Merge pull request #5 from Conjur-Enterprise/auto-releases

CNJR-5562: Add automated release

.gitignore

@@ -7,6 +7,7 @@
 [Bb]in/
 packages/
 TestResults/
+VERSION
 
 # globs
 Makefile.in

CHANGELOG.md

@@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [3.0.2] - 2024-08-02
+
+### Changed
+- Automated release process
+
 ## [3.0.1] - 2024-02-27
 ### Fixed
 - Fix broken API Key authentication
@@ -57,7 +62,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
 - `Variable.AddValue()` method for adding variable values.
 
-[Unreleased]: https://github.com/cyberark/conjur-api-dotnet/compare/v3.0.1...HEAD
+[Unreleased]: https://github.com/cyberark/conjur-api-dotnet/compare/v3.0.2...HEAD
+[3.0.2]: https://github.com/cyberark/conjur-api-dotnet/compare/v3.0.1...v3.0.2
 [3.0.1]: https://github.com/cyberark/conjur-api-dotnet/compare/v3.0.0...v3.0.1
 [3.0.0]: https://github.com/cyberark/conjur-api-dotnet/compare/v2.1.1...v3.0.0
 [2.1.1]: https://github.com/cyberark/conjur-api-dotnet/compare/v2.1.0...v2.1.1

CONTRIBUTING.md

@@ -21,16 +21,16 @@ to rebuild the docker image used for building the project.
 
 ## Releases
 
-Manual releases
+Reference the [internal automated release doc](https://github.com/conjurinc/docs/blob/master/reference/infrastructure/automated_releases.md#release-and-promotion-process) for releasing and promoting.
 
 ## Contributing Workflow
 
 1. [Fork the project](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
 2. [Clone your fork](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository)
 3. Make local changes to your fork by editing files
-3. [Commit your changes](https://help.github.com/en/github/managing-files-in-a-repository/adding-a-file-to-a-repository-using-the-command-line)
-4. [Push your local changes to the remote server](https://help.github.com/en/github/using-git/pushing-commits-to-a-remote-repository)
-5. [Create new Pull Request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)
+4. [Commit your changes](https://help.github.com/en/github/managing-files-in-a-repository/adding-a-file-to-a-repository-using-the-command-line)
+5. [Push your local changes to the remote server](https://help.github.com/en/github/using-git/pushing-commits-to-a-remote-repository)
+6. [Create new Pull Request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)
 
 From here your pull request will be reviewed and once you've responded to all
-feedback it will be merged into the project. Congratulations, you're a contributor!
+feedback it will be merged into the project. Congratulations, you're a contributor!

Jenkinsfile

@@ -1,6 +1,24 @@
 #!/usr/bin/env groovy
 @Library("product-pipelines-shared-library") _
 
+// Automated release, promotion and dependencies
+properties([
+  // Include the automated release parameters for the build
+  release.addParams(),
+  // Dependencies of the project that should trigger builds
+  dependencies([])
+])
+
+// Performs release promotion.  No other stages will be run
+if (params.MODE == "PROMOTE") {
+  release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
+
+  }
+  // Copy Github Enterprise release to Github
+  release.copyEnterpriseRelease(params.VERSION_TO_PROMOTE)
+  return
+}
+
 pipeline {
   agent { label 'conjur-enterprise-common-agent' }
 
@@ -13,7 +31,27 @@ pipeline {
     cron(getDailyCronString())
   }
 
+  environment {
+    // Sets the MODE to the specified or autocalculated value as appropriate
+    MODE = release.canonicalizeMode()
+  }
+
   stages {
+    // Aborts any builds triggered by another project that wouldn't include any changes
+    stage ("Skip build if triggering job didn't create a release") {
+      when {
+        expression {
+          MODE == "SKIP"
+        }
+      }
+      steps {
+        script {
+          currentBuild.result = 'ABORTED'
+          error("Aborting build because this build was triggered from upstream, but no release was built")
+        }
+      }
+    }
+
     stage('Scan for internal URLs') {
       steps {
         script {
@@ -22,26 +60,38 @@ pipeline {
       }
     }
 
-    stage('Get InfraPool Agent') {
+    stage('Get InfraPool ExecutorV2 Agent') {
       steps {
         script {
-          INFRAPOOL_EXECUTORV2_AGENT_0 = getInfraPoolAgent.connected(type: "ExecutorV2", quantity: 1, duration: 1)[0]
+          // Request ExecutorV2 agents for 1 hour(s)
+          INFRAPOOL_EXECUTORV2_AGENTS = getInfraPoolAgent(type: "ExecutorV2", quantity: 1, duration: 1)
+          INFRAPOOL_EXECUTORV2_AGENT_0 = INFRAPOOL_EXECUTORV2_AGENTS[0]
+          infrapool = infraPoolConnect(INFRAPOOL_EXECUTORV2_AGENT_0, {})
         }
       }
     }
 
     stage('Validate') {
       parallel {
         stage('Changelog') {
-          steps { parseChangelog(INFRAPOOL_EXECUTORV2_AGENT_0) }
+          steps { parseChangelog(infrapool) }
+        }
+      }
+    }
+
+    // Generates a VERSION file based on the current build number and latest version in CHANGELOG.md
+    stage('Validate Changelog and set version') {
+      steps {
+        script {
+          updateVersion(infrapool, "CHANGELOG.md", "${BUILD_NUMBER}")
         }
       }
     }
 
     stage('Prepare build environment') {
       steps {
         script {
-          INFRAPOOL_EXECUTORV2_AGENT_0.agentSh '''
+          infrapool.agentSh '''
             # make sure the build env is up to date
             make -C docker
 
@@ -59,12 +109,29 @@ pipeline {
     stage('Build and test package') {
       steps {
         script {
-          BUILD_NAME = "${env.BUILD_NUMBER}-${env.BRANCH_NAME.replace('/','-')}"
-          INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "summon -e pipeline ./build.sh ${BUILD_NAME}"
-          INFRAPOOL_EXECUTORV2_AGENT_0.agentStash name: 'test-results', includes: '*.xml'
+          infrapool.agentSh "summon -e pipeline ./build.sh"
+          infrapool.agentStash name: 'test-results', includes: '*.xml'
           unstash 'test-results'
           junit 'TestResults.xml'
-          INFRAPOOL_EXECUTORV2_AGENT_0.agentArchiveArtifacts artifacts: 'bin/*', fingerprint: true
+          infrapool.agentArchiveArtifacts artifacts: 'bin/*', fingerprint: true
+        }
+      }
+    }
+
+    stage('Release') {
+      when {
+        expression {
+          MODE == "RELEASE"
+        }
+      }
+      steps {
+        script {
+          release(infrapool) { billOfMaterialsDirectory, assetDirectory, toolsDirectory ->
+            // Publish release artifacts to all the appropriate locations
+
+            // Copy any artifacts to assetDirectory to attach them to the Github release
+            infrapool.agentSh "cp -r bin/* ${assetDirectory}"
+          }
         }
       }
     }

README.md

@@ -1,6 +1,6 @@
 # Conjur API for .NET
 
-Programmatic .NET access to [Conjur](https://conjur.org) (for both Conjur Open Source and Enterprise/DAP versions).
+Programmatic .NET access to [Conjur](https://conjur.org) (for both Conjur Open Source and Enterprise).
 This .NET SDK allows developers to build new apps in .NET that communicate with Conjur by
 invoking our Conjur API to perform operations on stored data (add, retrieve, etc)
 

build.sh

@@ -1,23 +1,24 @@
-#!/bin/sh -xe
+#!/usr/bin/env bash
+set -euo pipefail
 
 finish() {
   if [ -n "$CIDFILE" ]; then
-    CID=`cat $CIDFILE`
-    docker rm -f $CID
-    rm -f $CIDFILE
+    CID=$(cat "$CIDFILE")
+    docker rm -f "$CID"
+    rm -f "$CIDFILE"
   fi
 }
 trap finish EXIT
 
-TAG=`cat docker/tag`
+TAG=$(cat docker/tag)
 
-CIDFILE=`mktemp -u`
-docker run -v $PWD:/src:ro --cidfile=$CIDFILE  -e build_name=$1 -e WRITE_ARTIFACTORY_USERNAME -e WRITE_ARTIFACTORY_PASSWORD -e WRITE_ARTIFACTORY_URL $TAG
+CIDFILE=$(mktemp -u)
+docker run -v "$PWD":/src:ro --cidfile="$CIDFILE" -e WRITE_ARTIFACTORY_USERNAME -e WRITE_ARTIFACTORY_PASSWORD -e WRITE_ARTIFACTORY_URL "$TAG"
 
-CID=`cat $CIDFILE`
+CID=$(cat "$CIDFILE")
 
-docker cp $CID:"/build/TestResults.xml" .
+docker cp "$CID":"/build/TestResults.xml" .
 mkdir -p bin
-docker cp $CID:"/build/conjur-api/bin/Release/net6.0/conjur-api.dll" bin/conjur-api.dll
+docker cp "$CID":"/build/conjur-api/bin/Release/net6.0/conjur-api.dll" bin/conjur-api.dll
 
 cat TestResults.xml

conjur-api/conjur-api.csproj

@@ -9,7 +9,7 @@
     <Company>CyberArk Software Ltd.</Company>
     <Product>Conjur .NET API</Product>
     <Copyright>%28c%29 CyberArk Software Ltd.</Copyright>
-    <AssemblyVersion>3.0.0</AssemblyVersion>
+    <AssemblyVersion>unset</AssemblyVersion>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <OutputPath>bin\Debug</OutputPath>

docker/Dockerfile

@@ -1,5 +1,7 @@
 FROM mcr.microsoft.com/dotnet/sdk:6.0
 
+ENV VERSION=""
+
 RUN apt-get update -y && apt-get install -y gnupg2 git osslsigncode
 
 RUN ln -s /src/docker/build.sh /

docker/build.sh

@@ -1,17 +1,32 @@
-#!/bin/sh -xe
+#!/usr/bin/env bash
+set -euox pipefail
 
+function repo_root() {
+  git rev-parse --show-toplevel
+}
+
+function project_version() {
+  # VERSION derived from CHANGELOG and automated release library
+  echo "$(<"$(repo_root)/VERSION")"
+}
+
+# Create a clean copy of the source code for build
 cp -a /src /build
 git config --global --add safe.directory /build
 cd /build
 git clean -fdx || :
+# Copy the VERSION file generated by the CI to the build directory
+cp /src/VERSION /build/VERSION
 
+# Restore nuget packages
 dotnet restore
 
 # test
 dotnet build
 dotnet test --logger:"junit;LogFileName=/build/TestResults.xml"
 
 # build
-dotnet build api-dotnet.sln --configuration Release
+VERSION=$(project_version)
+dotnet build api-dotnet.sln --configuration Release /p:AssemblyVersion="$VERSION"
 
-docker/nuget.sh
+docker/nuget.sh "$VERSION"

docker/nuget.sh

@@ -1,12 +1,19 @@
-#!/bin/sh -xe
+#!/usr/bin/env bash
+set -euox pipefail
 
 mkdir nugetPackages
 
-version=`cat conjur-api/conjur-api.csproj | grep '<AssemblyVersion>' | cut -d ">" -f 2 | cut -d "<" -f 1`
-dotnet pack -o ./nugetPackages --version-suffix "${version:-0.0}.${build_name}"
+version="${1:-}"
+dotnet pack -o ./nugetPackages --version-suffix "${version:-0.0}"
+
+# Check if WRITE_ARTIFACTORY_URL is set
+if [ -z "${WRITE_ARTIFACTORY_URL:-}" ]; then
+  echo "WRITE_ARTIFACTORY_URL is not set, skipping nuget push"
+  exit 0
+fi
 
 dotnet nuget add source "https://$WRITE_ARTIFACTORY_URL/artifactory/api/nuget/conjur-api-dotnet" --name "conjur-api-dotnet" \
-     --username $WRITE_ARTIFACTORY_USERNAME --password $WRITE_ARTIFACTORY_PASSWORD --store-password-in-clear-text
+     --username "$WRITE_ARTIFACTORY_USERNAME" --password "$WRITE_ARTIFACTORY_PASSWORD" --store-password-in-clear-text
 
 dotnet nuget push ./nugetPackages/* --source "conjur-api-dotnet"
 

docker/sign.sh

@@ -1,4 +1,5 @@
-#!/bin/sh -xe
+#!/usr/bin/env bash
+set -euox pipefail
 
 BIN=/conjur-api.dll
 

test/AWSAuthenticatorTest.cs

@@ -9,6 +9,8 @@ namespace Conjur.Test
     public class AWSAuthenticatorTest : Base
     {
         [Test]
+        // Uncomment the [Ignore] attribute to skip this test when not running in AWS
+        // [Ignore("This test requires an AWS environment")]
         public void AuthenticateTest()
         {
             string conjurIdentity = "somehost";