mir/vinyldns
2
0
Fork 0
mirror of https://github.com/VinylDNS/vinyldns synced 2025-08-22 02:02:14 +00:00
Code Issues Releases Wiki Activity

Update Release

Browse Source 
- Remove sonatype release from sbt build
- Remove instructions about release - it will be automated by GHA
- Remove `sbt-release` plugin
This commit is contained in:
Emerle, Ryan 2021-10-29 12:23:08 -04:00
parent 52d08e2cf0
commit f2db11e89a
No known key found for this signature in database
GPG Key ID: C0D34C592AED41CE
11 changed files with 34 additions and 312 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
.github/ISSUE_TEMPLATE/bug_report.md vendored
View File

@ -1,5 +1,5 @@
---
name: Bug report
name: Bug Report
about: Create a report to help us improve
title: ''
labels: status/needs-label
@ -8,24 +8,9 @@ assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
Please provide as much detail as you can. Here are some important details:
**VinylDNS Version**
**To Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Expected behavior**
A clear and concise description of what you expected to happen.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Stack trace or error log output**
**Additional context**
Add any other context about the problem here.
1. A description of the bug (expected behavior vs actual behavior)
2. The VinylDNS version which contains the bug
3. Any steps to reproduce (if we can't reproduce it, we can't fix it!)
4. Any other helpful information (stack trace, log messages, screenshots, etc)

12
.github/ISSUE_TEMPLATE/feature_request.md vendored
View File

@ -7,14 +7,4 @@ assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.
**Describe what you'd like to see added or improved in VinylDNS**

14
.github/ISSUE_TEMPLATE/maintenance-request.md vendored
View File

@ -1,14 +0,0 @@
---
name: Maintenance request
about: Suggest an upgrade, refactoring, code move, new library
title: ''
labels: status/needs-label
assignees: ''
---
**Motivation**
What is the reason to perform the maintenance. What benefits will come about
**Scope of change**
What part(s) of the system are likely to change. For example, REST endpoints, repositories, core, functional tests, etc.

55
.github/workflows/clean.yml vendored
View File

@ -1,55 +0,0 @@
# This file was automatically generated by sbt-github-actions using the
# githubWorkflowGenerate task. Kept it here
name: Clean
on: push
jobs:
delete-artifacts:
name: Delete Artifacts
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Delete artifacts
run: |
# Customize those three lines with your repository and credentials:
REPO=${GITHUB_API_URL}/repos/${{ github.repository }}
# A shortcut to call GitHub API.
ghapi() { curl --silent --location --user _:$GITHUB_TOKEN "$@"; }
# A temporary file which receives HTTP response headers.
TMPFILE=/tmp/tmp.$$
# An associative array, key: artifact name, value: number of artifacts of that name.
declare -A ARTCOUNT
# Process all artifacts on this repository, loop on returned "pages".
URL=$REPO/actions/artifacts
while [[ -n "$URL" ]]; do
# Get current page, get response headers in a temporary file.
JSON=$(ghapi --dump-header $TMPFILE "$URL")
# Get URL of next page. Will be empty if we are at the last page.
URL=$(grep '^Link:' "$TMPFILE" | tr ',' '\n' | grep 'rel="next"' | head -1 | sed -e 's/.*<//' -e 's/>.*//')
rm -f $TMPFILE
# Number of artifacts on this page:
COUNT=$(( $(jq <<<$JSON -r '.artifacts | length') ))
# Loop on all artifacts on this page.
for ((i=0; $i < $COUNT; i++)); do
# Get name of artifact and count instances of this name.
name=$(jq <<<$JSON -r ".artifacts[$i].name?")
ARTCOUNT[$name]=$(( $(( ${ARTCOUNT[$name]} )) + 1))
id=$(jq <<<$JSON -r ".artifacts[$i].id?")
size=$(( $(jq <<<$JSON -r ".artifacts[$i].size_in_bytes?") ))
printf "Deleting '%s' #%d, %'d bytes\n" $name ${ARTCOUNT[$name]} $size
ghapi -X DELETE $REPO/actions/artifacts/$id
done
done

12
.github/workflows/codecov_review.yml vendored
View File

@ -1,12 +0,0 @@
name: Codecov Review
on:
workflow_dispatch:
jobs:
review:
runs-on: ubuntu-latest
steps:
- name: Output Environment
run: env

64
.github/workflows/publish-site.yml vendored
View File

@ -11,75 +11,15 @@ on:
jobs:
site:
name: Publish Site
strategy:
matrix:
os: [ubuntu-latest]
scala: [2.12.10]
java: [adopt@1.11]
runs-on: ${{ matrix.os }}
runs-on: ubuntu-latest
steps:
- name: Checkout current branch (full)
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Setup Java and Scala
uses: olafurpg/setup-scala@v10
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true'
with:
java-version: ${{ matrix.java }}
- name: Cache ivy2
uses: actions/cache@v1
with:
path: ~/.ivy2/cache
key: ${{ runner.os }}-sbt-ivy-cache-${{ hashFiles('**/*.sbt') }}-${{ hashFiles('project/build.properties') }}
- name: Cache coursier (generic)
uses: actions/cache@v1
with:
path: ~/.coursier/cache/v1
key: ${{ runner.os }}-generic-sbt-coursier-cache-${{ hashFiles('**/*.sbt') }}-${{ hashFiles('project/build.properties') }}
- name: Cache coursier (linux)
if: contains(runner.os, 'linux')
uses: actions/cache@v1
with:
path: ~/.cache/coursier/v1
key: ${{ runner.os }}-sbt-coursier-cache-${{ hashFiles('**/*.sbt') }}-${{ hashFiles('project/build.properties') }}
- name: Cache coursier (macOS)
if: contains(runner.os, 'macos')
uses: actions/cache@v1
with:
path: ~/Library/Caches/Coursier/v1
key: ${{ runner.os }}-sbt-coursier-cache-${{ hashFiles('**/*.sbt') }}-${{ hashFiles('project/build.properties') }}
- name: Cache coursier (windows)
if: contains(runner.os, 'windows')
uses: actions/cache@v1
with:
path: ~/AppData/Local/Coursier/Cache/v1
key: ${{ runner.os }}-sbt-coursier-cache-${{ hashFiles('**/*.sbt') }}-${{ hashFiles('project/build.properties') }}
- name: Cache sbt
uses: actions/cache@v1
with:
path: ~/.sbt
key: ${{ runner.os }}-sbt-cache-${{ hashFiles('**/*.sbt') }}-${{ hashFiles('project/build.properties') }}
- name: Set up Ruby
uses: actions/setup-ruby@v1
with:
ruby-version: 2.6
- name: Install dependencies
run: >
sudo apt install libxslt-dev &&
gem install sass jekyll:4.0.0
- run: sbt ++${{ matrix.scala }} ";project docs; publishMicrosite";
- run: "build/publish_docs.sh";
env:
SBT_MICROSITES_PUBLISH_TOKEN: ${{ secrets.VINYLDNS_MICROSITE }}
ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true'

80
MAINTAINERS.md
View File

@ -1,23 +1,24 @@
# Maintainers
## Table of Contents
* [Docker Content Trust](#docker-content-trust)
* [Sonatype Credentials](#sonatype-credentials)
* [Release Process](#release-process)
## Docker Content Trust
Official VinylDNS Docker images are signed when being pushed to Docker Hub. Docs for Docker Content Trust can be found
at https://docs.docker.com/engine/security/trust/content_trust/.
Official VinylDNS Docker images are signed when being pushed to Docker Hub. Docs for Docker Content Trust can be found
at <https://docs.docker.com/engine/security/trust/>.
Content trust is enabled through the `DOCKER_CONTENT_TRUST` environment variable, which must be set to 1. It is recommended that
in your `~/.bashrc`, you have `export DOCKER_CONTENT_TRUST=1` by default, and if you ever want to turn it off for a
Docker command, add the `--disable-content-trust` flag to the command, e.g. `docker pull --disable-content-trust ...`.
Content trust is enabled through the `DOCKER_CONTENT_TRUST` environment variable, which must be set to `1`. It is
recommended that in your `~/.bashrc`, you have `export DOCKER_CONTENT_TRUST=1` by default, and if you ever want to turn
it off for a Docker command, add the `--disable-content-trust` flag to the command,
e.g. `docker pull --disable-content-trust ...`.
There are multiple Docker repositories on Docker Hub under
the [vinyldns organization](https://hub.docker.com/u/vinyldns/dashboard/). Namely:
There are multiple Docker repositories on Docker Hub under
the [vinyldns organization](https://hub.docker.com/u/vinyldns/dashboard/). Namely:
* vinyldns/api: images for vinyldns core api engine
* vinyldns/api: images for vinyldns core api engine
* vinyldns/portal: images for vinyldns web client
The offline root key and repository keys are managed by the core maintainer team. The keys managed are:
@ -27,61 +28,18 @@ The offline root key and repository keys are managed by the core maintainer team
* portal key: used to sign tagged images in vinyldns/portal
These keys are named in a <hash>.key format, e.g. 5526ecd15bd413e08718e66c440d17a28968d5cd2922b59a17510da802ca6572.key,
do not change the names of the keys.
do not change the names of the keys.
Docker expects these keys to be saved in `~/.docker/trust/private`. Each key is encrypted with a passphrase, that you
Docker expects these keys to be saved in `~/.docker/trust/private`. Each key is encrypted with a passphrase, that you
must have available when pushing an image.
## Sonatype Credentials
The core module is pushed to oss.sonatype.org under io.vinyldns
To be able to push to sonatype you will need the pgp key used to sign the module. We use a [blackbox](https://github.com/StackExchange/blackbox/)
repo to share this key and its corresponding passphrase. Follow these steps to set it up properly on your local
1. Ensure you have a gpg key setup on your machine by running `gpg -K`, if you do not then run `gpg --gen-key` to create one,
note you will have to generate a strong passphrase and save it in some password manager
1. Make sure you have blackbox, on mac this would be `brew install blackbox`
1. Clone our blackbox repo, get the git url from another maintainer
1. Run `blackbox_addadmin <the email associated with your gpg key>`
1. Commit your changes to the blackbox repo and push to master
1. Have an existing admin pull the repo and run `gpg --keyring keyrings/live/pubring.kbx --export | gpg --import`, and `blackbox_update_all_files`
1. Have the existing admin commit and push those changes to master
1. Back to you - pull the changes, and now you should be able to read those files
1. Run `blackbox_edit_start vinyldns-sonatype-key.asc.gpg` to temporarily decrypt the sonatype signing key
1. Run `gpg --import vinyldns-sonatype-key.asc` to import the sonatype signing key to your keyring
1. Run `blackbox_edit_end vinyldns-sonatype-key.asc.gpg` to re-encrypt the sonatype signing key
1. Run `blackbox_cat vinyldns-sonatype.txt.gpg` to view the passphrase for that key - you will need this passphrase handy when releasing
1. Create a file `~/.sbt/1.0/vinyldns-gpg-credentials` with the content
```
realm=GnuPG Key ID
host=gpg
user=vinyldns@gmail.com
password=ignored-must-use-pinentry
```
1. Add credential configuration to global sbt setting in `~/.sbt/1.0/credential.sbt` with the content
```
credentials += Credentials(Path.userHome / ".sbt" / "1.0" / "vinyldns-gpg-credentials")
```
## Release Process
We are using sbt-release to run our release steps and auto-bump the version in `version.sbt`. The `build/release.sh`
script will first run functional tests, then kick off `sbt release`, which also runs unit and integration tests before
running the release
The release process is automated by GitHub Actions.
1. Follow [Docker Content Trust](#docker-content-trust) to setup a notary delegation for yourself
1. Follow [Sonatype Credentials](#sonatype-credentials) to setup the sonatype pgp signing key on your local
1. Make sure you're logged in to Docker with `docker login`
1. Run `build/release.sh`
1. You will be asked to confirm the version which originally comes from `version.sbt`. _NOTE: if the version ends with
`SNAPSHOT`, then the docker latest tag won't be applied and the core module will only be published to the sonatype
staging repo._
1. When it comes to the sonatype stage, you will need the passphrase handy for the signing key, [Sonatype Credentials](#sonatype-credentials)
1. Assuming things were successful, make a pr since sbt release auto-bumped `version.sbt` and made a commit for you
1. Run `./build/docker-release.sh --branch [TAG CREATED FROM PREVIOUS STEP, e.g. v0.9.3] --clean --push`
1. You will need to have your keys ready so you can sign each image as it is published.
To start, create a release in GitHub with the same tag as the version found in `version.sbt`.
The release will perform the following actions:
1. Published Docker images to `hub.docker.com`
2. Attached artifacts created by the build to the GitHub release

63
build.sbt
View File

@ -3,7 +3,6 @@ import Dependencies._
import Resolvers._
import microsites._
import org.scalafmt.sbt.ScalafmtPlugin._
import sbtrelease.ReleasePlugin.autoImport.ReleaseTransformations._
import scoverage.ScoverageKeys.{coverageFailOnMinimum, coverageMinimum}
import scala.util.Try
@ -165,8 +164,7 @@ lazy val corePublishSettings = Seq(
url("https://github.com/vinyldns/vinyldns"),
"scm:git@github.com:vinyldns/vinyldns.git"
)
),
sonatypeProfileName := "io.vinyldns"
)
)
lazy val core = (project in file("modules/core"))
@ -317,70 +315,11 @@ lazy val docs = (project in file("modules/docs"))
.enablePlugins(MicrositesPlugin, MdocPlugin)
.settings(docSettings)
// release stages
lazy val setSonatypeReleaseSettings = ReleaseStep(action = oldState => {
// sonatype publish target, and sonatype release steps, are different if version is SNAPSHOT
val extracted = Project.extract(oldState)
val v = extracted.get(Keys.version)
val snap = v.endsWith("SNAPSHOT")
if (!snap) {
val publishToSettings =
Some("releases".at("https://oss.sonatype.org/" + "service/local/staging/deploy/maven2"))
val newState =
extracted.appendWithSession(Seq(publishTo in core := publishToSettings), oldState)
// create sonatypeReleaseCommand with releaseSonatype step
val sonatypeCommand = Command.command("sonatypeReleaseCommand") {
"project core" ::
"publish" ::
"sonatypeRelease" ::
_
}
newState.copy(definedCommands = newState.definedCommands :+ sonatypeCommand)
} else {
val publishToSettings =
Some("snapshots".at("https://oss.sonatype.org/" + "content/repositories/snapshots"))
val newState =
extracted.appendWithSession(Seq(publishTo in core := publishToSettings), oldState)
// create sonatypeReleaseCommand without releaseSonatype step
val sonatypeCommand = Command.command("sonatypeReleaseCommand") {
"project core" ::
"publish" ::
_
}
newState.copy(definedCommands = newState.definedCommands :+ sonatypeCommand)
}
})
lazy val sonatypePublishStage = Seq[ReleaseStep](
releaseStepCommandAndRemaining(";sonatypeReleaseCommand")
)
lazy val initReleaseStage = Seq[ReleaseStep](
inquireVersions, // have a developer confirm versions
setReleaseVersion,
setSonatypeReleaseSettings
)
lazy val finalReleaseStage = Seq[ReleaseStep](
releaseStepCommand("project root"), // use version.sbt file from root
commitReleaseVersion,
setNextVersion,
commitNextVersion
)
def getPropertyFlagOrDefault(name: String, value: Boolean): Boolean =
sys.props.get(name).flatMap(propValue => Try(propValue.toBoolean).toOption).getOrElse(value)
releaseProcess :=
initReleaseStage ++
sonatypePublishStage ++
finalReleaseStage
// Let's do things in parallel!
addCommandAlias(
"validate",

9
build/README.md
View File

@ -4,11 +4,10 @@ This folder contains scripts for building VinylDNS and it's related artifacts.
| Path |Description |
| --- | --- |
|`assemble_api_jar.sh` | Builds the VinylDNS API jar file. You can find the resulting `jar` file in `assembly/`.|
|`deep_clean.sh` | Removes all of the build artifacts and all `target/` directories recursively.|
| `assemble_api_jar.sh` | Builds the VinylDNS API jar file. You can find the resulting `jar` file in `assembly/`.|
| `deep_clean.sh` | Removes all of the build artifacts and all `target/` directories recursively.|
| `func-test-api.sh` | Runs the functional tests for the API|
| `func-test-portal.sh` | Runs the functional tests for the Portal|
| `prepare_release.sh` | Runs all of the tests in preparation for a release|
| `publish_docs.sh` | Publishes the documentation site|
| `run_all_tests.sh` | Runs all of the tests: unit, integration, and functional|
| `verify.sh` | Runs all of the unit and integration tests|

2
build/release.sh → build/publish_docs.sh Executable file → Normal file
View File

@ -2,4 +2,4 @@
set -euo pipefail
DIR=$(cd -P -- "$(dirname -- "$0")" && pwd -P)
docker run -it --rm -e RUN_SERVICES=none -v "${DIR}/../:/build" vinyldns/build:base-build /bin/bash
docker run -it --rm -e RUN_SERVICES=none -v "${DIR}/../:/build" vinyldns/build:base-build-docs /bin/bash -c "sbt ';project docs; publishMicrosite'"

8
project/plugins.sbt
View File

@ -12,12 +12,8 @@ addSbtPlugin("org.wartremover" % "sbt-wartremover" % "2.4.10")
addSbtPlugin("com.typesafe.sbt" % "sbt-native-packager" % "1.3.25")
addSbtPlugin("com.tapad" % "sbt-docker-compose" % "1.0.34")
addSbtPlugin("com.typesafe.sbt" % "sbt-ghpages" % "0.6.3")
addSbtPlugin("com.github.gseitz" % "sbt-release" % "1.0.8")
addSbtPlugin("de.heikoseeberger" % "sbt-header" % "5.5.0")
addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.7.4")
@ -28,8 +24,4 @@ addSbtPlugin("com.typesafe.sbt" % "sbt-license-report" % "1.2.0")
addSbtPlugin("com.47deg" % "sbt-microsites" % "1.3.4")
addSbtPlugin("org.xerial.sbt" % "sbt-sonatype" % "2.3")
addSbtPlugin("io.crashbox" % "sbt-gpg" % "0.2.0")
addSbtPlugin("org.scalameta" % "sbt-mdoc" % "2.2.24" )