4.0 KiB
Continuous Integration
Continuous integration is set up with GitHub Actions. The workflows are defined in this repo under /.github/workflows.
Workflows exist for:
- Pull request - On pull request, static analysis and testing is performed.
- Snapshot deployment - On merge to the main branch, a snapshot release is deployed to Maven Central. Concurrency limits are in place, to ensure that only one snapshot deployment can happen at a time.
- Release deployment - Manually invoked workflow to deploy to Maven Central. Concurrency limits are in place, to ensure that only one release deployment can happen at a time.
- Unwedge — If Snapshot deployment fails, it will often be due to multiple unclosed repositories. This workflow can take a given open repository name and attempt to close it.
Setup
When forking this repository, some secrets need to be defined to set up new continuous integration builds.
The secrets passed to GitHub Actions then map to Gradle properties set up within our build scripts. Necessary secrets are documented at the top of each GitHub workflow yml file, as well as reiterated here.
Pull request
FIREBASE_TEST_LAB_PROJECT
- Firebase Test Lab project name.FIREBASE_TEST_LAB_SERVICE_ACCOUNT
- Email address of Firebase Test Lab service account.FIREBASE_TEST_LAB_WORKLOAD_IDENTITY_PROVIDER
- Workload identity provider to generate temporary service account key.
To obtain the values for these, you'll need to enable the necessary Google Cloud APIs to enable automated access to Firebase Test Lab.
- Configure Firebase Test Lab. Google has documentation for Jenkins. Although we're using GitHub Actions, the initial requirements are the same.
- Configure workload identity federation
Once configured, these allow for generation of a temporary key which is then provided to the build through the Gradle property ZCASH_FIREBASE_TEST_LAB_API_KEY_PATH
.
Note: Pull requests do not currently run darkside tests. See #361.
Snapshot deployment
MAVEN_CENTRAL_USERNAME
— Username for Maven Central, which maps to the Gradle propertymavenCentralUsername
.MAVEN_CENTRAL_PASSWORD
— Password for Maven Central, which maps to the Gradle propertymavenCentralPassword
.
GPG keys are not needed for snapshot deployment.
Note: For documentation on the Gradle properties for Maven deployment, see Gradle Maven Publish Plugin.
Note: Snapshot builds are configured with a Gradle property IS_SNAPSHOT
. The workflow automatically sets this property to true for snapshot deployments. This will suffix the version with -snapshot
and will upload to the snapshot repository.
Release deployment
MAVEN_CENTRAL_USERNAME
— Username for Maven Central, which maps to the Gradle propertymavenCentralUsername
.MAVEN_CENTRAL_PASSWORD
— Password for Maven Central, which maps to the Gradle propertymavenCentralPassword
.MAVEN_SIGNING_KEYRING_FILE_BASE64
— GPG keyring file, base64 encoded. Maps to Gradle propertysigning.secretKeyRingFile
.MAVEN_SIGNING_KEY_ID
— Name of key inside GPG keyring file. Maps to Gradle propertysigning.keyId
.MAVEN_SIGNING_PASSWORD
— Password for key inside GPG keyring file. Maps to Gradle propertysigning.password
.
Note: For documentation on the Gradle properties for Maven deployment, see Gradle Maven Publish Plugin.
Note: Snapshot builds are configured with a Gradle property IS_SNAPSHOT
. The workflow automatically sets this property to false for release deployments.
Unwedge
MAVEN_CENTRAL_USERNAME
— Username for Maven Central, which maps to the Gradle propertymavenCentralUsername
.MAVEN_CENTRAL_PASSWORD
— Password for Maven Central, which maps to the Gradle propertymavenCentralPassword
.