Refactor Master Pipeline (#1278)

* Refactor master pipeline * Try cacheing target too * Setup signing as template * Change to steps * Actually use cached maven for deploy * Optionally set up signing files during initial build * Split deployment to parallel jobs * Split deployment to parallel jobs * Add more signing options * Shift settings.xml to temp directory * Shift settings.xml to temp directory 2 * Temporary debug mode * Skip install... we already did it * deploy:deploy * jar:jar * Add deploy improvements to github deploy * Remove debug in sonatype deploy
2023-05-26 09:32:13 -04:00 · 2023-05-26 09:32:13 -04:00 · 233d0ecf86
parent 55ac916133
commit 233d0ecf86
4 changed files with 185 additions and 95 deletions
--- a/cache-target-tasks-template.yml
+++ b/cache-target-tasks-template.yml
@ -4,4 +4,4 @@ steps:
    displayName: Cache ${{ value }} target
    inputs:
      key: maven | $(Build.BuildId) | targets | "${{ value }}"
-      path: $(System.DefaultWorkingDirectory)/${{ value }}/target/
+      path: $(System.DefaultWorkingDirectory)/${{ value }}/
--- a/master-branch-pipeline.yml
+++ b/master-branch-pipeline.yml
@ -5,79 +5,80 @@ pr: none
 trigger:
 - master

-pool:
-  vmImage: "ubuntu-22.04"
+parameters:
+  - name: modulesToCache
+    displayName: Module Target Directories to Cache
+    type: object
+    default:
+      modules:
+        - org.hl7.fhir.utilities
+        - org.hl7.fhir.dstu2
+        - org.hl7.fhir.dstu2016may
+        - org.hl7.fhir.dstu3
+        - org.hl7.fhir.r4
+        - org.hl7.fhir.r4b
+        - org.hl7.fhir.r5
+        - org.hl7.fhir.convertors
+        - org.hl7.fhir.validation
+        - org.hl7.fhir.validation.cli
+        - org.hl7.fhir.report
+  - name: modulesToTest
+    displayName: Modules to Test
+    type: object
+    default:
+      modules:
+        - utilities
+        - dstu2
+        - dstu2016may
+        - dstu3
+        - r4
+        - r4b
+        - r5
+        - convertors
+        - validation

 variables:
- group: PGP_VAR_GROUP
- group: SONATYPE_VAR_GROUP
- group: GIT_VAR_GROUP
+  - group: PGP_VAR_GROUP
+  - group: SONATYPE_VAR_GROUP
+  - group: GIT_VAR_GROUP
+  - name: MAVEN_CACHE_FOLDER
+    value: $(Pipeline.Workspace)/.m2/repository

-steps:
-  # We need a valid signing key. 
-  # The next two steps download the public and private keys from the
-  # secure library files. 
-  - task: DownloadSecureFile@1
-    displayName: 'Download public key.'
+jobs:
+  - template: setup-and-cache-job-template.yml
+    parameters:
+      modulesToCache:
+        ${{ parameters.modulesToCache.modules }}
+      signArtifacts: true
+  - template: test-unit-jobs-template.yml
+    parameters:
+      testUnits:
+        - name: ubuntu_java_11
+          vmImage: "ubuntu-latest"
+          javaToolOptions:
+          jdkVersion: 1.11
+          skipJaCoCo: true
+          modules:
+            ${{ parameters.modulesToTest.modules }}
+
+  - job: deploy_to_sonatype
+    dependsOn:
+      - ${{ each module in parameters.modulesToTest.modules }}:
+          - ubuntu_java_11_${{ module }}
+    pool:
+      vmImage: "ubuntu-latest"
+    steps:
+      - task: Cache@2
+        displayName: Cache maven artifacts
        inputs:
-      secureFile: public.key
+          key: maven | $(Build.BuildId) | artifacts
+          path: $(MAVEN_CACHE_FOLDER)
+      - template: cache-target-tasks-template.yml
+        parameters:
+          modules:
+            ${{ parameters.modulesToCache.modules }}

-  - task: DownloadSecureFile@1
-    displayName: 'Download private key.'
-    inputs:
-      secureFile: private.key
-
-  # Import both the private and public keys into gpg for signing.
-  - bash: |
-      gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/public.key
-      gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/private.key
-      gpg --list-keys --keyid-format LONG
-      gpg --list-secret-keys --keyid-format LONG
-    displayName: 'Import signing keys.'
-
-  # For creating the snapshot release with maven, we need to build a fake settings.xml 
-  # for it to read from. This is done for the master branch merges only.
-  - bash: |
-      cat >$(System.DefaultWorkingDirectory)/settings.xml <<EOL
-      <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
-                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
-                                    https://maven.apache.org/xsd/settings-1.0.0.xsd">
-        <servers>
-          <server>
-            <id>github</id>
-            <username>$(GIT_USER_NAME)</username>
-            <password>$(GIT_PAT)</password>
-          </server>
-          <server>
-            <id>ossrh</id>
-            <username>$(SONATYPE_USER)</username>
-            <password>$(SONATYPE_PASS)</password>
-          </server>
-          <server>
-            <id>$(PGP_KEYNAME)</id>
-            <passphrase>$(PGP_PASSPHRASE)</passphrase>
-          </server>
-          <server>
-            <id>github-releases</id>
-            <username>markiantorno</username>
-            <password>$(GIT_PACKAGE_PAT)</password>
-          </server>
-        </servers>
-        <profiles>
-          <profile>
-            <id>release</id>
-            <activation>
-              <activeByDefault>true</activeByDefault>
-            </activation>
-            <properties>
-              <gpg.keyname>$(PGP_KEYNAME)</gpg.keyname>
-            </properties>
-          </profile>
-        </profiles>
-      </settings>
-      EOL
-    displayName: 'Create .mvn/settings.xml'
+      - template: setup-signing-tasks-template.yml

      # Deploy the SNAPSHOT artifact to sonatype nexus.
      # This is done for the master branch merges only.
@ -85,24 +86,43 @@ steps:
        displayName: 'Deploy to Sonatype staging'
        inputs:
          mavenPomFile: '$(System.DefaultWorkingDirectory)/pom.xml'
-      goals: deploy
+          goals: jar:jar deploy:deploy
          javaHomeOption: 'JDKVersion'
          jdkVersionOption: '1.11'
          jdkArchitectureOption: 'x64'
-      options: '--settings $(System.DefaultWorkingDirectory)/settings.xml -pl "!org.hl7.fhir.report, !org.hl7.fhir.validation.cli" -DdeployToSonatype'
+          options: '-Dmaven.repo.local=$(MAVEN_CACHE_FOLDER) --settings $(Agent.TempDirectory)/settings.xml -pl "!org.hl7.fhir.report, !org.hl7.fhir.validation.cli" -Dmaven.test.skip -DdeployToSonatype'
          mavenOptions: '-Xmx768m -Dmaven.resolver.transport=wagon'
          publishJUnitResults: false

+  - job: deploy_to_github
+    dependsOn:
+      - ${{ each module in parameters.modulesToTest.modules }}:
+          - ubuntu_java_11_${{ module }}
+    pool:
+      vmImage: "ubuntu-latest"
+    steps:
+      - task: Cache@2
+        displayName: Cache maven artifacts
+        inputs:
+          key: maven | $(Build.BuildId) | artifacts
+          path: $(MAVEN_CACHE_FOLDER)
+      - template: cache-target-tasks-template.yml
+        parameters:
+          modules:
+            ${{ parameters.modulesToCache.modules }}
+
+      - template: setup-signing-tasks-template.yml
+
      # Deploy the SNAPSHOT artifact to GitHub packages.
      # This is done for the master branch merges only.
      - task: Maven@3
        displayName: 'Deploy to GitHub packages'
        inputs:
          mavenPomFile: '$(System.DefaultWorkingDirectory)/pom.xml'
-      goals: deploy
+          goals: jar:jar deploy:deploy
          javaHomeOption: 'JDKVersion'
          jdkVersionOption: '1.11'
          jdkArchitectureOption: 'x64'
-      options: '--settings $(System.DefaultWorkingDirectory)/settings.xml -pl "!org.hl7.fhir.report, !org.hl7.fhir.validation.cli" -Dmaven.test.skip -DdeployToGitHub'
+          options: '-Dmaven.repo.local=$(MAVEN_CACHE_FOLDER) --settings $(Agent.TempDirectory)/settings.xml -pl "!org.hl7.fhir.report, !org.hl7.fhir.validation.cli" -Dmaven.test.skip -DdeployToGitHub'
          mavenOptions: '-Xmx768m  -Dmaven.resolver.transport=wagon'
          publishJUnitResults: false
--- a/setup-and-cache-job-template.yml
+++ b/setup-and-cache-job-template.yml
@ -19,9 +19,14 @@ jobs:
        inputs:
          targetType: 'inline'
          script: mkdir -p $(MAVEN_CACHE_FOLDER); pwd; ls -al $(MAVEN_CACHE_FOLDER)
+      - ${{ if eq(parameters.signArtifacts, true) }}:
+        - template: setup-signing-tasks-template.yml
      - task: Maven@3
        inputs:
          mavenPomFile: 'pom.xml'
+          ${{ if eq(parameters.signArtifacts, true) }}:
+            options: '--settings $(Agent.TempDirectory)/settings.xml -Dmaven.repo.local=$(MAVEN_CACHE_FOLDER) -DskipTests -DdeployToSonatype'
+          ${{ else }}:
            options: '-Dmaven.repo.local=$(MAVEN_CACHE_FOLDER) -DskipTests'
          mavenOptions: '-Xmx3072m'
          javaHomeOption: 'JDKVersion'
--- a/setup-signing-tasks-template.yml
+++ b/setup-signing-tasks-template.yml
@ -0,0 +1,65 @@
+steps:
+  # We need a valid signing key.
+  # The next two steps download the public and private keys from the
+  # secure library files.
+  - task: DownloadSecureFile@1
+    displayName: 'Download public key.'
+    inputs:
+      secureFile: public.key
+
+  - task: DownloadSecureFile@1
+    displayName: 'Download private key.'
+    inputs:
+      secureFile: private.key
+
+  # Import both the private and public keys into gpg for signing.
+  - bash: |
+      gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/public.key
+      gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/private.key
+      gpg --list-keys --keyid-format LONG
+      gpg --list-secret-keys --keyid-format LONG
+    displayName: 'Import signing keys.'
+
+  # For creating the snapshot release with maven, we need to build a fake settings.xml
+  # for it to read from. This is done for the master branch merges only.
+  - bash: |
+      cat >$(Agent.TempDirectory)/settings.xml <<EOL
+      <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
+                                    https://maven.apache.org/xsd/settings-1.0.0.xsd">
+        <servers>
+          <server>
+            <id>github</id>
+            <username>$(GIT_USER_NAME)</username>
+            <password>$(GIT_PAT)</password>
+          </server>
+          <server>
+            <id>ossrh</id>
+            <username>$(SONATYPE_USER)</username>
+            <password>$(SONATYPE_PASS)</password>
+          </server>
+          <server>
+            <id>$(PGP_KEYNAME)</id>
+            <passphrase>$(PGP_PASSPHRASE)</passphrase>
+          </server>
+          <server>
+            <id>github-releases</id>
+            <username>markiantorno</username>
+            <password>$(GIT_PACKAGE_PAT)</password>
+          </server>
+        </servers>
+        <profiles>
+          <profile>
+            <id>release</id>
+            <activation>
+              <activeByDefault>true</activeByDefault>
+            </activation>
+            <properties>
+              <gpg.keyname>$(PGP_KEYNAME)</gpg.keyname>
+            </properties>
+          </profile>
+        </profiles>
+      </settings>
+      EOL
+    displayName: 'Create settings.xml'