ci-github-actions/config-maven/action.yml at 74d4391b7361777ffe16cede51a24acb76716ad1 · SonarSource/ci-github-actions · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
---
name: Config Maven
description: GitHub Action to configure Maven build environment with build number, authentication, and default settings
inputs:
  working-directory:
    description: Relative path under github.workspace to execute the build in
    default: .
  artifactory-reader-role:
    description: Suffix for the Artifactory reader role in Vault. Defaults to `private-reader` for private repositories, and `public-reader`
      for public repositories.
    default: ''
  common-mvn-flags:
    description: Maven flags for all subsequent mvn calls
    default: --batch-mode --no-transfer-progress --errors --fail-at-end --show-version -Dmaven.test.redirectTestOutputToFile=false
  repox-url:
    description: URL for Repox
    default: https://repox.jfrog.io
  repox-artifactory-url:
    description: URL for Repox Artifactory API (overrides repox-url/artifactory if provided)
    default: ''
  use-develocity:
    description: Whether to use Develocity for build tracking.
    default: 'false'
  develocity-url:
    description: URL for Develocity
    default: https://develocity.sonar.build/
  cache-paths:
    description: Cache paths to use (multiline).
    default: ~/.m2/repository
  disable-caching:
    description: Whether to disable Maven caching entirely
    default: 'false'
  host-actions-root:
    description: Path to the actions folder on the host (used when called from another local action)
    default: ''

outputs:
  BUILD_NUMBER:
    description: The current build number. Also set as environment variable BUILD_NUMBER
    value: ${{ steps.get-build-number.outputs.BUILD_NUMBER }}
  current-version:
    description: The project version set in the pom.xml (before replacement). Also set as environment variable CURRENT_VERSION
    value: ${{ steps.set-version.outputs.current-version }}
  project-version:
    description: The project version with build number (after replacement). Also set as environment variable PROJECT_VERSION
    value: ${{ steps.set-version.outputs.project-version }}

runs:
  using: composite
  steps:
    - name: Set local action paths
      id: set-path
      shell: bash
      run: |
        echo "::group::Fix for using local actions"
        echo "GITHUB_ACTION_PATH=$GITHUB_ACTION_PATH"
        echo "github.action_path=${{ github.action_path }}"
        ACTION_PATH_CONFIG_MAVEN="${{ github.action_path }}"
        host_actions_root="${{ inputs.host-actions-root }}"
        if [[ -z "$host_actions_root" ]]; then
          host_actions_root="$(dirname "$ACTION_PATH_CONFIG_MAVEN")"
        else
          ACTION_PATH_CONFIG_MAVEN="$host_actions_root/config-maven"
        fi
        echo "ACTION_PATH_CONFIG_MAVEN=$ACTION_PATH_CONFIG_MAVEN"
        echo "ACTION_PATH_CONFIG_MAVEN=$ACTION_PATH_CONFIG_MAVEN" >> "$GITHUB_ENV"
        echo "host_actions_root=$host_actions_root" >> "$GITHUB_OUTPUT"

        mkdir -p ".actions"
        ln -sf "$host_actions_root/get-build-number" .actions/get-build-number
        ln -sf "$host_actions_root/shared" .actions/shared
        ls -la .actions/*
        echo "::endgroup::"

    - uses: ./.actions/get-build-number
      id: get-build-number
      with:
        host-actions-root: ${{ steps.set-path.outputs.host_actions_root }}

    - id: config-maven-completed
      if: env.CONFIG_MAVEN_COMPLETED != ''
      shell: bash
      run: |
        echo "Action already called by $CONFIG_MAVEN_COMPLETED, execution skipped."
        echo "skip=true" >> $GITHUB_OUTPUT

    - name: Set parameter for Vault
      if: steps.config-maven-completed.outputs.skip != 'true'
      shell: bash
      env:
        ARTIFACTORY_READER_ROLE: ${{ inputs.artifactory-reader-role != '' && inputs.artifactory-reader-role ||
          (github.event.repository.visibility == 'public' && 'public-reader' || 'private-reader') }}
      run: |
        echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV"
    - uses: SonarSource/vault-action-wrapper@c154b4a417b51cb98dd71137f49bf20e77c56820 # 3.4.0
      if: steps.config-maven-completed.outputs.skip != 'true'
      id: secrets
      with:
        secrets: |
          development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} username | ARTIFACTORY_USERNAME;
          development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} access_token | ARTIFACTORY_ACCESS_TOKEN;
          ${{ inputs.use-develocity == 'true' && 'development/kv/data/develocity token | DEVELOCITY_TOKEN;' || '' }}

    - name: Extract Develocity hostname
      id: develocity-hostname
      if: steps.config-maven-completed.outputs.skip != 'true' && inputs.use-develocity == 'true'
      shell: bash
      env:
        DEVELOCITY_URL: ${{ inputs.develocity-url }}
      run: echo "hostname=$(echo "${DEVELOCITY_URL}" | sed -e 's|https://||' -e 's|/$||')" >> $GITHUB_OUTPUT

    - name: Set environment variables for Artifactory authentication
      if: steps.config-maven-completed.outputs.skip != 'true'
      shell: bash
      env:
        ARTIFACTORY_URL: ${{ inputs.repox-artifactory-url != '' && inputs.repox-artifactory-url ||
          format('{0}/artifactory', inputs.repox-url) }}
        ARTIFACTORY_USERNAME: ${{ steps.secrets.outputs.vault && fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_USERNAME || '' }}
        ARTIFACTORY_ACCESS_TOKEN: ${{ steps.secrets.outputs.vault && fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN || '' }}
        DEVELOCITY_TOKEN: ${{ inputs.use-develocity == 'true' && steps.secrets.outputs.vault &&
          fromJSON(steps.secrets.outputs.vault).DEVELOCITY_TOKEN || '' }}
      run: |
        if [[ "${DEVELOCITY_ACCESS_KEY:-}" == "${{ steps.develocity-hostname.outputs.hostname }}=" ]]; then
          echo "::warning title=Found invalid DEVELOCITY_ACCESS_KEY::DEVELOCITY_ACCESS_KEY should not be set manually" \
            "in the environment." >&2
          echo "[WARNING] DEVELOCITY_ACCESS_KEY is set in the environment with an empty token. This is a deprecated configuration." \
          "The Develocity token is configured by config-maven. Please remove external configuration of DEVELOCITY_ACCESS_KEY."
        fi

        echo "ARTIFACTORY_URL=$ARTIFACTORY_URL" >> "$GITHUB_ENV"
        echo "ARTIFACTORY_USERNAME=$ARTIFACTORY_USERNAME" >> "$GITHUB_ENV"
        echo "ARTIFACTORY_ACCESS_USERNAME=$ARTIFACTORY_USERNAME" >> "$GITHUB_ENV"  # deprecated, backward compliance
        echo "ARTIFACTORY_ACCESS_TOKEN=$ARTIFACTORY_ACCESS_TOKEN" >> "$GITHUB_ENV"
        echo "ARTIFACTORY_PASSWORD=$ARTIFACTORY_ACCESS_TOKEN" >> "$GITHUB_ENV"  # deprecated, backward compliance
        if [[ -n "${DEVELOCITY_TOKEN:-}" ]]; then
          echo "DEVELOCITY_ACCESS_KEY=${{ steps.develocity-hostname.outputs.hostname }}=$DEVELOCITY_TOKEN" >> "$GITHUB_ENV"
        fi

    - name: Configure Maven settings and set repository URL
      if: steps.config-maven-completed.outputs.skip != 'true'
      shell: bash
      run: |
        MAVEN_CONFIG="$HOME/.m2"
        mkdir -p "$MAVEN_CONFIG/repository"
        M2_SETTINGS="$MAVEN_CONFIG/settings.xml"
        cp "${ACTION_PATH_CONFIG_MAVEN}/resources/settings.xml" "$M2_SETTINGS"
        echo "Copied Maven settings from ${ACTION_PATH_CONFIG_MAVEN}/resources/settings.xml to $M2_SETTINGS"
        echo "MAVEN_CONFIG=$MAVEN_CONFIG" >> "$GITHUB_ENV"
        echo "SONARSOURCE_REPOSITORY_URL=$ARTIFACTORY_URL/sonarsource-qa" >> "$GITHUB_ENV"

        # Maven retrieves the user home directory from the passwd database, that may differ from $HOME (e.g., in a container)
        echo "HOME: $HOME"
        if [[ "$RUNNER_OS" != "Windows" ]]; then
          # Get user home directory - use getent on Linux, dscl on macOS
          if command -v getent &> /dev/null; then
            USER_HOME="$(getent passwd $(whoami) | cut -d: -f6)"
          elif command -v dscl &> /dev/null; then
            USER_HOME="$(dscl . -read  /Users/$(whoami) NFSHomeDirectory | awk '{print $2}')"
          else
            USER_HOME="$HOME"
          fi
          if [[ "$USER_HOME" != "$HOME" ]]; then
            echo "::group::USER_HOME symlinks workaround for Maven when it differs from HOME"
            echo "USER_HOME (from passwd): $USER_HOME"
            mkdir -p "$USER_HOME/.m2"
            ln -sf "$MAVEN_CONFIG/repository" "$USER_HOME/.m2/repository"
            ln -sf "$M2_SETTINGS" "$USER_HOME/.m2/settings.xml"
            echo "Created symlinks from $USER_HOME/.m2 to $HOME/.m2:"
            ls -la "$USER_HOME/.m2/" "$HOME/.m2"
            echo "::endgroup::"
          fi
        fi

    - name: Sanitize workflow name for cache key
      id: sanitize_workflow
      if: steps.config-maven-completed.outputs.skip != 'true' && inputs.disable-caching == 'false'
      shell: bash
      env:
        WORKFLOW_NAME: ${{ github.workflow }}
      run: echo "workflow_name=${WORKFLOW_NAME// /-}" >> "$GITHUB_OUTPUT"

    - name: Cache local Maven repository
      uses: SonarSource/gh-action_cache@eaf3a34501712f8a246749c4abf837a2b4d67521 # v1.4.2
      if: steps.config-maven-completed.outputs.skip != 'true' && inputs.disable-caching == 'false'
      with:
        path: ${{ inputs.cache-paths }}
        # yamllint disable rule:line-length
        key: maven-${{ runner.os }}-${{ steps.sanitize_workflow.outputs.workflow_name }}-${{ hashFiles(format('{0}/**/pom.xml', inputs.working-directory)) }}
        # yamllint enable rule:line-length
        restore-keys: maven-${{ runner.os }}-${{ steps.sanitize_workflow.outputs.workflow_name }}-

    - name: Update project version and set current-version and project-version variables
      id: set-version
      shell: bash
      working-directory: ${{ inputs.working-directory }}
      env:
        SKIP: ${{ steps.config-maven-completed.outputs.skip }}
      run: $ACTION_PATH_CONFIG_MAVEN/set_maven_project_version.sh

    - name: Deactivate UseContainerSupport on github-ubuntu-* runners
      if: steps.config-maven-completed.outputs.skip != 'true' && runner.os == 'Linux' && runner.environment == 'github-hosted'
      shell: bash
      run: |
        echo "::warning title=Deactivating UseContainerSupport::The GitHub-hosted Ubuntu runners have an issue with Java's" \
          "UseContainerSupport feature." >&2
        echo "JAVA_TOOL_OPTIONS=${JAVA_TOOL_OPTIONS:=-XX:-UseContainerSupport}" >> "$GITHUB_ENV"

    - name: Create mvn wrapper function with common Maven flags and set MAVEN_OPTS
      if: steps.config-maven-completed.outputs.skip != 'true'
      shell: bash
      env:
        COMMON_MVN_FLAGS: ${{ inputs.common-mvn-flags }}
      run: |
        # - 'command mvn' prevents the function from calling itself in a loop.
        echo "mvn() { command mvn ${COMMON_MVN_FLAGS} \"\$@\"; }" >> "$HOME/.bash_profile"
        echo "BASH_ENV=$HOME/.bash_profile" >> "$GITHUB_ENV"
        echo "MAVEN_OPTS=${MAVEN_OPTS:=-Xmx1536m -Xms128m}" >> "$GITHUB_ENV"
        echo "CONFIG_MAVEN_COMPLETED=$GITHUB_ACTION" >> "$GITHUB_ENV"