diff --git a/.github/scripts/verify-docker-release.sh b/.github/scripts/verify-docker-release.sh new file mode 100755 index 0000000000..207e1a63b8 --- /dev/null +++ b/.github/scripts/verify-docker-release.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +############################################################################################################################################################################################# +## Description: The script helps in verifying two things:- ## +## (1) All the images that are passed as parameters are pushed successfully to dockerhub. This is done by fetching the SHA Digests ## +## for all the images. If we are able to fetch the SHA Digest for the images, that means the images are available at Dockerhub ## +## ## +## (2) All the images that are passed as parameters are same or not. This is done by matching the SHA Digests for all the images. ## +## If the SHA Digest for all the images are same, that means the images are same. ## +## ## +## NOTE: I have used "Skopeo" to inspect the images. Skopeo tool can helps us in inspecting the docker images without pulling them ## +## ## +## USAGE: The script accepts image names as paramaters. We can pass as many image names as we want. ## +## ## +## EXAMPLE: ./verify-docker-release.sh apicurio/apicurio-registry-infinispan:1.2.3.Final apicurio/apicurio-registry-infinispan:latest apicurio/apicurio-registry-infinispan:latest-release ## +## ## +############################################################################################################################################################################################# + +set -euo pipefail + +IMAGES=("$@") +SHA=() +i=0 + +# Fetching SHA Digest for the images +for image in "${IMAGES[@]}"; do + SHA[$i]=$(skopeo inspect --raw --tls-verify=false docker://${image} | jq --raw-output '.config.digest' | sed 's/sha256://;s/"//g') + echo "SHA for Image ${image}: ${SHA[$i]}" + ((i=i+1)) +done +echo "The Images are successfully pushed to the dockerhub. Verifying if the images are same..." + + +# Verifying if images are same by comparing SHA Digest of the images +watermark=${SHA[0]} +not_equal=false +for i in "${SHA[@]}"; do + if [[ "$watermark" != "$i" ]]; then + not_equal=true + break + fi +done + +if [[ $not_equal = "true" ]]; then + echo "[FAILURE] The Images Are Not Same. Verification Failed" && exit 1 +else + echo "[SUCCESS] Verification Successfull! The SHA Digest Matched for all the images." +fi + + + + diff --git a/.github/test-mvn-deploy/pom.xml b/.github/test-mvn-deploy/pom.xml new file mode 100644 index 0000000000..de92a0b17c --- /dev/null +++ b/.github/test-mvn-deploy/pom.xml @@ -0,0 +1,31 @@ + + 4.0.0 + + com.apicurio.test + verify-registry-maven-deploy + 1.0.0-SNAPSHOT + verify-registry-maven-deploy + Simple Project to verify the deployment of Apicurio Registry JARS + + + + TBD + + + + + io.apicurio + apicurio-registry-utils-serde + ${version.apicurio} + + + io.apicurio + apicurio-registry-rest-client + ${version.apicurio} + + + + + diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 391dbdd19a..402a0303de 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -157,3 +157,38 @@ jobs: git add -f _data/registry/releases/$FILENAME.json #ignored due to .gitignore config git commit -m "Automated Update For Apicurio Registry Release Version: ${{steps.metadata.outputs.release-version}}" git push + + verify-release: + runs-on: ubuntu-18.04 + needs: ["release"] # The Job gets triggered only after the "release" job has successfully completed. The job doesn't run in case the "release" job fails + if: github.event.pull_request.merged == true && github.repository_owner == 'Apicurio' + steps: + - name: Retrieve Project Metadata + uses: radcortez/project-metadata-action@master + id: metadata + with: + github-token: ${{secrets.GITHUB_TOKEN}} + metadata-file-path: '.github/project.yaml' + - name: Set up JDK 1.8 + uses: AdoptOpenJDK/install-jdk@v1 + with: + version: '8' + architecture: x64 + - name: Checkout Code + uses: actions/checkout@v2 + - name: Verify Docker Release For mem + run: ./.github/scripts/verify-docker-release.sh apicurio/apicurio-registry-mem:${{steps.metadata.outputs.release-version}} apicurio/apicurio-registry-mem:latest apicurio/apicurio-registry-mem:latest-release + - name: Verify Docker Release For asyncmem + run: ./.github/scripts/verify-docker-release.sh apicurio/apicurio-registry-asyncmem:${{steps.metadata.outputs.release-version}} apicurio/apicurio-registry-asyncmem:latest apicurio/apicurio-registry-asyncmem:latest-release + - name: Verify Docker Release For kafka + run: ./.github/scripts/verify-docker-release.sh apicurio/apicurio-registry-kafka:${{steps.metadata.outputs.release-version}} apicurio/apicurio-registry-kafka:latest apicurio/apicurio-registry-kafka:latest-release + - name: Verify Docker Release For streams + run: ./.github/scripts/verify-docker-release.sh apicurio/apicurio-registry-streams:${{steps.metadata.outputs.release-version}} apicurio/apicurio-registry-streams:latest apicurio/apicurio-registry-streams:latest-release + - name: Verify Docker Release For jpa + run: ./.github/scripts/verify-docker-release.sh apicurio/apicurio-registry-jpa:${{steps.metadata.outputs.release-version}} apicurio/apicurio-registry-jpa:latest apicurio/apicurio-registry-jpa:latest-release + - name: Verify Docker Release For infinispan + run: ./.github/scripts/verify-docker-release.sh apicurio/apicurio-registry-infinispan:${{steps.metadata.outputs.release-version}} apicurio/apicurio-registry-infinispan:latest apicurio/apicurio-registry-infinispan:latest-release + - name: Verify Maven Release + run: | + cd .github/test-mvn-deploy + mvn clean install "-Dversion.apicurio=${{steps.metadata.outputs.release-version}}" # Passing the latest version at run-time