ls1intum · FelixTJDietrich · Jun 27, 2025 · Jun 17, 2025 · Jun 17, 2025 · Jun 17, 2025
@@ -6,36 +6,14 @@ on:
       image-tag:
         type: string
         description: "Image tag to deploy (default: pr-<number> if PR exists, latest for default branch)"
-      deploy-hyperion:
-        type: boolean
-        default: true
-        description: (Re-)deploys hyperion.
-      deploy-proxy:
-        default: false
-        type: boolean
-        description: (Re-)deploys the proxy components. Usually not necessary and might cause downtime.
 
 jobs:  
-  deploy-hyperion:
-    if: ${{ inputs.deploy-hyperion }}
+  deploy-app:
     uses: ls1intum/.github/.github/workflows/deploy-docker-compose.yml@main
     with:
       environment: "Hyperion - Test 1"
-      docker-compose-file: "./hyperion/docker/compose.hyperion.yaml"
+      docker-compose-file: "./hyperion/compose.yaml"
       main-image-name: ls1intum/edutelligence/hyperion
       image-tag: ${{ inputs.image-tag }}
       deployment-base-path: "/opt/hyperion"
-    secrets: inherit
-
-  deploy-proxy:
-    if: ${{ inputs.deploy-proxy }}
-    uses: ls1intum/.github/.github/workflows/deploy-docker-compose.yml@main
-    with:
-      environment: "Hyperion - Test 1"
-      docker-compose-file: "./hyperion/docker/compose.proxy.yaml"
-      # We just keep the main-image-name and image-tag as placeholders
-      main-image-name: ls1intum/edutelligence/hyperion
-      image-tag: ${{ inputs.image-tag }}
-      deployment-base-path: "/opt/proxy"
-    secrets: inherit
-
+    secrets: inherit
@@ -20,11 +20,11 @@ on:
         type: string
 
 jobs:  
-  deploy-hyperion:
+  deploy-app:
     uses: ls1intum/.github/.github/workflows/deploy-docker-compose.yml@main
     with:
       environment: ${{ inputs.environment_name }}
-      docker-compose-file: "./hyperion/docker/compose.hyperion.yaml"
+      docker-compose-file: "./hyperion/compose.yaml"
       main-image-name: ls1intum/edutelligence/hyperion
       image-tag: ${{ inputs.commit_sha }}
       deployment-base-path: "/opt/hyperion"

diff --git a/.github/workflows/hyperion_java-client_publish.yml b/.github/workflows/hyperion_java-client_publish.yml
@@ -0,0 +1,313 @@
+name: Hyperion Java Client - CI/CD
+
+# Required GitHub Secrets:
+# - GITHUB_TOKEN: Automatically provided by GitHub for GitHub Packages
+# - OSSRH_USERNAME: Sonatype OSSRH username for Maven Central
+# - OSSRH_PASSWORD: Sonatype OSSRH password for Maven Central  
+# - GPG_KEY: Base64 encoded GPG private key (gpg --armor --export-secret-keys KEY_ID | base64 -w 0)
+# - GPG_PASSPHRASE: GPG key passphrase
+
+permissions:
+  contents: read
+  packages: write
+
+on:
+  push:
+    paths:
+      - 'hyperion/java-client/**'
+      - 'hyperion/app/protos/**'
+  pull_request:
+    branches: [main, develop]
+    paths:
+      - 'hyperion/java-client/**'
+      - 'hyperion/app/protos/**'
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Build & Test
+    runs-on: ubuntu-latest
+    outputs:
+      should-publish: ${{ steps.check.outputs.should-publish }}
+      version: ${{ steps.version.outputs.version }}
+      branch-name: ${{ steps.version.outputs.branch-name }}
+      is-snapshot: ${{ steps.version.outputs.is-snapshot }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Cache Maven
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+
+      - name: Determine version and publishing strategy
+        id: version
+        working-directory: hyperion/java-client
+        run: |
+          # Get base version from pom.xml (always 1.1.0)
+          BASE_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          echo "📋 Base version from pom.xml: $BASE_VERSION"
+
+          # Get branch name (handle PR refs properly)
+          if [[ "${{ github.ref }}" == refs/pull/* ]]; then
+            BRANCH_NAME="${{ github.head_ref }}"
+          else
+            BRANCH_NAME="${{ github.ref_name }}"
+          fi
+          echo "🌿 Branch: $BRANCH_NAME"
+
+          # Determine version strategy based on branch
+          if [[ "$BRANCH_NAME" == "main" ]] || [[ "$BRANCH_NAME" == "develop" ]]; then
+            # Stable branches: use base version for releases
+            FINAL_VERSION="$BASE_VERSION"
+            IS_SNAPSHOT="false"
+            echo "🎯 Stable branch detected: will publish release version $FINAL_VERSION"
+          else
+            # Feature branches: use dynamic branch-based snapshots
+            # Use EXACT same sanitization as local Maven build
+            SANITIZED_BRANCH=$(echo "$BRANCH_NAME" | sed 's/[^a-zA-Z0-9]/-/g' | tr '[:upper:]' '[:lower:]')
+            FINAL_VERSION="${BASE_VERSION}-${SANITIZED_BRANCH}-SNAPSHOT"
+            IS_SNAPSHOT="true"
+            echo "🔨 Feature branch detected: will publish snapshot $FINAL_VERSION"
+          fi
+
+          echo "version=$FINAL_VERSION" >> $GITHUB_OUTPUT
+          echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT
+          echo "is-snapshot=$IS_SNAPSHOT" >> $GITHUB_OUTPUT
+          echo "base-version=$BASE_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Check publishing rules
+        id: check
+        run: |
+          BRANCH_NAME="${{ steps.version.outputs.branch-name }}"
+          EVENT="${{ github.event_name }}"
+
+          echo "🔍 Event: $EVENT"
+          echo "🔍 GitHub ref: ${{ github.ref }}"
+          echo "🔍 Branch name: $BRANCH_NAME"
+
+          # Publish on push events, workflow_dispatch, OR pull_request (for snapshots only)
+          if [[ "$EVENT" == "push" ]] || [[ "$EVENT" == "workflow_dispatch" ]]; then
+            echo "should-publish=true" >> $GITHUB_OUTPUT
+            if [[ "${{ steps.version.outputs.is-snapshot }}" == "true" ]]; then
+              echo "✅ Will publish feature snapshot to GitHub Packages"
+            else
+              echo "✅ Will publish release to GitHub Packages + Maven Central"
+            fi
+          elif [[ "$EVENT" == "pull_request" ]] && [[ "${{ steps.version.outputs.is-snapshot }}" == "true" ]]; then
+            echo "should-publish=true" >> $GITHUB_OUTPUT
+            echo "✅ Will publish PR snapshot to GitHub Packages for testing"
+          else
+            echo "should-publish=false" >> $GITHUB_OUTPUT
+            echo "ℹ️ Event '$EVENT': Build only, no publishing"
+          fi
+
+      - name: Build & Test
+        working-directory: hyperion/java-client
+        run: |
+          if [[ "${{ steps.version.outputs.is-snapshot }}" == "true" ]]; then
+            echo "🔨 Building feature branch with local dynamic versioning"
+            mvn clean compile test package --no-transfer-progress
+          else
+            echo "🎯 Building stable release with base version"
+            mvn clean compile test package -DskipLocalVersioning=true --no-transfer-progress
+          fi
+
+  publish-snapshots:
+    name: Publish Snapshots
+    needs: build
+    runs-on: ubuntu-latest
+    if: needs.build.outputs.should-publish == 'true' && needs.build.outputs.is-snapshot == 'true'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Cache Maven
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+
+      - name: Configure Maven for GitHub Packages
+        run: |
+          mkdir -p ~/.m2
+          cat > ~/.m2/settings.xml << 'EOF'
+          <settings>
+              <servers>
+                  <server>
+                      <id>github</id>
+                      <username>${{ github.actor }}</username>
+                      <password>${{ secrets.GITHUB_TOKEN }}</password>
+                  </server>
+              </servers>
+          </settings>
+          EOF
+
+      - name: Publish Snapshot to GitHub Packages
+        working-directory: hyperion/java-client
+        run: |
+          echo "📦 Publishing snapshot ${{ needs.build.outputs.version }} to GitHub Packages"
+          echo "🔨 Setting version to ${{ needs.build.outputs.version }} and deploying"
+
+          # Set the version to our calculated snapshot version
+          mvn versions:set -DnewVersion="${{ needs.build.outputs.version }}" -DgenerateBackupPoms=false
+
+          # Deploy to GitHub Packages
+          mvn deploy -Pgithub --no-transfer-progress
+
+  publish-releases:
+    name: Publish Releases
+    needs: build
+    runs-on: ubuntu-latest
+    if: needs.build.outputs.should-publish == 'true' && needs.build.outputs.is-snapshot == 'false'
+
+    strategy:
+      fail-fast: false
+      matrix:
+        target: 
+          - name: "Maven Central"
+            profile: ""
+          - name: "GitHub Packages"  
+            profile: "-Pgithub"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Cache Maven
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+
+      - name: Configure Maven
+        run: |
+          mkdir -p ~/.m2
+          cat > ~/.m2/settings.xml << 'EOF'
+          <settings>
+              <servers>
+                  <server>
+                      <id>central</id>
+                      <username>${{ secrets.OSSRH_USERNAME }}</username>
+                      <password>${{ secrets.OSSRH_PASSWORD }}</password>
+                  </server>
+                  <server>
+                      <id>github</id>
+                      <username>${{ github.actor }}</username>
+                      <password>${{ secrets.GITHUB_TOKEN }}</password>
+                  </server>
+              </servers>
+          </settings>
+          EOF
+
+      - name: Import GPG key
+        if: matrix.target.profile == ''
+        run: |
+          # Import GPG private key for Maven Central signing
+          echo "${{ secrets.GPG_KEY }}" | base64 -d | gpg --batch --import
+
+          # Configure GPG for non-interactive use
+          mkdir -p ~/.gnupg
+          echo "use-agent" >> ~/.gnupg/gpg.conf
+          echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+          echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
+
+          # Get the key ID automatically
+          GPG_KEY_ID=$(gpg --list-secret-keys --keyid-format=long | grep -E "sec\s+[^/]+/([A-F0-9]{16})" | head -n1 | sed 's/.*\/\([A-F0-9]\{16\}\).*/\1/')
+          if [[ -z "$GPG_KEY_ID" ]]; then
+            echo "❌ Failed to detect GPG key ID"
+            echo "Available keys:"
+            gpg --list-secret-keys --keyid-format=long
+            exit 1
+          fi
+          echo "🔑 Detected GPG Key ID: $GPG_KEY_ID"
+          echo "GPG_KEY_ID=$GPG_KEY_ID" >> $GITHUB_ENV
+
+      - name: Publish Release to ${{ matrix.target.name }}
+        working-directory: hyperion/java-client
+        run: |
+          echo "📦 Publishing release ${{ needs.build.outputs.version }} to ${{ matrix.target.name }}"
+
+          if [[ "${{ matrix.target.profile }}" == "" ]]; then
+            echo "🔐 Maven Central: Enabling GPG signing"
+            mvn deploy -Prelease \
+              -Dgpg.keyname="${GPG_KEY_ID}" \
+              -Dgpg.passphrase="${{ secrets.GPG_PASSPHRASE }}" \
+              --no-transfer-progress
+          else
+            echo "📦 GitHub Packages: Skipping GPG signing"
+            mvn deploy ${{ matrix.target.profile }} --no-transfer-progress
+          fi
+        continue-on-error: ${{ matrix.target.profile == '-Pgithub' }}
+
+  summary:
+    name: Summary
+    needs: [build, publish-snapshots, publish-releases]
+    runs-on: ubuntu-latest
+    if: always()
+
+    steps:
+      - name: Create Summary
+        run: |
+          echo "## 🚀 Hyperion Java Client CI/CD" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
+          echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
+          echo "| **Version** | \`${{ needs.build.outputs.version }}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Branch** | \`${{ needs.build.outputs.branch-name }}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Type** | ${{ needs.build.outputs.is-snapshot == 'true' && '📦 Snapshot' || '🎯 Release' }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Event** | \`${{ github.event_name }}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Published** | ${{ needs.build.outputs.should-publish == 'true' && '✅ Yes' || '❌ No' }} |" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          if [[ "${{ needs.build.outputs.should-publish }}" == "true" ]]; then
+            echo "### 📦 Usage" >> $GITHUB_STEP_SUMMARY
+            echo '```xml' >> $GITHUB_STEP_SUMMARY
+            echo '<dependency>' >> $GITHUB_STEP_SUMMARY
+            echo '    <groupId>de.tum.cit.aet</groupId>' >> $GITHUB_STEP_SUMMARY
+            echo '    <artifactId>hyperion</artifactId>' >> $GITHUB_STEP_SUMMARY
+            echo "    <version>${{ needs.build.outputs.version }}</version>" >> $GITHUB_STEP_SUMMARY
+            echo '</dependency>' >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+
+            if [[ "${{ needs.build.outputs.is-snapshot }}" == "true" ]]; then
+              echo "" >> $GITHUB_STEP_SUMMARY
+              echo "### 🔨 Feature Branch Snapshot" >> $GITHUB_STEP_SUMMARY
+              echo "- Published to **GitHub Packages only**" >> $GITHUB_STEP_SUMMARY
+              echo "- Uses dynamic branch-based versioning: \`${{ needs.build.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
+              echo "- Perfect for testing in Artemis feature branches" >> $GITHUB_STEP_SUMMARY
+              echo "- No GPG signing required" >> $GITHUB_STEP_SUMMARY
+            else
+              echo "" >> $GITHUB_STEP_SUMMARY
+              echo "### 🎯 Stable Release" >> $GITHUB_STEP_SUMMARY
+              echo "- Published to **GitHub Packages + Maven Central**" >> $GITHUB_STEP_SUMMARY
+              echo "- Uses base version from pom.xml: \`${{ needs.build.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
+              echo "- **GPG signed** for Maven Central" >> $GITHUB_STEP_SUMMARY
+              echo "- Ready for production use" >> $GITHUB_STEP_SUMMARY
+            fi
+          else
+            echo "### ℹ️ Pull Request - Build Only" >> $GITHUB_STEP_SUMMARY
+            echo "Artifacts are built and tested but not published." >> $GITHUB_STEP_SUMMARY
+          fi