Refactor Master Pipeline (#1278)

* Refactor master pipeline

* Try cacheing target too

* Setup signing as template

* Change to steps

* Actually use cached maven for deploy

* Optionally set up signing files during initial build

* Split deployment to parallel jobs

* Split deployment to parallel jobs

* Add more signing options

* Shift settings.xml to temp directory

* Shift settings.xml to temp directory 2

* Temporary debug mode

* Skip install... we already did it

* deploy:deploy

* jar:jar

* Add deploy improvements to github deploy

* Remove debug in sonatype deploy
This commit is contained in:
dotasek 2023-05-26 09:32:13 -04:00 committed by GitHub
parent 55ac916133
commit 233d0ecf86
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 185 additions and 95 deletions

View File

@ -4,4 +4,4 @@ steps:
displayName: Cache ${{ value }} target displayName: Cache ${{ value }} target
inputs: inputs:
key: maven | $(Build.BuildId) | targets | "${{ value }}" key: maven | $(Build.BuildId) | targets | "${{ value }}"
path: $(System.DefaultWorkingDirectory)/${{ value }}/target/ path: $(System.DefaultWorkingDirectory)/${{ value }}/

View File

@ -5,79 +5,80 @@ pr: none
trigger: trigger:
- master - master
pool: parameters:
vmImage: "ubuntu-22.04" - name: modulesToCache
displayName: Module Target Directories to Cache
type: object
default:
modules:
- org.hl7.fhir.utilities
- org.hl7.fhir.dstu2
- org.hl7.fhir.dstu2016may
- org.hl7.fhir.dstu3
- org.hl7.fhir.r4
- org.hl7.fhir.r4b
- org.hl7.fhir.r5
- org.hl7.fhir.convertors
- org.hl7.fhir.validation
- org.hl7.fhir.validation.cli
- org.hl7.fhir.report
- name: modulesToTest
displayName: Modules to Test
type: object
default:
modules:
- utilities
- dstu2
- dstu2016may
- dstu3
- r4
- r4b
- r5
- convertors
- validation
variables: variables:
- group: PGP_VAR_GROUP - group: PGP_VAR_GROUP
- group: SONATYPE_VAR_GROUP - group: SONATYPE_VAR_GROUP
- group: GIT_VAR_GROUP - group: GIT_VAR_GROUP
- name: MAVEN_CACHE_FOLDER
value: $(Pipeline.Workspace)/.m2/repository
jobs:
- template: setup-and-cache-job-template.yml
parameters:
modulesToCache:
${{ parameters.modulesToCache.modules }}
signArtifacts: true
- template: test-unit-jobs-template.yml
parameters:
testUnits:
- name: ubuntu_java_11
vmImage: "ubuntu-latest"
javaToolOptions:
jdkVersion: 1.11
skipJaCoCo: true
modules:
${{ parameters.modulesToTest.modules }}
- job: deploy_to_sonatype
dependsOn:
- ${{ each module in parameters.modulesToTest.modules }}:
- ubuntu_java_11_${{ module }}
pool:
vmImage: "ubuntu-latest"
steps: steps:
# We need a valid signing key. - task: Cache@2
# The next two steps download the public and private keys from the displayName: Cache maven artifacts
# secure library files.
- task: DownloadSecureFile@1
displayName: 'Download public key.'
inputs: inputs:
secureFile: public.key key: maven | $(Build.BuildId) | artifacts
path: $(MAVEN_CACHE_FOLDER)
- template: cache-target-tasks-template.yml
parameters:
modules:
${{ parameters.modulesToCache.modules }}
- task: DownloadSecureFile@1 - template: setup-signing-tasks-template.yml
displayName: 'Download private key.'
inputs:
secureFile: private.key
# Import both the private and public keys into gpg for signing.
- bash: |
gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/public.key
gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/private.key
gpg --list-keys --keyid-format LONG
gpg --list-secret-keys --keyid-format LONG
displayName: 'Import signing keys.'
# For creating the snapshot release with maven, we need to build a fake settings.xml
# for it to read from. This is done for the master branch merges only.
- bash: |
cat >$(System.DefaultWorkingDirectory)/settings.xml <<EOL
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
https://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>github</id>
<username>$(GIT_USER_NAME)</username>
<password>$(GIT_PAT)</password>
</server>
<server>
<id>ossrh</id>
<username>$(SONATYPE_USER)</username>
<password>$(SONATYPE_PASS)</password>
</server>
<server>
<id>$(PGP_KEYNAME)</id>
<passphrase>$(PGP_PASSPHRASE)</passphrase>
</server>
<server>
<id>github-releases</id>
<username>markiantorno</username>
<password>$(GIT_PACKAGE_PAT)</password>
</server>
</servers>
<profiles>
<profile>
<id>release</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.keyname>$(PGP_KEYNAME)</gpg.keyname>
</properties>
</profile>
</profiles>
</settings>
EOL
displayName: 'Create .mvn/settings.xml'
# Deploy the SNAPSHOT artifact to sonatype nexus. # Deploy the SNAPSHOT artifact to sonatype nexus.
# This is done for the master branch merges only. # This is done for the master branch merges only.
@ -85,24 +86,43 @@ steps:
displayName: 'Deploy to Sonatype staging' displayName: 'Deploy to Sonatype staging'
inputs: inputs:
mavenPomFile: '$(System.DefaultWorkingDirectory)/pom.xml' mavenPomFile: '$(System.DefaultWorkingDirectory)/pom.xml'
goals: deploy goals: jar:jar deploy:deploy
javaHomeOption: 'JDKVersion' javaHomeOption: 'JDKVersion'
jdkVersionOption: '1.11' jdkVersionOption: '1.11'
jdkArchitectureOption: 'x64' jdkArchitectureOption: 'x64'
options: '--settings $(System.DefaultWorkingDirectory)/settings.xml -pl "!org.hl7.fhir.report, !org.hl7.fhir.validation.cli" -DdeployToSonatype' options: '-Dmaven.repo.local=$(MAVEN_CACHE_FOLDER) --settings $(Agent.TempDirectory)/settings.xml -pl "!org.hl7.fhir.report, !org.hl7.fhir.validation.cli" -Dmaven.test.skip -DdeployToSonatype'
mavenOptions: '-Xmx768m -Dmaven.resolver.transport=wagon' mavenOptions: '-Xmx768m -Dmaven.resolver.transport=wagon'
publishJUnitResults: false publishJUnitResults: false
- job: deploy_to_github
dependsOn:
- ${{ each module in parameters.modulesToTest.modules }}:
- ubuntu_java_11_${{ module }}
pool:
vmImage: "ubuntu-latest"
steps:
- task: Cache@2
displayName: Cache maven artifacts
inputs:
key: maven | $(Build.BuildId) | artifacts
path: $(MAVEN_CACHE_FOLDER)
- template: cache-target-tasks-template.yml
parameters:
modules:
${{ parameters.modulesToCache.modules }}
- template: setup-signing-tasks-template.yml
# Deploy the SNAPSHOT artifact to GitHub packages. # Deploy the SNAPSHOT artifact to GitHub packages.
# This is done for the master branch merges only. # This is done for the master branch merges only.
- task: Maven@3 - task: Maven@3
displayName: 'Deploy to GitHub packages' displayName: 'Deploy to GitHub packages'
inputs: inputs:
mavenPomFile: '$(System.DefaultWorkingDirectory)/pom.xml' mavenPomFile: '$(System.DefaultWorkingDirectory)/pom.xml'
goals: deploy goals: jar:jar deploy:deploy
javaHomeOption: 'JDKVersion' javaHomeOption: 'JDKVersion'
jdkVersionOption: '1.11' jdkVersionOption: '1.11'
jdkArchitectureOption: 'x64' jdkArchitectureOption: 'x64'
options: '--settings $(System.DefaultWorkingDirectory)/settings.xml -pl "!org.hl7.fhir.report, !org.hl7.fhir.validation.cli" -Dmaven.test.skip -DdeployToGitHub' options: '-Dmaven.repo.local=$(MAVEN_CACHE_FOLDER) --settings $(Agent.TempDirectory)/settings.xml -pl "!org.hl7.fhir.report, !org.hl7.fhir.validation.cli" -Dmaven.test.skip -DdeployToGitHub'
mavenOptions: '-Xmx768m -Dmaven.resolver.transport=wagon' mavenOptions: '-Xmx768m -Dmaven.resolver.transport=wagon'
publishJUnitResults: false publishJUnitResults: false

View File

@ -19,9 +19,14 @@ jobs:
inputs: inputs:
targetType: 'inline' targetType: 'inline'
script: mkdir -p $(MAVEN_CACHE_FOLDER); pwd; ls -al $(MAVEN_CACHE_FOLDER) script: mkdir -p $(MAVEN_CACHE_FOLDER); pwd; ls -al $(MAVEN_CACHE_FOLDER)
- ${{ if eq(parameters.signArtifacts, true) }}:
- template: setup-signing-tasks-template.yml
- task: Maven@3 - task: Maven@3
inputs: inputs:
mavenPomFile: 'pom.xml' mavenPomFile: 'pom.xml'
${{ if eq(parameters.signArtifacts, true) }}:
options: '--settings $(Agent.TempDirectory)/settings.xml -Dmaven.repo.local=$(MAVEN_CACHE_FOLDER) -DskipTests -DdeployToSonatype'
${{ else }}:
options: '-Dmaven.repo.local=$(MAVEN_CACHE_FOLDER) -DskipTests' options: '-Dmaven.repo.local=$(MAVEN_CACHE_FOLDER) -DskipTests'
mavenOptions: '-Xmx3072m' mavenOptions: '-Xmx3072m'
javaHomeOption: 'JDKVersion' javaHomeOption: 'JDKVersion'

View File

@ -0,0 +1,65 @@
steps:
# We need a valid signing key.
# The next two steps download the public and private keys from the
# secure library files.
- task: DownloadSecureFile@1
displayName: 'Download public key.'
inputs:
secureFile: public.key
- task: DownloadSecureFile@1
displayName: 'Download private key.'
inputs:
secureFile: private.key
# Import both the private and public keys into gpg for signing.
- bash: |
gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/public.key
gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/private.key
gpg --list-keys --keyid-format LONG
gpg --list-secret-keys --keyid-format LONG
displayName: 'Import signing keys.'
# For creating the snapshot release with maven, we need to build a fake settings.xml
# for it to read from. This is done for the master branch merges only.
- bash: |
cat >$(Agent.TempDirectory)/settings.xml <<EOL
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
https://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>github</id>
<username>$(GIT_USER_NAME)</username>
<password>$(GIT_PAT)</password>
</server>
<server>
<id>ossrh</id>
<username>$(SONATYPE_USER)</username>
<password>$(SONATYPE_PASS)</password>
</server>
<server>
<id>$(PGP_KEYNAME)</id>
<passphrase>$(PGP_PASSPHRASE)</passphrase>
</server>
<server>
<id>github-releases</id>
<username>markiantorno</username>
<password>$(GIT_PACKAGE_PAT)</password>
</server>
</servers>
<profiles>
<profile>
<id>release</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.keyname>$(PGP_KEYNAME)</gpg.keyname>
</properties>
</profile>
</profiles>
</settings>
EOL
displayName: 'Create settings.xml'