diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index c68b391..912fc5c 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,19 +1,33 @@ -name: debezium-offsetfile-conv-build +name: Build on: workflow_dispatch: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] + workflow_call: + inputs: + version: + required: true + type: string + upload: + required: false + type: boolean + default: false + sign: + required: false + type: boolean + default: false + +defaults: + run: + shell: bash permissions: - contents: read - packages: write + contents: write pull-requests: write + packages: write + id-token: write jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Checkout uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 @@ -22,7 +36,7 @@ jobs: - name: Set up JDK uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: - java-version: '17' + java-version: '17.0.7' distribution: 'liberica' architecture: 'x64' - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 #v1.1.0 @@ -31,20 +45,33 @@ jobs: with: generate-job-summary: true dependency-graph: generate-and-submit + - name: Build + env: + ORG_GRADLE_PROJECT_projectVersion: ${{ inputs.version }} + QUARKUS_PACKAGE_TYPE: uber-jar run: ./gradlew build - - name: OWASP dependency check - run: ./gradlew dependencyCheckAggregate + - name: Integration tests + env: + ORG_GRADLE_PROJECT_projectVersion: ${{ inputs.version }} + QUARKUS_PACKAGE_TYPE: uber-jar + run: ./gradlew quarkusIntTest + - name: Sign + if: ${{ inputs.sign }} + env: + ORG_GRADLE_PROJECT_projectVersion: ${{ inputs.version }} + ORG_GRADLE_PROJECT_signingKey: ${{ secrets.PGP_SECRET }} + ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.PGP_PASSPHRASE }} + run: ./gradlew sign - name: Upload build reports if: always() uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: build-reports path: build/reports/ - dependency-review: - needs: build - runs-on: ubuntu-latest - steps: - - name: Perform dependency review - uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0 - + - name: Upload jar + if: ${{ inputs.upload }} + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: debezium-offsetfile-conv-${{ inputs.version }}.jar + path: build/quarkus-build/gen/debezium-offsetfile-conv-${{ inputs.version }}-runner.jar diff --git a/.github/workflows/determine_version.yaml b/.github/workflows/determine_version.yaml new file mode 100644 index 0000000..9ad7fb8 --- /dev/null +++ b/.github/workflows/determine_version.yaml @@ -0,0 +1,39 @@ +name: Determine version +on: + workflow_dispatch: + workflow_call: + outputs: + version: + description: "Determined version" + value: ${{ jobs.determine_version.outputs.version }} +jobs: + determine_version: + runs-on: ubuntu-22.04 + steps: + - name: Checkout + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + with: + fetch-depth: '0' + - name: Set up Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe #v4.1.0 + with: + go-version: 1.21.3 + - name: Install SVU + run: go install github.com/caarlos0/svu@00b733b056534c0fbdb316bbd37c023e7bb80905 #v1.11.0 + - name: Get branch name (merge) + if: github.event_name != 'pull_request' + run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | tr / -)" >> $GITHUB_ENV + - name: Get branch name (pull request) + if: github.event_name == 'pull_request' + run: echo "BRANCH_NAME=$(echo ${GITHUB_HEAD_REF} | tr / -)" >> $GITHUB_ENV + - name: Determine version (branch) + if: env.BRANCH_NAME != 'master' + run: 'echo "PROJECT_VERSION=$(svu --pre-release ${{ env.BRANCH_NAME }}-alpha.$(git rev-list origin/master.. --count))" >> "$GITHUB_ENV"' + - name: Determine version + if: env.BRANCH_NAME == 'master' + run: 'echo "PROJECT_VERSION=$(svu)" >> "$GITHUB_ENV"' + - run: 'echo "Determined version: $PROJECT_VERSION"' + - run: 'echo "PROJECT_VERSION=$PROJECT_VERSION" >> "$GITHUB_OUTPUT"' + id: set-version + outputs: + version: ${{ steps.set-version.outputs.PROJECT_VERSION}} diff --git a/.github/workflows/native_build.yaml b/.github/workflows/native_build.yaml new file mode 100644 index 0000000..b3df6b8 --- /dev/null +++ b/.github/workflows/native_build.yaml @@ -0,0 +1,181 @@ +name: Native Build + +on: + workflow_dispatch: + workflow_call: + inputs: + version: + required: true + type: string + upload: + required: false + type: boolean + default: false + sign: + required: false + type: boolean + default: false + +defaults: + run: + shell: bash + +permissions: + contents: write + pull-requests: write + packages: write + id-token: write + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-native-linux-x64: + name: build-native-linux-x64 + runs-on: ubuntu-22.04 + steps: + - name: Checkout + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + with: + fetch-depth: '0' + - name: Set up JDK + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + with: + java-version: '17.0.7' + distribution: 'liberica' + architecture: 'x64' + - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 #v1.1.0 + - name: Set up Gradle + uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # v2.9.0 + with: + generate-job-summary: true + dependency-graph: generate-and-submit + - name: Install cosign + if: ${{ inputs.sign }} + uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2 + with: + cosign-release: 'v2.1.1' + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + - name: Build native (linux x64) + env: + ORG_GRADLE_PROJECT_projectVersion: ${{ inputs.version }} + QUARKUS_PACKAGE_TYPE: native + QUARKUS_NATIVE_CONTAINERBUILD: true + run: ./gradlew -x test build + - name: Upload binary + if: ${{ inputs.upload }} + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: debezium-offsetfile-conv-linux-amd64-${{ inputs.version }} + path: build/debezium-offsetfile-conv-${{ inputs.version }}-runner + - name: Registry login + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract docker metadata (tags, labels) + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Build and push + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: ${{ inputs.upload }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + - name: Sign image + if: ${{ inputs.sign }} + env: + TAGS: ${{ steps.meta.outputs.tags }} + DIGEST: ${{ steps.build-and-push.outputs.digest }} + run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} + + build-native-windows-x64: + name: build-native-windows-x64 + runs-on: windows-2022 + steps: + - name: Checkout + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + with: + fetch-depth: '0' + - name: Set up JDK + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + with: + java-version: '17.0.7' + distribution: 'liberica' + architecture: 'x64' + - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 #v1.1.0 + - name: Set up Gradle + uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # v2.9.0 + with: + generate-job-summary: true + dependency-graph: generate-and-submit + - name: Set up GraalVM (Java ${{ matrix.java-version }}) + uses: graalvm/setup-graalvm@6c7d417a1ef253f4d667a69e6a5716927746e251 # v1.1.4.2 + with: + distribution: 'graalvm' + java-version: '17.0.7' + components: 'native-image' + github-token: ${{ secrets.GITHUB_TOKEN }} + native-image-job-reports: 'true' + - name: Build native (windows x64) + env: + ORG_GRADLE_PROJECT_projectVersion: ${{ inputs.version }} + QUARKUS_PACKAGE_TYPE: native + run: ./gradlew -x test build + - name: Upload binary + if: ${{ inputs.upload }} + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: debezium-offsetfile-conv-windows-amd64-${{ inputs.version }}.exe + path: build/debezium-offsetfile-conv-${{ inputs.version }}-runner.exe + + build-native-macos: + name: build-native-macos + runs-on: macos-12 + steps: + - name: Checkout + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + with: + fetch-depth: '0' + - name: Set up JDK + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + with: + java-version: '17.0.7' + distribution: 'liberica' + architecture: 'x64' + - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 #v1.1.0 + - name: Set up Gradle + uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # v2.9.0 + with: + generate-job-summary: true + dependency-graph: generate-and-submit + - name: Set up GraalVM (Java ${{ matrix.java-version }}) + uses: graalvm/setup-graalvm@6c7d417a1ef253f4d667a69e6a5716927746e251 # v1.1.4.2 + with: + distribution: 'graalvm' + java-version: '17.0.7' + components: 'native-image' + github-token: ${{ secrets.GITHUB_TOKEN }} + native-image-job-reports: 'true' + - name: Build native (macOS) + env: + ORG_GRADLE_PROJECT_projectVersion: ${{ inputs.version }} + QUARKUS_PACKAGE_TYPE: native + run: ./gradlew -x test build + - name: Upload binary + if: ${{ inputs.upload }} + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: debezium-offsetfile-conv-darwin-amd64-${{ inputs.version }} + path: build/debezium-offsetfile-conv-${{ inputs.version }}-runner diff --git a/.github/workflows/owasp.yaml b/.github/workflows/owasp.yaml new file mode 100644 index 0000000..17b88d4 --- /dev/null +++ b/.github/workflows/owasp.yaml @@ -0,0 +1,49 @@ +name: OWASP +on: + workflow_dispatch: + workflow_call: + inputs: + version: + required: true + type: string + +defaults: + run: + shell: bash + +permissions: + contents: read + +jobs: + build: + runs-on: ubuntu-22.04 + steps: + - name: Checkout + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + with: + fetch-depth: '0' + - name: Set up JDK + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + with: + java-version: '17.0.7' + distribution: 'liberica' + architecture: 'x64' + - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 #v1.1.0 + - name: Set up Gradle + uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # v2.9.0 + with: + generate-job-summary: true + dependency-graph: generate-and-submit + + - name: OWASP dependency check + env: + ORG_GRADLE_PROJECT_projectVersion: ${{ inputs.version }} + run: ./gradlew dependencyCheckAggregate + - name: Upload build reports + if: always() + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: build-reports + path: build/reports/ + - name: Perform dependency review + uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0 diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml new file mode 100644 index 0000000..b0f8c27 --- /dev/null +++ b/.github/workflows/pr.yaml @@ -0,0 +1,39 @@ +name: PR + +on: + workflow_dispatch: + push: + branches: + - master + pull_request: + branches: + - master + +defaults: + run: + shell: bash + +permissions: + contents: write + pull-requests: write + packages: write + id-token: write + +jobs: + determine_version: + uses: ./.github/workflows/determine_version.yaml + build: + needs: determine_version + uses: ./.github/workflows/build.yaml + with: + version: ${{ needs.determine_version.outputs.version }} + native_build: + needs: determine_version + uses: ./.github/workflows/native_build.yaml + with: + version: ${{ needs.determine_version.outputs.version }} + owasp: + needs: determine_version + uses: ./.github/workflows/owasp.yaml + with: + version: ${{ needs.determine_version.outputs.version }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..f9f9b70 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,34 @@ +name: Release + +on: + workflow_dispatch: + release: + types: [created] + +defaults: + run: + shell: bash + +permissions: + contents: write + pull-requests: write + packages: write + id-token: write + +jobs: + determine_version: + uses: ./.github/workflows/determine_version.yaml + build: + needs: determine_version + uses: ./.github/workflows/build.yaml + with: + version: ${{ needs.determine_version.outputs.version }} + upload: true + sign: true + native_build: + needs: determine_version + uses: ./.github/workflows/native_build.yaml + with: + version: ${{ needs.determine_version.outputs.version }} + upload: true + sign: true