Skip to content

Tessera Release Build #112

Tessera Release Build

Tessera Release Build #112

Workflow file for this run

name: Tessera Release Build
on:
workflow_dispatch:
inputs:
release-version:
description: "(WARNING: WILL TRIGGER A SONATYPE/DOCKER RELEASE) Release version - checked against version.txt"
required: true
type: string
env:
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
GPG_EXECUTABLE: ${{ secrets.GPG_EXECUTABLE }}
GPG_SECRET_KEYS: ${{ secrets.GPG_SECRET_KEYS }}
TESSERA_DOCKER_IMAGE_NAME: quorumengineering/tessera
jobs:
check-version:
runs-on: ubuntu-latest
outputs:
full-version: ${{ steps.version.outputs.full-version }}
minor-version: ${{ steps.version.outputs.minor-version }}
steps:
- uses: actions/checkout@v2
- name: Get release version
id: version
run: |
# 1.2.3-SNAPSHOT --> 1.2.3
FULL_VERSION=$(cat version.txt | cut -d '-' -f 1)
# 1.2.3 --> 1.2
MINOR_VERSION=$(echo $FULL_VERSION | cut -d '.' -f 1,2)
echo "full-version=${FULL_VERSION}"
echo "minor-version=${MINOR_VERSION}"
echo "::set-output name=full-version::$FULL_VERSION"
echo "::set-output name=minor-version::$MINOR_VERSION"
- name: Check release version
env:
USER_VERSION: ${{ github.event.inputs.release-version }}
TAG_VERSION: ${{ steps.version.outputs.full-version }}
run: |
# simple sanity check to help prevent accidentally releasing the wrong branch
if [ $USER_VERSION = $TAG_VERSION ]
then
exit 0
fi
echo "user-provided version ($USER_VERSION) does not match version.txt ($TAG_VERSION), exiting"
exit 1
check-dependencies:
needs: [ check-version ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-java@v1
with:
java-version: 17
- run: ./gradlew dependencyCheckAnalyze -x test
release-sonatype:
needs: [ check-dependencies, check-version ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 17
uses: actions/setup-java@v1
with:
java-version: 17
- name: Release
id: release
env:
TAG_NAME: tessera-${{ needs.check-version.outputs.full-version }}
FULL_VERSION: ${{ needs.check-version.outputs.full-version }}
MINOR_VERSION: ${{ needs.check-version.outputs.minor-version }}
run: |
echo "Releasing $FULL_VERSION"
git config user.name "quorumbot"
now=`date +%Y%m%d%H%M%S`
echo "Creating tag $TAG_NAME"
echo "$FULL_VERSION" > version.txt
git add version.txt
git commit -m "Change to release version $FULL_VERSION"
git tag -a $TAG_NAME -m "Release tessera $FULL_VERSION"
git push --tags
echo "${GPG_SECRET_KEYS}" | base64 --decode | gpg --import --no-tty --batch --yes
echo $GPG_OWNERTRUST | base64 --decode | gpg --import-ownertrust
pubkey=`gpg --list-keys -a security-quorum@consensys.net|head -2|tail -1|xargs`
./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository -PsonatypeUsername=$SONATYPE_USERNAME -PsonatypePassword=$SONATYPE_PASSWORD -Psigning.gnupg.keyName=$pubkey -Psigning.gnupg.passphrase=${GPG_PASSPHRASE} --info
./gradlew incrementProjectVersion --info
git add version.txt
git commit -m "Change version to next development version"
echo ::set-output name=branch-name::release-$now
- name: Create PR to update development version
uses: peter-evans/create-pull-request@v3
with:
branch: ${{ steps.release.outputs.branch-name }}
title: Update development version
body: Triggered by release https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
- name: Upload tessera dists
uses: actions/upload-artifact@v2
if: success()
with:
name: tessera-dists
path: tessera-dist/build/distributions/
- name: Upload enclave dists
uses: actions/upload-artifact@v2
if: success()
with:
name: enclave-dists
path: enclave/enclave-jaxrs/build/distributions/
- name: Upload azure-key-vault dists
uses: actions/upload-artifact@v2
if: success()
with:
name: azure-key-vault-dists
path: key-vault/azure-key-vault/build/distributions/
- name: Upload aws-key-vault dists
uses: actions/upload-artifact@v2
if: success()
with:
name: aws-key-vault-dists
path: key-vault/aws-key-vault/build/distributions/
- name: Upload hashicorp-key-vault dists
uses: actions/upload-artifact@v2
if: success()
with:
name: hashicorp-key-vault-dists
path: key-vault/hashicorp-key-vault/build/distributions/
release-docker:
needs: [check-version, release-sonatype]
runs-on: ubuntu-latest
steps:
- name: Checkout code from SCM
uses: actions/checkout@v2
- name: Download tessera dists
uses: actions/download-artifact@v2
with:
name: tessera-dists
path: tessera-dist/build/distributions/
- name: Download enclave dists
uses: actions/download-artifact@v2
with:
name: enclave-dists
path: enclave/enclave-jaxrs/build/distributions/
- name: Download azure-key-vault dists
uses: actions/download-artifact@v2
if: success()
with:
name: azure-key-vault-dists
path: key-vault/azure-key-vault/build/distributions/
- name: Download aws-key-vault dists
uses: actions/download-artifact@v2
if: success()
with:
name: aws-key-vault-dists
path: key-vault/aws-key-vault/build/distributions/
- name: Download hashicorp-key-vault dists
uses: actions/download-artifact@v2
if: success()
with:
name: hashicorp-key-vault-dists
path: key-vault/hashicorp-key-vault/build/distributions/
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
- name: Get current date-time (RFC 3339 standard)
id: date
run: |
echo "::set-output name=now::$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
- name: Build and push standalone tessera images
uses: docker/build-push-action@v2
with:
tags: |
${{ env.TESSERA_DOCKER_IMAGE_NAME }}:latest
${{ env.TESSERA_DOCKER_IMAGE_NAME }}:${{ needs.check-version.outputs.minor-version }}
${{ env.TESSERA_DOCKER_IMAGE_NAME }}:${{ needs.check-version.outputs.full-version }}
labels: |
org.opencontainers.image.source=https://github.com/${{ github.repository }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.created=${{ steps.date.outputs.now }}
push: true
file: docker/tessera.Dockerfile
# context must be explicitly provided to prevent docker/build-push-action checking out the repo again and deleting the downloaded artifacts
context: .
- name: Build and push tessera+azure images
uses: docker/build-push-action@v2
with:
tags: |
${{ env.TESSERA_DOCKER_IMAGE_NAME }}:azure-latest
${{ env.TESSERA_DOCKER_IMAGE_NAME }}:azure-${{ needs.check-version.outputs.minor-version }}
${{ env.TESSERA_DOCKER_IMAGE_NAME }}:azure-${{ needs.check-version.outputs.full-version }}
labels: |
org.opencontainers.image.source=https://github.com/${{ github.repository }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.created=${{ steps.date.outputs.now }}
push: true
file: docker/tessera.azure.Dockerfile
# context must be explicitly provided to prevent docker/build-push-action checking out the repo again and deleting the downloaded artifacts
context: .
- name: Build and push tessera+aws images
uses: docker/build-push-action@v2
with:
tags: |
${{ env.TESSERA_DOCKER_IMAGE_NAME }}:aws-latest
${{ env.TESSERA_DOCKER_IMAGE_NAME }}:aws-${{ needs.check-version.outputs.minor-version }}
${{ env.TESSERA_DOCKER_IMAGE_NAME }}:aws-${{ needs.check-version.outputs.full-version }}
labels: |
org.opencontainers.image.source=https://github.com/${{ github.repository }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.created=${{ steps.date.outputs.now }}
push: true
file: docker/tessera.aws.Dockerfile
# context must be explicitly provided to prevent docker/build-push-action checking out the repo again and deleting the downloaded artifacts
context: .
- name: Build and push tessera+hashicorp images
uses: docker/build-push-action@v2
with:
tags: |
${{ env.TESSERA_DOCKER_IMAGE_NAME }}:hashicorp-latest
${{ env.TESSERA_DOCKER_IMAGE_NAME }}:hashicorp-${{ needs.check-version.outputs.minor-version }}
${{ env.TESSERA_DOCKER_IMAGE_NAME }}:hashicorp-${{ needs.check-version.outputs.full-version }}
labels: |
org.opencontainers.image.source=https://github.com/${{ github.repository }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.created=${{ steps.date.outputs.now }}
push: true
file: docker/tessera.hashicorp.Dockerfile
# context must be explicitly provided to prevent docker/build-push-action checking out the repo again and deleting the downloaded artifacts
context: .
- name: Build and push standalone enclave images
uses: docker/build-push-action@v2
with:
tags: |
${{ env.TESSERA_DOCKER_IMAGE_NAME }}:enclave-latest
${{ env.TESSERA_DOCKER_IMAGE_NAME }}:enclave-${{ needs.check-version.outputs.minor-version }}
${{ env.TESSERA_DOCKER_IMAGE_NAME }}:enclave-${{ needs.check-version.outputs.full-version }}
labels: |
org.opencontainers.image.source=https://github.com/${{ github.repository }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.created=${{ steps.date.outputs.now }}
push: true
file: docker/enclave.Dockerfile
# context must be explicitly provided to prevent docker/build-push-action checking out the repo again and deleting the downloaded artifacts
context: .