chore: Implementing GitHub Actions release workflow

.github/resources/settings.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
+
+  <interactiveMode>false</interactiveMode>
+
+  <servers>
+    <server>
+      <id>ossrh</id>
+      <username>${env.NEXUS_OSSRH_USERNAME}</username>
+      <password>${env.NEXUS_OSSRH_PASSWORD}</password>
+    </server>
+  </servers>
+
+  <profiles>
+    <profile>
+      <id>release</id>
+      <activation>
+        <activeByDefault>true</activeByDefault>
+      </activation>
+      <properties>
+        <gpg.executable>gpg</gpg.executable>
+        <gpg.keyname>B652FFD3865AF7A75830876F5F55C8F6985BB9DD</gpg.keyname>
+        <gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
+      </properties>
+    </profile>
+  </profiles>
+</settings>

.github/scripts/generate_changelog.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+set -u
+
+function printChangelog() {
+  local TITLE=$1
+  shift
+  # Skip the sentinel value.
+  local ENTRIES=("${@:2}")
+  if [ ${#ENTRIES[@]} -ne 0 ]; then
+    echo "### ${TITLE}"
+    echo ""
+    for ((i = 0; i < ${#ENTRIES[@]}; i++))
+    do
+        echo "* ${ENTRIES[$i]}"
+    done
+    echo ""
+  fi
+}
+
+if [[ -z "${GITHUB_SHA}" ]]; then
+  GITHUB_SHA="HEAD"
+fi
+
+LAST_TAG=`git describe --tags $(git rev-list --tags --max-count=1) 2> /dev/null` || true
+if [[ -z "${LAST_TAG}" ]]; then
+  echo "[INFO] No tags found. Including all commits up to ${GITHUB_SHA}."
+  VERSION_RANGE="${GITHUB_SHA}"
+else
+  echo "[INFO] Last release tag: ${LAST_TAG}."
+  COMMIT_SHA=`git show-ref -s ${LAST_TAG}`
+  echo "[INFO] Last release commit: ${COMMIT_SHA}."
+  VERSION_RANGE="${COMMIT_SHA}..${GITHUB_SHA}"
+  echo "[INFO] Including all commits in the range ${VERSION_RANGE}."
+fi
+
+echo ""
+
+# Older versions of Bash (< 4.4) treat empty arrays as unbound variables, which triggers
+# errors when referencing them. Therefore we initialize each of these arrays with an empty
+# sentinel value, and later skip them.
+CHANGES=("")
+FIXES=("")
+FEATS=("")
+MISC=("")
+
+while read -r line
+do
+  COMMIT_MSG=`echo ${line} | cut -d ' ' -f 2-`
+  if [[ $COMMIT_MSG =~ ^change(\(.*\))?: ]]; then
+    CHANGES+=("$COMMIT_MSG")
+  elif [[ $COMMIT_MSG =~ ^fix(\(.*\))?: ]]; then
+    FIXES+=("$COMMIT_MSG")
+  elif [[ $COMMIT_MSG =~ ^feat(\(.*\))?: ]]; then
+    FEATS+=("$COMMIT_MSG")
+  else
+    MISC+=("${COMMIT_MSG}")
+  fi
+done < <(git log ${VERSION_RANGE} --oneline)
+
+printChangelog "Breaking Changes" "${CHANGES[@]}"
+printChangelog "New Features" "${FEATS[@]}"
+printChangelog "Bug Fixes" "${FIXES[@]}"
+printChangelog "Miscellaneous" "${MISC[@]}"

.github/scripts/package_artifacts.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+set -u
+
+gpg --quiet --batch --yes --decrypt --passphrase="${FIREBASE_SERVICE_ACCT_KEY}" \
+  --output integration_cert.json .github/resources/integ-service-account.json.gpg
+
+echo "${FIREBASE_API_KEY}" > integration_apikey.txt
+
+# Does the following:
+#  1. Runs the Checkstyle plugin (validate phase)
+#  2. Compiles the source (compile phase)
+#  3. Runs the unit tests (test phase)
+#  4. Packages the artifacts - src, bin, javadocs (package phase)
+#  5. Runs the integration tests (verify phase)
+mvn -B clean verify
+
+# Maven target directory can consist of many files. Just copy the jar artifacts
+# into a new directory for upload.
+mkdir -p dist
+cp target/*.jar dist/

.github/scripts/publish_artifacts.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+set -u
+
+gpg --quiet --batch --yes --decrypt --passphrase="${GPG_PRIVATE_KEY}" \
+  --output firebase.asc .github/resources/firebase.asc.gpg
+
+gpg --import firebase.asc
+
+# Does the following:
+#  1. Compiles the source (compile phase)
+#  2. Packages the artifacts - src, bin, javadocs (package phase)
+#  3. Signs the artifacts (verify phase)
+#  4. Publishes artifacts via Nexus (deploy phase)
+mvn -B clean deploy \
+  -Dcheckstyle.skip \
+  -DskipTests \
+  -Prelease \
+  --settings .github/resources/settings.xml
+

.github/scripts/publish_preflight_check.sh

@@ -0,0 +1,146 @@
+#!/bin/bash
+
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+###################################### Outputs #####################################
+
+# 1. version: The version of this release including the 'v' prefix (e.g. v1.2.3).
+# 2. changelog: Formatted changelog text for this release.
+
+####################################################################################
+
+set -e
+set -u
+
+function echo_info() {
+    local MESSAGE=$1
+    echo "[INFO] ${MESSAGE}"
+}
+
+function echo_warn() {
+    local MESSAGE=$1
+    echo "[WARN] ${MESSAGE}"
+}
+
+function terminate() {
+    echo ""
+    echo_warn "--------------------------------------------"
+    echo_warn "PREFLIGHT FAILED"
+    echo_warn "--------------------------------------------"
+    exit 1
+}
+
+
+echo_info "Starting publish preflight check..."
+echo_info "Git revision          : ${GITHUB_SHA}"
+echo_info "Workflow triggered by : ${GITHUB_ACTOR}"
+echo_info "GitHub event          : ${GITHUB_EVENT_NAME}"
+
+
+echo_info ""
+echo_info "--------------------------------------------"
+echo_info "Extracting release version"
+echo_info "--------------------------------------------"
+echo_info ""
+
+echo_info "Loading version from: pom.xml"
+readonly RELEASE_VERSION=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout` || true
+if [[ -z "${RELEASE_VERSION}" ]]; then
+  echo_warn "Failed to extract release version from: pom.xml"
+  terminate
+fi
+
+if [[ ! "${RELEASE_VERSION}" =~ ^([0-9]*)\.([0-9]*)\.([0-9]*)$ ]]; then
+  echo_warn "Malformed release version string: ${RELEASE_VERSION}. Exiting."
+  terminate
+fi
+
+echo_info "Extracted release version: ${RELEASE_VERSION}"
+echo "::set-output name=version::v${RELEASE_VERSION}"
+
+
+echo_info ""
+echo_info "--------------------------------------------"
+echo_info "Checking previous releases"
+echo_info "--------------------------------------------"
+echo_info ""
+
+readonly MAVEN_CENTRAL_URL="https://repo1.maven.org/maven2/com/google/firebase/firebase-admin/${RELEASE_VERSION}"
+readonly MAVEN_STATUS=`curl -s -o /dev/null -L -w "%{http_code}" ${MAVEN_CENTRAL_URL}`
+if [[ $MAVEN_STATUS -eq 404 ]]; then
+  echo_info "Release version ${RELEASE_VERSION} not found in Maven Central."
+elif [[ $MAVEN_STATUS -eq 200 ]]; then
+  echo_warn "Release version ${RELEASE_VERSION} already present in Maven Central."
+  terminate
+else
+  echo_warn "Unexpected ${MAVEN_STATUS} response from Maven Central. Exiting."
+  terminate
+fi
+
+
+echo_info ""
+echo_info "--------------------------------------------"
+echo_info "Checking release tag"
+echo_info "--------------------------------------------"
+echo_info ""
+
+echo_info "---< git fetch --depth=1 origin +refs/tags/*:refs/tags/* >---"
+git fetch --depth=1 origin +refs/tags/*:refs/tags/*
+echo ""
+
+readonly EXISTING_TAG=`git rev-parse -q --verify "refs/tags/v${RELEASE_VERSION}"` || true
+if [[ -n "${EXISTING_TAG}" ]]; then
+  echo_warn "Tag v${RELEASE_VERSION} already exists. Exiting."
+  echo_warn "If the tag was created in a previous unsuccessful attempt, delete it and try again."
+  echo_warn "  $ git tag -d v${RELEASE_VERSION}"
+  echo_warn "  $ git push --delete origin v${RELEASE_VERSION}"
+
+  readonly RELEASE_URL="https://github.com/firebase/firebase-admin-java/releases/tag/v${RELEASE_VERSION}"
+  echo_warn "Delete any corresponding releases at ${RELEASE_URL}."
+  terminate
+fi
+
+echo_info "Tag v${RELEASE_VERSION} does not exist."
+
+
+echo_info ""
+echo_info "--------------------------------------------"
+echo_info "Generating changelog"
+echo_info "--------------------------------------------"
+echo_info ""
+
+echo_info "---< git fetch origin master --prune --unshallow >---"
+git fetch origin master --prune --unshallow
+echo ""
+
+echo_info "Generating changelog from history..."
+readonly CURRENT_DIR=$(dirname "$0")
+readonly CHANGELOG=`${CURRENT_DIR}/generate_changelog.sh`
+echo "$CHANGELOG"
+
+# Parse and preformat the text to handle multi-line output.
+# See https://gh.loli.gardenmunity/t5/GitHub-Actions/set-output-Truncates-Multiline-Strings/td-p/37870
+FILTERED_CHANGELOG=`echo "$CHANGELOG" | grep -v "\\[INFO\\]"`
+FILTERED_CHANGELOG="${FILTERED_CHANGELOG//'%'/'%25'}"
+FILTERED_CHANGELOG="${FILTERED_CHANGELOG//$'\n'/'%0A'}"
+FILTERED_CHANGELOG="${FILTERED_CHANGELOG//$'\r'/'%0D'}"
+echo "::set-output name=changelog::${FILTERED_CHANGELOG}"
+
+
+echo ""
+echo_info "--------------------------------------------"
+echo_info "PREFLIGHT SUCCESSFUL"
+echo_info "--------------------------------------------"

.github/workflows/ci.yml

@@ -1,15 +1,35 @@
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 name: Continuous Integration
 
-on: [push, pull_request]
+on: push
 
 jobs:
   build:
     runs-on: ubuntu-latest
+
     steps:
     - uses: actions/checkout@v1
+
     - name: Set up JDK 1.7
       uses: actions/setup-java@v1
       with:
         java-version: 1.7
+
+    # Does the following:
+    #  1. Runs the Checkstyle plugin (validate phase)
+    #  2. Compiles the source (compile phase)
+    #  3. Runs the unit tests (test phase)
     - name: Build with Maven
-      run: mvn -B package --file pom.xml
+      run: mvn -B clean test