Skip to content

Amazon DocumentDB JDBC Driver #1157

Amazon DocumentDB JDBC Driver

Amazon DocumentDB JDBC Driver #1157

Workflow file for this run

# Copyright <2020> Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
name: Amazon DocumentDB JDBC Driver
on:
# Trigger the workflow on pull request,
# but only for the master/develop branches
pull_request:
branches:
- master
- develop
# Trigger on-demand
workflow_dispatch:
inputs:
testWithoutDocumentDB:
description: Test without DocumentDB? (1/0)
required: false
default: '1'
mavenFilesPreparation:
description: Prepare files to publish in maven repo? (1/0)
required: false
default: '0'
signTacoFile:
description: Sign taco file artifact
type: boolean
required: false
default: false
jobs:
build:
env:
DOC_DB_KEYPAIR: ${{secrets.DOC_DB_KEYPAIR}}
TRUSTSTORE_PASSWORD: ${{secrets.TRUSTSTORE_PASSWORD}}
DOC_DB_USER_NAME: ${{secrets.DOC_DB_USER_NAME}}
DOC_DB_PASSWORD: ${{secrets.DOC_DB_PASSWORD}}
DOC_DB_USER: ${{secrets.DOC_DB_USER}}
DOC_DB_HOST: ${{secrets.DOC_DB_HOST}}
OMIT_DOCUMENTDB: ${{ github.event.inputs.testWithoutDocumentDB || '0' }}
RUN_REMOTE_INTEGRATION_TESTS: ${{ github.event.inputs.testWithoutDocumentDB && 'false' || 'true' }}
DOC_DB_LOCAL_PORT: 27019
DOC_DB_REMOTE_PORT: 27017
DOC_DB_PRIV_KEY_FILE: ~/certs/docdb-sshtunnel.pem
GPG_SIGN_KEY: ${{secrets.GPG_SIGN_KEY}}
GPG_KEY_PASSWORD: ${{secrets.GPG_KEY_PASSWORD}}
GPG_KEY_SECRET_KEY_RING: ${{secrets.GPG_KEY_SECRET_KEY_RING}}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
ref: ''
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Extract key-pair into file
if: ${{ env.OMIT_DOCUMENTDB == '0' }}
run: |
mkdir -p ~/certs
echo "$DOC_DB_KEYPAIR" > ~/certs/docdb-sshtunnel.pem
chmod 400 ~/certs/docdb-sshtunnel.pem
- name: Run SSH tunnel to DocumentDB server
if: ${{ env.OMIT_DOCUMENTDB == '0' }}
run: |
ssh -f -N -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ~/certs/docdb-sshtunnel.pem -L $DOC_DB_LOCAL_PORT:${{secrets.DOC_DB_HOST}}:$DOC_DB_REMOTE_PORT ${{secrets.DOC_DB_USER}}
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Build with Gradle with local and optional remote DocumentDB tests
run: |
./gradlew build -PrunRemoteIntegrationTests=$RUN_REMOTE_INTEGRATION_TESTS
- name: Extract gpg-key-pair into file
if: ${{ github.event.inputs.mavenFilesPreparation }}
run: |
echo "$GPG_KEY_SECRET_KEY_RING" > secring.kbx.b64
base64 -d secring.kbx.b64 > secring.kbx
- name: Prepare to publish to Maven
if: ${{ github.event.inputs.mavenFilesPreparation }}
run: |
./gradlew publishToMavenLocal -Psigning.secretKeyRingFile=secring.kbx -Psigning.password=$GPG_KEY_PASSWORD -Psigning.keyId=$GPG_SIGN_KEY -PrunRemoteIntegrationTests=$RUN_REMOTE_INTEGRATION_TESTS
- name: Copy Build
run: |
mkdir output
mkdir output/jarfile
mkdir output/reports
cp build/libs/*.jar output/jarfile
cp -R build/reports output/reports
- name: Copy Files for Maven
if: ${{ github.event.inputs.mavenFilesPreparation }}
run: |
mkdir -p output/maven
name=$(ls build/libs | grep documentdb-jdbc.*-all.jar.asc)
vers=$(awk -F- '{print $3}' <<<"$name")
src_folder=~/.m2/repository/software/amazon/documentdb/jdbc/documentdb-jdbc/$vers
cp $src_folder/documentdb-jdbc-$vers.jar output/maven
cp $src_folder/documentdb-jdbc-$vers.jar.asc output/maven
cp $src_folder/documentdb-jdbc-$vers-javadoc.jar output/maven
cp $src_folder/documentdb-jdbc-$vers-javadoc.jar.asc output/maven
cp $src_folder/documentdb-jdbc-$vers-sources.jar output/maven
cp $src_folder/documentdb-jdbc-$vers-sources.jar.asc output/maven
cp $src_folder/documentdb-jdbc-$vers.pom output/maven
cp $src_folder/documentdb-jdbc-$vers.pom.asc output/maven
cd output/maven
jar -cvf bundle.jar *
rm documentdb-jdbc-$vers.jar
rm documentdb-jdbc-$vers.jar.asc
rm documentdb-jdbc-$vers-javadoc.jar
rm documentdb-jdbc-$vers-javadoc.jar.asc
rm documentdb-jdbc-$vers-sources.jar
rm documentdb-jdbc-$vers-sources.jar.asc
rm documentdb-jdbc-$vers.pom
rm documentdb-jdbc-$vers.pom.asc
- name: Upload Build
uses: actions/upload-artifact@v1
with:
name: output
path: output
- name: Upload Raw Test Results
uses: actions/upload-artifact@v1
if: always()
with:
name: raw-test-results
path: build/test-results/test/
- name: Publish Summary Test Results
uses: EnricoMi/[email protected]
if: always()
with:
files: build/test-results/**/*.xml
- name: Publish Detailed Test Report
if: always()
uses: scacap/action-surefire-report@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
report_paths: '**/build/test-results/test/TEST-*.xml'
- name: Generate JaCoCo Badge
id: jacoco
uses: cicirello/[email protected]
with:
jacoco-csv-file: 'build/reports/jacoco/test/jacocoTestReport.csv'
generate-branches-badge: true
- name: Commit Coverage Badge
uses: stefanzweifel/git-auto-commit-action@v4
if: ${{ ! github.event.inputs.mavenFilesPreparation }}
with:
commit_options: '--allow-empty --no-verify'
commit_message: Commit Code Coverage Badge
file_pattern: '*.svg'
skip_fetch: false
skip_checkout: false
skip_dirty_check: false
- name: Upload JaCoCo coverage report
uses: actions/upload-artifact@v2
with:
name: jacoco-report
path: build/reports/jacoco/
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: Cache Gradle packages
uses: actions/cache@v1
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
restore-keys: ${{ runner.os }}-gradle
build-taco:
env:
SIGNING_ENABLED: ${{ github.event.inputs.signTacoFile }}
name: Assemble Tableau Connector
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v2
- name: Ensure Executable Permissions
run: chmod a+x ./tableau-connector/build.sh
- name: Assemble Tableau Connector
run: ./tableau-connector/build.sh
- name: View assembled file
run: ls -l tableau-connector/target
- name: Add Version to Taco file
run: |
file="./gradle.properties"
MAJOR_VERSION=$(grep "MAJOR_VERSION" ${file} | cut -d'=' -f2)
MINOR_VERSION=$(grep "MINOR_VERSION" ${file} | cut -d'=' -f2)
PATCH_VERSION=$(grep "PATCH_VERSION" ${file} | cut -d'=' -f2)
echo "version=$MAJOR_VERSION.$MINOR_VERSION.$PATCH_VERSION" >> $GITHUB_ENV
mv tableau-connector/target/*.taco tableau-connector/target/documentdbjdbc-$MAJOR_VERSION.$MINOR_VERSION.$PATCH_VERSION.taco
- name: "Configure AWS credentials"
if: ${{env.SIGNING_ENABLED == 'true'}}
uses: aws-actions/configure-aws-credentials@v1
with:
role-skip-session-tagging: true
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-external-id: ${{ secrets.AWS_ROLE_EXTERNAL_ID }}
role-duration-seconds: 3600
- name: Sign Taco File
id: sign-taco-file
shell: bash
run: |
echo "Sign is set to ${SIGNING_ENABLED}"
if [[ $SIGNING_ENABLED = "true" ]]
then
echo "Signing is enabled. Will attempt to sign"
pwd
ls -l tableau-connector/target
echo "Installing jq"
sudo apt-get install jq
# Upload unsigned .taco to S3 Bucket
echo "Obtaining version id and uploading unsigned .taco to S3 Bucket"
version_id=$( aws s3api put-object --bucket ${{ secrets.AWS_UNSIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }} --body ./tableau-connector/target/documentdbjdbc-${{env.version}}.taco --acl bucket-owner-full-control | jq '.VersionId' )
job_id=""
# Attempt to get Job ID from bucket tagging, will retry up to 3 times before exiting with a failure code.
# Will sleep for 5 seconds between retries.
echo "Attempt to get Job ID from bucket tagging, will retry up to 3 times before exiting with a failure code."
for (( i=0; i<3; i++ ))
do
# Get job ID
id=$( aws s3api get-object-tagging --bucket ${{ secrets.AWS_UNSIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }} --version-id ${version_id} | jq -r '.TagSet[0].Value' )
if [ $id != "null" ]
then
job_id=$id
break
fi
echo "Will sleep for 5 seconds between retries."
sleep 5s
done
if [[ $job_id = "" ]]
then
echo "Exiting because unable to retrieve job ID"
exit 1
fi
# Poll signed S3 bucket to see if the signed artifact is there
echo "Poll signed S3 bucket to see if the signed artifact is there"
for (( i=0; i<3; i++ ))
do
aws s3api wait object-exists --bucket ${{ secrets.AWS_SIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }}-${job_id}.taco
if [ $? -eq 0 ]
then
break
fi
echo "Will sleep for 5 seconds between retries."
sleep 5s
done
# Downloading signed taco from S3
echo "Downloading signed .taco from S3"
aws s3api get-object --bucket ${{ secrets.AWS_SIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }}-${job_id}.taco ./tableau-connector/target/documentdbjdbc-${{env.version}}-signed.taco
echo "Signing completed"
ls -l tableau-connector/target
else
echo "Signing will be skipped"
fi
- name: Upload Build
if: always()
uses: actions/upload-artifact@v3
with:
name: documentdbjdbc-${{env.version}}-taco
path: ./tableau-connector/target/