Merge pull request #1706 from microsoftgraph/feat/ossrh-release-automation

Ndiritu · web-flow · commit 997a098179d3 · 2024-08-13T15:55:24.000+03:00
Automate release from OSSRH to Maven central
diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
@@ -1,6 +1,7 @@
 name: Build and Publish
 
 on:
+  workflow_dispatch:
   push:
     branches: [main]
     paths-ignore:
@@ -12,8 +13,10 @@ on:
     tags:
       - "v[0-9]+.[0-9]+.[0-9]+"
 env:
-  PREVIEW_TASK: publishSnapshotPublicationToSonatypeSnapshotRepository
-  PUBLISH_TASK:  publishMavenCentralReleasePublicationToSonatypeRepository
+  PREVIEW_TASK: publishToSonatype
+  PUBLISH_TASK:  publishToSonatype closeAndReleaseSonatypeStagingRepository
+  JAVA_VERSION: 21
+  JAVA_DISTRIBUTION: 'temurin'
 
 permissions:
   contents: write
@@ -23,16 +26,19 @@ jobs:
     if: ${{ github.ref == 'refs/heads/main' }}
     environment:
       name: maven_central_snapshot
+    needs: validate-package-contents
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Easy detect-secrets
-        uses: RobertFischer/detect-secrets-action@v2.0.0
+      - name: Detect secrets
+        run: |
+          pip install detect-secrets
+          git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
-          java-version: 20
-          distribution: 'temurin'
+          java-version: ${{ env.JAVA_VERSION }}
+          distribution: ${{ env.JAVA_DISTRIBUTION }}
           cache: gradle
       - name: Download file
         run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
@@ -55,16 +61,19 @@ jobs:
     if: ${{ startsWith(github.ref, 'refs/tags/') && github.actor == 'release-please[bot]'}}
     environment:
       name: maven_central_release
+    needs: validate-package-contents
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Easy detect-secrets
-        uses: RobertFischer/detect-secrets-action@v2.0.0
+      - name: Detect secrets
+        run: |
+          pip install detect-secrets
+          git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
-          java-version: 20
-          distribution: 'temurin'
+          java-version: ${{ env.JAVA_VERSION }}
+          distribution: ${{ env.JAVA_DISTRIBUTION }}
           cache: gradle
       - name: Download file
         run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
@@ -81,7 +90,7 @@ jobs:
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
       - name: Publish
-        run: ./gradlew $PUBLISH_TASK
+        run: ./gradlew $PUBLISH_TASK -PmavenCentralSnapshotArtifactSuffix=""
       - name: Upload Build Artifact
         uses: actions/upload-artifact@v4
         with:
@@ -105,3 +114,45 @@ jobs:
           files: |
             build/**/*.jar
 
+  validate-package-contents:
+    runs-on: ubuntu-latest
+    environment: ${{ contains(github.ref, 'refs/tags/v') && 'maven_central_release' || 'maven_central_snapshot' }}
+    defaults:
+      run:
+        working-directory: ./
+    steps:
+    - uses: actions/checkout@v4
+    - name: Setup JDK
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVA_VERSION }}
+        distribution: ${{ env.JAVA_DISTRIBUTION}}
+        cache: gradle
+    - name: Download file
+      run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
+      shell: pwsh
+      env:
+        ENCODED_VALUE: ${{ secrets.LOCAL_PROPERTIES }}
+        OUTPUT_PATH: 'local.properties'
+    - name: Download file
+      run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
+      shell: pwsh
+      env:
+        ENCODED_VALUE: ${{ secrets.SECRING_GPG }}
+        OUTPUT_PATH: '.\secring.gpg'
+    - name: Publish to local Maven cache for validation
+      run: ./gradlew --no-daemon publishToMavenLocal
+    - name: Get current SNAPSHOT version
+      shell: pwsh
+      run: |
+        $contents = Get-Content gradle.properties -Raw
+        $major = $contents | Select-String -Pattern 'mavenMajorVersion\s+= ([0-9]+)' | ForEach-Object { $_.Matches.Groups[1].Value }
+        $minor = $contents | Select-String -Pattern 'mavenMinorVersion\s+= ([0-9]+)' | ForEach-Object { $_.Matches.Groups[1].Value }
+        $patch = $contents | Select-String -Pattern 'mavenPatchVersion\s+= ([0-9]+)' | ForEach-Object { $_.Matches.Groups[1].Value }
+        $version = "$major.$minor.$patch-SNAPSHOT"
+        echo "Current version is $version"
+        echo "PACKAGE_VERSION=$version" >> $Env:GITHUB_ENV
+    - name: Inspect contents of local Maven cache
+      shell: pwsh
+      run: |
+        .\scripts\validatePackageContents.ps1 -ArtifactId microsoft-graph-core -Version $env:PACKAGE_VERSION
diff --git a/.gitignore b/.gitignore
@@ -35,4 +35,5 @@ hs_err_pid*
 
 # Maven
 /target/
-local.properties
+local.properties
+*.gpg
diff --git a/build.gradle b/build.gradle
@@ -7,6 +7,7 @@ plugins {
     id 'jacoco'
     id 'com.github.spotbugs' version '6.0.20'
     id "org.sonarqube" version "5.1.0.4882"
+    id 'io.github.gradle-nexus.publish-plugin' version '2.0.0'
 }
 
 java {
@@ -90,10 +91,6 @@ sonarqube {
     }
 }
 
-//Publishing tasks-
-//Maven Central Snapshot: publishSnapshotPublicationToMavenRepository
-//Maven Central Release: publishMavenCentralReleasePublicationToMaven2Repository
-//Bintray Snapshot: publishSnapshotPublicationToMaven3Repository
 
 tasks.jar {
     manifest {
@@ -104,79 +101,38 @@ tasks.jar {
 publishing {
 
     publications {
-
-        maven(MavenPublication) {
-            groupId project.property('mavenGroupId')
-            artifactId project.property('mavenArtifactId')
-            version "${mavenMajorVersion}.${mavenMinorVersion}.${mavenPatchVersion}${mavenArtifactSuffix}"
-            from components.java
-            pom.withXml {
-                def root = asNode()
-                root.appendNode('name', 'Microsoft Graph Core SDK for Java')
-                root.appendNode('url', 'https://github.com/microsoftgraph/msgraph-sdk-java-core')
-                root.children().last() + pomConfig
-                def pomFile = file("${project.buildDir}/libs/microsoft-graph-core.pom")
-                writeTo(pomFile)
-            }
-
-        }
-        Snapshot(MavenPublication) {
-        	customizePom(pom)
-        	groupId project.property('mavenGroupId')
-        	artifactId project.property('mavenArtifactId')
-        	version "${mavenMajorVersion}.${mavenMinorVersion}.${mavenPatchVersion}${mavenCentralSnapshotArtifactSuffix}"
-        	from components.java
-        	pom.withXml {
-        		def pomFile = file("${project.buildDir}/generated-pom.xml")
-        		writeTo(pomFile)
-        	}
-		}
-
-		mavenCentralRelease(MavenPublication) {
+		maven(MavenPublication) {
         	customizePom(pom)
         	groupId project.property('mavenGroupId')
         	artifactId project.property('mavenArtifactId')
-        	version "${mavenMajorVersion}.${mavenMinorVersion}.${mavenPatchVersion}"
+        	version getVersionName()
         	from components.java
         	pom.withXml {
         		def pomFile = file("${project.buildDir}/generated-pom.xml")
         		writeTo(pomFile)
         	}
 		}
     }
-    repositories {
-        maven {
-            url = 'https://oss.sonatype.org/content/repositories/snapshots'
-            name = 'sonatypeSnapshot'
-
-            credentials {
-                if (project.rootProject.file('local.properties').exists()) {
-                    Properties properties = new Properties()
-                    properties.load(project.rootProject.file('local.properties').newDataInputStream())
-                    username = properties.getProperty('sonatypeUsername')
-                    password = properties.getProperty('sonatypePassword')
-                }
-            }
-        }
-
-        maven {
-            url = 'https://oss.sonatype.org/service/local/staging/deploy/maven2'
-            name = 'sonatype'
+}
 
-            credentials {
-                if (project.rootProject.file('local.properties').exists()) {
-                    Properties properties = new Properties()
-                    properties.load(project.rootProject.file('local.properties').newDataInputStream())
-                    username = properties.getProperty('sonatypeUsername')
-                    password = properties.getProperty('sonatypePassword')
-                }
+nexusPublishing {
+    repositories {
+        sonatype {
+            if (project.rootProject.file('local.properties').exists()) {
+                Properties properties = new Properties()
+                properties.load(project.rootProject.file('local.properties').newDataInputStream())
+                username = properties.getProperty('sonatypeUsername')
+                password = properties.getProperty('sonatypePassword')
             }
         }
     }
 }
 
+group = project.property('mavenGroupId')
+version = "${mavenMajorVersion}.${mavenMinorVersion}.${mavenPatchVersion}${mavenCentralSnapshotArtifactSuffix}"
+
 signing {
-    sign publishing.publications.mavenCentralRelease
+    sign publishing.publications.maven
 }
 tasks.withType(Sign)*.enabled = mavenCentralPublishingEnabled.toBoolean()
 
@@ -199,7 +155,7 @@ def getVersionCode() {
 }
 
 def getVersionName() {
-    return "${mavenMajorVersion}.${mavenMinorVersion}.${mavenPatchVersion}${mavenArtifactSuffix}"
+    return "${mavenMajorVersion}.${mavenMinorVersion}.${mavenPatchVersion}${mavenCentralSnapshotArtifactSuffix}"
 }
 
 artifacts {
@@ -261,7 +217,7 @@ gradle.taskGraph.whenReady { taskGraph ->
 }
 
 model {
-    tasks.generatePomFileForMavenCentralReleasePublication {
+    tasks.generatePomFileForMavenPublication {
         destination = file("${project.buildDir}/generated-pom.xml")
     }
 }
diff --git a/scripts/validatePackageContents.ps1 b/scripts/validatePackageContents.ps1
@@ -0,0 +1,60 @@
+# Checks that expected files are present & have contents after the publish process to the local cache
+param(
+  [Parameter(Mandatory=$true)][string] $ArtifactId,
+  [Parameter(Mandatory=$true)][string] $Version,
+  [Parameter()][string] $GroupId = "com.microsoft.graph",
+  [Parameter()][string] $MavenLocalCachePath = "~" + [System.IO.Path]::DirectorySeparatorChar + ".m2" + [System.IO.Path]::DirectorySeparatorChar + "repository"
+)
+
+$groupIdPath = $GroupId -replace "\.", [System.IO.Path]::DirectorySeparatorChar
+$packagePath = Join-Path -Path $groupIdPath -ChildPath $ArtifactId
+$packageFullPath = Join-Path -Path $MavenLocalCachePath -ChildPath $packagePath -AdditionalChildPath $Version
+
+Write-Output "---------------------------------------------------"
+Write-Output "Validating package contents at $packageFullPath"
+
+if(-not (Test-Path -Path $packageFullPath)) {
+  Write-Output "Package not found in local cache."
+  exit 1
+}
+
+Write-Output "Package exists in local cache."
+
+$expectedFiles = @(
+  "-javadoc.jar",
+  "-javadoc.jar.asc",
+  "-sources.jar",
+  "-sources.jar.asc",
+  ".module",
+  ".module.asc",
+  ".pom",
+  ".pom.asc",
+  ".jar",
+  ".jar.asc"
+)
+
+foreach($file in $expectedFiles) {
+  $file = $ArtifactId + "-" + $Version + $file
+  $filePath = Join-Path -Path $packageFullPath -ChildPath $file
+  if(-not (Test-Path -Path $filePath)) {
+    Write-Output "Expected file $file not found in package."
+    exit 1
+  }
+  $fileSize = (Get-Item -Path $filePath).length
+  if($fileSize -eq 0) {
+    Write-Output "File $file is empty."
+    exit 1
+  }
+}
+
+$mavenMetadataFiles = Get-ChildItem -Path $packageFullPath -Filter "maven-metadata*.xml"
+if($mavenMetadataFiles.Count -eq 0) {
+  Write-Output "No maven-metadata*.xml files found in package."
+  exit 1
+}
+
+Write-Output "Package $ArtifactId is valid."
+Write-Output "---------------------------------------------------"
+exit 0
+
+
