diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index bbfa62b..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,158 +0,0 @@ -version: 2.1 - -executors: - maven-executor: - docker: - - image: circleci/openjdk:11-jdk -commands: - configure-gpg: - steps: - - run: - name: Configure GPG private key for signing project artifacts in OSS Sonatype - command: | - echo $SECRING_GPG_ASC_BASE64 | base64 --decode | gpg --batch --no-tty --import --yes - restore-maven-cache: - steps: - - restore_cache: - keys: - - maven-m2-v1-{{ .Branch }}-{{ checksum "pom.xml" }} - - maven-m2-v1-{{ .Branch }} - - maven-m2-v1 - - run: - name: Retrieve all Maven plugins and dependencies - command: | - mvn -s .circleci/maven-release-settings.xml -Prelease -Preporting -Pallow-snapshots --fail-never dependency:go-offline || true - save-maven-cache: - steps: - - save_cache: - paths: - - ~/.m2 - key: maven-m2-v1-{{ .Branch }}-{{ checksum "pom.xml" }} -jobs: - build-and-test: - executor: maven-executor - steps: - - checkout - - restore-maven-cache - - configure-gpg - - run: - name: Build and test Java code - command: mvn -Prelease -Pallow-snapshots verify - - save-maven-cache - - persist_to_workspace: - root: . - paths: - - . - - store_artifacts: - path: target - destination: artifacts/parent - - store_artifacts: - path: swid-builder/target - destination: artifacts/swid-builder - - store_artifacts: - path: swid-maven-plugin/target - destination: artifacts/swid-maven-plugin - - store_artifacts: - path: swid-repo-client/target - destination: artifacts/swid-repo-client - - store_artifacts: - path: swidval/target - destination: artifacts/swidval - - store_artifacts: - path: swidval-webapp/target - destination: artifacts/swidval-webapp - deploy-release: - executor: maven-executor - steps: - - attach_workspace: - at: . - - restore-maven-cache - - configure-gpg - - run: - name: Deploy new RELEASE to Maven Central - command: | - mvn -s .circleci/maven-release-settings.xml -Prelease clean verify nexus-staging:deploy -DskipRemoteStaging=true - mvn -s .circleci/maven-release-settings.xml -Prelease nexus-staging:deploy-staged -DstagingDescription="Preparing release" - # mvn -s .circleci/maven-release-settings.xml -Prelease deploy - - save-maven-cache - deploy-snapshot: - executor: maven-executor - steps: - - attach_workspace: - at: . - - restore-maven-cache - - configure-gpg - - run: - name: Deploy new SNAPSHOT to Maven Central - command: | - release_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) - if [[ $release_version == *-SNAPSHOT ]]; then - mvn -s .circleci/maven-release-settings.xml -Prelease deploy - fi - - save-maven-cache - deploy-site: - executor: maven-executor - steps: - - attach_workspace: - at: . - - restore-maven-cache - - run: - name: Build Site with Maven - command: | - mvn -Preporting -Prelease package site site:stage - - save-maven-cache - - add_ssh_keys: - fingerprints: - - "b5:78:2c:c6:2c:2f:b4:6d:87:69:50:03:42:ce:24:44" - - run: - name: Create known hosts - command: | - ssh-keyscan github.com >> ~/.ssh/known_hosts - - run: - name: Run deploy script - command: | - touch target/staging/.nojekyll - mkdir target/staging/.circleci - cp .circleci/config.yml target/staging/.circleci - bash .circleci/deploy.sh --push-only -v -m "Deploying website [ci deploy skip]" -workflows: - releases: - jobs: - - build-and-test: - filters: - branches: - ignore: /.*/ - # only act on version tags - tags: - only: /v[0-9]+(\.[0-9]+)*.*/ - - deploy-release: - requires: - - build-and-test - filters: - branches: - ignore: /.*/ - # only act on version tags - tags: - only: /v[0-9]+(\.[0-9]+)*.*/ - - deploy-site: - requires: - - deploy-release - filters: - branches: - ignore: /.*/ - # only act on version tags - tags: - only: /v[0-9]+(\.[0-9]+)*.*/ - snapshots: - jobs: - - build-and-test: - filters: - branches: - ignore: nist-pages - - deploy-snapshot: - requires: - - build-and-test - filters: - branches: - only: master - \ No newline at end of file diff --git a/.circleci/deploy.sh b/.circleci/deploy.sh deleted file mode 100644 index 3483dac..0000000 --- a/.circleci/deploy.sh +++ /dev/null @@ -1,228 +0,0 @@ -#!/usr/bin/env bash -set -o errexit #abort if any command fails -me=$(basename "$0") - -help_message="\ -Usage: $me [-c FILE] [] -Deploy generated files to a git branch. - -Options: - - -h, --help Show this help information. - -v, --verbose Increase verbosity. Useful for debugging. - -e, --allow-empty Allow deployment of an empty directory. - -m, --message MESSAGE Specify the message used when committing on the - deploy branch. - -n, --no-hash Don't append the source commit's hash to the deploy - commit's message. - --source-only Only build but not push - --push-only Only push but not build - -b, --deploy-branch BRANCH Delpoy to specified branch -" - - -run_build() { - echo "Running Maven" - mvn -Preporting -Prelease package site site:stage -} - -parse_args() { - # Set args from a local environment file. - if [ -e ".env" ]; then - source .env - fi - - # Parse arg flags - # If something is exposed as an environment variable, set/overwrite it - # here. Otherwise, set/overwrite the internal variable instead. - while : ; do - if [[ $1 = "-h" || $1 = "--help" ]]; then - echo "$help_message" - return 0 - elif [[ $1 = "-v" || $1 = "--verbose" ]]; then - verbose=true - shift - elif [[ $1 = "-e" || $1 = "--allow-empty" ]]; then - allow_empty=true - shift - elif [[ ( $1 = "-m" || $1 = "--message" ) && -n $2 ]]; then - commit_message=$2 - shift 2 - elif [[ $1 = "-n" || $1 = "--no-hash" ]]; then - GIT_DEPLOY_APPEND_HASH=false - shift - elif [[ ( $1 = "-b" || $1 = "--deploy-branch" ) && -n $2 ]]; then - deploy-branch=$2 - shift 2 - else - break - fi - done - - # Set internal option vars from the environment and arg flags. All internal - # vars should be declared here, with sane defaults if applicable. - - # Source directory & target branch. - deploy_directory=target/staging - - if [[ -z $deploy_branch ]]; then - deploy_branch=nist-pages - fi - - #if no user identity is already set in the current git environment, use this: - default_username=${GIT_DEPLOY_USERNAME:-deploy.sh} - default_email=${GIT_DEPLOY_EMAIL:-} - - #repository to deploy to. must be readable and writable. - repo=origin - - #append commit hash to the end of message by default - append_hash=${GIT_DEPLOY_APPEND_HASH:-true} -} - -main() { - parse_args "$@" - - enable_expanded_output - - if ! git diff --exit-code --quiet --cached; then - echo Aborting due to uncommitted changes in the index >&2 - return 1 - fi - - commit_title=`git log -n 1 --format="%s" HEAD` - commit_hash=` git log -n 1 --format="%H" HEAD` - - #default commit message uses last title if a custom one is not supplied - if [[ -z $commit_message ]]; then - commit_message="publish: $commit_title" - fi - - #append hash to commit message unless no hash flag was found - if [ $append_hash = true ]; then - commit_message="$commit_message"$'\n\n'"generated from commit $commit_hash" - fi - - previous_branch=`git rev-parse --abbrev-ref HEAD` - - if [ ! -d "$deploy_directory" ]; then - echo "Deploy directory '$deploy_directory' does not exist. Aborting." >&2 - return 1 - fi - - # must use short form of flag in ls for compatibility with OS X and BSD - if [[ -z `ls -A "$deploy_directory" 2> /dev/null` && -z $allow_empty ]]; then - echo "Deploy directory '$deploy_directory' is empty. Aborting. If you're sure you want to deploy an empty tree, use the --allow-empty / -e flag." >&2 - return 1 - fi - - if git ls-remote --exit-code $repo "refs/heads/$deploy_branch" ; then - # deploy_branch exists in $repo; make sure we have the latest version - - disable_expanded_output - git fetch --force $repo $deploy_branch:$deploy_branch - enable_expanded_output - fi - - # check if deploy_branch exists locally - if git show-ref --verify --quiet "refs/heads/$deploy_branch" - then incremental_deploy - else initial_deploy - fi - - restore_head -} - -initial_deploy() { - echo "Deploying initial artifacts to '$deploy_branch'" - git --work-tree "$deploy_directory" checkout --orphan $deploy_branch - git --work-tree "$deploy_directory" add --all - commit+push -} - -incremental_deploy() { - echo "Deploying incremental artifacts to '$deploy_branch'" - #make deploy_branch the current branch - git symbolic-ref HEAD refs/heads/$deploy_branch - #put the previously committed contents of deploy_branch into the index - git --work-tree "$deploy_directory" reset --mixed --quiet - echo " Adding all changes in '$deploy_directory'" - git --work-tree "$deploy_directory" add --all - - set +o errexit - diff=$(git --work-tree "$deploy_directory" diff --exit-code --quiet HEAD --)$? - set -o errexit - case $diff in - 0) echo No changes to files in $deploy_directory. Skipping commit.;; - 1) commit+push;; - *) - echo git diff exited with code $diff. Aborting. Staying on branch $deploy_branch so you can debug. To switch back to master, use: git symbolic-ref HEAD refs/heads/master && git reset --mixed >&2 - return $diff - ;; - esac -} - -commit+push() { - set_user_id - echo "Committing '$deploy_directory'" - git --work-tree "$deploy_directory" commit -m "$commit_message" - - disable_expanded_output - #--quiet is important here to avoid outputting the repo URL, which may contain a secret token - echo "Pushing changes to '$deploy_branch'" - git push --quiet $repo $deploy_branch - enable_expanded_output -} - -#echo expanded commands as they are executed (for debugging) -enable_expanded_output() { - if [ $verbose ]; then - set -o xtrace - set +o verbose - fi -} - -#this is used to avoid outputting the repo URL, which may contain a secret token -disable_expanded_output() { - if [ $verbose ]; then - set +o xtrace - set -o verbose - fi -} - -set_user_id() { - if [[ -z `git config user.name` ]]; then - git config user.name "$default_username" - fi - if [[ -z `git config user.email` ]]; then - git config user.email "$default_email" - fi -} - -restore_head() { - if [[ $previous_branch = "HEAD" ]]; then - #we weren't on any branch before, so just set HEAD back to the commit it was on - git update-ref --no-deref HEAD $commit_hash $deploy_branch - else - git symbolic-ref HEAD refs/heads/$previous_branch - fi - - git reset --mixed -} - -filter() { - sed -e "s|$repo|\$repo|g" -} - -sanitize() { - "$@" 2> >(filter 1>&2) | filter -} - -if [[ $1 = --source-only ]]; then - run_build -elif [[ $1 = --push-only ]]; then - main "$@" -else - run_build - main "$@" -fi diff --git a/.circleci/maven-release-settings.xml b/.circleci/maven-release-settings.xml deleted file mode 100644 index cac8731..0000000 --- a/.circleci/maven-release-settings.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - ossrh - ${env.SONATYPE_USERNAME} - ${env.SONATYPE_PASSWORD} - - - - - gpg - - gpg - ${env.GPG_PASSPHRASE} - - - - - gpg - - diff --git a/README.md b/README.md index c73bb08..d39fada 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # Software Identification (SWID) Tagging Tools and Utilities -[![CircleCI](https://circleci.com/gh/usnistgov/swid-tools/tree/main.svg?style=svg)](https://circleci.com/gh/usnistgov/swid-tools/tree/main) [![Gitter](https://img.shields.io/gitter/room/swid-tools/community.svg?style=flat-square)](https://gitter.im/swid-tools/community) +[![Build Jobs](https://github.com/usnistgov/swid-tools/actions/workflows/build.yml/badge.svg)](https://github.com/usnistgov/swid-tools/actions/workflows/build.yml) [![Gitter](https://img.shields.io/gitter/room/swid-tools/community.svg?style=flat-square)](https://gitter.im/swid-tools/community) This project provides a set of Java-based tools for the generation and validation of Software Identification (SWID) tags produced by the NIST [SWID Tagging Project](https://csrc.nist.gov/projects/Software-Identification-SWID). These tools support XML-based SWID tags based on the format defined by ISO/IEC 19770-2:2015, and [Concise Binary Object Representation](https://cbor.io/) (CBOR) based concise SWID (CoSWID) tags based on the [IETF CoSWID](https://datatracker.ietf.org/doc/draft-ietf-sacm-coswid/) specification.