci/release-signing-key-D0BF1D737C9A1C22.gpg.gpg +gpg --batch --import .ci/release-signing-key-D0BF1D737C9A1C22.gpg +rm .ci/release-signing-key-D0BF1D737C9A1C22.gpg + +log_info "Setting up .ssh/known_hosts..." +# +# https://sourceforge.net/p/forge/documentation/SSH%20Key%20Fingerprints/ +# +# run locally: +# ssh-keyscan web.sourceforge.net | tee -a known_hosts +# +# verify fingerprints: +# ssh-keygen -F web.sourceforge.net -l -f known_hosts +# # Host web.sourceforge.net found: line 1 +# web.sourceforge.net RSA SHA256:xB2rnn0NUjZ/E0IXQp4gyPqc7U7gjcw7G26RhkDyk90 +# # Host web.sourceforge.net found: line 2 +# web.sourceforge.net ECDSA SHA256:QAAxYkf0iI/tc9oGa0xSsVOAzJBZstcO8HqGKfjpxcY +# # Host web.sourceforge.net found: line 3 +# web.sourceforge.net ED25519 SHA256:209BDmH3jsRyO9UeGPPgLWPSegKmYCBIya0nR/AWWCY +# +# then add output of `ssh-keygen -F web.sourceforge.net -f known_hosts` +# +echo 'web.sourceforge.net ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2uifHZbNexw6cXbyg1JnzDitL5VhYs0E65Hk/tLAPmcmm5GuiGeUoI/B0eUSNFsbqzwgwrttjnzKMKiGLN5CWVmlN1IXGGAfLYsQwK6wAu7kYFzkqP4jcwc5Jr9UPRpJdYIK733tSEmzab4qc5Oq8izKQKIaxXNe7FgmL15HjSpatFt9w/ot/CHS78FUAr3j3RwekHCm/jhPeqhlMAgC+jUgNJbFt3DlhDaRMa0NYamVzmX8D47rtmBbEDU3ld6AezWBPUR5Lh7ODOwlfVI58NAf/aYNlmvl2TZiauBCTa7OPYSyXJnIPbQXg6YQlDknNCr0K769EjeIlAfY87Z4tw==' >> "$HOME/.ssh/known_hosts" +echo 'web.sourceforge.net ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCwsY6sZT4MTTkHfpRzYjxG7mnXrGL74RCT2cO/NFvRrZVNB5XNwKNn7G5fHbYLdJ6UzpURDRae1eMg92JG0+yo=' >> "$HOME/.ssh/known_hosts" +echo 'web.sourceforge.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQD35Ujalhh+JJkPvMckDlhu4dS7WH6NsOJ15iGCJLC' >> "$HOME/.ssh/known_hosts" + +# add pmd-code.org (ssh-keyscan pmd-code.org) +echo 'pmd-code.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVsIeF6xU0oPb/bMbxG1nU1NDyBpR/cBEPZcm/PuJwdI9B0ydPHA6FysqAnt32fNFznC2SWisnWyY3iNsP3pa8RQJVwmnnv9OboGFlW2/61o3iRyydcpPbgl+ADdt8iU9fmMI7dC04UqgHGBoqOwVNna9VylTjp5709cK2qHnwU450F6YcOEiOKeZfJvV4PmpJCz/JcsUVqft6StviR31jKnqbnkZdP8qNoTbds6WmGKyXkhHdLSZE7X1CFQH28tk8XFqditX93ezeCiThFL7EleDexV/3+2+cs5878sDMUMzHS5KShTjkxzhHaodhtIEdNesinq/hOPbxAGkQ0FbD' >> $HOME/.ssh/known_hosts diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 3222a0467a..0000000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Java CI - -on: [push, pull_request] - -jobs: - build: - runs-on: ${{ matrix.os }} - continue-on-error: ${{ matrix.experimental }} - if: "!contains(github.event.head_commit.message, '[skip ci]')" - strategy: - matrix: - os: [ ubuntu-latest , windows-latest , macos-latest ] - java: [ 11 ] - experimental: [ false ] - - steps: - - uses: actions/checkout@v2 - - uses: actions/cache@v2 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - name: Set up JDK ${{ matrix.java }} - uses: actions/setup-java@v1 - with: - java-version: ${{ matrix.java }} - - name: Build with mvnw - run: | - ./mvnw -V clean install diff --git a/.github/workflows/pull-requests.yml b/.github/workflows/pull-requests.yml new file mode 100644 index 0000000000..2aeb9d2fc2 --- /dev/null +++ b/.github/workflows/pull-requests.yml @@ -0,0 +1,30 @@ +name: Pull Requests + +on: pull_request + +jobs: + build: + runs-on: ${{ matrix.os }} + continue-on-error: false + if: "!contains(github.event.head_commit.message, '[skip ci]')" + strategy: + matrix: + os: [ ubuntu-latest, windows-latest, macos-latest ] + + steps: + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + with: + path: | + ~/.m2/repository + ~/.cache + key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}- + - name: Install OpenJDK + run: .ci/install-openjdk.sh + shell: bash + - name: Build with mvnw + run: | + source ${HOME}/java.env + ./mvnw -V clean install diff --git a/.github/workflows/pushes.yml b/.github/workflows/pushes.yml new file mode 100644 index 0000000000..6218846648 --- /dev/null +++ b/.github/workflows/pushes.yml @@ -0,0 +1,85 @@ +name: Pushes +on: + push: + branches: + - main + - master + schedule: + # build it monthly: At 04:00 on day-of-month 1. + - cron: '0 4 1 * *' + +jobs: + linux: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + with: + path: | + ~/.m2/repository + ~/.cache + key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}- + - name: Set up Ruby 2.7 + uses: actions/setup-ruby@v1 + with: + ruby-version: 2.7 + - name: Check Environment + run: .ci/check-environment.sh + shell: bash + - name: Setup Secrets + run: .ci/setup-secrets.sh + shell: bash + env: + PMD_CI_SECRET_PASSPHRASE: ${{ secrets.PMD_CI_SECRET_PASSPHRASE }} + - name: Install OpenJDK + run: .ci/install-openjdk.sh + shell: bash + - name: build + run: .ci/build.sh + shell: bash + env: + PMD_CI_SECRET_PASSPHRASE: ${{ secrets.PMD_CI_SECRET_PASSPHRASE }} + CI_DEPLOY_PASSWORD: ${{ secrets.CI_DEPLOY_PASSWORD }} + CI_SIGN_PASSPHRASE: ${{ secrets.CI_SIGN_PASSPHRASE }} + + windows: + runs-on: windows-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + with: + path: | + ~/.m2/repository + ~/.cache + key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}- + - name: Install OpenJDK + run: .ci/install-openjdk.sh + shell: bash + - name: Build with mvnw + run: | + source ${HOME}/java.env + ./mvnw -V clean install + + macos: + runs-on: macos-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + with: + path: | + ~/.m2/repository + ~/.cache + key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}- + - name: Install OpenJDK + run: .ci/install-openjdk.sh + shell: bash + - name: Build with mvnw + run: | + source ${HOME}/java.env + ./mvnw -V clean install diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml new file mode 100644 index 0000000000..620bc7f6c2 --- /dev/null +++ b/.github/workflows/releases.yml @@ -0,0 +1,17 @@ +name: Release Builds +on: + push: + tags: + - 'pmd_releases/*' + +jobs: + release: + runs-on: ubuntu-latest + continue-on-error: false + steps: + - uses: actions/checkout@v2 + - name: Run Release Script + run: .ci/release.sh + shell: bash + env: + PMD_CI_SECRET_PASSPHRASE: ${{ secrets.PMD_CI_SECRET_PASSPHRASE }}