Skip to content

Commit 96dae11

Browse files
SergeySeroshtanSergeySeroshtan
authored
Merge pull request #72 from VirgilSecurity/dev
Release v7.4.0
2 parents 276a5db + f9bf003 commit 96dae11

32 files changed

Lines changed: 1456 additions & 956 deletions

.github/workflows/build-and-test.yml

Lines changed: 100 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
name: Build and Test
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
- master
8+
- develop
9+
- dev
10+
- "release/**"
11+
- "hotfix/**"
12+
- "feature/**"
13+
pull_request:
14+
branches:
15+
- main
16+
- master
17+
- develop
18+
- dev
19+
workflow_dispatch:
20+
workflow_call:
21+
secrets:
22+
ENV_JSON_PASSPHRASE:
23+
required: false
24+
25+
jobs:
26+
build-and-test:
27+
runs-on: ubuntu-latest
28+
permissions:
29+
contents: read
30+
steps:
31+
- name: Checkout
32+
uses: actions/checkout@v4
33+
34+
- name: Setup Java
35+
uses: actions/setup-java@v4
36+
with:
37+
distribution: "temurin"
38+
java-version: "17"
39+
cache: "gradle"
40+
41+
- name: Setup Android SDK
42+
uses: android-actions/setup-android@v3
43+
44+
- name: Install Android SDK packages
45+
run: |
46+
yes | sdkmanager --licenses >/dev/null
47+
yes | sdkmanager \
48+
"platform-tools" \
49+
"platforms;android-34" \
50+
"build-tools;34.0.0"
51+
52+
- name: Decrypt env.json for integration tests
53+
if: hashFiles('env.json.enc') != ''
54+
env:
55+
ENV_JSON_PASSPHRASE: ${{ secrets.ENV_JSON_PASSPHRASE }}
56+
run: |
57+
if [ -z "${ENV_JSON_PASSPHRASE:-}" ]; then
58+
echo "ENV_JSON_PASSPHRASE is not set. Integration tests that need env.json will be skipped."
59+
exit 0
60+
fi
61+
./scripts/decrypt-env.sh
62+
63+
- name: Build JVM and Android modules
64+
run: |
65+
./gradlew \
66+
:api:assemble \
67+
:common:assemble \
68+
:crypto:assemble \
69+
:test-common:assemble \
70+
:sdk:assemble \
71+
:crypto-android:assembleRelease \
72+
:android-utils:assembleRelease \
73+
:sdk-android:assembleRelease \
74+
--no-daemon \
75+
--stacktrace
76+
77+
- name: Run JVM tests
78+
run: |
79+
./gradlew \
80+
:api:test \
81+
:common:test \
82+
:crypto:test \
83+
:test-common:test \
84+
:sdk:test \
85+
--no-daemon \
86+
--stacktrace
87+
88+
- name: Cleanup decrypted env.json
89+
if: always()
90+
run: rm -f env.json
91+
92+
- name: Upload test reports
93+
if: always()
94+
uses: actions/upload-artifact@v4
95+
with:
96+
name: jvm-test-reports
97+
path: |
98+
**/build/reports/tests/**/*
99+
**/build/test-results/**/*
100+
if-no-files-found: warn

.github/workflows/publish-release.yml

Lines changed: 212 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,212 @@
1+
name: Publish Release
2+
3+
on:
4+
push:
5+
tags:
6+
- "v*.*.*"
7+
- "v*.*.*-rc*"
8+
workflow_dispatch:
9+
inputs:
10+
tag:
11+
description: "Tag to release (for example v7.3.2)"
12+
required: true
13+
type: string
14+
15+
jobs:
16+
verify-version:
17+
runs-on: ubuntu-latest
18+
permissions:
19+
contents: read
20+
steps:
21+
- name: Checkout
22+
uses: actions/checkout@v4
23+
with:
24+
ref: ${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref }}
25+
26+
- name: Verify SDK version matches tag
27+
run: |
28+
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
29+
TAG="${{ inputs.tag }}"
30+
else
31+
TAG="${GITHUB_REF#refs/tags/}"
32+
fi
33+
34+
TAG_VERSION="${TAG#v}"
35+
SDK_VERSION=$(grep -E "final String SDK_VERSION = '[^']+'" build.gradle | sed -E "s/.*'([^']+)'.*/\1/" | tr -d '[:space:]')
36+
SDK_VERSION_BASE="${SDK_VERSION%-SNAPSHOT}"
37+
38+
echo "Tag version: ${TAG_VERSION}"
39+
echo "SDK version: ${SDK_VERSION_BASE}"
40+
41+
if [ -z "${SDK_VERSION_BASE}" ]; then
42+
echo "ERROR: Could not extract SDK_VERSION from build.gradle"
43+
exit 1
44+
fi
45+
46+
if [ "${TAG_VERSION}" != "${SDK_VERSION_BASE}" ]; then
47+
echo "ERROR: Tag version (${TAG_VERSION}) doesn't match SDK version (${SDK_VERSION_BASE})"
48+
exit 1
49+
fi
50+
51+
build:
52+
name: Build and Test
53+
needs: verify-version
54+
uses: ./.github/workflows/build-and-test.yml
55+
secrets: inherit
56+
57+
publish:
58+
name: Publish Artifacts
59+
needs: build
60+
runs-on: ubuntu-latest
61+
permissions:
62+
contents: read
63+
steps:
64+
- name: Checkout
65+
uses: actions/checkout@v4
66+
with:
67+
ref: ${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref }}
68+
69+
- name: Setup Java
70+
uses: actions/setup-java@v4
71+
with:
72+
distribution: "temurin"
73+
java-version: "17"
74+
cache: "gradle"
75+
76+
- name: Setup Android SDK
77+
uses: android-actions/setup-android@v3
78+
79+
- name: Install Android SDK packages
80+
run: |
81+
yes | sdkmanager --licenses >/dev/null
82+
yes | sdkmanager \
83+
"platform-tools" \
84+
"platforms;android-34" \
85+
"build-tools;34.0.0"
86+
87+
- name: Verify Central bundle publish tasks exist
88+
run: |
89+
./gradlew -q help --task :api:publishMavenJavaPublicationToCentralBundleRepository
90+
./gradlew -q help --task :common:publishMavenJavaPublicationToCentralBundleRepository
91+
./gradlew -q help --task :crypto:publishMavenJavaPublicationToCentralBundleRepository
92+
./gradlew -q help --task :test-common:publishMavenJavaPublicationToCentralBundleRepository
93+
./gradlew -q help --task :sdk:publishMavenJavaPublicationToCentralBundleRepository
94+
./gradlew -q help --task :crypto-android:publishMavenJavaPublicationToCentralBundleRepository
95+
./gradlew -q help --task :android-utils:publishMavenJavaPublicationToCentralBundleRepository
96+
./gradlew -q help --task :sdk-android:publishMavenJavaPublicationToCentralBundleRepository
97+
98+
- name: Publish artifacts to local bundle repo
99+
env:
100+
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.CENTRAL_SONATYPE_SIGNING_KEY }}
101+
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.CENTRAL_SONATYPE_SIGNING_PASSWORD }}
102+
run: |
103+
rm -rf build/central-bundle-repo build/central-bundle.zip
104+
./gradlew \
105+
:api:publishMavenJavaPublicationToCentralBundleRepository \
106+
:common:publishMavenJavaPublicationToCentralBundleRepository \
107+
:crypto:publishMavenJavaPublicationToCentralBundleRepository \
108+
:test-common:publishMavenJavaPublicationToCentralBundleRepository \
109+
:sdk:publishMavenJavaPublicationToCentralBundleRepository \
110+
:crypto-android:publishMavenJavaPublicationToCentralBundleRepository \
111+
:android-utils:publishMavenJavaPublicationToCentralBundleRepository \
112+
:sdk-android:publishMavenJavaPublicationToCentralBundleRepository \
113+
--no-daemon \
114+
--stacktrace
115+
116+
- name: Validate bundle repo contains POMs
117+
run: |
118+
test -d build/central-bundle-repo
119+
POM_COUNT=$(find build/central-bundle-repo -type f -name '*.pom' | wc -l | tr -d '[:space:]')
120+
echo "POM count: ${POM_COUNT}"
121+
if [ "${POM_COUNT}" = "0" ]; then
122+
echo "ERROR: No .pom files found in build/central-bundle-repo"
123+
find build/central-bundle-repo -maxdepth 6 -type f | head -n 200
124+
exit 1
125+
fi
126+
127+
- name: Build Central bundle zip
128+
run: |
129+
test -d build/central-bundle-repo
130+
131+
# Central bundle should not include repository metadata/module metadata.
132+
find build/central-bundle-repo -type f -name 'maven-metadata.xml*' -delete
133+
find build/central-bundle-repo -type f -name '*.module*' -delete
134+
135+
while IFS= read -r -d '' file; do
136+
md5sum "$file" | awk '{print $1}' > "$file.md5"
137+
sha1sum "$file" | awk '{print $1}' > "$file.sha1"
138+
done < <(find build/central-bundle-repo -type f \
139+
! -name '*.asc' \
140+
! -name '*.md5' \
141+
! -name '*.sha1' \
142+
-print0)
143+
144+
(cd build/central-bundle-repo && zip -q -r ../central-bundle.zip .)
145+
ls -la build/central-bundle.zip
146+
147+
- name: Upload Central bundle (debug)
148+
if: always()
149+
uses: actions/upload-artifact@v4
150+
with:
151+
name: central-portal-bundle
152+
path: build/central-bundle.zip
153+
154+
- name: Upload Central bundle repo (debug)
155+
if: always()
156+
uses: actions/upload-artifact@v4
157+
with:
158+
name: central-portal-bundle-repo
159+
path: build/central-bundle-repo/
160+
161+
- name: Upload bundle to Sonatype Central Portal
162+
env:
163+
CENTRAL_USERNAME: ${{ secrets.CENTRAL_SONATYPE_TOKEN_USERNAME }}
164+
CENTRAL_PASSWORD: ${{ secrets.CENTRAL_SONATYPE_TOKEN_PASSWORD }}
165+
run: |
166+
if [ -z "${CENTRAL_USERNAME}" ] || [ -z "${CENTRAL_PASSWORD}" ]; then
167+
echo "ERROR: Missing Central token credentials"
168+
exit 1
169+
fi
170+
171+
CENTRAL_BEARER=$(printf "%s:%s" "${CENTRAL_USERNAME}" "${CENTRAL_PASSWORD}" | base64 | tr -d '\n')
172+
DEPLOYMENT_ID=$(curl -sS \
173+
--fail \
174+
--header "Authorization: Bearer ${CENTRAL_BEARER}" \
175+
--form "bundle=@build/central-bundle.zip" \
176+
"https://central.sonatype.com/api/v1/publisher/upload?publishingType=AUTOMATIC&name=${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref_name }}")
177+
178+
if [ -z "${DEPLOYMENT_ID}" ]; then
179+
echo "ERROR: Central Portal did not return deployment ID"
180+
exit 1
181+
fi
182+
echo "Central deployment id: ${DEPLOYMENT_ID}"
183+
echo "DEPLOYMENT_ID=${DEPLOYMENT_ID}" >> "$GITHUB_ENV"
184+
185+
- name: Wait for Central Portal publish
186+
env:
187+
CENTRAL_USERNAME: ${{ secrets.CENTRAL_SONATYPE_TOKEN_USERNAME }}
188+
CENTRAL_PASSWORD: ${{ secrets.CENTRAL_SONATYPE_TOKEN_PASSWORD }}
189+
run: |
190+
CENTRAL_BEARER=$(printf "%s:%s" "${CENTRAL_USERNAME}" "${CENTRAL_PASSWORD}" | base64 | tr -d '\n')
191+
192+
for i in $(seq 1 60); do
193+
STATUS_JSON=$(curl -sS --fail --request POST \
194+
--header "Authorization: Bearer ${CENTRAL_BEARER}" \
195+
"https://central.sonatype.com/api/v1/publisher/status?id=${DEPLOYMENT_ID}")
196+
STATE=$(python3 -c 'import json,sys; print(json.load(sys.stdin).get("deploymentState",""))' <<<"${STATUS_JSON}")
197+
echo "Central state: ${STATE}"
198+
199+
if [ "${STATE}" = "PUBLISHED" ]; then
200+
exit 0
201+
fi
202+
if [ "${STATE}" = "FAILED" ]; then
203+
echo "Central deployment FAILED"
204+
echo "${STATUS_JSON}"
205+
exit 1
206+
fi
207+
208+
sleep 30
209+
done
210+
211+
echo "Timed out waiting for Central Portal publish"
212+
exit 1

.travis.yml

Lines changed: 0 additions & 65 deletions
This file was deleted.

0 commit comments

Comments
 (0)