From 2d538531bbf5d090165b65a58f6fb62a48a60961 Mon Sep 17 00:00:00 2001 From: Alejandro Alvarez Date: Tue, 27 Aug 2024 11:33:36 +0200 Subject: [PATCH] DAT-18302 DevOps :: Add Dry Run capabilities to liquibase packages (#250) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 🔧 (package.yml): Add conditional checks to skip workflow steps if dry_run flag is set to true. This allows for creating a dry-run release without executing certain steps. * 📝 (package.yml): add dry_run parameter to workflow inputs to support triggering a dry-run release and set default value to false * 🔧 (package.yml): Add conditional check to upload dry-run deb and rpm packages only if dry_run is true 🔧 (package.yml): Update SDKMAN version only if dry_run is false to avoid updating version in dry-run mode 🔧 (package.yml): Upload liquibase version to S3 only if dry_run is true to simulate dry-run mode * 🐛 (package.yml): fix conditional statement syntax to correctly check for PR_EXISTS and dry_run values before updating Homebrew formula * 🔧 (package.yml): Update SDKMAN version for ${{ inputs.artifactId }} with a dry-run option to prevent actual changes when dry_run is true 🔧 (package.yml): Remove unnecessary if condition for upload_windows_package and upload_ansible_role jobs as they are always executed regardless of dry_run value --- .github/workflows/package.yml | 70 +++++++++++++++++++++++++++++++++-- 1 file changed, 67 insertions(+), 3 deletions(-) diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml index 0d2c2343..f3c98ad5 100644 --- a/.github/workflows/package.yml +++ b/.github/workflows/package.yml @@ -13,6 +13,11 @@ on: version: description: "Value from the version field in pom.xml. i.e 4.23.0" type: string + dry_run: + description: 'Flag to indicate if the workflow is triggered to create a dry-run release' + required: true + type: boolean + default: false secrets: GPG_SECRET: description: "GPG_SECRET from the caller workflow" @@ -23,7 +28,7 @@ on: GPG_SECRET_KEY_ID: description: "GPG_SECRET_KEY_ID from the caller workflow" required: true - + env: MAVEN_VERSION: "3.9.5" @@ -94,6 +99,7 @@ jobs: run: gem install deb-s3 - name: Upload ${{ inputs.artifactId }} deb package + if: ${{ inputs.dry_run == false }} run: | sudo apt install pinentry-tty echo "2" | sudo update-alternatives --config pinentry @@ -102,6 +108,16 @@ jobs: echo '${{ secrets.GPG_PASSPHRASE }}' > pass.txt deb-s3 upload --preserve-versions --sign "${{ secrets.GPG_SECRET_KEY_ID }}" --gpg-options "\-\-pinentry-mode loopback \-\-batch \-\-passphrase\-file pass.txt \-\-yes \-\-quiet" --bucket repo.liquibase.com $PWD/.github/target/${{ inputs.artifactId }}-${{ inputs.version }}.deb + - name: Upload ${{ inputs.artifactId }} dry-run deb package + if: ${{ inputs.dry_run == true }} + run: | + sudo apt install pinentry-tty + echo "2" | sudo update-alternatives --config pinentry + echo "${{ secrets.GPG_SECRET }}" | gpg --batch --import --pinentry-mode loopback --passphrase "${{ secrets.GPG_PASSPHRASE }}" + export GPG_TTY=$(tty) + echo '${{ secrets.GPG_PASSPHRASE }}' > pass.txt + deb-s3 upload --preserve-versions --sign "${{ secrets.GPG_SECRET_KEY_ID }}" --gpg-options "\-\-pinentry-mode loopback \-\-batch \-\-passphrase\-file pass.txt \-\-yes \-\-quiet" --bucket repo.liquibase.com.dry.run $PWD/.github/target/${{ inputs.artifactId }}-${{ inputs.version }}.deb + - name: Convert deb to rpm run: | sudo apt-get update @@ -109,6 +125,7 @@ jobs: sudo alien --to-rpm --keep-version $PWD/.github/target/${{ inputs.artifactId }}-${{ inputs.version }}.deb - name: Upload ${{ inputs.artifactId }} rpm package + if: ${{ inputs.dry_run == false }} run: | sudo apt-get install -y libcurl4-openssl-dev libbz2-dev libxml2-dev libssl-dev zlib1g-dev pkg-config libglib2.0-dev liblzma-dev libsqlite0-dev libsqlite3-dev librpm-dev libzstd-dev python3 cmake ./.github/sign_artifact.sh ${{ inputs.artifactId }}-${{ inputs.version }}-1.noarch.rpm @@ -130,6 +147,29 @@ jobs: mv ${{ inputs.artifactId }}-${{ inputs.version }}-1.noarch* $PWD/yum/noarch aws s3 sync $PWD/yum s3://repo.liquibase.com/yum + - name: Upload ${{ inputs.artifactId }} dry-run rpm package + if: ${{ inputs.dry_run == true }} + run: | + sudo apt-get install -y libcurl4-openssl-dev libbz2-dev libxml2-dev libssl-dev zlib1g-dev pkg-config libglib2.0-dev liblzma-dev libsqlite0-dev libsqlite3-dev librpm-dev libzstd-dev python3 cmake + ./.github/sign_artifact.sh ${{ inputs.artifactId }}-${{ inputs.version }}-1.noarch.rpm + mkdir createrepo_folder + cd createrepo_folder + git clone https://github.com/rpm-software-management/createrepo_c + cd createrepo_c + mkdir build + cd build + cmake .. -DWITH_ZCHUNK=NO -DWITH_LIBMODULEMD=NO + make -j + cp src/createrepo_c /opt/createrepo + cd ../../.. + mkdir -p $PWD/yum/noarch + aws s3 ls s3://repo.liquibase.com.dry.run/yum/noarch/ | grep -E '\.rpm$' | awk '{print $4}' | xargs -I {} aws s3 cp s3://repo.liquibase.com.dry.run/yum/noarch/{} $PWD/yum/noarch + /opt/createrepo -h + /opt/createrepo -dp $PWD/yum/noarch + ./.github/sign_artifact.sh $PWD/yum/noarch/repodata/repomd.xml + mv ${{ inputs.artifactId }}-${{ inputs.version }}-1.noarch* $PWD/yum/noarch + aws s3 sync $PWD/yum s3://repo.liquibase.com.dry.run/yum + - name: Check for existing Homebrew formula PR for ${{ inputs.artifactId }} id: check-brew-pr @@ -151,7 +191,7 @@ jobs: fi - name: Update Homebrew formula for ${{ inputs.artifactId }} - if: env.PR_EXISTS == 'false' + if: ${{ env.PR_EXISTS == 'false' && inputs.dry_run == 'false' }} uses: mislav/bump-homebrew-formula-action@v3 with: formula-name: liquibase @@ -167,6 +207,7 @@ jobs: COMMITTER_TOKEN: ${{ secrets.BOT_TOKEN }} - name: Update SDKMAN version for ${{ inputs.artifactId }} + if: ${{ inputs.dry_run == false }} env: SDKMAN_CONSUMER_KEY: ${{ secrets.SDKMAN_CONSUMER_KEY }} SDKMAN_CONSUMER_TOKEN: ${{ secrets.SDKMAN_CONSUMER_TOKEN }} @@ -212,19 +253,42 @@ jobs: https://vendors.sdkman.io/announce/struct echo "Announced liquibase-$VERSION.zip to SDKMAN" + - name: Update SDKMAN version for ${{ inputs.artifactId }} dry-run + if: ${{ inputs.dry_run == true }} + env: + SDKMAN_CONSUMER_KEY: ${{ secrets.SDKMAN_CONSUMER_KEY }} + SDKMAN_CONSUMER_TOKEN: ${{ secrets.SDKMAN_CONSUMER_TOKEN }} + VERSION: ${{ inputs.version }} + S3_WEB_URL: https://s3.amazonaws.com/repo.liquibase.com.dry.run/sdkman + S3_BUCKET: s3://repo.liquibase.com.dry.run/sdkman/ + run: | + wget -q https://github.com/liquibase/liquibase/releases/download/v$VERSION/liquibase-$VERSION.zip + mkdir -p liquibase-$VERSION/bin/internal + unzip liquibase-$VERSION.zip -d liquibase-$VERSION + rm -rf liquibase-$VERSION.zip + mv ./liquibase-$VERSION/liquibase ./liquibase-$VERSION/bin/ + mv ./liquibase-$VERSION/liquibase.bat ./liquibase-$VERSION/bin/ + zip -r liquibase-$VERSION.zip ./liquibase-$VERSION + # Upload the release to S3 + aws s3 cp liquibase-$VERSION.zip $S3_BUCKET + echo "Uploaded liquibase-$VERSION.zip to s3" + - name: Ensure s3 bucket public access is enabled run: | aws s3api put-bucket-acl --bucket repo.liquibase.com --grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers + aws s3api put-bucket-acl --bucket repo.liquibase.com.dry.run --grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers upload_windows_package: uses: liquibase/liquibase-chocolatey/.github/workflows/deploy-package.yml@master secrets: inherit with: version: ${{ inputs.version }} + dry_run: ${{ inputs.dry_run }} upload_ansible_role: uses: liquibase/liquibase-ansible/.github/workflows/deploy-role.yml@main secrets: inherit with: version: ${{ inputs.version }} - + dry_run: ${{ inputs.dry_run }} + \ No newline at end of file