Release Creation #178
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Creation | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Dev release tag' | |
| required: true | |
| type: string | |
| dev: | |
| description: 'Is dev build' | |
| required: false | |
| default: true | |
| type: boolean | |
| cliTag: | |
| description: 'Version of the CLI to bundle' | |
| required: false | |
| type: string | |
| workflow_call: | |
| inputs: | |
| tag: | |
| description: 'Dev release tag' | |
| required: true | |
| type: string | |
| dev: | |
| description: 'Is dev build' | |
| required: false | |
| default: true | |
| type: boolean | |
| cliTag: | |
| description: 'Version of the CLI to bundle' | |
| required: false | |
| type: string | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| CLI_VERSION: ${{ steps.extract_cli_version.outputs.CLI_VERSION }} | |
| TAG_NAME: ${{ steps.set_tag_name.outputs.TAG_NAME }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} | |
| lfs: true | |
| - name: Download CLI | |
| if: inputs.cliTag | |
| run: | | |
| chmod +x ./.github/scripts/update_cli.sh | |
| ./.github/scripts/update_cli.sh ${{ inputs.cliTag }} | |
| - name: Extract CLI version | |
| id: extract_cli_version | |
| run: | | |
| CLI_VERSION=$(./src/main/resources/cx-linux version | grep -Eo '^[0-9]+\.[0-9]+\.[0-9]+') | |
| echo "CLI version being packed is $CLI_VERSION" | |
| echo "CLI_VERSION=$CLI_VERSION" >> $GITHUB_ENV | |
| echo "::set-output name=CLI_VERSION::$CLI_VERSION" | |
| - name: Check if CLI version is latest | |
| if: ${{ github.event.inputs.dev == 'false' && !github.event.inputs.cliTag && github.ref == 'refs/heads/main' }} | |
| id: check_latest_cli_version | |
| run: | | |
| LATEST_CLI_VERSION=$(curl -s https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') | |
| echo "CLI_VERSION=[$CLI_VERSION]" | |
| echo "LATEST_CLI_VERSION=[$LATEST_CLI_VERSION]" | |
| echo "Latest CLI version from GitHub: $LATEST_CLI_VERSION" | |
| if [ "$CLI_VERSION" = "$LATEST_CLI_VERSION" ]; then | |
| echo "CLI_VERSION ($CLI_VERSION) matches the latest released version ($LATEST_CLI_VERSION). Proceeding." | |
| else | |
| echo "CLI_VERSION ($CLI_VERSION) does not match the latest released version ($LATEST_CLI_VERSION). Failing workflow." | |
| exit 1 | |
| fi | |
| - name: Tag | |
| id: set_tag_name | |
| run: | | |
| echo ${{ inputs.tag }} | |
| tag=${{ inputs.tag }} | |
| echo "RELEASE_VERSION=${{ inputs.tag }}" >> $GITHUB_ENV | |
| message='${{ inputs.tag }}' | |
| git config user.name "${GITHUB_ACTOR}" | |
| git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
| git tag -a "${tag}" -m "${message}" | |
| git push origin "${tag}" | |
| echo "::set-output name=TAG_NAME::${{ inputs.tag }}" | |
| - name: Cache local Maven repository | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Set up Maven Central Repository | |
| uses: actions/[email protected] | |
| with: | |
| java-version: '11' | |
| distribution: 'temurin' | |
| server-id: central | |
| server-username: MAVEN_USERNAME | |
| server-password: MAVEN_PASSWORD | |
| gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
| gpg-passphrase: MAVEN_GPG_PASSPHRASE | |
| - name: Update the POM version. | |
| run: mvn -B versions:set -DnewVersion='${{ env.RELEASE_VERSION }}' --file pom.xml -DskipTests | |
| - name: Build artifactId property | |
| run: | | |
| prop='' | |
| if [ ${{ inputs.dev }} = true ] && ![ "${{ inputs.tag }}" = "1.0.0-SNAPSHOT" ]; then | |
| prop='-Dast.wrapper.id=ast-cli-java-wrapper-dev' | |
| fi | |
| echo "AID_PROP=${prop}" >> $GITHUB_ENV | |
| - name: Publish package | |
| run: mvn --batch-mode deploy -DskipTests ${{ env.AID_PROP }} | |
| env: | |
| MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
| MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
| MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
| - name: Release | |
| uses: softprops/action-gh-release@a6c7483a42ee9d5daced968f6c217562cd680f7f #v2 | |
| with: | |
| generate_release_notes: true | |
| tag_name: ${{ inputs.tag }} | |
| prerelease: ${{ inputs.dev }} | |
| notify: | |
| if: inputs.dev == false | |
| needs: release | |
| uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main | |
| with: | |
| product_name: Java Wrapper | |
| release_version: ${{ needs.release.outputs.TAG_NAME }} | |
| cli_release_version: ${{ needs.release.outputs.CLI_VERSION }} | |
| release_author: "Sypher Team" | |
| release_url: https://github.com/CheckmarxDev/ast-cli-java-wrapper/releases/tag/${{ needs.release.outputs.TAG_NAME }} | |
| jira_product_name: JAVA_WRAPPER | |
| secrets: inherit | |
| dispatch_auto_release: | |
| name: Update Jenkins/Jetbrains/Eclipse Extensions With new Wrapper Version | |
| if: inputs.dev == false | |
| needs: notify | |
| uses: Checkmarx/plugins-release-workflow/.github/workflows/dispatch-workflow.yml@main | |
| with: | |
| cli_version: ${{ needs.release.outputs.CLI_VERSION }} | |
| is_cli_release: false | |
| is_java_release: true | |
| secrets: inherit |