diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml index 7a277265..494c90a2 100644 --- a/.github/workflows/acceptance-tests.yml +++ b/.github/workflows/acceptance-tests.yml @@ -1,11 +1,12 @@ -name: Acceptance tests +# Reusable workflow to run the acceptance tests, referenced by workflow-*.yml pipelines. +name: Acceptance tests in Sandbox environment on: workflow_call: inputs: checkout_ref: description: 'The reference to checkout before running the acceptance tests. Used to run the tests on a fork.' - required: false + required: true type: string secrets: tl_client_id: @@ -25,7 +26,7 @@ jobs: with: ref: ${{ inputs.checkout_ref }} - name: Setup JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: '21' distribution: 'temurin' diff --git a/.github/workflows/build.yml b/.github/workflows/build-test-coverage.yml similarity index 57% rename from .github/workflows/build.yml rename to .github/workflows/build-test-coverage.yml index 3fe92c04..d896fd51 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build-test-coverage.yml @@ -1,33 +1,39 @@ -name: Build +# Reusable workflow to build, run unit and integration test and coverage analysis, referenced by workflow-*.yml pipelines. +name: Build, tests and coverage analysis on: workflow_call: + secrets: + coveralls_repo_token: + required: true inputs: checkout_ref: description: 'The reference to checkout before running the acceptance tests. Used to run the tests on a fork.' - required: false + required: true type: string outputs: project_version: description: "The project version" - value: ${{ jobs.build.outputs.project_version }} + value: ${{ jobs.build-test.outputs.project_version }} jobs: - build: + build-test: name: Build and tests strategy: fail-fast: false matrix: os: [ ubuntu-latest ] java-distribution: [ temurin ] - java-version: [ 11, 16, 17, 18, 19, 20, 21 ] + java-version: [ 11, 17, 20, 21 ] runs-on: ${{ matrix.os }} outputs: project_version: ${{ steps.get_project_version.outputs.project_version }} steps: - uses: actions/checkout@v4 + with: + ref: ${{ inputs.checkout_ref }} - name: Setup JDK ${{ matrix.java }} - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: ${{ matrix.java-version }} distribution: ${{ matrix.java-distribution }} @@ -38,7 +44,7 @@ jobs: id: get_project_version run: | PROJECT_VERSION=$(./gradlew properties -q | grep "version:" | awk '{print $2}') - echo "::set-output name=project_version::$PROJECT_VERSION" + echo "project_version=$PROJECT_VERSION" >> $GITHUB_OUTPUT - name: Semantic versioning check run: | if [[ "${{steps.get_project_version.outputs.project_version}}" =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then @@ -53,4 +59,24 @@ jobs: - name: Unit tests run: ./gradlew unit-tests - name: Integration tests - run: ./gradlew integration-tests \ No newline at end of file + run: ./gradlew integration-tests + coverage: + name: Test coverage analysis + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ inputs.checkout_ref }} + - name: Setup JDK + uses: actions/setup-java@v4 + with: + java-version: '21' + distribution: 'temurin' + cache: 'gradle' + - name: Validate Gradle wrapper + uses: gradle/wrapper-validation-action@v1 + - name: Test coverage + run: ./gradlew unit-tests jacocoTestReport coveralls + env: + COVERALLS_REPO_TOKEN: ${{ secrets.coveralls_repo_token }} + CI_BRANCH: ${{ inputs.checkout_ref }} \ No newline at end of file diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml deleted file mode 100644 index af9c253b..00000000 --- a/.github/workflows/coverage.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Coverage - -on: - workflow_call: - inputs: - checkout_ref: - description: 'The reference to checkout before running the acceptance tests. Used to run the tests on a fork.' - required: false - type: string - secrets: - coveralls_repo_token: - required: true - -jobs: - coverage: - name: Test coverage analysis - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Setup JDK - uses: actions/setup-java@v3 - with: - java-version: '21' - distribution: 'temurin' - cache: 'gradle' - - name: Validate Gradle wrapper - uses: gradle/wrapper-validation-action@v1 - - name: Test coverage - run: ./gradlew unit-tests jacocoTestReport coveralls - env: - COVERALLS_REPO_TOKEN: ${{ secrets.coveralls_repo_token }} - CI_BRANCH: ${{ inputs.branch }} \ No newline at end of file diff --git a/.github/workflows/release-snapshot.yml b/.github/workflows/release-snapshot.yml index e5757257..8efbe207 100644 --- a/.github/workflows/release-snapshot.yml +++ b/.github/workflows/release-snapshot.yml @@ -1,68 +1,33 @@ -name: Release snapshot version +# Reusable workflow to release to Nexus snapshot repository, referenced by workflow-*.yml pipelines. +name: Release to Nexus snapshots repository on: - # This applies to all branches that are part of our repo, that is all *internal* contributions - push: - branches-ignore: - - 'main' - tags-ignore: - - '**' - # This applies to both *internal* and *external* contributions - pull_request_target: - types: [ opened, synchronize ] + workflow_call: + inputs: + checkout_ref: + description: 'The reference to checkout before running the acceptance tests. Used to run the tests on a fork.' + required: true + type: string + project_version: + description: "The project version" + required: true + type: string + secrets: + sonatype_username: + required: true + sonatype_password: + required: true jobs: - coverage: - name: Test coverage analysis - uses: ./.github/workflows/coverage.yml - with: - checkout_ref: ${{ github.event.pull_request.head.sha }} - secrets: - coveralls_repo_token: ${{ secrets.COVERALLS_REPO_TOKEN }} - build: - name: Build and tests - with: - checkout_ref: ${{ github.event.pull_request.head.sha }} - uses: ./.github/workflows/build.yml - access-check: - runs-on: ubuntu-latest - steps: - - name: Get User Permission - id: checkAccess - uses: actions-cool/check-user-permission@v2 - with: - require: write - username: ${{ github.triggering_actor }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Check User Permission - if: steps.checkAccess.outputs.require-result == 'false' - run: | - echo "${{ github.triggering_actor }} does not have permissions on this repo." - echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}" - echo "Job originally triggered by ${{ github.actor }}" - exit 1 - acceptance-tests: - name: Acceptance tests in Sandbox environment - needs: [build, access-check] - with: - checkout_ref: ${{ github.event.pull_request.head.sha }} - uses: ./.github/workflows/acceptance-tests.yml - secrets: - tl_client_id: ${{ secrets.ACCEPTANCE_TEST_CLIENT_ID }} - tl_client_secret: ${{ secrets.ACCEPTANCE_TEST_CLIENT_SECRET }} - tl_signing_key_id: ${{ secrets.ACCEPTANCE_TEST_SIGNING_KEY_ID }} - tl_signing_private_key: ${{ secrets.ACCEPTANCE_TEST_SIGNING_PRIVATE_KEY }} release-snapshot: name: Release to Nexus snapshots repository runs-on: ubuntu-latest - needs: [build, acceptance-tests] steps: - uses: actions/checkout@v4 with: - checkout_ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.checkout_ref }} - name: Setup JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: '21' distribution: 'temurin' @@ -71,11 +36,14 @@ jobs: uses: gradle/wrapper-validation-action@v1 - name: Create Snapshot version run: | - echo "project_version_snapshot=${{needs.build.outputs.project_version}}-${GITHUB_REF##*/}-SNAPSHOT" >> $GITHUB_ENV + CHECKOUT_REF=${{inputs.checkout_ref}} + STRIPPED_CHECKOUT_REF=${CHECKOUT_REF##*/} + echo "stripped_checkout_ref=$STRIPPED_CHECKOUT_REF" >> $GITHUB_ENV + echo "project_version_snapshot=${{inputs.project_version}}-$STRIPPED_CHECKOUT_REF-SNAPSHOT" >> $GITHUB_ENV echo "Snapshot project version created: ${{env.project_version_snapshot}}" - name: Snapshot version check run: | - SNAPSHOT_VERSION_REGEX="^([0-9]+)\.([0-9]+)\.([0-9]+)-${GITHUB_REF##*/}-SNAPSHOT$"; + SNAPSHOT_VERSION_REGEX="^([0-9]+)\.([0-9]+)\.([0-9]+)-${{env.stripped_checkout_ref}}-SNAPSHOT$"; if [[ "${{env.project_version_snapshot}}" =~ $SNAPSHOT_VERSION_REGEX ]]; then echo "Project version ${{env.project_version_snapshot}} is valid" else @@ -84,5 +52,5 @@ jobs: - name: Publish to Sonatype snapshot repository run: ./gradlew -Pversion=${{env.project_version_snapshot}} publishToSonatype env: - SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} - SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} \ No newline at end of file + SONATYPE_USERNAME: ${{ secrets.sonatype_username }} + SONATYPE_PASSWORD: ${{ secrets.sonatype_password }} \ No newline at end of file diff --git a/.github/workflows/workflow-branch.yml b/.github/workflows/workflow-branch.yml new file mode 100644 index 00000000..2e9f8392 --- /dev/null +++ b/.github/workflows/workflow-branch.yml @@ -0,0 +1,38 @@ +# Workflow that runs only on internal branches that are not then main one. +# Triggered by pushes on internal branches (excluding main and tags). +# Build, test, run coverage analysis and release to Maven Central a final release. +name: Workflow on internal branch, excluding main + +on: + push: + branches-ignore: + - 'main' + tags-ignore: + - '**' + +jobs: + build-test-coverage: + uses: ./.github/workflows/build-test-coverage.yml + with: + checkout_ref: ${{ github.ref }} + secrets: + coveralls_repo_token: ${{ secrets.COVERALLS_REPO_TOKEN }} + acceptance-tests: + needs: build-test-coverage + uses: ./.github/workflows/acceptance-tests.yml + with: + checkout_ref: ${{ github.ref }} + secrets: + tl_client_id: ${{ secrets.ACCEPTANCE_TEST_CLIENT_ID }} + tl_client_secret: ${{ secrets.ACCEPTANCE_TEST_CLIENT_SECRET }} + tl_signing_key_id: ${{ secrets.ACCEPTANCE_TEST_SIGNING_KEY_ID }} + tl_signing_private_key: ${{ secrets.ACCEPTANCE_TEST_SIGNING_PRIVATE_KEY }} + release-snapshot: + needs: [build-test-coverage, acceptance-tests] + uses: ./.github/workflows/release-snapshot.yml + with: + checkout_ref: ${{ github.ref }} + project_version: ${{ needs.build-test-coverage.outputs.project_version }} + secrets: + sonatype_username: ${{ secrets.SONATYPE_USERNAME }} + sonatype_password: ${{ secrets.SONATYPE_PASSWORD }} \ No newline at end of file diff --git a/.github/workflows/release-final.yml b/.github/workflows/workflow-main.yml similarity index 70% rename from .github/workflows/release-final.yml rename to .github/workflows/workflow-main.yml index 057447b2..9e13ee25 100644 --- a/.github/workflows/release-final.yml +++ b/.github/workflows/workflow-main.yml @@ -1,4 +1,7 @@ -name: Release final version +# Main workflow that runs on the main branch. +# Triggered by pushes on the main branch (excluding tags). +# Build, test, run coverage analysis and release to Maven Central a final release. +name: Workflow on main branch on: push: @@ -8,20 +11,17 @@ on: - '**' jobs: - coverage: - name: Test coverage analysis - uses: ./.github/workflows/coverage.yml + build-test-coverage: + uses: ./.github/workflows/build-test-coverage.yml with: - branch: ${{ github.head_ref }} + checkout_ref: ${{ github.ref }} secrets: - coveralls_repo_token: ${{ secrets.COVERALLS_REPO_TOKEN }} - build: - name: Build and tests - uses: ./.github/workflows/build.yml + coveralls_repo_token: ${{ secrets.COVERALLS_REPO_TOKEN }} acceptance-tests: - name: Acceptance tests in Sandbox environment - needs: build + needs: build-test-coverage uses: ./.github/workflows/acceptance-tests.yml + with: + checkout_ref: ${{ github.ref }} secrets: tl_client_id: ${{ secrets.ACCEPTANCE_TEST_CLIENT_ID }} tl_client_secret: ${{ secrets.ACCEPTANCE_TEST_CLIENT_SECRET }} @@ -30,11 +30,13 @@ jobs: release: name: Release to Maven Central runs-on: ubuntu-latest - needs: [build, acceptance-tests] + needs: acceptance-tests steps: - uses: actions/checkout@v4 + with: + checkout_ref: ${{ github.ref }} - name: Setup JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: '21' distribution: 'temurin' @@ -46,7 +48,7 @@ jobs: uses: mathieudutour/github-tag-action@v6.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} - custom_tag: ${{ needs.build.outputs.project_version }} + custom_tag: ${{ needs.build-test-coverage.outputs.project_version }} tag_prefix: '' - name: Create release uses: softprops/action-gh-release@v1 diff --git a/.github/workflows/workflow-pr-fork.yml b/.github/workflows/workflow-pr-fork.yml new file mode 100644 index 00000000..0d129282 --- /dev/null +++ b/.github/workflows/workflow-pr-fork.yml @@ -0,0 +1,46 @@ +# Workflow that runs on PR on forks. +# Triggered by PR events like opening or synchronizing. +# Build, test, run coverage analysis and release to Maven Central a snapshot release. +# The job will only run successfully if re-triggered by an internal contributor. +name: Workflow for PR on forks + +on: + pull_request_target: + types: [ opened, synchronize ] + +jobs: + check-access: + if: ${{ ! startsWith(github.event.pull_request.head.repo.full_name, 'TrueLayer/truelayer-java') }} + runs-on: ubuntu-latest + steps: + - name: Check access + if: ${{ github.event.pull_request.author_association != 'COLLABORATOR' && github.event.pull_request.author_association != 'OWNER' }} + run: | + echo "Event not triggered by a collaborator." + exit 1 + build-test-coverage: + needs: check-access + uses: ./.github/workflows/build-test-coverage.yml + with: + checkout_ref: ${{ github.event.pull_request.head.sha }} + secrets: + coveralls_repo_token: ${{ secrets.COVERALLS_REPO_TOKEN }} + acceptance-tests: + needs: build-test-coverage + uses: ./.github/workflows/acceptance-tests.yml + with: + checkout_ref: ${{ github.event.pull_request.head.sha }} + secrets: + tl_client_id: ${{ secrets.ACCEPTANCE_TEST_CLIENT_ID }} + tl_client_secret: ${{ secrets.ACCEPTANCE_TEST_CLIENT_SECRET }} + tl_signing_key_id: ${{ secrets.ACCEPTANCE_TEST_SIGNING_KEY_ID }} + tl_signing_private_key: ${{ secrets.ACCEPTANCE_TEST_SIGNING_PRIVATE_KEY }} + release-snapshot: + needs: [build-test-coverage, acceptance-tests] + uses: ./.github/workflows/release-snapshot.yml + with: + checkout_ref: ${{ github.event.pull_request.head.sha }} + project_version: ${{ needs.build-test-coverage.outputs.project_version }} + secrets: + sonatype_username: ${{ secrets.SONATYPE_USERNAME }} + sonatype_password: ${{ secrets.SONATYPE_PASSWORD }} \ No newline at end of file diff --git a/.github/workflows/scheduled-acceptance-tests.yml b/.github/workflows/workflow-scheduled-acceptance-tests.yml similarity index 71% rename from .github/workflows/scheduled-acceptance-tests.yml rename to .github/workflows/workflow-scheduled-acceptance-tests.yml index bf16b15f..89a855ce 100644 --- a/.github/workflows/scheduled-acceptance-tests.yml +++ b/.github/workflows/workflow-scheduled-acceptance-tests.yml @@ -1,4 +1,5 @@ -name: Scheduled acceptance tests +# Workflow that runs on a schedule and triggers acceptance tests in Sandbox environment +name: Scheduled acceptance tests in Sandbox environment on: schedule: @@ -6,8 +7,9 @@ on: jobs: scheduled-acceptance-tests: - name: Scheduled acceptance tests in Sandbox environment uses: ./.github/workflows/acceptance-tests.yml + with: + checkout_ref: /refs/heads/main secrets: tl_client_id: ${{ secrets.ACCEPTANCE_TEST_CLIENT_ID }} tl_client_secret: ${{ secrets.ACCEPTANCE_TEST_CLIENT_SECRET }}