Skip to content

Commit 2ed6f36

Browse files
kuny0707kuny0707
authored
Release 0.11.0 (#208)
1 parent 2889428 commit 2ed6f36

30 files changed

+3426
-260
lines changed

.github/workflows/gradle-generate-publish-artifacts.yml

Lines changed: 198 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,198 @@
1+
name: Build - Artifacts
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
project_version:
7+
description: "Project version (e.g. 1.0.0)"
8+
required: true
9+
default: ""
10+
project_group:
11+
description: "Project group (e.g. io.github.tronprotocol)"
12+
required: true
13+
default: "io.github.tronprotocol"
14+
15+
permissions:
16+
id-token: write # Only allow OIDC token access
17+
contents: read # Limit repository access
18+
19+
jobs:
20+
build:
21+
runs-on: ubuntu-22.04
22+
23+
steps:
24+
- name: Checkout repository
25+
uses: actions/checkout@v4
26+
27+
- name: Set up JDK 8
28+
run: |
29+
export JDK_TAR="jdk-8u202-linux-x64.tar.gz"
30+
export JDK_DIR="jdk1.8.0_202"
31+
export JDK_MD5="0029351f7a946f6c05b582100c7d45b7"
32+
set -o errexit -o nounset
33+
sudo apt-get update && sudo apt-get install -y wget
34+
sudo wget -P /usr/local https://github.com/frekele/oracle-java/releases/download/8u202-b08/$JDK_TAR
35+
echo "$JDK_MD5 /usr/local/$JDK_TAR" | md5sum -c
36+
sudo tar -zxf /usr/local/$JDK_TAR -C /usr/local
37+
sudo rm /usr/local/$JDK_TAR
38+
echo "JAVA_HOME=/usr/local/$JDK_DIR" >> $GITHUB_ENV
39+
echo "CLASSPATH=/usr/local/$JDK_DIR/lib/dt.jar:/usr/local/$JDK_DIR/lib/tools.jar" >> $GITHUB_ENV
40+
echo "/usr/local/$JDK_DIR/bin" >> $GITHUB_PATH
41+
42+
# Configure Gradle for optimal use in GitHub Actions, including caching of downloaded dependencies.
43+
# See: https://github.com/gradle/actions/blob/main/setup-gradle/README.md
44+
- name: Setup Gradle
45+
uses: gradle/actions/setup-gradle@v4
46+
with:
47+
cache-read-only: ${{ github.event_name == 'pull_request' }}
48+
# This prevents pull requests from polluting the cache with potentially unstable changes.
49+
50+
# --- Regular Gradle build (with dependency verification) ---
51+
- name: Build project
52+
run: ./gradlew clean build -x test -PVERSION=${{ inputs.project_version }} -PGROUP=${{ inputs.project_group }}
53+
54+
# --- Create init.gradle for publishing ---
55+
- name: Create Gradle init script for publishing
56+
run: |
57+
cat > init-publish.gradle <<'EOF'
58+
allprojects {
59+
// Apply Java and Maven Publish plugins
60+
apply plugin: 'java'
61+
apply plugin: 'maven-publish'
62+
63+
publishing {
64+
publications {
65+
mavenJava(MavenPublication) {
66+
from components.java
67+
68+
groupId = "${{ inputs.project_group }}"
69+
artifactId = 'trident'
70+
version = "${{ inputs.project_version }}"
71+
72+
pom {
73+
name = 'trident'
74+
description = 'Java implementation of trident'
75+
url = 'https://github.com/tronprotocol/trident'
76+
77+
licenses {
78+
license {
79+
name = 'The Apache License, Version 2.0'
80+
url = 'http://www.apache.org/licenses/LICENSE-2.0.txt'
81+
}
82+
}
83+
84+
developers {
85+
developer {
86+
name = 'jiangyuanshu'
87+
email = '[email protected]'
88+
}
89+
developer {
90+
name = 'apple'
91+
email = '[email protected]'
92+
}
93+
}
94+
95+
scm {
96+
connection = 'scm:git:git://github.com/tronprotocol/trident.git'
97+
developerConnection = 'scm:git:ssh://github.com/tronprotocol/trident.git'
98+
url = 'https://github.com/tronprotocol/trident'
99+
}
100+
101+
// collect all dependencies of subprojects
102+
withXml {
103+
def dependenciesNode = asNode().appendNode('dependencies')
104+
def seenDependencies = [] as Set
105+
subprojects.each { subproject ->
106+
{
107+
subproject.properties.configurations.implementation.allDependencies.each { dep ->
108+
{//println dep
109+
if (!(dep instanceof ProjectDependency) && dep.group != null && dep.name != null && dep.version != null && dep.group != artifactId) {
110+
def dependencyIdentifier = "${dep.group}:${dep.name}:${dep.version}"
111+
//drop duplicate
112+
if (!seenDependencies.contains(dependencyIdentifier)) {
113+
seenDependencies << dependencyIdentifier
114+
def dependencyNode = dependenciesNode.appendNode('dependency')
115+
dependencyNode.appendNode('groupId', dep.group)
116+
dependencyNode.appendNode('artifactId', dep.name)
117+
dependencyNode.appendNode('version', dep.version)
118+
//dependencyNode.appendNode('scope', 'runtime')
119+
120+
// for exclusions
121+
if (dep.excludeRules.size() > 0) {
122+
def exclusions = dependencyNode.appendNode('exclusions')
123+
dep.excludeRules.each { ExcludeRule ex ->
124+
def exclusion = exclusions.appendNode('exclusion')
125+
exclusion.appendNode('groupId', ex.group)
126+
exclusion.appendNode('artifactId', ex.module)
127+
}
128+
}
129+
}
130+
}// end if
131+
}
132+
}
133+
}
134+
}
135+
}
136+
//end withXml
137+
}
138+
}
139+
}
140+
141+
repositories {
142+
mavenLocal()
143+
}
144+
}
145+
}
146+
EOF
147+
148+
# --- Generate POM using init script ---
149+
- name: Generate POM file
150+
run: ./gradlew generatePomFileForMavenJavaPublication -I init-publish.gradle
151+
152+
# --- Upload generated POM as artifact ---
153+
- name: Upload POM file
154+
uses: actions/upload-artifact@v4
155+
with:
156+
name: generated-pom
157+
path: build/publications/mavenJava/pom-default.xml
158+
159+
- name: Upload JAR files
160+
uses: actions/upload-artifact@v4
161+
with:
162+
name: trident-${{ inputs.project_version }}
163+
path: build/libs/*.jar
164+
165+
# --- AWS S3 Upload Section ---
166+
- name: Configure AWS Credentials (OIDC)
167+
uses: aws-actions/configure-aws-credentials@v4
168+
with:
169+
role-to-assume: ${{ secrets.AWS_ROLE_ARN_DEV_UPLOAD }} # 👈 replace with your IAM role
170+
aws-region: ${{ secrets.AWS_REGION }}
171+
172+
- name: Upload artifacts to S3
173+
run: |
174+
DEST="s3://${{ secrets.S3_BUCKET_DEV }}"
175+
if [ -n "${{ secrets.S3_PREFIX }}" ]; then
176+
DEST="$DEST/${{ secrets.S3_PREFIX }}"
177+
fi
178+
DEST="$DEST/${{ inputs.project_version }}"
179+
aws s3 cp build/publications/mavenJava/pom-default.xml "$DEST/trident-${{ inputs.project_version }}.pom"
180+
aws s3 cp build/libs/ "$DEST/" --recursive --exclude "*" --include "*.jar"
181+
182+
echo "## MD5 Summary of Uploaded Files" >> $GITHUB_STEP_SUMMARY
183+
echo "" >> $GITHUB_STEP_SUMMARY
184+
echo "| Filename | MD5 Hash |" >> $GITHUB_STEP_SUMMARY
185+
echo "|----------|----------|" >> $GITHUB_STEP_SUMMARY
186+
for file in build/libs/*.jar; do
187+
if [ -f "$file" ]; then
188+
FILENAME=$(basename "$file")
189+
LOCAL_MD5=$(md5sum $file | awk '{print $1}')
190+
echo "| $FILENAME | $LOCAL_MD5 |" >> $GITHUB_STEP_SUMMARY
191+
echo "$FILENAME: $LOCAL_MD5"
192+
fi
193+
done
194+
195+
LOCAL_MD5=$(md5sum build/publications/mavenJava/pom-default.xml | awk '{print $1}')
196+
echo "| trident-${{ inputs.project_version }}.pom | $LOCAL_MD5 |" >> $GITHUB_STEP_SUMMARY
197+
echo "trident-${{ inputs.project_version }}.pom: $LOCAL_MD5"
198+

.github/workflows/sign-publish-artifacts.yml

Lines changed: 193 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,193 @@
1+
name: Sign - Artifacts
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
project_version:
7+
description: "Project version (e.g. 1.0.0)"
8+
required: true
9+
default: ""
10+
project_group:
11+
description: "Project group (e.g. io.github.tronprotocol)"
12+
required: true
13+
default: "io.github.tronprotocol"
14+
15+
jobs:
16+
17+
18+
download-from-s3-and-sign:
19+
name: Download from S3
20+
runs-on: self-hosted
21+
22+
permissions:
23+
contents: read
24+
id-token: write # Needed for AWS credential provider
25+
26+
steps:
27+
- name: Set S3 path
28+
run: |
29+
echo "S3_PATH=${{ secrets.S3_BUCKET_DEV }}/${{ secrets.S3_PREFIX }}/${{ inputs.project_version }}" >> $GITHUB_ENV
30+
31+
- name: Configure AWS Credentials
32+
uses: aws-actions/configure-aws-credentials@v4
33+
with:
34+
role-to-assume: ${{ secrets.AWS_ROLE_ARN_DEV_DOWNLOAD }} # 👈 replace with your IAM role
35+
aws-region: ${{ secrets.AWS_REGION }}
36+
37+
- name: Compute DOWNLOAD_DIR
38+
run: |
39+
GROUP_PATH=$(echo "${{ inputs.project_group }}" | tr '.' '/')
40+
echo "DOWNLOAD_DIR=$GROUP_PATH/trident/${{ inputs.project_version }}" >> $GITHUB_ENV
41+
42+
- name: Create download directory
43+
run: |
44+
if [ -d "${{ env.DOWNLOAD_DIR }}" ]; then
45+
rm -rf "${{ env.DOWNLOAD_DIR }}"
46+
fi
47+
mkdir -p ${{ env.DOWNLOAD_DIR }}
48+
49+
- name: Download files from S3
50+
run: |
51+
echo "Downloading files from ${{ env.S3_PATH }}"
52+
aws s3 cp s3://${{ env.S3_PATH }}/ ${{ env.DOWNLOAD_DIR }}/ --recursive --exclude "*" --include "trident-${{ inputs.project_version }}*"
53+
54+
# Verify download was successful
55+
if [ -z "$(ls -A ${{ env.DOWNLOAD_DIR }})" ]; then
56+
echo "Error: Failed to download files from S3"
57+
exit 1
58+
else
59+
echo "Download from S3 completed successfully"
60+
ls -l "${{ env.DOWNLOAD_DIR }}" | awk '{ $3=""; $4=""; print }'
61+
fi
62+
63+
- name: Create download summary
64+
run: |
65+
echo "## S3 Download Summary" >> $GITHUB_STEP_SUMMARY
66+
echo "Downloaded files from \`${{ env.S3_PATH }}\`" >> $GITHUB_STEP_SUMMARY
67+
echo "" >> $GITHUB_STEP_SUMMARY
68+
echo "### Downloaded Files:" >> $GITHUB_STEP_SUMMARY
69+
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
70+
ls -l "${{ env.DOWNLOAD_DIR }}" | awk '{ $3=""; $4=""; print }' >> $GITHUB_STEP_SUMMARY
71+
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
72+
73+
echo "### MD5 Summary of Downloaded Files" >> $GITHUB_STEP_SUMMARY
74+
echo "" >> $GITHUB_STEP_SUMMARY
75+
echo "| Filename | MD5 Hash |" >> $GITHUB_STEP_SUMMARY
76+
echo "|----------|----------|" >> $GITHUB_STEP_SUMMARY
77+
for file in ${{ env.DOWNLOAD_DIR }}/*; do
78+
if [ -f "$file" ]; then
79+
FILENAME=$(basename "$file")
80+
LOCAL_MD5=$(md5sum $file | awk '{print $1}')
81+
echo "| $FILENAME | $LOCAL_MD5 |" >> $GITHUB_STEP_SUMMARY
82+
echo "$FILENAME: $LOCAL_MD5"
83+
fi
84+
done
85+
86+
- name: List files to sign
87+
run: |
88+
echo "Files to sign:"
89+
ls -l ${{ env.DOWNLOAD_DIR }} | awk '{ $3=""; $4=""; print }'
90+
91+
- name: Sign artifacts
92+
run: |
93+
# Sign each JAR file
94+
PREFIX="${{ env.DOWNLOAD_DIR }}/trident-${{ inputs.project_version }}"
95+
96+
files=(
97+
"${PREFIX}.jar"
98+
"${PREFIX}-sources.jar"
99+
"${PREFIX}-javadoc.jar"
100+
"${PREFIX}.pom"
101+
)
102+
for file in "${files[@]}"; do
103+
if [ -f "$file" ]; then
104+
echo "Signing $file"
105+
# Generate GPG signature
106+
gpg --local-user ${{ secrets.GPG_FINGERPRINT }} --armor --detach-sign ${file}
107+
# Generate checksums (macOS-specific commands)
108+
md5 ${file} | awk '{print $NF}' > ${file}.md5
109+
shasum -a 1 ${file} | awk '{print $1}' > ${file}.sha1
110+
shasum -a 256 ${file} | awk '{print $1}' > ${file}.sha256
111+
shasum -a 512 ${file} | awk '{print $1}' > ${file}.sha512
112+
# Generate checksums for the signature file
113+
md5 ${file}.asc | awk '{print $NF}' > ${file}.asc.md5
114+
shasum -a 1 ${file}.asc | awk '{print $1}' > ${file}.asc.sha1
115+
shasum -a 256 ${file}.asc | awk '{print $1}' > ${file}.asc.sha256
116+
shasum -a 512 ${file}.asc | awk '{print $1}' > ${file}.asc.sha512
117+
fi
118+
done
119+
120+
# Verify signature files were created
121+
echo "Signature files created:"
122+
ls -l ${{ env.DOWNLOAD_DIR }}/*.sig | awk '{ $3=""; $4=""; print }' || echo "No signature files found"
123+
124+
- name: Create signing summary
125+
run: |
126+
echo "## Signing Summary" >> $GITHUB_STEP_SUMMARY
127+
echo "Signed artifacts for \`${{ env.S3_PATH }}\`" >> $GITHUB_STEP_SUMMARY
128+
echo "" >> $GITHUB_STEP_SUMMARY
129+
echo "### Signed Files:" >> $GITHUB_STEP_SUMMARY
130+
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
131+
ls -l ${{ env.DOWNLOAD_DIR }} | awk '{ $3=""; $4=""; print }' >> $GITHUB_STEP_SUMMARY
132+
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
133+
134+
- name: Gzip files
135+
run: |
136+
rm -f trident-${{ inputs.project_version }}-bundle.zip
137+
zip -r trident-${{ inputs.project_version }}-bundle.zip ${DOWNLOAD_DIR}
138+
LOCAL_MD5=$(md5sum trident-${{ inputs.project_version }}-bundle.zip | awk '{print $1}')
139+
echo "trident-${{ inputs.project_version }}-bundle.zip: $LOCAL_MD5"
140+
141+
- name: Upload signed artifacts
142+
uses: actions/upload-artifact@v4
143+
with:
144+
name: trident-${{ inputs.project_version }}-bundle.zip
145+
path: "./trident-${{ inputs.project_version }}-bundle.zip"
146+
if-no-files-found: error
147+
148+
upload-signed-to-s3:
149+
name: Upload Signed Artifacts to S3
150+
runs-on: ubuntu-22.04
151+
needs: download-from-s3-and-sign
152+
153+
permissions:
154+
actions: read
155+
contents: read
156+
id-token: write # Needed for AWS credential provider
157+
158+
steps:
159+
- name: Download signed artifacts
160+
uses: actions/download-artifact@v4
161+
with:
162+
name: trident-${{ inputs.project_version }}-bundle.zip
163+
path: ./signed-artifacts/
164+
165+
- name: Configure AWS Credentials
166+
uses: aws-actions/configure-aws-credentials@v4
167+
with:
168+
role-to-assume: ${{ secrets.AWS_ROLE_ARN_TEST_UPLOAD }} # 👈 replace with your IAM role
169+
aws-region: ${{ secrets.AWS_REGION }}
170+
171+
- name: Upload signed artifacts to S3
172+
run: |
173+
S3_SIGNED_PATH="s3://${{ secrets.S3_BUCKET_TEST }}"
174+
if [ -n "${{ secrets.S3_PREFIX }}" ]; then
175+
S3_SIGNED_PATH="$S3_SIGNED_PATH/${{ secrets.S3_PREFIX }}"
176+
fi
177+
S3_SIGNED_PATH="$S3_SIGNED_PATH/${{ inputs.project_version }}"
178+
echo "Uploading signed artifacts to $S3_SIGNED_PATH"
179+
aws s3 cp "./signed-artifacts/" "$S3_SIGNED_PATH" --recursive
180+
echo "Upload of signed artifacts to S3 completed successfully"
181+
182+
echo "## MD5 Summary of Uploaded Files" >> $GITHUB_STEP_SUMMARY
183+
echo "" >> $GITHUB_STEP_SUMMARY
184+
echo "| Filename | MD5 Hash |" >> $GITHUB_STEP_SUMMARY
185+
echo "|----------|----------|" >> $GITHUB_STEP_SUMMARY
186+
for file in ./signed-artifacts/*; do
187+
if [ -f "$file" ]; then
188+
FILENAME=$(basename "$file")
189+
LOCAL_MD5=$(md5sum $file | awk '{print $1}')
190+
echo "| $FILENAME | $LOCAL_MD5 |" >> $GITHUB_STEP_SUMMARY
191+
echo "$FILENAME: $LOCAL_MD5"
192+
fi
193+
done

0 commit comments

Comments
 (0)