From d69c08e9c7cc94ada481d362406b9dd8e9ac2c46 Mon Sep 17 00:00:00 2001 From: "Cezar.Leahu" Date: Fri, 6 Dec 2019 14:39:18 +0200 Subject: [PATCH] ATS-628: Update build config on support branches --- .travis.yml | 82 +++++++++++++++++++++++++++++++++ _ci/build.sh | 24 ++++++++++ _ci/cache_artifacts.sh | 24 ++++++++++ _ci/init.sh | 20 +++++++++ _ci/prepare_release_deploy.sh | 24 ++++++++++ _ci/prepare_staging_deploy.sh | 24 ++++++++++ _ci/release.sh | 28 ++++++++++++ _ci/settings.xml | 85 +++++++++++++++++++++++++++++++++++ _ci/whitesource.sh | 22 +++++++++ docs/build-and-release.md | 77 +++++++++++++++++++++++++++++++ 10 files changed, 410 insertions(+) create mode 100644 .travis.yml create mode 100644 _ci/build.sh create mode 100644 _ci/cache_artifacts.sh create mode 100644 _ci/init.sh create mode 100644 _ci/prepare_release_deploy.sh create mode 100644 _ci/prepare_staging_deploy.sh create mode 100644 _ci/release.sh create mode 100644 _ci/settings.xml create mode 100644 _ci/whitesource.sh create mode 100644 docs/build-and-release.md diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 00000000..86f29f4e --- /dev/null +++ b/.travis.yml @@ -0,0 +1,82 @@ +--- +language: java +jdk: openjdk11 +dist: xenial + +git: + depth: false + quiet: true + +services: + - docker + +cache: + directories: + - ${HOME}/.m2/repository + - ${HOME}/artifacts + +branches: + only: + - master + - /^SP\/.+$/ + - /^HF\/.+$/ + - company_release + - /^ATS-.*$/ + +stages: + - build + - release + - company_release + +jobs: + include: + - name: "Build + Tests" + stage: build + if: branch NOT IN (company_release) + before_install: bash _ci/init.sh + before_script: travis_wait bash _ci/cache_artifacts.sh + script: bash _ci/build.sh + + - name: "WhiteSource" + stage: build + if: branch NOT IN (company_release) + before_install: bash _ci/init.sh + script: bash _ci/whitesource.sh + + - name: "Release" + stage: release + if: commit_message ~= /\[trigger release\]/ AND branch ~= /^(master|SP\/.+|HF\/.+)$/ + before_install: bash _ci/init.sh + before_script: travis_wait bash _ci/cache_artifacts.sh + script: travis_wait 30 bash _ci/release.sh + before_deploy: source _ci/prepare_staging_deploy.sh + deploy: + provider: s3 + access_key_id: "${STAGING_AWS_ACCESS_KEY}" + secret_access_key: "${STAGING_AWS_SECRET_KEY}" + bucket: "alfresco-artefacts-staging" + skip_cleanup: true + region: "eu-west-1" + local_dir: "deploy_dir" + upload-dir: "enterprise/AlfrescoTransformServices/TransformEngines/${VERSION}" + on: + all_branches: true + + - name: "Company Release" + stage: company_release + if: branch = company_release + before_install: bash _ci/init.sh + install: echo "NoOp" + script: echo "NoOp" + before_deploy: source _ci/prepare_release_deploy.sh + deploy: + provider: s3 + access_key_id: "${RELEASE_AWS_ACCESS_KEY}" + secret_access_key: "${RELEASE_AWS_SECRET_KEY}" + bucket: "eu.dl.alfresco.com" + skip_cleanup: true + region: "eu-west-1" + local_dir: "deploy_dir" + upload-dir: "release/enterprise/AlfrescoTransformServices/TransformEngines/${VERSION}" + on: + branch: company_release diff --git a/_ci/build.sh b/_ci/build.sh new file mode 100644 index 00000000..0c9c18f9 --- /dev/null +++ b/_ci/build.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +echo "=========================== Starting Build&Test Script ===========================" +PS4="\[\e[35m\]+ \[\e[m\]" +set -vex +pushd "$(dirname "${BASH_SOURCE[0]}")/../" + +# Always build the image, but only publish from the "master" branch +[ "${TRAVIS_PULL_REQUEST}" = "false" ] && [ "${TRAVIS_BRANCH}" = "master" ] && PROFILE="internal" || PROFILE="local" + +# If the branch is "master" and the commit is not a Pull Request then deploy the JAR SNAPSHOT artifacts +[ "${TRAVIS_PULL_REQUEST}" = "false" ] && [ "${TRAVIS_BRANCH}" = "master" ] && DEPLOY="deploy" || DEPLOY="install" + +mvn -B -U \ + clean ${DEPLOY} \ + -DadditionalOption=-Xdoclint:none -Dmaven.javadoc.skip=true \ + "-P${PROFILE},docker-it-setup" + +docker ps -a -q | xargs -r -l docker stop ; docker ps -a -q | xargs -r -l docker rm + +popd +set +vex +echo "=========================== Finishing Build&Test Script ==========================" + diff --git a/_ci/cache_artifacts.sh b/_ci/cache_artifacts.sh new file mode 100644 index 00000000..4c576219 --- /dev/null +++ b/_ci/cache_artifacts.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +echo "=========================== Starting Cache Artifacts Script ===========================" +PS4="\[\e[35m\]+ \[\e[m\]" +set -vex +pushd "$(dirname "${BASH_SOURCE[0]}")/../" + +LIBREOFFICE_VERSION=5.4.6 + +# Cache the LibreOffice distribution, as it is takes a long time to download and it can cause the +# build to fail (no output for more than 10 minutes) +LIBREOFFICE_RPM_URL="https://nexus.alfresco.com/nexus/service/local/repositories/thirdparty/content/org/libreoffice/libreoffice-dist/${LIBREOFFICE_VERSION}/libreoffice-dist-${LIBREOFFICE_VERSION}-linux.gz" +if [ -f "${HOME}/artifacts/libreoffice-dist-${LIBREOFFICE_VERSION}-linux.gz" ]; then + echo "Using cached LibreOffice distribution..." +else + echo "Downloading LibreOffice distribution..." + curl -s -S ${LIBREOFFICE_RPM_URL} -o "${HOME}/artifacts/libreoffice-dist-${LIBREOFFICE_VERSION}-linux.gz" +fi +cp "${HOME}/artifacts/libreoffice-dist-${LIBREOFFICE_VERSION}-linux.gz" alfresco-docker-libreoffice/ + + +popd +set +vex +echo "=========================== Finishing Cache Artifacts Script ==========================" diff --git a/_ci/init.sh b/_ci/init.sh new file mode 100644 index 00000000..be613bd3 --- /dev/null +++ b/_ci/init.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +echo "=========================== Starting Init Script ===========================" +PS4="\[\e[35m\]+ \[\e[m\]" +set -vex +pushd "$(dirname "${BASH_SOURCE[0]}")/../" + +mkdir -p ${HOME}/.m2 && cp -rf _ci/settings.xml ${HOME}/.m2/ +echo "${QUAY_PASSWORD}" | docker login -u="alfresco+bamboo" --password-stdin quay.io +echo "${DOCKERHUB_PASSWORD}" | docker login -u=${DOCKERHUB_USERNAME} --password-stdin docker.io +find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf + +# Enable experimental docker features (e.g. squash options) +echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json +sudo service docker restart + +popd +set +vex +echo "=========================== Finishing Init Script ==========================" + diff --git a/_ci/prepare_release_deploy.sh b/_ci/prepare_release_deploy.sh new file mode 100644 index 00000000..d255bb59 --- /dev/null +++ b/_ci/prepare_release_deploy.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +echo "========================== Starting Prepare Release Deploy Script ===========================" +PS4="\[\e[35m\]+ \[\e[m\]" +set -vex +pushd "$(dirname "${BASH_SOURCE[0]}")/../" + +# Identify latest annotated tag (latest version) +export VERSION=$(git describe --abbrev=0 --tags) + +mkdir -p deploy_dir + +# Download the WhiteSource report +mvn org.alfresco:whitesource-downloader-plugin:inventoryReport \ + -N \ + "-Dorg.whitesource.product=Transform Service" \ + -DsaveReportAs=deploy_dir/3rd-party.xlsx + +echo "Local deploy directory content:" +ls -lA deploy_dir + +popd +set +vex +echo "========================== Finishing Prepare Release Deploy Script ==========================" diff --git a/_ci/prepare_staging_deploy.sh b/_ci/prepare_staging_deploy.sh new file mode 100644 index 00000000..b8a544bb --- /dev/null +++ b/_ci/prepare_staging_deploy.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +echo "========================== Starting Prepare Staging Deploy Script ===========================" +PS4="\[\e[35m\]+ \[\e[m\]" +set -vex +pushd "$(dirname "${BASH_SOURCE[0]}")/../" + +# Identify latest annotated tag (latest version) +export VERSION=$(git describe --abbrev=0 --tags) + +mkdir -p deploy_dir + +# Download the WhiteSource report +mvn org.alfresco:whitesource-downloader-plugin:inventoryReport \ + -N \ + "-Dorg.whitesource.product=Transform Service" \ + -DsaveReportAs=deploy_dir/3rd-party.xlsx + +echo "Local deploy directory content:" +ls -lA deploy_dir + +popd +set +vex +echo "========================== Finishing Prepare Staging Deploy Script ==========================" diff --git a/_ci/release.sh b/_ci/release.sh new file mode 100644 index 00000000..11344097 --- /dev/null +++ b/_ci/release.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash + +echo "=========================== Starting Release Script ===========================" +PS4="\[\e[35m\]+ \[\e[m\]" +set -vex +pushd "$(dirname "${BASH_SOURCE[0]}")/../" + +# For PR builds only execute a Dry Run of the release +[ "${TRAVIS_PULL_REQUEST}" = "false" ] && DRY_RUN="" || DRY_RUN="-DdryRun" + +# Travis CI runner work on DETACHED HEAD, so we need to checkout the release branch +git checkout -B "${TRAVIS_BRANCH}" + +git config user.email "build@alfresco.com" + +# Run the release plugin - with "[skip ci]" in the release commit message +mvn -B \ + ${DRY_RUN} \ + -Prelease \ + "-Darguments=-Prelease -DskipTests -Dmaven.javadoc.skip -Dadditionalparam=-Xdoclint:none" \ + release:clean release:prepare release:perform \ + -DscmCommentPrefix="[maven-release-plugin][skip ci] " \ + -Dusername=alfresco-build \ + -Dpassword=${GIT_PASSWORD} + +popd +set +vex +echo "=========================== Finishing Release Script ==========================" diff --git a/_ci/settings.xml b/_ci/settings.xml new file mode 100644 index 00000000..ccec1b18 --- /dev/null +++ b/_ci/settings.xml @@ -0,0 +1,85 @@ + + + + alfresco-internal + + true + + + + alfresco-internal + Alfresco Internal Repository + https://artifacts.alfresco.com/nexus/content/groups/internal + + + + + alfresco-internal + Alfresco Internal Repository + https://artifacts.alfresco.com/nexus/content/groups/internal + + + + + ${env.WHITESOURCE_TOKEN} + + + + + + + + alfresco-internal + bamboo + ${env.NEXUS_PASSWORD} + + + + alfresco-internal-snapshots + bamboo + ${env.NEXUS_PASSWORD} + + + alfresco-internal-releases + bamboo + ${env.NEXUS_PASSWORD} + + + alfresco-enterprise-snapshots + bamboo + ${env.NEXUS_PASSWORD} + + + alfresco-enterprise-releases + bamboo + ${env.NEXUS_PASSWORD} + + + alfresco-public-snapshots + bamboo + ${env.NEXUS_PASSWORD} + + + alfresco-public + bamboo + ${env.NEXUS_PASSWORD} + + + alfresco-thirdparty + bamboo + ${env.NEXUS_PASSWORD} + + + + + quay.io + alfresco+bamboo + ${env.QUAY_PASSWORD} + + + docker.io + ${env.DOCKERHUB_USERNAME} + ${env.DOCKERHUB_PASSWORD} + + + diff --git a/_ci/whitesource.sh b/_ci/whitesource.sh new file mode 100644 index 00000000..0a786da3 --- /dev/null +++ b/_ci/whitesource.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash + +echo "=========================== Starting WhiteSource Script ===========================" +PS4="\[\e[35m\]+ \[\e[m\]" +set -vex +pushd "$(dirname "${BASH_SOURCE[0]}")/../" + + +mvn clean install \ + -DskipTests org.whitesource:whitesource-maven-plugin:update \ + -Dorg.whitesource.failOnError=true \ + -Dorg.whitesource.forceUpdate=true \ + -Dorg.whitesource.checkPolicies=true \ + -Dorg.whitesource.forceCheckAllDependencies=true \ + -Dorg.whitesource.ignorePomModules=false \ + "-Dorg.whitesource.product=Transform Service" \ + -Dmaven.wagon.http.pool=false + +popd +set +vex +echo "=========================== Finishing WhiteSource Script ==========================" + diff --git a/docs/build-and-release.md b/docs/build-and-release.md new file mode 100644 index 00000000..b9466530 --- /dev/null +++ b/docs/build-and-release.md @@ -0,0 +1,77 @@ +# Build +The `alfresco-transform-core` project uses _Travis CI_. \ +The `.travis.yml` config file can be found in the root of the repository. + + +## Stages and Jobs +1. **Build**: Java build with unit tests, integration tests and WhiteSource scan. +2. **Release**: Release with artifact deployment to Nexus and AWS Staging bucket. +3. **Company Release**: Artifact deployment to AWS Release bucket. + + +## Branches +Travis CI builds differ by branch: +* `master` / `SP/*` / `HF/*` branches: + - regular builds which include the _Build_ stage; + > On the `master` branch only the _Build_ stage updates the `latest` T-Engines images on + > both Quay and DockerHub: + > - alfresco/alfresco-pdf-renderer + > - alfresco/alfresco-imagemagick + > - alfresco/alfresco-tika + > - alfresco/alfresco-libreoffice + - if the commit message contains the `[trigger release]` tag, the builds will also + include the _Release_ stage; + - PR builds where the latest commit contains the `[trigger release]` tag will execute dry runs + of the release jobs (no artifacts will be published until the PR is actually merged). +* `ATS-*` branches: + - regular builds which include only the _Build_ and _Tests_ stages; +* `company_release` branch: + - builds that include the _Company Release_ stage only. + - the `company_release` branch should be used for one-off events; once used (a build + completes), the branch should be deleted. + +All other branches are ignored. + + +## Release process steps & info +Prerequisites: + - the `master` / `SP/*` / `HF/*` branch is green and it contains all the changes that should be + included in the next release. + +Steps: +1. Create a new branch with the name `ATS-###_release_version` from the `master` / `SP/*`/ `HF/*` +branch. +2. Update the project version if the current POM version is not the next desired release; use a +maven command, i.e. + ```bash + mvn versions:set -DnewVersion=#.##.#-SNAPSHOT versions:commit + ``` +3. Update the project's dependencies (remove the `-SNAPSHOT` suffixes - only for dependencies, not + for the local project version). +4. Create a new commit with the `[trigger release]` tag in its message. If no local changes have +been generated by steps (2) and (3), then an empty commit should be created - e.g. + ```bash + git commit --allow-empty -m "ATS-###: Release AIS #.##.# [trigger release]" + ``` + + > The location of the `[trigger release]` tag in the commit message is irrelevant. + + > If for any reason your PR contains multiple commits, the commit with the `[trigger release]` + tag should be the last (newest) one. This will trigger the Release dry runs. +5. Open a new Pull Request from the `ATS-###_release_version` branch into the original +`master` / `SP/*` / `HF/*` branch and wait for a green build; the **Release** stage on the PR build + will only execute a _Dry_Run_ of the release. +6. Once it is approved, merge the PR, preferably through the **Rebase and merge** option. If the +**Create a merge commit** (_Merge pull request_) or **Squash and merge** options are used, you +need to ensure that the _commit message_ contains the `[trigger release]` tag (sub-string). + +## Company Release process steps & info +Prerequisites: + - The **Release** stage is complete - i.e. the release commit is tagged and the release + artifacts are deployed on Nexus. + +Steps: +1. Create a new `company_release` branch from the `master` / `SP/*`/ `HF/*` branch. This job uses +the latest branch git tag to identify the version that must be uploaded to the S3 release bucket. +2. Wait for a green build on the branch. +3. Delete local and remote `company_release` branch.