* Removed dependency on maven-nexus-plugin for releases.

* Updated dependencies.
cowwoc · May 27, 2024 · dc8ffbb · dc8ffbb
1 parent a085dc0
commit dc8ffbb
Show file tree

Hide file tree

Showing 13 changed files with 350 additions and 148 deletions.
diff --git a/.github/workflows/build-master.yml b/.github/workflows/build-master.yml
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,9 +1,12 @@
-name: Build (reusable workflow)
-on: workflow_call
+name: Build
+on: [ push ]
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
 
 jobs:
   build:
-    name: Reusable Build Workflow
+    name: Build (${{ matrix.os }})
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
@@ -25,15 +28,12 @@ jobs:
             ~/.m2/repository/*
             !~/.m2/repository/com/github/cowwoc/pouch
           key: ${{ runner.OS }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.OS }}-maven-
 
       # Maven command-line options:
       # --batch-mode: recommended in CI to inform maven to not run in interactive mode (less logs)
       # -V: strongly recommended in CI, will display the JDK and Maven versions in use.
-      #      Very useful to be quickly sure the selected versions were the ones you think.
-      # -Dsurefire.useFile=false : useful in CI. Displays test errors in the logs directly (instead of
-      #                            having to crawl the workspace files to see the cause).
-      # -e : Display stack-traces on failure
+      # -Dsurefire.useFile=false: useful in CI. Displays test errors in the logs directly (instead of
+      #                           having to crawl the workspace files to see the cause).
+      # -e: Display stack-traces on failure
       - name: Build
         run: ./mvnw install --batch-mode -V "-Dsurefire.useFile=false" -e
diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml
@@ -0,0 +1,44 @@
+# Source: https://github.com/contributor-assistant/github-action
+name: "CLA Assistant"
+on:
+  issue_comment:
+    types: [ created ]
+  pull_request_target:
+    types: [ opened,closed,synchronize ]
+
+# explicitly configure permissions, in case your GITHUB_TOKEN workflow permissions are set to read-only in repository settings
+permissions:
+  actions: write
+  contents: write
+  pull-requests: write
+  statuses: write
+
+jobs:
+  CLAAssistant:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "CLA Assistant"
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+        uses: contributor-assistant/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # the below token should have repo scope and must be manually added by you in the repository's secret
+          # This token is required only if you have configured to store the signatures in a remote repository/organization
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_ACCESS_TOKEN }}
+        with:
+          path-to-signatures: 'cla/version1/signatures/cla.json'
+          path-to-document: 'https://github.com/cowwoc/requirements.java/cla/version1/cla.md' # e.g. a CLA or a DCO document
+          # branch should not be protected
+          branch: 'main'
+          allowlist: cowwoc
+
+          # the followings are the optional inputs - If the optional inputs are not given, then default values will be taken
+          #remote-organization-name: enter the remote organization name where the signatures should be stored (Default is storing the signatures in the same repository)
+          #remote-repository-name: enter the  remote repository name where the signatures should be stored (Default is storing the signatures in the same repository)
+          #create-file-commit-message: 'For example: Creating file for storing CLA Signatures'
+          #signed-commit-message: 'For example: $contributorName has signed the CLA in $owner/$repo#$pullRequestNo'
+          #custom-notsigned-prcomment: 'pull request comment with Introductory message to ask new contributors to sign'
+          #custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA'
+          #custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.'
+          #lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true)
+          #use-dco-flag: true - If you are using DCO instead of CLA
diff --git a/.github/workflows/deploy_to_maven_central.yml b/.github/workflows/deploy_to_maven_central.yml
@@ -1,29 +1,32 @@
-# Source: https://docs.github.com/en/actions/publishing-packages/publishing-java-packages-with-maven
+# Based on https://docs.github.com/en/actions/publishing-packages/publishing-java-packages-with-maven
+# https://gist.github.com/cstamas/69e6365bbb70521923020d68369bf8e5 and
+# https://oss.sonatype.org/nexus-staging-plugin/default/docs/rest.html
 name: Deploy to Maven Central
 on:
   workflow_dispatch:
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
+  group: "${{ github.workflow }}-${{ github.ref }}"
   cancel-in-progress: true
 env:
-  # One can look up a project's profileId by running:
-  # mvn nexus-staging:rc-list-profiles -DserverId=maven-central-releases -DnexusUrl=https://oss.sonatype.org/
-  STAGING_PROFILE_ID: "3799bb102c7f24"
+  STAGING_HOST: "oss.sonatype.org"
   OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
   OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }}
   MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
 jobs:
   open-release:
     runs-on: ubuntu-latest
     outputs:
-      INITIAL_REF_POSITION: ${{ steps.open-staging.outputs.INITIAL_REF_POSITION }}
-      TAG: ${{ steps.open-staging.outputs.TAG }}
-      STAGING_REPOSITORY_ID: ${{ steps.open-staging.outputs.STAGING_REPOSITORY_ID }}
+      INITIAL_REF_POSITION: ${{ steps.create-tag.outputs.INITIAL_REF_POSITION }}
+      TAG: ${{ steps.create-tag.outputs.TAG }}
+      VERSION: ${{ steps.create-tag.outputs.VERSION }}
+      STAGING_PROFILE_ID: ${{ steps.parse-profile-id.outputs.STAGING_PROFILE_ID }}
+      STAGING_REPOSITORY_ID: ${{ steps.parse-repository-id.outputs.STAGING_REPOSITORY_ID }}
     steps:
       - uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
           fetch-depth: 0
+          token: ${{ secrets.WORKFLOW_TOKEN }}
       - uses: actions/setup-java@v4
         with:
           distribution: zulu
@@ -36,14 +39,15 @@ jobs:
           server-password: OSSRH_TOKEN
           gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
           gpg-passphrase: MAVEN_GPG_PASSPHRASE
+
       - name: Cache Dependencies
         uses: actions/cache@v4
         with:
           # Avoid caching generated artifacts
           path: |
             ~/.m2/repository/*
             !~/.m2/repository/com/github/cowwoc/pouch
-          key: ${{ runner.OS }}-maven-${{ hashFiles('**/pom.xml') }}
+          key: "${{ runner.OS }}-maven-${{ hashFiles('**/pom.xml') }}"
 
       - name: Configure Git User
         run: |
@@ -60,22 +64,46 @@ jobs:
       #
       # Setting a GitHub Action output parameter:
       # https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-output-parameter
-      #
-      # "release:prepare" must skip integration tests because "binaries-on-path-test" requires artifacts
-      # to be deployed to local repository.
-      - name: Open staging repository
-        id: open-staging
+      # Extracting the release version number: https://stackoverflow.com/a/16623897/14731
+      - name: Create tag
+        id: create-tag
         run: |
-          echo "INITIAL_REF_POSITION=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
-          ./mvnw release:prepare --batch-mode -V -e -Darguments="-Ddeploy -Dinvoker.skip=true"
-          echo "TAG=$(git describe --tag --abbrev=0)" >> $GITHUB_OUTPUT
-          
-          output=$(./mvnw --batch-mode -e -DstagingProfileId=${{ env.STAGING_PROFILE_ID }} nexus-staging:rc-open)
-          [[ "$output" =~ Opened\ (comgithubcowwoc-[[:digit:]]+) ]]
-          stagingRepositoryId="${BASH_REMATCH[1]}"
-          echo "STAGING_REPOSITORY_ID=$stagingRepositoryId" >> $GITHUB_OUTPUT
+          echo "INITIAL_REF_POSITION=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
+          ./mvnw release:prepare --batch-mode -V -e
+          TAG=$(git describe --tag --abbrev=0)
+          echo "TAG=${TAG}" >> "$GITHUB_OUTPUT"
+          echo "VERSION=${TAG#"release-"}" >> "$GITHUB_OUTPUT"
+
+      - name: Look up staging profile id
+        id: request-profile-id
+        run: >
+          echo "STAGING_PROFILE_ID=$(curl -u '${{ secrets.OSSRH_USERNAME}}:${{ secrets.OSSRH_TOKEN }}'
+          -H 'Accept:application/json'
+          'https://${{ env.STAGING_HOST }}/service/local/staging/profile_evaluate?t=maven2&g=com.github.cowwoc.pouch&a=anything&v=anything')"
+          >> "$GITHUB_OUTPUT"
+
+      - name: Parse the staging profile id
+        id: parse-profile-id
+        run: >
+          echo "STAGING_PROFILE_ID=$(echo '${{ steps.request-profile-id.outputs.STAGING_PROFILE_ID }}' | jq -r '.data[0].id')" >> "$GITHUB_OUTPUT"
+
+      - name: Open staging repository
+        id: open-repository
+        run: >
+          echo "STAGING_REPOSITORY_ID=$(curl -u '${{ secrets.OSSRH_USERNAME}}:${{ secrets.OSSRH_TOKEN }}'
+          -H 'Accept: application/json'
+          -H 'Content-type: application/json'
+          -X POST -d '{"data": {"description": "com.googlecode.cmake-maven-project:${{ steps.create-tag.outputs.VERSION }}"}}'
+          'https://${{ env.STAGING_HOST }}/service/local/staging/profiles/${{ steps.parse-profile-id.outputs.STAGING_PROFILE_ID }}/start')"
+          >> "$GITHUB_OUTPUT"
+
+      - name: Parse the staging repository id
+        id: parse-repository-id
+        run: >
+          echo "STAGING_REPOSITORY_ID=$(echo '${{ steps.open-repository.outputs.STAGING_REPOSITORY_ID }}' | jq -r '.data.stagedRepositoryId')" >> "$GITHUB_OUTPUT"
 
   deploy:
+    name: Deploy
     needs: open-release
     runs-on: ubuntu-latest
     steps:
@@ -94,27 +122,35 @@ jobs:
           server-password: OSSRH_TOKEN
           gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
           gpg-passphrase: MAVEN_GPG_PASSPHRASE
+
       - name: Cache Dependencies
         uses: actions/cache@v4
         with:
           # Avoid caching generated artifacts
           path: |
             ~/.m2/repository/*
             !~/.m2/repository/com/github/cowwoc/pouch
-          key: ${{ runner.OS }}-maven-${{ hashFiles('**/pom.xml') }}
+          key: "${{ runner.OS }}-maven-${{ hashFiles('**/pom.xml') }}"
+
+      - name: Test build
+        run: ./mvnw --batch-mode -V -e verify
 
+      # Avoid using exclamation mark on bash: https://stackoverflow.com/a/27177197/14731
       - name: Deploy to Maven Central
         run: >
-          ./mvnw --batch-mode -V -e -Ddeploy -DstagingProfileId=${{ env.STAGING_PROFILE_ID }}
-          -DstagingRepositoryId=${{ needs.open-release.outputs.STAGING_REPOSITORY_ID }}
-          deploy
+          ./mvnw --batch-mode -V -e -pl '!dropwizard,!jersey'
+          -Dstaging_repository_id=${{ needs.open-release.outputs.STAGING_REPOSITORY_ID }}
+          -Dstaging_host="${{ env.STAGING_HOST }}"
+          deploy -P release
+
   close-release:
     needs: [ open-release, deploy ]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
         with:
           ref: ${{ needs.open-release.outputs.TAG }}
+          token: ${{ secrets.WORKFLOW_TOKEN }}
       - uses: actions/setup-java@v4
         with:
           distribution: zulu
@@ -127,31 +163,34 @@ jobs:
           server-password: OSSRH_TOKEN
           gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
           gpg-passphrase: MAVEN_GPG_PASSPHRASE
+
       - name: Cache Dependencies
         uses: actions/cache@v4
         with:
           # Avoid caching generated artifacts
           path: |
             ~/.m2/repository/*
             !~/.m2/repository/com/github/cowwoc/pouch
-          key: ${{ runner.OS }}-maven-${{ hashFiles('**/pom.xml') }}
+          key: "${{ runner.OS }}-maven-${{ hashFiles('**/pom.xml') }}"
 
       - name: Close staging repository
         run: >
-          ./mvnw --batch-mode -V -e -DstagingProfileId=${{ env.STAGING_PROFILE_ID }}
-          -DstagingRepositoryId=${{ needs.open-release.outputs.STAGING_REPOSITORY_ID }}
-          nexus-staging:rc-close
+          curl -u ${{ secrets.OSSRH_USERNAME}}:${{ secrets.OSSRH_TOKEN }} -X POST
+          -H "Content-Type:application/json"
+          -d '{"data": {"stagedRepositoryId": "${{ needs.open-release.outputs.STAGING_REPOSITORY_ID }}", "description": "Closing repository"}}'
+          'https://${{ env.STAGING_HOST }}/service/local/staging/profiles/${{ needs.open-release.outputs.STAGING_PROFILE_ID }}/finish' 
 
   # Cleanup on failure: https://stackoverflow.com/a/74562058/14731
   on-failure:
     needs: [ open-release, deploy, close-release ]
     runs-on: ubuntu-latest
-    if: ${{ always() && contains(needs.*.result, 'failure') }}
+    if: ${{ failure() || cancelled() }}
     steps:
       - uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
           fetch-depth: 0
+          token: ${{ secrets.WORKFLOW_TOKEN }}
       - uses: actions/setup-java@v4
         with:
           distribution: zulu
@@ -164,14 +203,23 @@ jobs:
           server-password: OSSRH_TOKEN
           gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
           gpg-passphrase: MAVEN_GPG_PASSPHRASE
+
       - name: Cache Dependencies
         uses: actions/cache@v4
         with:
           # Avoid caching generated artifacts
           path: |
             ~/.m2/repository/*
             !~/.m2/repository/com/github/cowwoc/pouch
-          key: ${{ runner.OS }}-maven-${{ hashFiles('**/pom.xml') }}
+          key: "${{ runner.OS }}-maven-${{ hashFiles('**/pom.xml') }}"
+
+      - name: Drop staging repository
+        if: needs.open-release.outputs.STAGING_REPOSITORY_ID != '' && needs.open-release.outputs.STAGING_PROFILE_ID != ''
+        run: >
+          curl -u ${{ secrets.OSSRH_USERNAME}}:${{ secrets.OSSRH_TOKEN }} -X POST
+          -H "Content-Type:application/json"
+          -d '{"data": {"stagedRepositoryId": "${{ needs.open-release.outputs.STAGING_REPOSITORY_ID }}", "description": "Dropping repository"}}'
+          'https://${{ env.STAGING_HOST }}/service/local/staging/profiles/${{ needs.open-release.outputs.STAGING_PROFILE_ID }}/drop'
 
       - name: Configure Git User
         run: |
@@ -193,11 +241,4 @@ jobs:
       - name: Delete tag
         if: needs.open-release.outputs.TAG != ''
         run: |
-          git push --delete origin ${{ needs.open-release.outputs.TAG }}
-
-      - name: Drop staging repository
-        if: needs.open-release.outputs.STAGING_REPOSITORY_ID != ''
-        run: >
-          ./mvnw --batch-mode -V -e -DstagingProfileId=${{ env.STAGING_PROFILE_ID }}
-          -DstagingRepositoryId=${{ needs.open-release.outputs.STAGING_REPOSITORY_ID }}
-          nexus-staging:rc-drop
+          git push --delete origin ${{ needs.open-release.outputs.TAG }}
diff --git a/README.md b/README.md
@@ -113,9 +113,9 @@ public interface ClientScope
 
 Imagine we have:
 
-* `JvmScope`: values specific to an application run
-* `DatabaseScope`: values specific to a database connection
-* `RequestScope`: values specific to an HTTP request
+* `JvmScope`: values specific to the lifetime of the current JVM
+* `DatabaseScope`: values specific to the lifetime of the current database connection
+* `RequestScope`: values specific to the lifetime of the current HTTP request
 
 Notice that a `JvmScope` contains values whose lifetime span multiple database connections.
 Further, `DatabaseScope` contains values whose lifetime span multiple HTTP requests.

diff --git a/cla/version1/cla.md b/cla/version1/cla.md
@@ -0,0 +1,18 @@
+# Contributor License Agreements
+
+Whenever someone wants to submit a patch to open source projects, they must first sign a Contributor License
+Agreement (CLA). This allows the contributor to retain their ownership in the code submitted while granting
+the project owner the necessary legal rights to use that contribution. The CLA only needs to be signed once
+and it covers projects by the same project owner.
+
+## Why do we even have a CLA?
+
+Our CLA allows open source projects administered by the project owner to safely accept code and documentation
+from external contributors.
+
+## What's in the CLA?
+
+Our CLAs are based on the Apache Software Foundation's CLAs.
+
+* [Corporate CLA](corporate-cla.md) - For entities signing on behalf of their employees.
+* [Individual CLA](individual-cla.md) - For individuals.