Add get jdbc for postgres and mysql gradle task, add moquidemo actions release

Author: acetousk

.github/workflows/moquidemo-release.yml

@@ -0,0 +1,240 @@
+# MoquiDemo Release - Build and publish MoquiDemo zip, WAR, Docker images on release
+# Equivalent to make_demo.sh with multi-arch images, SBOM, provenance, and cosign signing
+name: MoquiDemo Release
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version (e.g., 3.0.0)'
+        required: true
+        type: string
+      ref:
+        description: 'Branch or tag to build from (default: default branch)'
+        required: false
+        type: string
+      upload_to_release:
+        description: 'Upload assets to GitHub Release'
+        required: false
+        type: boolean
+        default: false
+
+permissions:
+  contents: write      # Upload release assets
+  id-token: write      # OIDC for keyless cosign signing
+  attestations: write  # Attestations for provenance/SBOM
+  packages: write     # Push to ghcr.io
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  build-moquidemo:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.vars.outputs.version }}
+      version_minor: ${{ steps.vars.outputs.version_minor }}
+      version_major: ${{ steps.vars.outputs.version_major }}
+
+    steps:
+      - name: Get version
+        id: vars
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            VERSION="${{ github.event.inputs.version }}"
+          else
+            # Strip 'v' prefix from tag (e.g., v3.0.0 -> 3.0.0)
+            VERSION="${GITHUB_REF#refs/tags/v}"
+          fi
+          # Strip leading 'v' if user included it
+          VERSION="${VERSION#v}"
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          VERSION_MINOR=$(echo "$VERSION" | cut -d. -f1,2)
+          echo "version_minor=$VERSION_MINOR" >> $GITHUB_OUTPUT
+          VERSION_MAJOR=$(echo "$VERSION" | cut -d. -f1)
+          echo "version_major=$VERSION_MAJOR" >> $GITHUB_OUTPUT
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.inputs.ref || github.ref }}
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+          cache: 'gradle'
+
+      - name: Get runtime and demo components
+        run: |
+          ./gradlew getRuntime getComponentSet -PcomponentSet=demo getComponent -Pcomponent=moqui-poi -PlocationType=release
+
+      - name: Download JDBC drivers and OpenSearch
+        run: |
+          ./gradlew getMySqlJdbc getPostgresJdbc downloadOpenSearch
+
+      - name: Load data and run tests
+        run: |
+          ./gradlew load test
+        env:
+          # Prevent ElasticSearch/OpenSearch from stealing focus
+          ES_JAVA_OPTS: "-Xms512m -Xmx512m"
+
+      - name: Wait for OpenSearch to stop
+        run: sleep 5
+
+      - name: Create moqui-plus-runtime WAR
+        run: ./gradlew addRuntime
+
+      - name: Create MoquiDemo zip and rename WAR
+        run: |
+          VERSION="${{ steps.vars.outputs.version }}"
+          cp moqui-plus-runtime.war "MoquiDemo-${VERSION}.war"
+          zip -r "MoquiDemo-${VERSION}.zip" . \
+            -x "*.git*" \
+            -x "*.git/*" \
+            -x "build/*" \
+            -x "framework/build/*" \
+            -x "runtime/log/*" \
+            -x "runtime/sessions/*" \
+            -x "runtime/txlog/*" \
+            -x "runtime/db/*" \
+            -x "runtime/elasticsearch/data/*" \
+            -x "runtime/opensearch/data/*" \
+            -x "wartemp" \
+            -x "moqui.war"
+          # Include the renamed WAR in the zip
+          zip -u "MoquiDemo-${VERSION}.zip" "MoquiDemo-${VERSION}.war"
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: moquidemo-build
+          path: |
+            moqui-plus-runtime.war
+            MoquiDemo-${{ steps.vars.outputs.version }}.zip
+            MoquiDemo-${{ steps.vars.outputs.version }}.war
+            docker/
+          retention-days: 1
+
+  build-docker:
+    needs: build-moquidemo
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: moquidemo-build
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract WAR and prepare Docker build context
+        run: |
+          unzip -q moqui-plus-runtime.war
+          rm -f moqui-plus-runtime.war
+
+      - name: Build and push multi-arch Docker image
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./docker/simple/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          provenance: mode=max
+          sbom: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ github.repository_owner }}/moquidemo:${{ needs.build-moquidemo.outputs.version }}
+            ${{ env.REGISTRY }}/${{ github.repository_owner }}/moquidemo:${{ needs.build-moquidemo.outputs.version_minor }}
+            ${{ env.REGISTRY }}/${{ github.repository_owner }}/moquidemo:${{ needs.build-moquidemo.outputs.version_major }}
+            ${{ env.REGISTRY }}/${{ github.repository_owner }}/moquidemo:latest
+
+      - name: Sign container image with cosign (keyless)
+        uses: sigstore/cosign-installer@v3
+      - name: Sign the images
+        run: |
+          IMAGE="${{ env.REGISTRY }}/${{ github.repository_owner }}/moquidemo:${{ needs.build-moquidemo.outputs.version }}"
+          cosign sign --yes "$IMAGE"
+          cosign sign --yes "${{ env.REGISTRY }}/${{ github.repository_owner }}/moquidemo:${{ needs.build-moquidemo.outputs.version_minor }}"
+          cosign sign --yes "${{ env.REGISTRY }}/${{ github.repository_owner }}/moquidemo:${{ needs.build-moquidemo.outputs.version_major }}"
+          cosign sign --yes "${{ env.REGISTRY }}/${{ github.repository_owner }}/moquidemo:latest"
+
+  push-dockerhub:
+    needs: [build-docker, build-moquidemo]
+    runs-on: ubuntu-latest
+    if: vars.DOCKERHUB_USERNAME != ''
+
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Copy images from GHCR to Docker Hub
+        run: |
+          SOURCE="${{ env.REGISTRY }}/${{ github.repository_owner }}/moquidemo"
+          for tag in ${{ needs.build-moquidemo.outputs.version }} ${{ needs.build-moquidemo.outputs.version_minor }} ${{ needs.build-moquidemo.outputs.version_major }} latest; do
+            docker buildx imagetools create -t "moqui/moquidemo:${tag}" "${SOURCE}:${tag}"
+          done
+
+      - name: Sign Docker Hub images with cosign (keyless)
+        uses: sigstore/cosign-installer@v3
+      - name: Sign the Docker Hub images
+        run: |
+          cosign sign --yes moqui/moquidemo:${{ needs.build-moquidemo.outputs.version }}
+          cosign sign --yes moqui/moquidemo:${{ needs.build-moquidemo.outputs.version_minor }}
+          cosign sign --yes moqui/moquidemo:${{ needs.build-moquidemo.outputs.version_major }}
+          cosign sign --yes moqui/moquidemo:latest
+
+  upload-release:
+    needs: [build-moquidemo, build-docker]
+    runs-on: ubuntu-latest
+    if: github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && github.event.inputs.upload_to_release == 'true')
+
+    steps:
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: moquidemo-build
+
+      - name: Attest build provenance for release assets
+        uses: actions/attest-build-provenance@v3
+        with:
+          subject-path: |
+            MoquiDemo-${{ needs.build-moquidemo.outputs.version }}.zip
+            MoquiDemo-${{ needs.build-moquidemo.outputs.version }}.war
+
+      - name: Attest SBOM for release assets
+        uses: actions/attest-sbom@v2
+        with:
+          subject-path: |
+            MoquiDemo-${{ needs.build-moquidemo.outputs.version }}.zip
+            MoquiDemo-${{ needs.build-moquidemo.outputs.version }}.war
+
+      - name: Upload release assets
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: v${{ needs.build-moquidemo.outputs.version }}
+          files: |
+            MoquiDemo-${{ needs.build-moquidemo.outputs.version }}.zip
+            MoquiDemo-${{ needs.build-moquidemo.outputs.version }}.war
+          fail_on_unmatched_files: true

build.gradle

@@ -267,6 +267,62 @@ task stopElasticSearch { doLast {
     stopSearch(moquiRuntime)
 } }
 
+// ========== JDBC driver download tasks ==========
+
+task getPostgresJdbc {
+    description = "Download the latest PostgreSQL JDBC driver to runtime/lib"
+    dependsOn 'getRuntime'
+    doLast {
+        def libDir = file(moquiRuntime + '/lib')
+        if (!libDir.exists()) libDir.mkdirs()
+
+        // Remove existing Postgres JAR files
+        fileTree(dir: libDir, include: 'postgres*.jar').each { it.delete() }
+
+        // Get the latest version from Maven repository
+        def metadataUrl = 'https://repo1.maven.org/maven2/org/postgresql/postgresql/maven-metadata.xml'
+        def metadataFile = file("${buildDir}/postgresql-maven-metadata.xml")
+        ant.get(src: metadataUrl, dest: metadataFile)
+        def metadata = new XmlSlurper().parse(metadataFile)
+        def latestVersion = metadata.versioning.latest.text()
+        metadataFile.delete()
+
+        // Download the latest version
+        def downloadUrl = "https://repo1.maven.org/maven2/org/postgresql/postgresql/${latestVersion}/postgresql-${latestVersion}.jar"
+        def jarFile = file("${libDir}/postgresql-${latestVersion}.jar")
+        logger.lifecycle("Downloading PostgreSQL JDBC driver ${latestVersion} from ${downloadUrl}")
+        ant.get(src: downloadUrl, dest: jarFile)
+        logger.lifecycle("Downloaded PostgreSQL JDBC driver to ${jarFile}")
+    }
+}
+
+task getMySqlJdbc {
+    description = "Download the latest MySQL JDBC driver to runtime/lib"
+    dependsOn 'getRuntime'
+    doLast {
+        def libDir = file(moquiRuntime + '/lib')
+        if (!libDir.exists()) libDir.mkdirs()
+
+        // Remove existing MySQL connector JAR files
+        fileTree(dir: libDir, include: 'mysql-connector*.jar').each { it.delete() }
+
+        // Get the latest version from Maven repository
+        def metadataUrl = 'https://repo1.maven.org/maven2/com/mysql/mysql-connector-j/maven-metadata.xml'
+        def metadataFile = file("${buildDir}/mysql-connector-j-maven-metadata.xml")
+        ant.get(src: metadataUrl, dest: metadataFile)
+        def metadata = new XmlSlurper().parse(metadataFile)
+        def latestVersion = metadata.versioning.latest.text()
+        metadataFile.delete()
+
+        // Download the latest version
+        def downloadUrl = "https://repo1.maven.org/maven2/com/mysql/mysql-connector-j/${latestVersion}/mysql-connector-j-${latestVersion}.jar"
+        def jarFile = file("${libDir}/mysql-connector-j-${latestVersion}.jar")
+        logger.lifecycle("Downloading MySQL JDBC driver ${latestVersion} from ${downloadUrl}")
+        ant.get(src: downloadUrl, dest: jarFile)
+        logger.lifecycle("Downloaded MySQL JDBC driver to ${jarFile}")
+    }
+}
+
 // ========== development tasks ==========
 task setupIntellij {
     description = "Adds all XML catalog items to intellij to enable autocomplete"