cegredev / josi

A Java library designed to make making decisions based on the current operating system easier.
MIT License
36 stars 4 forks source link

Add Maven Wrapper, Github Actions, Dependabot #9

Closed dbwiddis closed 3 years ago

dbwiddis commented 3 years ago

Adds Maven Wrapper from https://github.com/takari/maven-wrapper

Adds Dependabot to keep pom.xml and github action dependencies up to date

Adds configuration for Github actions

Fixes #8

cegredev commented 3 years ago

Wow, thank you so much! As I've mentioned before I really don't know a lot about GitHub Actions so I can't verify this code but I fully trust you there.

Just to confirm, all I have to do is enter my Sonatype username and password under Secrets and this is ready for merging, right?

dbwiddis commented 3 years ago

Just to confirm, all I have to do is enter my Sonatype username and password under Secrets and this is ready for merging, right?

Yep. The magical .github directory works for the actions (the workflows dir) and the dependabot config. The secrets are used in the deploy workflow along with the settings under the .mvn directory.

You may also need to "enable" Actions on the repository. It's been a while since I did that (and I actually got help from another maintainer who did it first, paying it forward, haha) but you'd go under your project settings and click on Actions and pick something from that list (I just enable all).

It wouldn't surprise me if there's some other config setting I missed, but if it doesn't all work after you merge we can troubleshoot then :)

cegredev commented 3 years ago

Alright, great! Merging now.

dbwiddis commented 3 years ago

And the troubleshooting begins. Permission denied on the deploy -- have you set up the secrets yet? If so, another possibility is executable permissions on the mvnw script. image

dbwiddis commented 3 years ago

Given the same error on the test workflow which doesn't involve the secrets, I'm pretty sure a chmod 755 mvnw will fix it.

cegredev commented 3 years ago

Hmm, yep, secrets are set up.

I'm pretty sure a chmod 755 mvnw will fix it.

This means I have to do what?😅

dbwiddis commented 3 years ago

In your local command line dev environment/terminal:

  1. make sure you're caught up to main branch (git pull upstream main)
  2. type chmod 755 mvnw
  3. commit the change (either git command line or in your IDE)
  4. push the commit to the upstream main branch (git push upstream main)
dbwiddis commented 3 years ago

I could do the same thing in a PR if you need. :)

cegredev commented 3 years ago

Okay, thanks!

I could do the same thing in a PR if you need. :)

Thanks a lot, but I'd love to try it myself first so I can do this kind of stuff myself in the future! :D I'll get back to you soon if I can't figure it out... ;)

cegredev commented 3 years ago

Uhh okay, it's probably better if you do it. Pretty sure I just misunderstood you, but the command doesn't exist for me. It's also not a Maven goal if that's what you meant.

dbwiddis commented 3 years ago

I realized later you're on Windows. You probably could do this by downloading and setting up git bash, which gives you a unix-like command line for occasional stuff like this. But for now I'll do it in a PR. :)

cegredev commented 3 years ago

Ah, that makes sense. Thanks!

cegredev commented 3 years ago

Hmm, now it looks like only the Sonatype deployment is failing. This time I at least know what we're talking about (I think) - is there maybe another secret I need to set for the key?

dbwiddis commented 3 years ago

Well, fixed that problem and CI is now working. For the snapshot deployment looks like your gpg signing isn't quite set up right. You can look at my setup which works...

dbwiddis commented 3 years ago

I've got other things I need to do so I'll look at this later if you haven't figured it out.

cegredev commented 3 years ago

Alright, no problem, thanks!

cegredev commented 3 years ago

Alright, I've tried a bunch of things, but none of them seem to work. Right now Josi's setup is pretty much identical to OSHI's, so I don't know where to go from here, but honestly I'm fine with that:

Deploying to Maven automatically isn't really that important to me; my focus was rather on tests and coverage (which I might add later on with this as a great reference), so you don't need to fix this for me. Unless you really want to, I guess. ;)

I'll get back to you on your other PRs/issues as soon as I can.

dbwiddis commented 3 years ago

No problem. Let me just make one more shout out to @hazendaz who helped set up OSHI to see if he has any ideas what we missed. Otherwise you can just delete that workflow from the .github folder.

hazendaz commented 3 years ago

Hi @dbwiddis, just saw this. Maven wrapper will be included in maven 4.0. I think maven team kind of messed up their versions. They had some reasons but effectively 3.7 is moved to 4.0 and 3.8.1 was a security patch which is far more close to 3.6.4 but had a breaking change. Its a bit confusing but they do write it up in their release notes as to why.

@cegredev For gpg, usually that would be in a release profile and not run on simple deploy to sonatype. I think that is the issue here as gpg is just always setup. You might want to juse move that into a profile for 'release' similar to this.

        <profile>
            <id>release</id>
            <build>
                <plugins>
                    <plugin>
                        <groupId>org.apache.maven.plugins</groupId>
                        <artifactId>maven-gpg-plugin</artifactId>
                        <executions>
                            <execution>
                                <id>sign-artifacts</id>
                                <phase>verify</phase>
                                <goals>
                                    <goal>sign</goal>
                                </goals>
                            </execution>
                        </executions>
                    </plugin>
                </plugins>
            </build>
        </profile>

Its possible gpg could be used here too with more secrets added. I don't think I've tried to do that specifically but if you were to try to 100% automate a release you would eventually want to get that into place as release requires it.

cegredev commented 3 years ago

Thanks a lot! I'll definitely look into this further once I've made more progress on the core library itself!