From c4bd64fd19aec2d15038f6c39d620b6537c198d5 Mon Sep 17 00:00:00 2001 From: Clara Hille Date: Mon, 24 Feb 2025 17:59:39 +0100 Subject: [PATCH 1/6] [DEN-5047] Enable Develocity access --- .github/workflows/check.yml | 3 +++ .github/workflows/publish.yml | 2 ++ gradle.properties | 2 ++ gradle/token-utils.gradle | 20 ++++++++++++++++++++ settings.gradle | 20 ++++++++++++++++++++ 5 files changed, 47 insertions(+) create mode 100644 gradle.properties create mode 100644 gradle/token-utils.gradle diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 80bcd67d..56c1244a 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -21,12 +21,15 @@ jobs: - name: Checkstyle uses: gradle/gradle-build-action@v2 with: + develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: checkstyleMain checkstyleTest - name: PMD uses: gradle/gradle-build-action@v2 with: + develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: pmdMain pmdTest - name: Test uses: gradle/gradle-build-action@v2 with: + develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: test diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0c0bdd0b..0c5e47fa 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -23,10 +23,12 @@ jobs: - name: Build sourcesJar and javadocJar uses: gradle/gradle-build-action@v2 with: + develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: sourcesJar javadocJar - name: Publish to MavenCentral uses: gradle/gradle-build-action@v2 with: + develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: publishMavenPublicationToSonatypeRepository --max-workers 1 closeAndReleaseSonatypeStagingRepository env: OSSRH_USERNAME: ${{ secrets.MAVEN_USERNAME }} diff --git a/gradle.properties b/gradle.properties new file mode 100644 index 00000000..aec0a559 --- /dev/null +++ b/gradle.properties @@ -0,0 +1,2 @@ +org.gradle.caching=true +org.gradle.parallel=true diff --git a/gradle/token-utils.gradle b/gradle/token-utils.gradle new file mode 100644 index 00000000..72a9edd9 --- /dev/null +++ b/gradle/token-utils.gradle @@ -0,0 +1,20 @@ +def fetchToken() { + String token = System.getenv("CODEARTIFACT_AUTH_TOKEN") + if (token == null || System.getenv("CI") == null) { + token = """aws codeartifact get-authorization-token + --profile production/developer + --domain getyourguide + --domain-owner 130607246975 + --query authorizationToken + --output text""".execute().onExit().get().text + } + if (token == null || token.isEmpty()) { + throw new RuntimeException("Error getting codeartifact token. Please call `gygauth setup` in cli and try again.") + } + println("Use codeartifact token: " + token.substring(0, 10) + "...") + return token +} + +ext { + fetchToken = this.&fetchToken +} diff --git a/settings.gradle b/settings.gradle index 14bb59d4..3c10b991 100644 --- a/settings.gradle +++ b/settings.gradle @@ -1,3 +1,23 @@ +pluginManagement { + apply from: "$rootDir/gradle/token-utils.gradle" + def token = fetchToken() + repositories { + maven { + name "codeartifact" + url "https://getyourguide-130607246975.d.codeartifact.eu-central-1.amazonaws.com/maven/private/" + credentials { + username "aws" + password "$token" + } + } + gradlePluginPortal() + } +} + +plugins { + id 'com.getyourguide.libs.gradle.develocity.configuration' version '4.9.2' +} + rootProject.name = 'openapi-validation' include('openapi-validation-api') From cc8635162da07d168ed4ca88e1e6e8e9edd68eac Mon Sep 17 00:00:00 2001 From: Clara Hille <79694873+m0ana@users.noreply.github.com> Date: Tue, 25 Feb 2025 09:26:10 +0100 Subject: [PATCH 2/6] Update check.yml --- .github/workflows/check.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 56c1244a..b3a71557 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -24,12 +24,12 @@ jobs: develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: checkstyleMain checkstyleTest - name: PMD - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: pmdMain pmdTest - name: Test - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: test From ccf5a80a31e71d3bf4eaea0f89dea633dfc0bcad Mon Sep 17 00:00:00 2001 From: Clara Hille <79694873+m0ana@users.noreply.github.com> Date: Tue, 25 Feb 2025 09:27:33 +0100 Subject: [PATCH 3/6] Update check.yml --- .github/workflows/check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index b3a71557..b91c7d8c 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -19,7 +19,7 @@ jobs: - name: Validate Gradle wrapper uses: gradle/wrapper-validation-action@v1.0.6 - name: Checkstyle - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: checkstyleMain checkstyleTest From 4bf1b511f5ec6f273014c89bdb831596415e4ded Mon Sep 17 00:00:00 2001 From: Clara Hille <79694873+m0ana@users.noreply.github.com> Date: Tue, 25 Feb 2025 09:32:46 +0100 Subject: [PATCH 4/6] Update publish.yml --- .github/workflows/publish.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0c5e47fa..309a1bd4 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -6,6 +6,8 @@ on: - 'v*' jobs: + credentials-scan: + uses: getyourguide/actions/.github/workflows/credentials-scan.yml@main check: uses: ./.github/workflows/check.yml publish: @@ -21,12 +23,12 @@ jobs: - name: Validate Gradle wrapper uses: gradle/wrapper-validation-action@v1.0.6 - name: Build sourcesJar and javadocJar - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: sourcesJar javadocJar - name: Publish to MavenCentral - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} arguments: publishMavenPublicationToSonatypeRepository --max-workers 1 closeAndReleaseSonatypeStagingRepository From 6d9a19d7478756009acc22e9cd2d1505182fc74a Mon Sep 17 00:00:00 2001 From: Clara Hille <79694873+m0ana@users.noreply.github.com> Date: Tue, 25 Feb 2025 09:34:02 +0100 Subject: [PATCH 5/6] Update check.yml --- .github/workflows/check.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index b91c7d8c..e28105ec 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -7,6 +7,8 @@ on: workflow_call: jobs: + credentials-scan: + uses: getyourguide/actions/.github/workflows/credentials-scan.yml@main check: runs-on: ubuntu-latest steps: From bad297b63288b845582a90b6710efc7b521e7731 Mon Sep 17 00:00:00 2001 From: Clara Hille Date: Tue, 25 Feb 2025 09:56:05 +0100 Subject: [PATCH 6/6] Log into AWS --- .github/workflows/check.yml | 11 +++++++++-- .github/workflows/publish.yml | 11 +++++++++-- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index e28105ec..ec64b740 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -7,11 +7,18 @@ on: workflow_call: jobs: - credentials-scan: - uses: getyourguide/actions/.github/workflows/credentials-scan.yml@main check: runs-on: ubuntu-latest + permissions: + id-token: write + contents: read steps: + - name: Log into production account + uses: aws-actions/configure-aws-credentials@v4.1.0 + with: + aws-region: eu-central-1 + role-to-assume: arn:aws:iam::130607246975:role/ci-base-access + role-session-name: dss - uses: actions/checkout@v3 - name: Set up JDK uses: actions/setup-java@v3 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 309a1bd4..458b981c 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -6,14 +6,21 @@ on: - 'v*' jobs: - credentials-scan: - uses: getyourguide/actions/.github/workflows/credentials-scan.yml@main check: uses: ./.github/workflows/check.yml publish: needs: check runs-on: ubuntu-latest + permissions: + id-token: write + contents: read steps: + - name: Log into production account + uses: aws-actions/configure-aws-credentials@v4.1.0 + with: + aws-region: eu-central-1 + role-to-assume: arn:aws:iam::130607246975:role/ci-base-access + role-session-name: dss - uses: actions/checkout@v3 - name: Set up JDK uses: actions/setup-java@v3