diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 80bcd67d..ec64b740 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -9,7 +9,16 @@ on: jobs: check: runs-on: ubuntu-latest + permissions: + id-token: write + contents: read steps: + - name: Log into production account + uses: aws-actions/configure-aws-credentials@v4.1.0 + with: + aws-region: eu-central-1 + role-to-assume: arn:aws:iam::130607246975:role/ci-base-access + role-session-name: dss - uses: actions/checkout@v3 - name: Set up JDK uses: actions/setup-java@v3 @@ -19,14 +28,17 @@ jobs: - name: Validate Gradle wrapper uses: gradle/wrapper-validation-action@v1.0.6 - name: Checkstyle - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: + develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: checkstyleMain checkstyleTest - name: PMD - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: + develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: pmdMain pmdTest - name: Test - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: + develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: test diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0c0bdd0b..458b981c 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -11,7 +11,16 @@ jobs: publish: needs: check runs-on: ubuntu-latest + permissions: + id-token: write + contents: read steps: + - name: Log into production account + uses: aws-actions/configure-aws-credentials@v4.1.0 + with: + aws-region: eu-central-1 + role-to-assume: arn:aws:iam::130607246975:role/ci-base-access + role-session-name: dss - uses: actions/checkout@v3 - name: Set up JDK uses: actions/setup-java@v3 @@ -21,12 +30,14 @@ jobs: - name: Validate Gradle wrapper uses: gradle/wrapper-validation-action@v1.0.6 - name: Build sourcesJar and javadocJar - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: + develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: sourcesJar javadocJar - name: Publish to MavenCentral - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: + develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: publishMavenPublicationToSonatypeRepository --max-workers 1 closeAndReleaseSonatypeStagingRepository env: OSSRH_USERNAME: ${{ secrets.MAVEN_USERNAME }} diff --git a/gradle.properties b/gradle.properties new file mode 100644 index 00000000..aec0a559 --- /dev/null +++ b/gradle.properties @@ -0,0 +1,2 @@ +org.gradle.caching=true +org.gradle.parallel=true diff --git a/gradle/token-utils.gradle b/gradle/token-utils.gradle new file mode 100644 index 00000000..72a9edd9 --- /dev/null +++ b/gradle/token-utils.gradle @@ -0,0 +1,20 @@ +def fetchToken() { + String token = System.getenv("CODEARTIFACT_AUTH_TOKEN") + if (token == null || System.getenv("CI") == null) { + token = """aws codeartifact get-authorization-token + --profile production/developer + --domain getyourguide + --domain-owner 130607246975 + --query authorizationToken + --output text""".execute().onExit().get().text + } + if (token == null || token.isEmpty()) { + throw new RuntimeException("Error getting codeartifact token. Please call `gygauth setup` in cli and try again.") + } + println("Use codeartifact token: " + token.substring(0, 10) + "...") + return token +} + +ext { + fetchToken = this.&fetchToken +} diff --git a/settings.gradle b/settings.gradle index 14bb59d4..3c10b991 100644 --- a/settings.gradle +++ b/settings.gradle @@ -1,3 +1,23 @@ +pluginManagement { + apply from: "$rootDir/gradle/token-utils.gradle" + def token = fetchToken() + repositories { + maven { + name "codeartifact" + url "https://getyourguide-130607246975.d.codeartifact.eu-central-1.amazonaws.com/maven/private/" + credentials { + username "aws" + password "$token" + } + } + gradlePluginPortal() + } +} + +plugins { + id 'com.getyourguide.libs.gradle.develocity.configuration' version '4.9.2' +} + rootProject.name = 'openapi-validation' include('openapi-validation-api')