[IIIF-1075] Add GitHub Actions (#103)

* Update parent project to get new Checkstyle rules & GitHub Actions * Update POM's plugins to better sync their configs with the parent project * Move Docker/OS dependency versions into main POM properties section (from profile) * Create a separate build config that just outputs OS dependency versions * Rework POM profiles to support the new separate build option * Change dev build to use the pinned/stable versions * Update README to reflect procedural build changes * Remove obsolete Travis configurations * Update the way versions are handled in Dockerfile * Add script that shows the versions of dependencies installed in the container * Update obsolete OS dependency package versions
UCLALibrary · Feb 9, 2021 · 30ef708 · 30ef708
1 parent b625162
commit 30ef708
Show file tree

Hide file tree

Showing 15 changed files with 1,089 additions and 300 deletions.
diff --git a/.flattened-pom.xml b/.flattened-pom.xml
diff --git a/.github/configs/release-drafter.yml b/.github/configs/release-drafter.yml
@@ -0,0 +1,41 @@
+
+categories:
+  - title: '🚀 Features and Improvements'
+    labels:
+      - 'feature'
+      - 'enhancement'
+  - title: '🌈 Documentation Updates'
+    labels:
+      - 'documentation'
+  - title: '🐛 Bug Fixes'
+    labels:
+      - 'bugfix'
+  - title: '🧰 Breaking Changes'
+    label: 'breaking'
+version-resolver:
+  major:
+    labels:
+      - 'breaking'
+  minor:
+    labels:
+      - 'enhancement'
+      - 'feature'
+  patch:
+    labels:
+      - 'bugfix'
+      - 'documentation'
+  default: patch
+tag-template: '$RESOLVED_VERSION'
+name-template: 'v$RESOLVED_VERSION'
+change-template: '* $TITLE (#$NUMBER)'
+change-title-escapes: ''
+exclude-labels:
+  - 'skip-changelog'
+template: |
+  ## What’s Changed
+
+  $CHANGES
+
+  ## Contributors
+
+  $CONTRIBUTORS
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,45 @@
+name: Maven PR Build
+
+# We require all commits go through PR on GitHub
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    name: Maven PR Builder (JDK ${{ matrix.java }})
+    runs-on: ubuntu-latest
+    env:
+      MAVEN_CACHE_KEY: ${{ secrets.MAVEN_CACHE_KEY }}
+    strategy:
+      matrix:
+        java: [ 11, 12 ]
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2
+      - name: Install JDK ${{ matrix.java }}
+        uses: actions/setup-java@d202f5dbf7256730fb690ec59f6381650114feb2 # v1
+        with:
+          java-version: ${{ matrix.java }}
+      # If running locally in act, install Maven
+      - name: Set up Maven if needed
+        if: ${{ env.ACT }}
+        uses: stCarolas/setup-maven@1d56b37995622db66cce1214d81014b09807fb5a # v4
+        with:
+          maven-version: 3.6.3
+      - name: Set up Maven cache
+        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a # v2
+        if: ${{ env.MAVEN_CACHE_KEY }}
+        with:
+          path: ~/.m2
+          key: freelibrary-cache-${{ secrets.MAVEN_CACHE_KEY }}-${{ hashFiles('**/pom.xml') }}
+          restore-keys: freelibrary-cache-${{ secrets.MAVEN_CACHE_KEY }}-
+      - name: Build with Maven
+        uses: samuelmeuli/action-maven-publish@201a45a3f311b2ee888f252ba9f4194257545709 # v1.4.0
+        with:
+          maven_goals_phases: "clean verify"
+          maven_profiles: default,${{ secrets.BUILD_PROFILES }}
+          maven_args: >
+            -V -ntp -Dorg.slf4j.simpleLogger.log.net.sourceforge.pmd=error ${{ secrets.BUILD_PROPERTIES }}
diff --git a/.github/workflows/pr-auto-approve.yml b/.github/workflows/pr-auto-approve.yml
@@ -0,0 +1,21 @@
+name: PR Auto-Approver
+
+# Auto-approve on projects that have a "secret" variable saying this is okay. This lets us set up a restricted PR
+# process on projects with just a single active developer. It prevents the developer from pushing directly to the
+# main branch (so enforces a particular workflow that our other GitHub Actions expect).
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  approve-pr:
+    name: PR Auto-Approver
+    runs-on: ubuntu-latest
+    env:
+      AUTO_PR_APPROVAL: ${{ secrets.AUTO_PR_APPROVAL }}
+    steps:
+    - uses: hmarr/auto-approve-action@7782c7e2bdf62b4d79bdcded8332808fd2f179cd # v2.0.0
+      if: env.AUTO_PR_APPROVAL == 'true'
+      with:
+        github-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
@@ -0,0 +1,17 @@
+name: Draft Release
+
+# Any time new commits hit the 'main' branch, add them to the next release draft
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  draft-release-notes:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: release-drafter/release-drafter@4d1215c66d92eba9557a55da848b2281a1a19235 # v5.13.0
+        with:
+          config-name: configs/release-drafter.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,64 @@
+name: Maven Release
+
+# Performs a Maven release using JDK 11 when a new GitHub release has been published
+on:
+  release:
+    types: [ published ]
+
+jobs:
+  publish:
+    name: Maven Artifact Publisher (JDK 11)
+    runs-on: ubuntu-latest
+    env:
+      AUTORELEASE_ARTIFACT: ${{ secrets.AUTORELEASE_ARTIFACT }}
+      SKIP_JAR_DEPLOYMENT: ${{ secrets.SKIP_JAR_DEPLOYMENT }}
+      MAVEN_CACHE_KEY: ${{ secrets.MAVEN_CACHE_KEY }}
+    steps:
+      - name: Check out source code
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2
+      - name: Install JDK 11
+        uses: actions/setup-java@d202f5dbf7256730fb690ec59f6381650114feb2 # v1
+        with:
+          java-version: 11
+      # If running locally in act, install Maven
+      - name: Set up Maven if needed
+        if: ${{ env.ACT }}
+        uses: stCarolas/setup-maven@1d56b37995622db66cce1214d81014b09807fb5a # v4
+        with:
+          maven-version: 3.6.3
+      - name: Set up Maven cache
+        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a # v2
+        if: ${{ env.MAVEN_CACHE_KEY }}
+        with:
+          path: ~/.m2
+          key: freelibrary-cache-${{ secrets.MAVEN_CACHE_KEY }}-${{ hashFiles('**/pom.xml') }}
+          restore-keys: freelibrary-cache-${{ secrets.MAVEN_CACHE_KEY }}-
+      - name: Set autorelease config
+        if: env.AUTORELEASE_ARTIFACT == null
+        run: echo "AUTORELEASE_ARTIFACT=false" >> $GITHUB_ENV
+      - name: Set Jar deployment config
+        if: env.SKIP_JAR_DEPLOYMENT == null
+        run: echo "SKIP_JAR_DEPLOYMENT=false" >> $GITHUB_ENV
+      - name: Optionally, login to Docker repository
+        uses: docker/login-action@f3364599c6aa293cdc2b8391b1b56d0c30e45c8a # v1.8.0
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        if: env.DOCKER_USERNAME != null
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Release with Maven
+        uses: samuelmeuli/action-maven-publish@201a45a3f311b2ee888f252ba9f4194257545709 # v1.4.0
+        with:
+          gpg_private_key: ${{ secrets.BUILD_KEY }}
+          gpg_passphrase: ${{ secrets.BUILD_PASSPHRASE }}
+          nexus_username: ${{ secrets.SONATYPE_USERNAME }}
+          nexus_password: ${{ secrets.SONATYPE_PASSWORD }}
+          maven_profiles: release,${{ secrets.BUILD_PROFILES }}
+          maven_args: >
+            -Drevision=${{ github.event.release.tag_name }} -DautoReleaseAfterClose=${{ env.AUTORELEASE_ARTIFACT }}
+            -ntp -Dorg.slf4j.simpleLogger.log.net.sourceforge.pmd=error ${{ secrets.BUILD_PROPERTIES }}
+            -DskipNexusStagingDeployMojo=${{ env.SKIP_JAR_DEPLOYMENT }}
+            -Ddocker.registry.username=${{ secrets.DOCKER_USERNAME }}
+            -Ddocker.registry.account=${{ secrets.DOCKER_REGISTRY_ACCOUNT}}
+            -Ddocker.registry.password=${{ secrets.DOCKER_PASSWORD }}
diff --git a/.travis.yml b/.travis.yml
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 ## A Docker image for the Cantaloupe IIIF image server
-[![Build Status](https://travis-ci.com/UCLALibrary/docker-cantaloupe.svg?branch=main)](https://travis-ci.com/UCLALibrary/docker-cantaloupe) [![Codacy Badge](https://app.codacy.com/project/badge/Grade/74e25a3c2515495aafb6b077fdde9a13)](https://www.codacy.com/gh/UCLALibrary/docker-cantaloupe?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=UCLALibrary/docker-cantaloupe&amp;utm_campaign=Badge_Grade) [![Known Vulnerabilities](https://snyk.io/test/github/uclalibrary/docker-cantaloupe/badge.svg)](https://snyk.io/test/github/uclalibrary/docker-cantaloupe)
+[![Maven Build](https://github.com/ksclarke/freelib-build-tools/workflows/Maven%20Build/badge.svg)](https://github.com/UCLALibrary/docker-cantaloupe/actions) [![Codacy Badge](https://app.codacy.com/project/badge/Grade/74e25a3c2515495aafb6b077fdde9a13)](https://www.codacy.com/gh/UCLALibrary/docker-cantaloupe?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=UCLALibrary/docker-cantaloupe&amp;utm_campaign=Badge_Grade) [![Known Vulnerabilities](https://snyk.io/test/github/uclalibrary/docker-cantaloupe/badge.svg)](https://snyk.io/test/github/uclalibrary/docker-cantaloupe)
 
 This project builds a Docker image for the [Cantaloupe IIIF image server](https://cantaloupe-project.github.io/cantaloupe). If you're interested in using a prebuilt image, you can find one on [UCLA Library's DockerHub account](https://hub.docker.com/repository/docker/uclalibrary/cantaloupe).
 
@@ -116,6 +116,17 @@ You do not need to supply the `kakadu.git.repo` argument when just starting or s
 
 Locally, we deploy Cantaloupe with Kubernetes. We're working on some documentation to fill in here with instructions on how you, too, can do this.
 
-### Contact
+### Working with Pinned OS Packages
+
+We pin the versions of packages that we install into our base image. What this means is that periodically a pinned version will become obsolete and the build will break. We have a nightly build that should catch this issues for us, but in the case that you find the breakage before us, there is a handy way to tell which pinned version has broken the build. To see the current versions inside the base image, run:
+
+    mvn validate -Dversions
+
+This will output a list of current versions, which can be compared to the pinned versions defined in the project's POM file (i.e., pom.xml).
 
-We use an internal ticketing system, but we've left the GitHub [issues queue](https://github.com/UCLALibrary/docker-cantaloupe/issues) open in case you'd like to file a ticket or make a suggestion.
+### Acknowledgments
+
+This project started as a fork of the [docker-cantaloupe](https://github.com/MITLibraries/docker-cantaloupe) project from MIT Libraries. It's changed dramatically since we forked it from the upstream, but we still want to acknowledge the source from which we started. Thanks!
+
+### Contact
+We use an internal ticketing system, but we've left the GitHub [issues queue](https://github.com/UCLALibrary/docker-cantaloupe/issues) open (in case you'd like to file a bug ticket). If you have a question or a general suggestion, you might prefer to use the project's [discussion board](https://github.com/UCLALibrary/docker-cantaloupe/discussions). Feel free to use either route to contact us.