Release #66
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SPDX-License-Identifier: MIT | |
name: Release | |
on: | |
workflow_dispatch: | |
inputs: | |
actor-email: | |
description: Insert your email address here. It will be used in the generated pull requests | |
required: true | |
server-version: | |
description: Server Version (e.g. 0.27.0) | |
required: false | |
server-milestone-number: | |
description: Server Milestone number (e.g. 45) | |
required: false | |
client-version: | |
description: Client Version (e.g. 0.23.0) | |
required: false | |
client-milestone-number: | |
description: Client Milestone number (e.g. 47) | |
required: false | |
pds-version: | |
description: PDS Version (e.g. 0.20.0) | |
required: false | |
pds-milestone-number: | |
description: PDS Milestone number (e.g. 46) | |
required: false | |
permissions: | |
contents: write | |
issues: write | |
packages: write | |
pull-requests: write | |
env: | |
ACTIONS_BASE_IMAGE_ALPINE: alpine:3.20 | |
ACTIONS_BASE_IMAGE_DEBIAN: debian:12-slim | |
ACTIONS_SECHUB_REGISTRY: ghcr.io/mercedes-benz/sechub | |
ACTIONS_HELM_REGISTRY: "oci://ghcr.io/mercedes-benz/sechub/helm-charts" | |
jobs: | |
release-version: | |
name: Create releases | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Show Inputs" | |
run: | | |
echo "actor-email: '${{ inputs.actor-email }}'" | |
echo "Server '${{ inputs.server-version }}' - Milestone '${{ inputs.server-milestone-number }}'" | |
echo "Client '${{ inputs.client-version }}' - Milestone '${{ inputs.client-milestone-number }}'" | |
echo "PDS '${{ inputs.pds-version }}' - Milestone '${{ inputs.pds-milestone-number }}'" | |
# Check inputs if a milestone number is provided for each version to be released: | |
- name: "Verify Input: Server" | |
if: (inputs.server-version != '') && (inputs.server-milestone-number == '') | |
run: | | |
echo "For Server release, server-milestone-number must be provided!" | |
exit 1 | |
- name: "Verify Input: Client" | |
if: (inputs.client-version != '') && (inputs.client-milestone-number == '') | |
run: | | |
echo "For Client release, client-milestone-number must be provided!" | |
exit 1 | |
- name: "Verify Input: PDS" | |
if: (inputs.pds-version != '') && (inputs.pds-milestone-number == '') | |
run: | | |
echo "For PDS release, pds-milestone-number must be provided!" | |
exit 1 | |
- name: Install required packages | |
run: sudo apt-get -y install build-essential dpkg-dev fakeroot graphviz hub | |
- name: Checkout master | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
ref: master | |
fetch-tags: true | |
fetch-depth: 0 | |
# Create temporary local tags, so we build documentation for this tag... | |
# The final tag on git server side will be done by the release when the draft is saved as "real" release | |
# automatically. | |
- name: "Temporary tag server version: v${{ inputs.server-version }}-server - if defined" | |
if: inputs.server-version != '' | |
run: git tag v${{ inputs.server-version }}-server | |
- name: "Temporary tag client version: v${{ inputs.client-version }}-client - if defined" | |
if: inputs.client-version != '' | |
run: git tag v${{ inputs.client-version }}-client | |
- name: "Temporary tag PDS version: v${{ inputs.pds-version }}-pds - if defined" | |
if: inputs.pds-version != '' | |
run: git tag v${{ inputs.pds-version }}-pds | |
# ---------------------- | |
# Setup + Caching | |
# ---------------------- | |
- name: Set up JDK 17 | |
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b | |
with: | |
java-version: 17 | |
distribution: temurin | |
- name: Set up Gradle | |
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 | |
with: | |
cache-read-only: false | |
- name: Set up Go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed | |
with: | |
go-version: 1.21.6 | |
- name: Set up Go caching | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a | |
id: go-cache | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Docker login to ghcr.io | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Gradle clean + spotlessCheck | |
run: ./gradlew clean spotlessCheck | |
# ---------------------- | |
# Create pull request if license headers are missing | |
# ---------------------- | |
- name: run apply-headers.sh | |
id: apply-headers | |
run: | | |
git config user.name "$GITHUB_TRIGGERING_ACTOR (via github-actions)" | |
git config user.email "${{ inputs.actor-email }}" | |
./apply-headers.sh | |
git commit -am "SPDX headers added by SecHub release job @github-actions" || true | |
COMMITS=`git log --oneline --branches --not --remotes` | |
echo "commits=$COMMITS" >> $GITHUB_OUTPUT | |
- name: Create pull request for SPDX license headers | |
id: pr_spdx_headers | |
if: steps.apply-headers.outputs.commits != '' | |
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f | |
with: | |
branch: release-spdx-headers | |
branch-suffix: short-commit-hash | |
delete-branch: true | |
title: '0 - Before release: Add missing SPDX license headers [auto-generated]' | |
body: | | |
Auto-generated by Github Actions release job. | |
-> Please review and merge **before** publishing the release. | |
- name: Print PR infos | |
if: steps.apply-headers.outputs.commits != '' | |
run: | | |
echo "Pull Request Number - ${{ steps.pr_spdx_headers.outputs.pull-request-number }}" | |
echo "Pull Request URL - ${{ steps.pr_spdx_headers.outputs.pull-request-url }}" | |
# ---------------------- | |
# Build SecHub Client | |
# ---------------------- | |
- name: Build Client | |
run: ./gradlew :sechub-cli:buildGo :sechub-cli:testGo | |
# ---------------------- | |
# Build SecHub Server + PDS | |
# ---------------------- | |
- name: Build Server and PDS artifacts | |
run: ./gradlew ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-cli:build | |
# ---------------------- | |
# Build API Java publish | |
# ---------------------- | |
- name: Generate and build Java projects related to SecHub Java API | |
run: ./gradlew :sechub-api-java:build :sechub-systemtest:build :sechub-pds-tools:buildPDSToolsCLI -Dsechub.build.stage=api-necessary | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
# ---------------------- | |
# Integration test | |
# ---------------------- | |
- name: Integration test | |
run: ./gradlew :sechub-integrationtest:startIntegrationTestInstances :sechub-systemtest:integrationtest :sechub-integrationtest:integrationtest :sechub-integrationtest:stopIntegrationTestInstances -Dsechub.build.stage=all | |
- name: Create combined test report | |
if: always() | |
run: ./gradlew createCombinedTestReport -Dsechub.build.stage=all | |
# To identifiy parts not in git history and leading to "-dirty-$commitId" markern in documentation | |
- name: Collect GIT status | |
if: always() | |
run: | | |
# restore reduced-openapi3.json | |
git restore sechub-api-java/src/main/resources/reduced-openapi3.json | |
git status > build/reports/git-status.txt | |
# ----------------------------------------- | |
# Upload Build Artifacts | |
# ----------------------------------------- | |
- name: Archive combined test report | |
if: always() | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 | |
with: | |
name: combined-sechub-testreport | |
path: build/reports/combined-report | |
retention-days: 14 | |
- name: Archive GIT status | |
if: always() | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 | |
with: | |
name: git-status.txt | |
path: build/reports/git-status.txt | |
retention-days: 14 | |
- name: Archive sechub server artifacts | |
if: always() | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 | |
with: | |
name: sechub-server | |
path: sechub-server/build/libs | |
retention-days: 14 | |
- name: Archive pds server artifacts | |
if: always() | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 | |
with: | |
name: sechub-pds | |
path: sechub-pds/build/libs | |
- name: Archive developer tools artifacts | |
if: always() | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 | |
with: | |
name: sechub-developertools | |
path: sechub-developertools/build/libs | |
retention-days: 14 | |
- name: Archive sechub client artifacts | |
if: always() | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 | |
with: | |
name: sechub-client | |
path: sechub-cli/build/go | |
retention-days: 14 | |
# ----------------------------------------- | |
# Build Documentation | |
# ----------------------------------------- | |
- name: Create documentation | |
run: ./gradlew documentation-with-pages | |
# ----------------------------------------- | |
# Upload documentation | |
# ----------------------------------------- | |
- name: Archive documentation HTML | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 | |
with: | |
name: sechub-docs-html | |
path: sechub-doc/build/docs/final-html/ | |
retention-days: 14 | |
- name: Archive documentation PDF | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 | |
with: | |
name: sechub-docs-pdf | |
path: sechub-doc/build/docs/asciidoc/*.pdf | |
retention-days: 14 | |
- name: Archive openAPI3 JSON files | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 | |
with: | |
name: sechub-api-spec | |
path: sechub-doc/build/api-spec/ | |
retention-days: 14 | |
# ----------------------------------------- | |
# Update and commit release documentation for https://mercedes-benz.github.io/sechub/ | |
# ----------------------------------------- | |
- name: Update release documentation | |
run: | | |
git reset --hard | |
sechub-doc/helperscripts/publish+git-add-releasedocs.sh | |
git commit -m "docs update by SecHub release job @github-actions" | |
# ----------------------------------------- | |
# Create pull request for release documentation | |
# ----------------------------------------- | |
- name: Create pull request for release documentation | |
id: pr_release_documentation | |
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f | |
with: | |
branch: release-documentation | |
branch-suffix: short-commit-hash | |
delete-branch: true | |
title: '1 - Release documentation [auto-generated]' | |
body: | | |
Release of SecHub documentation | |
-> Please review and merge **before** publishing the release. | |
- name: Print PR infos | |
run: | | |
echo "Pull Request Number - ${{ steps.pr_release_documentation.outputs.pull-request-number }}" | |
echo "Pull Request URL - ${{ steps.pr_release_documentation.outputs.pull-request-url }}" | |
# ----------------------------------------- | |
# Assert releaseable, so no dirty flags on releases | |
# even when all artifact creation parts are done! | |
# ----------------------------------------- | |
- name: Assert releasable | |
run: | | |
git status | |
./gradlew assertReleaseable | |
# ****************************************** | |
# S E R V E R release | |
# ****************************************** | |
- name: Create server release ${{ inputs.server-version }} | |
id: create_server_release | |
if: inputs.server-version != '' | |
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
with: | |
tag_name: v${{ inputs.server-version }}-server | |
commitish: master | |
release_name: Server Version ${{ inputs.server-version }} | |
body: | | |
Changes in this Release | |
- Some minor changes on SecHub server implementation | |
For more details please look at [Milestone ${{inputs.server-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.server-milestone-number}}?closed=1) | |
draft: true | |
prerelease: false | |
- name: Create sha256 checksum file for SecHub server jar | |
if: inputs.server-version != '' | |
run: | | |
cd sechub-server/build/libs | |
sha256sum sechub-server-${{ inputs.server-version }}.jar > sechub-server-${{ inputs.server-version }}.jar.sha256sum | |
- name: Create sha256 checksum files for SecHub developer tools jars | |
if: inputs.server-version != '' | |
run: | | |
cd sechub-developertools/build/libs/ | |
sha256sum sechub-developer-admin-ui-${{ inputs.server-version }}.jar > sechub-developer-admin-ui-${{ inputs.server-version }}.jar.sha256sum | |
- name: Upload Server release asset sechub-server-${{ inputs.server-version }}.jar | |
if: inputs.server-version != '' | |
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_server_release.outputs.upload_url }} | |
asset_path: sechub-server/build/libs/sechub-server-${{ inputs.server-version }}.jar | |
asset_name: sechub-server-${{ inputs.server-version }}.jar | |
asset_content_type: application/zip | |
- name: Upload Server release asset sechub-server-${{ inputs.server-version }}.jar.sha256sum | |
if: inputs.server-version != '' | |
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_server_release.outputs.upload_url }} | |
asset_path: sechub-server/build/libs/sechub-server-${{ inputs.server-version }}.jar.sha256sum | |
asset_name: sechub-server-${{ inputs.server-version }}.jar.sha256sum | |
asset_content_type: text/plain | |
- name: Upload SecHub release asset sechub-developer-admin-ui-${{ inputs.server-version }}.jar | |
if: inputs.server-version != '' | |
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_server_release.outputs.upload_url }} | |
asset_path: sechub-developertools/build/libs/sechub-developer-admin-ui-${{ inputs.server-version }}.jar | |
asset_name: sechub-developer-admin-ui-${{ inputs.server-version }}.jar | |
asset_content_type: application/zip | |
- name: Upload Server release asset sechub-developer-admin-ui-${{ inputs.server-version }}.jar.sha256sum | |
if: inputs.server-version != '' | |
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_server_release.outputs.upload_url }} | |
asset_path: sechub-developertools/build/libs/sechub-developer-admin-ui-${{ inputs.server-version }}.jar.sha256sum | |
asset_name: sechub-developer-admin-ui-${{ inputs.server-version }}.jar.sha256sum | |
asset_content_type: text/plain | |
# Server documentation: | |
- name: Upload sechub-architecture.pdf release asset | |
if: inputs.server-version != '' | |
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_server_release.outputs.upload_url }} | |
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-architecture.pdf | |
asset_name: sechub-architecture-${{ inputs.server-version }}.pdf | |
asset_content_type: application/pdf | |
- name: Upload sechub-operations.pdf release asset | |
if: inputs.server-version != '' | |
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_server_release.outputs.upload_url }} | |
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-operations.pdf | |
asset_name: sechub-operations-${{ inputs.server-version }}.pdf | |
asset_content_type: application/pdf | |
- name: Upload sechub-developer-quickstart-guide.pdf release asset | |
if: inputs.server-version != '' | |
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_server_release.outputs.upload_url }} | |
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-developer-quickstart-guide.pdf | |
asset_name: sechub-developer-quickstart-guide-${{ inputs.server-version }}.pdf | |
asset_content_type: application/pdf | |
- name: Upload sechub-restapi.pdf release asset | |
if: inputs.server-version != '' | |
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_server_release.outputs.upload_url }} | |
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-restapi.pdf | |
asset_name: sechub-restapi-${{ inputs.server-version }}.pdf | |
asset_content_type: application/pdf | |
- name: Upload sechub-openapi3.json release asset | |
if: inputs.server-version != '' | |
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_server_release.outputs.upload_url }} | |
asset_path: ./sechub-doc/build/api-spec/openapi3.json | |
asset_name: sechub-openapi3-${{ inputs.server-version }}.json | |
asset_content_type: text/plain | |
- name: Create Server ${{ inputs.server-version }} release issue | |
if: inputs.server-version != '' | |
uses: dacbd/create-issue-action@main | |
with: | |
token: ${{ github.token }} | |
title: Release Server ${{ inputs.server-version }} | |
body: | | |
See [Milestone ${{inputs.server-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.server-milestone-number}}?closed=1) for details. | |
Please close this issue after the release. | |
milestone: ${{ inputs.server-milestone-number }} | |
# Build Server container image + push to ghcr | |
- name: Build Server ${{ inputs.server-version }} container image + push to ghcr | |
if: inputs.server-version != '' | |
run: | | |
SERVER_VERSION="${{ inputs.server-version }}" | |
BUILD_FLAVOR="alpine" | |
DOCKER_REGISTRY="$ACTIONS_SECHUB_REGISTRY/sechub-server" | |
VERSION_TAG="${SERVER_VERSION}_${BUILD_FLAVOR}" | |
cp sechub-server/build/libs/sechub-server-${SERVER_VERSION}.jar sechub-solution/docker/copy/ | |
cd sechub-solution | |
export DOCKER_BUILD_TYPE=copy | |
echo "# Building image $DOCKER_REGISTRY:$VERSION_TAG" | |
echo " from $ACTIONS_BASE_IMAGE_ALPINE" | |
./10-create-image-${BUILD_FLAVOR}.sh $DOCKER_REGISTRY $VERSION_TAG $ACTIONS_BASE_IMAGE_ALPINE | |
echo "# Pushing image $DOCKER_REGISTRY:$VERSION_TAG (latest)" | |
./20-push-image.sh $DOCKER_REGISTRY $VERSION_TAG yes | |
- name: Build Server Helm chart + push to ghcr | |
if: inputs.server-version != '' | |
shell: bash | |
run: | | |
cd "sechub-solution/helm" | |
echo "# Building Helm chart for sechub-server" | |
helm package sechub-server | |
helm push sechub-server-*.tgz $ACTIONS_HELM_REGISTRY | |
# ****************************************** | |
# C l i e n t release | |
# ****************************************** | |
- name: Create client binary release asset sechub-cli-${{ inputs.client-version }}.zip | |
if: inputs.client-version != '' | |
run: | | |
cd sechub-cli/build/go | |
zip -r sechub-cli.zip platform | |
sha256sum sechub-cli.zip > sechub-cli.zip.sha256 | |
- name: Create client Debian packages | |
if: inputs.client-version != '' | |
shell: bash | |
run: sechub-cli/script/build-debian-packages.sh ${{ inputs.client-version }} | |
- name: Create client ${{ inputs.client-version }} release draft | |
if: inputs.client-version != '' | |
shell: bash | |
run: | | |
assets=() | |
echo "# Add Client binaries sechub-cli-${{ inputs.client-version }}.zip + checksum" | |
assets+=("-a" "sechub-cli/build/go/sechub-cli.zip#sechub-cli-${{ inputs.client-version }}.zip") | |
assets+=("-a" "sechub-cli/build/go/sechub-cli.zip.sha256#sechub-cli-${{ inputs.client-version }}.zip.sha256") | |
echo "# Add Debian packages" | |
for asset in sechub-cli/build/deb-build/*.deb ; do | |
filename=`basename "$asset"` | |
assets+=("-a" "${asset}#${filename}") | |
done | |
echo "# Add Client documentation sechub-client-${{ inputs.client-version }}.pdf" | |
assets+=("-a" "sechub-doc/build/docs/asciidoc/sechub-client.pdf#sechub-client-${{ inputs.client-version }}.pdf") | |
# Define release data | |
tag_name="v${{ inputs.client-version }}-client" | |
release_title="Client Version ${{ inputs.client-version }}" | |
release_message="Changes in this Release | |
- Some minor changes on client implementation" | |
release_footer="For more details please look at [Milestone ${{inputs.client-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.client-milestone-number}}?closed=1)" | |
echo "# Create release draft \"$release_title\" on github" | |
hub release create --draft "${assets[@]}" -m "$release_title" -m "$release_message" -m "$release_footer" "$tag_name" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create Client ${{ inputs.client-version }} release issue | |
if: inputs.client-version != '' | |
uses: dacbd/create-issue-action@main | |
with: | |
token: ${{ github.token }} | |
title: Release Client ${{ inputs.client-version }} | |
body: | | |
See [Milestone ${{inputs.client-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.client-milestone-number}}?closed=1) for details. | |
Please close this issue after the release. | |
milestone: ${{ inputs.client-milestone-number }} | |
# ****************************************** | |
# P D S release | |
# ****************************************** | |
- name: Create PDS release ${{ inputs.pds-version }} | |
id: create_pds_release | |
if: inputs.pds-version != '' | |
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
with: | |
tag_name: v${{ inputs.pds-version }}-pds | |
commitish: master | |
release_name: PDS Version ${{ inputs.pds-version }} | |
body: | | |
Changes in this Release | |
- Some minor changes on PDS server implementation | |
For more details please look at [Milestone ${{inputs.pds-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.pds-milestone-number}}?closed=1) | |
draft: true | |
prerelease: false | |
- name: Create sha256 checksum file for PDS jar | |
if: inputs.pds-version != '' | |
run: | | |
cd sechub-pds/build/libs/ | |
sha256sum sechub-pds-${{ inputs.pds-version }}.jar > sechub-pds-${{ inputs.pds-version }}.jar.sha256sum | |
- name: Upload PDS release asset sechub-pds-${{ inputs.pds-version }}.jar | |
if: inputs.pds-version != '' | |
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_pds_release.outputs.upload_url }} | |
asset_path: sechub-pds/build/libs/sechub-pds-${{ inputs.pds-version }}.jar | |
asset_name: sechub-pds-${{ inputs.pds-version }}.jar | |
asset_content_type: application/zip | |
- name: Upload PDS release asset sechub-pds-${{ inputs.pds-version }}.jar.sha256sum | |
if: inputs.pds-version != '' | |
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_pds_release.outputs.upload_url }} | |
asset_path: sechub-pds/build/libs/sechub-pds-${{ inputs.pds-version }}.jar.sha256sum | |
asset_name: sechub-pds-${{ inputs.pds-version }}.jar.sha256sum | |
asset_content_type: text/plain | |
# sechub-product-delegation-server.pdf | |
- name: Upload PDS release asset sechub-product-delegation-server-${{ inputs.pds-version }}.pdf | |
if: inputs.pds-version != '' | |
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_pds_release.outputs.upload_url }} | |
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-product-delegation-server.pdf | |
asset_name: /sechub-product-delegation-server-${{ inputs.pds-version }}.pdf | |
asset_content_type: application/pdf | |
- name: Create PDS ${{ inputs.pds-version }} release issue | |
if: inputs.pds-version != '' | |
uses: dacbd/create-issue-action@main | |
with: | |
token: ${{ github.token }} | |
title: Release PDS ${{ inputs.pds-version }} | |
body: | | |
See [Milestone ${{inputs.pds-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.pds-milestone-number}}?closed=1) for details. | |
Please close this issue after the release. | |
milestone: ${{ inputs.pds-milestone-number }} | |
# Build pds-base container image + push to ghcr | |
- name: Build pds-base ${{ inputs.server-version }} container image + push to ghcr | |
if: inputs.pds-version != '' | |
run: | | |
PDS_VERSION="${{ inputs.pds-version }}" | |
DOCKER_REGISTRY="$ACTIONS_SECHUB_REGISTRY/pds-base" | |
VERSION_TAG="${PDS_VERSION}" | |
cp sechub-pds/build/libs/sechub-pds-${PDS_VERSION}.jar sechub-pds-solutions/pds-base/docker/copy/ | |
cd sechub-pds-solutions/pds-base | |
echo "# Building image $DOCKER_REGISTRY:$VERSION_TAG" | |
echo " from $ACTIONS_BASE_IMAGE_DEBIAN" | |
./10-create-image.sh $DOCKER_REGISTRY $VERSION_TAG $PDS_VERSION $ACTIONS_BASE_IMAGE_DEBIAN copy | |
echo "# Pushing image $DOCKER_REGISTRY:$VERSION_TAG (latest)" | |
./20-push-image.sh $DOCKER_REGISTRY $VERSION_TAG yes | |
# ----------------------------------------- | |
# Create a pull request for merging back `master` into `develop` | |
# ----------------------------------------- | |
- name: pull-request master to develop | |
id: pr_master_to_develop | |
continue-on-error: true | |
uses: repo-sync/pull-request@7e79a9f5dc3ad0ce53138f01df2fad14a04831c5 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
source_branch: "master" | |
destination_branch: "develop" | |
pr_allow_empty: true # should allow an empty PR, but seems not to work | |
pr_title: '2 - After release: Merge master back into develop [auto-generated]' | |
pr_body: | | |
After SecHub release | |
- Client '${{ inputs.client-version }}' | |
- Server '${{ inputs.server-version }}' | |
- PDS '${{ inputs.pds-version }}' | |
Merge master branch back into develop | |
-> Please merge **after** the release has been published. | |
- name: Print PR infos if PR was created | |
if: steps.pr_master_to_develop.outcome == 'success' | |
run: | | |
echo "Pull Request Number - ${{ steps.pr_master_to_develop.outputs.pr_number }}" | |
echo "Pull Request URL - ${{ steps.pr_master_to_develop.outputs.pr_url }}" | |
- name: Print info if no PR was created | |
if: steps.pr_master_to_develop.outcome != 'success' | |
run: | | |
echo "Nothing to merge - no pull request necessary." | |
build-pds-solutions: | |
if: inputs.pds-version != '' | |
needs: release-version | |
# Build all PDS solutions based on above released pds-base image | |
name: Build all PDS solutions | |
uses: mercedes-benz/sechub/.github/workflows/build+publish-all-pds-solutions.yml@develop | |
with: | |
pds-version: ${{ inputs.pds-version }} |