From 2682162d2e922e00c7a599b33db590dd163643b7 Mon Sep 17 00:00:00 2001 From: kevan Jahanshahi Date: Tue, 2 Apr 2024 14:14:01 +0200 Subject: [PATCH] BACKLOG-22478: add dependency to legacy-default-components + 8.2.0.0 as parent (#24) * BACKLOG-22478: add dependency to legacy-default-components + 8.2.0.0 as parent * Fixed ci/cd for the repo * BACKLOG-22478: upgrade major version --------- Co-authored-by: Francois G --- .circleci/config.yml | 165 ------------------ .../maven.settings.xml | 32 +--- .github/workflows/on-code-change.yml | 59 +++++++ .github/workflows/on-merge.yml | 56 ++++++ .github/workflows/on-release.yml | 68 ++++++++ .github/workflows/triggerCircleCIOnPR.yml | 21 --- pom.xml | 8 +- src/main/import/repository.xml | 2 +- 8 files changed, 194 insertions(+), 217 deletions(-) delete mode 100644 .circleci/config.yml rename .circleci/.circleci.settings.xml => .github/maven.settings.xml (50%) create mode 100644 .github/workflows/on-code-change.yml create mode 100644 .github/workflows/on-merge.yml create mode 100644 .github/workflows/on-release.yml delete mode 100644 .github/workflows/triggerCircleCIOnPR.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 487a4bec..00000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,165 +0,0 @@ -version: 2.1 - -references: - workdir: &workdir - working_directory: ~/source - - persist-workspace: &persist-workspace - persist_to_workspace: - root: ~/source - paths: - - . - - attach-workspace: &attach-workspace - attach_workspace: - at: . - -jobs: - checkout: - <<: *workdir - docker: # run the steps with Docker - - image: circleci/openjdk:8-jdk-stretch - steps: - - checkout - - *persist-workspace - - build: - parameters: - is_pull_request: - type: boolean - default: false - <<: *workdir - docker: # run the steps with Docker - - image: circleci/openjdk:8-jdk-stretch - resource_class: large - steps: - - *attach-workspace - - restore_cache: - keys: - - v2-dependencies-{{ checksum "pom.xml" }} - # fallback to using the latest cache if no exact match is found - - v2-dependencies- - - when: - condition: <> - steps: - - run: - name: mvn clean install - command: mvn -s .circleci/.circleci.settings.xml clean install - - unless: - condition: <> - steps: - - run: - name: mvn clean deploy - command: mvn -s .circleci/.circleci.settings.xml clean deploy - - save_cache: - paths: - - ~/.m2 - key: v2-dependencies-{{ checksum "pom.xml" }} - - run: - name: Copy artifacts - command: | - mkdir /tmp/artifacts/ - cp /home/circleci/source/target/*.jar /tmp/artifacts/ - - store_artifacts: - path: /tmp/artifacts/ - - *persist-workspace - - sonar: - parameters: - is_pull_request: - type: boolean - default: false - <<: *workdir - docker: # run the steps with Docker - - image: circleci/openjdk:8-jdk-stretch - resource_class: large - steps: - - *attach-workspace - - restore_cache: - keys: - - v2-dependencies-{{ checksum "pom.xml" }} - # fallback to using the latest cache if no exact match is found - - v2-dependencies- - - when: - condition: <> - steps: - - run: - name: Analyze pull request with sonar - command: | - mvn -s .circleci/.circleci.settings.xml sonar:sonar -Dsonar.pullrequest.branch=$CIRCLE_BRANCH \ - -Dsonar.pullrequest.key=<< pipeline.parameters.pull_request_number >> \ - -Dsonar.pullrequest.base=<< pipeline.parameters.target_branch >> \ - -Dsonar.pullrequest.github.repository=<< pipeline.parameters.github_repository >> - - unless: - condition: <> - steps: - - run: - name: Sonar analysis - command: | - if [[ "${CIRCLE_BRANCH}" == "master" ]]; - then - mvn -s .circleci/.circleci.settings.xml sonar:sonar - else - mvn -s .circleci/.circleci.settings.xml sonar:sonar -Dsonar.branch.name=$CIRCLE_BRANCH - fi - - save_cache: - paths: - - ~/.m2 - key: v2-dependencies-{{ checksum "pom.xml" }} - -# Pipeline parameter must be declared -parameters: - run_pull_request: - type: boolean - default: false - target_branch: - type: string - default: "" - pull_request_number: - type: string - default: "" - github_repository: - type: string - default: "" - -workflows: - version: 2 - # This one is run only when triggered with the API, using a GitHub action - pull_request: - when: << pipeline.parameters.run_pull_request >> - jobs: - - checkout: - name: PR Checkout - - build: - name: PR Build - is_pull_request: true - context: QA_ENVIRONMENT - requires: - - PR Checkout - - sonar: - name: PR Sonar analysis - is_pull_request: true - context: QA_ENVIRONMENT - requires: - - PR Build - on-code-change: - jobs: - - checkout: - filters: - branches: - only: - - master - - /feature-.*/ - - /[0-9]_[0-9]_x/ - - /[0-9]_x/ - - build: - is_pull_request: false - context: QA_ENVIRONMENT - requires: - - checkout - - sonar: - name: Sonar analysis - is_pull_request: false - context: QA_ENVIRONMENT - requires: - - build diff --git a/.circleci/.circleci.settings.xml b/.github/maven.settings.xml similarity index 50% rename from .circleci/.circleci.settings.xml rename to .github/maven.settings.xml index 39a27bb4..8272f10f 100644 --- a/.circleci/.circleci.settings.xml +++ b/.github/maven.settings.xml @@ -1,24 +1,6 @@ - - jahia-internal-repository - - - jahia-internal - Jahia Internal Repository - ${env.NEXUS_INTERNAL_URL} - - true - never - - - true - always - - - - sonar @@ -30,14 +12,9 @@ - - - jahia-internal-repository - - - jahia-enterprise + jahia-public ${env.NEXUS_USERNAME} ${env.NEXUS_PASSWORD} @@ -47,9 +24,12 @@ ${env.NEXUS_PASSWORD} - jahia-internal + staging-repository ${env.NEXUS_USERNAME} ${env.NEXUS_PASSWORD} - + + org.owasp + + \ No newline at end of file diff --git a/.github/workflows/on-code-change.yml b/.github/workflows/on-code-change.yml new file mode 100644 index 00000000..2e4ba83b --- /dev/null +++ b/.github/workflows/on-code-change.yml @@ -0,0 +1,59 @@ +# This workflow is triggered every time a change is pushed to any branches +# Github actions command reference: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions +name: On Code Change (PR) + +# The workflow could also be triggered on PRs +on: + pull_request: + types: [opened, reopened, synchronize] + +jobs: + update-signature: + name: Update module signature + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: jahia/jahia-modules-action/update-signature@v2 + with: + nexus_username: ${{ secrets.NEXUS_USERNAME }} + nexus_password: ${{ secrets.NEXUS_PASSWORD }} + nexus_enterprise_releases_url: ${{ secrets.NEXUS_ENTERPRISE_RELEASES_URL }} + + static-analysis: + name: Static Analysis (linting, vulns) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: Jahia/jahia-modules-action/static-analysis@v2 + with: + node_version: 21 + auditci_level: critical + + build: + name: Build Module + needs: update-signature + runs-on: ubuntu-latest + container: + image: jahia/cimg-mvn-cache:ga_cimg_openjdk_11.0.20-node + credentials: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + steps: + - uses: actions/checkout@v3 + - uses: jahia/jahia-modules-action/build@v2 + with: + nexus_username: ${{ secrets.NEXUS_USERNAME }} + nexus_password: ${{ secrets.NEXUS_PASSWORD }} + + sonar-analysis: + name: Sonar Analysis + needs: build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: jahia/jahia-modules-action/sonar-analysis@v2 + with: + primary_release_branch: master + github_pr_id: ${{github.event.number}} + sonar_url: ${{ secrets.SONAR_URL }} + sonar_token: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/on-merge.yml b/.github/workflows/on-merge.yml new file mode 100644 index 00000000..1be8be86 --- /dev/null +++ b/.github/workflows/on-merge.yml @@ -0,0 +1,56 @@ +# This workflow is triggered every time a change is pushed to any branches +# Github actions command reference: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions +name: On merge to master + +# The workflow could also be triggered on PRs +on: + push: + branches: + - 'master' + tags-ignore: + - '**' + +jobs: + update-signature: + name: Update module signature + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: jahia/jahia-modules-action/update-signature@v2 + with: + nexus_username: ${{ secrets.NEXUS_USERNAME }} + nexus_password: ${{ secrets.NEXUS_PASSWORD }} + nexus_enterprise_releases_url: ${{ secrets.NEXUS_ENTERPRISE_RELEASES_URL }} + + build: + name: Build Module + needs: update-signature + runs-on: ubuntu-latest + container: + image: jahia/cimg-mvn-cache:ga_cimg_openjdk_11.0.20-node + credentials: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + steps: + - uses: actions/checkout@v3 + - uses: jahia/jahia-modules-action/build@v2 + with: + nexus_username: ${{ secrets.NEXUS_USERNAME }} + nexus_password: ${{ secrets.NEXUS_PASSWORD }} + + publish: + name: Publish module + needs: build + if: github.ref == 'refs/heads/master' + runs-on: ubuntu-latest + container: + image: jahia/cimg-mvn-cache:ga_cimg_openjdk_11.0.20-node + credentials: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + steps: + - uses: actions/checkout@v3 + - uses: jahia/jahia-modules-action/publish@v2 + with: + nexus_username: ${{ secrets.NEXUS_USERNAME }} + nexus_password: ${{ secrets.NEXUS_PASSWORD }} diff --git a/.github/workflows/on-release.yml b/.github/workflows/on-release.yml new file mode 100644 index 00000000..e554e4f1 --- /dev/null +++ b/.github/workflows/on-release.yml @@ -0,0 +1,68 @@ +# This workflow is triggered when someone create a new release in GitHub +# and checks the "This is a pre-relase" box. +name: Trigger Release creation + +on: + release: + types: [prereleased] + +jobs: + on-release: + runs-on: ubuntu-latest + + # The cimg-mvn-cache is an image containing a .m2 folder warmed-up + # with common Jahia dependencies. Using this prevents maven from + # downloading the entire world when building. + # More on https://github.com/Jahia/cimg-mvn-cache + container: + image: jahia/cimg-mvn-cache:ga_cimg_openjdk_11.0.20-node + credentials: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + steps: + # Providing the SSH PRIVATE of a user part of an admin group + # is necessary to bypass PR checks + - uses: actions/checkout@v3 + with: + ssh-key: ${{ secrets.GH_SSH_PRIVATE_KEY_JAHIACI }} + + # Setting up the SSH agent to be able to commit back to the repository + # https://github.com/webfactory/ssh-agent + - uses: webfactory/ssh-agent@v0.7.0 + with: + ssh-private-key: ${{ secrets.GH_SSH_PRIVATE_KEY_JAHIACI }} + + - uses: jahia/jahia-modules-action/release@v2 + name: Release Module + with: + github_slug: Jahia/jahia-base-demo-templates + primary_release_branch: master + release_id: ${{ github.event.release.id }} + release_version: ${{ github.event.release.tag_name }} + github_api_token: ${{ secrets.GH_API_TOKEN }} + nexus_username: ${{ secrets.NEXUS_USERNAME }} + nexus_password: ${{ secrets.NEXUS_PASSWORD }} + + - uses: jahia/jahia-modules-action/update-signature@v2 + with: + nexus_username: ${{ secrets.NEXUS_USERNAME }} + nexus_password: ${{ secrets.NEXUS_PASSWORD }} + nexus_enterprise_releases_url: ${{ secrets.NEXUS_ENTERPRISE_RELEASES_URL }} + force_signature: true + + - uses: jahia/jahia-modules-action/release-publication@v2 + name: Publish Module + with: + module_id: jahia-base-demo-templates + release_version: ${{ github.event.release.tag_name }} + nexus_username: ${{ secrets.NEXUS_USERNAME }} + nexus_password: ${{ secrets.NEXUS_PASSWORD }} + + # Tmate only starts if any of the previous steps fails. + # Be careful since it also means that if a step fails the workflow will + # keep running until it reaches the timeout + - name: Setup tmate session + if: ${{ failure() }} + uses: mxschmitt/action-tmate@v3 + timeout-minutes: 15 diff --git a/.github/workflows/triggerCircleCIOnPR.yml b/.github/workflows/triggerCircleCIOnPR.yml deleted file mode 100644 index df2f2d6d..00000000 --- a/.github/workflows/triggerCircleCIOnPR.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Trigger CircleCI on PR - -on: - pull_request: - types: [opened, edited, reopened, synchronize] - branches: - - master - - '[0-9]_[0-9]_x' - -jobs: - trigger_circle_ci: - runs-on: ubuntu-latest - steps: - - name: Trigger CircleCI pipeline - env: - # to get access to secrets.CIRCLECI_PIPELINE_LAUNCH_TOKEN, provide GITHUB_TOKEN - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: curl -X POST --url 'https://circleci.com/api/v2/project/gh/${{ github.repository }}/pipeline' - --header 'circle-token:${{ secrets.CIRCLECI_PIPELINE_LAUNCH_TOKEN }}' - --header 'content-type:application/json' - --data '{ "branch":"${{ github.HEAD_REF }}", "parameters":{ "run_pull_request":true, "target_branch":"${{ github.BASE_REF }}", "pull_request_number":"${{ github.event.number }}", "github_repository":"${{ github.repository }}" } }' diff --git a/pom.xml b/pom.xml index b31f2921..308cec2c 100644 --- a/pom.xml +++ b/pom.xml @@ -49,10 +49,10 @@ org.jahia.modules jahia-modules - 8.0.0.0 + 8.2.0.0-SNAPSHOT dx-base-demo-templates - 3.5.0-SNAPSHOT + 4.0.0-SNAPSHOT bundle Jahia Base Demo Templates Base demo templates set for Jahia @@ -64,8 +64,8 @@ templatesSet - default, search, bookmarks, topstories, facets, calendar, rating, location, news, skins, dx-base-demo-core, bootstrap3-core - MCwCFAMRc+kuxfn0TF+3lhh7eh53TIH5AhRCIrB80aelCQ0K26Csv8wE2wWCcQ== + default, search, bookmarks, topstories, facets, calendar, rating, location, news, skins, dx-base-demo-core, bootstrap3-core, legacy-default-components + MC0CFAJSV9UqYkxH9CSNrJCa32ytVcOQAhUAk/spCsAtJffWVczvj6WAd7rEv40= osgi.extender;filter:="(osgi.extender=org.jahia.bundles.blueprint.extender.config)" diff --git a/src/main/import/repository.xml b/src/main/import/repository.xml index bd9a2073..de47ffa7 100644 --- a/src/main/import/repository.xml +++ b/src/main/import/repository.xml @@ -1,7 +1,7 @@ -