From 25b6213197b0923d5db1784fa0ea119afd2e34db Mon Sep 17 00:00:00 2001 From: Bria Morgan Date: Tue, 8 Jul 2025 11:01:51 -0400 Subject: [PATCH 01/10] update jfrog to gar --- library/build.gradle | 1 + library/publishing.gradle | 58 +++++++++++++++++++++++---------------- 2 files changed, 35 insertions(+), 24 deletions(-) diff --git a/library/build.gradle b/library/build.gradle index 7277977c..9a4adfad 100644 --- a/library/build.gradle +++ b/library/build.gradle @@ -5,6 +5,7 @@ plugins { id 'bio.terra.pfb.java-library-conventions' id 'com.github.davidmc24.gradle.plugin.avro' version '1.9.1' id 'me.champeau.jmh' version '0.7.3' + id 'com.google.cloud.artifactregistry.gradle-plugin' version '2.2.5' } repositories { diff --git a/library/publishing.gradle b/library/publishing.gradle index dc106601..ffc52ced 100644 --- a/library/publishing.gradle +++ b/library/publishing.gradle @@ -1,18 +1,23 @@ -def artifactory_repo_key = System.getenv('ARTIFACTORY_REPO_KEY') != null ? System.getenv('ARTIFACTORY_REPO_KEY') : 'libs-release-local' -def artifactory_username = System.getenv('ARTIFACTORY_USERNAME') -def artifactory_password = System.getenv('ARTIFACTORY_PASSWORD') +//def artifactory_repo_key = System.getenv('ARTIFACTORY_REPO_KEY') != null ? System.getenv('ARTIFACTORY_REPO_KEY') : 'libs-release-local' +//def artifactory_username = System.getenv('ARTIFACTORY_USERNAME') +//def artifactory_password = System.getenv('ARTIFACTORY_PASSWORD') + +def garProjectId = System.getenv("GOOGLE_CLOUD_PROJECT") +def garLocation = System.getenv("GAR_LOCATION") +def garRepoId = System.getenv("GAR_REPOSITORY_ID") + java { // Builds sources into the published package as part of the 'assemble' task. withSourcesJar() } -gradle.taskGraph.whenReady { taskGraph -> - if (taskGraph.hasTask(artifactoryPublish) && - (artifactory_username == null || artifactory_password == null)) { - throw new GradleException('Set env vars ARTIFACTORY_USERNAME and ARTIFACTORY_PASSWORD to publish') - } -} +//gradle.taskGraph.whenReady { taskGraph -> +// if (taskGraph.hasTask(artifactoryPublish) && +// (artifactory_username == null || artifactory_password == null)) { +// throw new GradleException('Set env vars ARTIFACTORY_USERNAME and ARTIFACTORY_PASSWORD to publish') +// } +//} // Publish jar file to a Maven module/artifact using the maven-publish plugin. publishing { @@ -24,21 +29,26 @@ publishing { from components.java } } + repositories { + maven { + url = uri("artifactregistry://${garLocation}-maven.pkg.dev/${garProjectId}/${garRepoId}") + } + } } // Upload Maven artifacts to Artifactory using the Artifactory plugin. -artifactory { - publish { - contextUrl = 'https://broadinstitute.jfrog.io/broadinstitute/' - repository { - repoKey = "${artifactory_repo_key}" - username = "${artifactory_username}" - password = "${artifactory_password}" - } - defaults { - publications('javaPfbLibrary') - publishArtifacts = true - publishPom = true - } - } -} \ No newline at end of file +//artifactory { +// publish { +// contextUrl = 'https://broadinstitute.jfrog.io/broadinstitute/' +// repository { +// repoKey = "${artifactory_repo_key}" +// username = "${artifactory_username}" +// password = "${artifactory_password}" +// } +// defaults { +// publications('javaPfbLibrary') +// publishArtifacts = true +// publishPom = true +// } +// } +//} \ No newline at end of file From eb0354e131c7177f23373f16239ea0a857b75dca Mon Sep 17 00:00:00 2001 From: Bria Morgan Date: Tue, 8 Jul 2025 11:18:01 -0400 Subject: [PATCH 02/10] publish.yml jfrog-to-gar --- .github/workflows/publish.yml | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3ea66383..c7ed9986 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -41,9 +41,22 @@ jobs: java-version: '17' distribution: 'temurin' cache: 'gradle' - - name: Publish Library Artifactory - run: ./gradlew --build-cache artifactoryPublish + - name: Authenticate to GCP + uses: google-github-actions/auth@v2 + with: + token_format: access_token + workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' + service_account: 'dsp-artifact-registry-push@dsp-artifact-registry.iam.gserviceaccount.com' + - name: Publish client to GAR + run: ./gradlew publish env: - ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }} - ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} - ARTIFACTORY_REPO_KEY: "libs-release-local" \ No newline at end of file + GOOGLE_CLOUD_PROJECT: dsp-artifact-registry + GAR_LOCATION: us-central1 + GAR_REPOSITORY_ID: libs-release-standard + + # - name: Publish Library Artifactory + # run: ./gradlew --build-cache artifactoryPublish + # env: + # ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }} + # ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} + # ARTIFACTORY_REPO_KEY: "libs-release-local" From f6765ddef3a5ca8362d8931e7357a9f074fe7c9d Mon Sep 17 00:00:00 2001 From: Bria Morgan Date: Tue, 8 Jul 2025 11:33:58 -0400 Subject: [PATCH 03/10] downgrade gar version --- library/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/build.gradle b/library/build.gradle index 9a4adfad..0d6f5985 100644 --- a/library/build.gradle +++ b/library/build.gradle @@ -5,7 +5,7 @@ plugins { id 'bio.terra.pfb.java-library-conventions' id 'com.github.davidmc24.gradle.plugin.avro' version '1.9.1' id 'me.champeau.jmh' version '0.7.3' - id 'com.google.cloud.artifactregistry.gradle-plugin' version '2.2.5' + id 'com.google.cloud.artifactregistry.gradle-plugin' version '2.1.5' } repositories { From b5e885d851cbe949daaa410f4a3a016a82418269 Mon Sep 17 00:00:00 2001 From: Bria Morgan Date: Tue, 8 Jul 2025 11:47:54 -0400 Subject: [PATCH 04/10] temporarily always publish for testing --- .github/workflows/build-test-and-publish.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-test-and-publish.yml b/.github/workflows/build-test-and-publish.yml index 3764e37c..78de3e29 100644 --- a/.github/workflows/build-test-and-publish.yml +++ b/.github/workflows/build-test-and-publish.yml @@ -86,7 +86,8 @@ jobs: publish-library: needs: [ tag ] uses: ./.github/workflows/publish.yml - if: success() && ((github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch') || (github.event_name == 'workflow_dispatch' && inputs.publish)) + # if: success() && ((github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch') || (github.event_name == 'workflow_dispatch' && inputs.publish)) + if: success() secrets: inherit with: tag: ${{ needs.tag.outputs.tag }} From 2d6a8a79481e29c37680ad89263ee241b603460c Mon Sep 17 00:00:00 2001 From: Bria Morgan Date: Tue, 8 Jul 2025 11:53:14 -0400 Subject: [PATCH 05/10] Update build-test-and-publish.yml --- .github/workflows/build-test-and-publish.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-test-and-publish.yml b/.github/workflows/build-test-and-publish.yml index 78de3e29..06bd3dba 100644 --- a/.github/workflows/build-test-and-publish.yml +++ b/.github/workflows/build-test-and-publish.yml @@ -80,7 +80,8 @@ jobs: tag: needs: [ build, unit-tests-and-sonarqube, source-clear ] uses: ./.github/workflows/tag.yml - if: success() && ((github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch') || (github.event_name == 'workflow_dispatch' && inputs.publish)) + # if: success() && ((github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch') || (github.event_name == 'workflow_dispatch' && inputs.publish)) + if: success() secrets: inherit publish-library: From bbf4d2addcacd3e863b3466676bf50b880c073f9 Mon Sep 17 00:00:00 2001 From: Bria Morgan Date: Tue, 8 Jul 2025 12:04:47 -0400 Subject: [PATCH 06/10] temporarily update tag for testing --- .github/workflows/publish.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c7ed9986..52e844db 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -33,7 +33,8 @@ jobs: - name: Checkout Repo uses: actions/checkout@v4 with: - ref: ${{ inputs.tag }} + # ref: ${{ inputs.tag }} + ref: core-593-jfrog-to-gar token: ${{ secrets.BROADBOT_TOKEN }} - name: Set up JDK uses: actions/setup-java@v4 From ab6095efe2cc74f62b6eba8f8a1e0a8e8245cc61 Mon Sep 17 00:00:00 2001 From: Bria Morgan Date: Tue, 8 Jul 2025 14:24:38 -0400 Subject: [PATCH 07/10] revert to real ifs --- .github/workflows/build-test-and-publish.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-test-and-publish.yml b/.github/workflows/build-test-and-publish.yml index 06bd3dba..3764e37c 100644 --- a/.github/workflows/build-test-and-publish.yml +++ b/.github/workflows/build-test-and-publish.yml @@ -80,15 +80,13 @@ jobs: tag: needs: [ build, unit-tests-and-sonarqube, source-clear ] uses: ./.github/workflows/tag.yml - # if: success() && ((github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch') || (github.event_name == 'workflow_dispatch' && inputs.publish)) - if: success() + if: success() && ((github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch') || (github.event_name == 'workflow_dispatch' && inputs.publish)) secrets: inherit publish-library: needs: [ tag ] uses: ./.github/workflows/publish.yml - # if: success() && ((github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch') || (github.event_name == 'workflow_dispatch' && inputs.publish)) - if: success() + if: success() && ((github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch') || (github.event_name == 'workflow_dispatch' && inputs.publish)) secrets: inherit with: tag: ${{ needs.tag.outputs.tag }} From 98b503fd2a39a043568d37dfff6a1c4b533c4433 Mon Sep 17 00:00:00 2001 From: Bria Morgan Date: Tue, 8 Jul 2025 14:25:20 -0400 Subject: [PATCH 08/10] revert and rename --- .github/workflows/publish.yml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 52e844db..1fa0a7e1 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,4 +1,4 @@ -name: Publish Library to Artifactory +name: Publish Library to GAR on: workflow_dispatch: inputs: @@ -33,8 +33,7 @@ jobs: - name: Checkout Repo uses: actions/checkout@v4 with: - # ref: ${{ inputs.tag }} - ref: core-593-jfrog-to-gar + ref: ${{ inputs.tag }} token: ${{ secrets.BROADBOT_TOKEN }} - name: Set up JDK uses: actions/setup-java@v4 @@ -54,10 +53,3 @@ jobs: GOOGLE_CLOUD_PROJECT: dsp-artifact-registry GAR_LOCATION: us-central1 GAR_REPOSITORY_ID: libs-release-standard - - # - name: Publish Library Artifactory - # run: ./gradlew --build-cache artifactoryPublish - # env: - # ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }} - # ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} - # ARTIFACTORY_REPO_KEY: "libs-release-local" From 5aef8d8aee97c2d2727ae27207c3c6bf3514bc3d Mon Sep 17 00:00:00 2001 From: Bria Morgan Date: Tue, 8 Jul 2025 14:26:57 -0400 Subject: [PATCH 09/10] Remove commented out code --- library/publishing.gradle | 28 ---------------------------- 1 file changed, 28 deletions(-) diff --git a/library/publishing.gradle b/library/publishing.gradle index ffc52ced..507a3123 100644 --- a/library/publishing.gradle +++ b/library/publishing.gradle @@ -1,7 +1,3 @@ -//def artifactory_repo_key = System.getenv('ARTIFACTORY_REPO_KEY') != null ? System.getenv('ARTIFACTORY_REPO_KEY') : 'libs-release-local' -//def artifactory_username = System.getenv('ARTIFACTORY_USERNAME') -//def artifactory_password = System.getenv('ARTIFACTORY_PASSWORD') - def garProjectId = System.getenv("GOOGLE_CLOUD_PROJECT") def garLocation = System.getenv("GAR_LOCATION") def garRepoId = System.getenv("GAR_REPOSITORY_ID") @@ -12,13 +8,6 @@ java { withSourcesJar() } -//gradle.taskGraph.whenReady { taskGraph -> -// if (taskGraph.hasTask(artifactoryPublish) && -// (artifactory_username == null || artifactory_password == null)) { -// throw new GradleException('Set env vars ARTIFACTORY_USERNAME and ARTIFACTORY_PASSWORD to publish') -// } -//} - // Publish jar file to a Maven module/artifact using the maven-publish plugin. publishing { publications { @@ -35,20 +24,3 @@ publishing { } } } - -// Upload Maven artifacts to Artifactory using the Artifactory plugin. -//artifactory { -// publish { -// contextUrl = 'https://broadinstitute.jfrog.io/broadinstitute/' -// repository { -// repoKey = "${artifactory_repo_key}" -// username = "${artifactory_username}" -// password = "${artifactory_password}" -// } -// defaults { -// publications('javaPfbLibrary') -// publishArtifacts = true -// publishPom = true -// } -// } -//} \ No newline at end of file From c5be024da19c3893e50a238b2cd9a4ded847ca2c Mon Sep 17 00:00:00 2001 From: Bria Morgan Date: Thu, 10 Jul 2025 08:47:46 -0400 Subject: [PATCH 10/10] update README --- library/README.md | 13 ++++++++----- library/build.gradle | 1 - 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/library/README.md b/library/README.md index 4dcf7da1..ae7a0e91 100644 --- a/library/README.md +++ b/library/README.md @@ -8,18 +8,21 @@ implementation "bio.terra:java-pfb-library:" You can find the latest tagged version on [Github](https://github.com/DataBiosphere/java-pfb/tags). ## Publishing the Library -JFrog Artifactory is used to publish libraries to a central Maven repository. The library version number is the version in settings.gradle. We use github actions to bump the version and publish to Artifactory. +Google Artifact Registry (GAR) is used to publish libraries to a central Maven repository. The library version number is the version in settings.gradle. We use github actions to bump the version and publish to GAR. **The Publishing Procedure** 1) After PR is merged to main branch: 1) A Github Action bumps the minor version in settings.gradle and tags the release in github - 2) Github Action publishes to libs-release-local in Artifactory + 2) Github Action publishes to libs-release-standard in GAR 2) To bump major version, we need manually update version in settings.gradle value first then create the release. **Running Publish Locally** +You'll need to have permission under your @broadinstitute account to publish to the registry. If you don't, contact DevOps. ```shell -export ARTIFACTORY_USERNAME=$(vault read -field=username secret/dsp/accts/artifactory/dsdejenkins) -export ARTIFACTORY_PASSWORD=$(vault read -field=password secret/dsp/accts/artifactory/dsdejenkins) -./gradlew artifactoryPublish +export GOOGLE_CLOUD_PROJECT=dsp-artifact-registry +export GAR_LOCATION=us-central1 +export GAR_REPOSITORY_ID=libs-release-standard +gcloud auth login @broadinstitute.org +./gradlew publish ``` \ No newline at end of file diff --git a/library/build.gradle b/library/build.gradle index 0d6f5985..ad0665d9 100644 --- a/library/build.gradle +++ b/library/build.gradle @@ -1,7 +1,6 @@ plugins { id 'com.srcclr.gradle' id 'maven-publish' - id 'com.jfrog.artifactory' id 'bio.terra.pfb.java-library-conventions' id 'com.github.davidmc24.gradle.plugin.avro' version '1.9.1' id 'me.champeau.jmh' version '0.7.3'