Skip to content

Release PDS-Tools

Release PDS-Tools #10

# SPDX-License-Identifier: MIT
name: Release PDS-Tools
on:
workflow_dispatch:
inputs:
pds-tools-version:
description: PDS-Tools Version (e.g. 0.1.0)
required: true
pds-tools-milestone-number:
description: PDS-Tools Milestone number (e.g. 70)
required: true
jobs:
release-version:
name: Create PDS-Tools release
runs-on: ubuntu-latest
steps:
- name: "Show Inputs"
run: |
echo "PDS-Tools '${{ inputs.pds-tools-version }}' - Milestone '${{ inputs.pds-tools-milestone-number }}'"
# Check inputs if a milestone number is provided for each version to be released:
- name: "Verify Input: PDS-Tools"
if: (inputs.pds-tools-version != '') && (inputs.pds-tools-milestone-number == '')
run: |
echo "For PDS-Tools release, pds-tools-milestone-number must be provided!"
exit 1
- name: Checkout master
uses: actions/checkout@v4
with:
ref: master
# Create temporary local tags, so we build documentation for this tag...
# The final tag on git server side will be done by the release when the draft is saved as "real" release
# automatically.
- name: "Temporary tag server version: v${{ inputs.pds-tools-version }}-pds-tools - if defined"
if: inputs.pds-tools-version != ''
run: git tag v${{ inputs.pds-tools-version }}-pds-tools
# ----------------------
# Setup + Caching
# ----------------------
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: 17
distribution: temurin
cache: gradle
# ----------------------
# Create pull request if license headers are missing
# ----------------------
- name: run apply-headers.sh
id: apply-headers
run: |
git config user.name "SecHub release job (github-actions)"
git config user.email [email protected]
./apply-headers.sh
git commit -am "SPDX headers added by SecHub release job @github-actions" || true
COMMITS=`git log --oneline --branches --not --remotes`
echo "commits=$COMMITS" >> $GITHUB_OUTPUT
- name: Create pull request for SPDX license headers
id: pr_spdx_headers
if: steps.apply-headers.outputs.commits != ''
uses: peter-evans/[email protected]
with:
branch: release-spdx-headers
branch-suffix: short-commit-hash
delete-branch: true
title: '0 - Before pds-tools release: Add missing SPDX license headers [auto-generated]'
body: |
Auto-generated by Github Actions pds-tools release job.
-> Please review and merge **before** publishing the pds-tools release.
- name: Print PR infos
if: steps.apply-headers.outputs.commits != ''
run: |
echo "Pull Request Number - ${{ steps.pr_spdx_headers.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.pr_spdx_headers.outputs.pull-request-url }}"
# ----------------------
# SecHub PDS-Tools
# ----------------------
- name: Build Server, DAUI and generate OpenAPI file
run: ./gradlew ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-integrationtest:test -x :sechub-cli:build
- name: Generate and build Java projects related to SecHub Java API
run: ./gradlew :sechub-api-java:build :sechub-systemtest:build :sechub-pds-tools:buildPDSToolsCLI -Dsechub.build.stage=api-necessary
# To identifiy parts not in git history and leading to "-dirty-$commitId" markern in documentation
- name: Collect GIT status
if: always()
run: |
# restore reduced-openapi3.json
git restore sechub-api-java/src/main/resources/reduced-openapi3.json
mkdir -p build/reports
git status > build/reports/git-status.txt
echo "--- git tags:" >> build/reports/git-status.txt
git tag --points-at HEAD >> build/reports/git-status.txt
- name: Archive GIT status
if: always()
uses: actions/upload-artifact@v3
with:
name: git-status.txt
path: build/reports/git-status.txt
retention-days: 14
- name: Archive PDS-Tools cli artifact
if: always()
uses: actions/upload-artifact@v3
with:
name: sechub-pds-tools
path: sechub-pds-tools/build/libs
retention-days: 14
# -----------------------------------------
# Assert releaseable, so no dirty flags on releases
# even when all artifact creation parts are done!
# -----------------------------------------
- name: Assert releasable
run: |
git status
./gradlew assertReleaseable
- name: Create PDS-Tools release
id: create_pds_tools_release
if: inputs.pds-tools-version != ''
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: v${{ inputs.pds-tools-version }}-pds-tools
commitish: master
release_name: PDS-Tools Version ${{ inputs.pds-tools-version }}
body: |
Changes in this Release
- Some minor changes on PDS-Tools implementation
For more details please look at [Milestone ${{inputs.pds-tools-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.pds-tools-milestone-number}}?closed=1)
draft: true
prerelease: false
- name: Create sha256 checksum file for PDS-Tools cli jar
if: inputs.pds-tools-version != ''
run: |
cd sechub-pds-tools/build/libs
sha256sum sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar > sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar.sha256sum
- name: Upload PDS-Tools release asset sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar
if: inputs.pds-tools-version != ''
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_pds_tools_release.outputs.upload_url }}
asset_path: sechub-pds-tools/build/libs/sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar
asset_name: sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar
asset_content_type: application/zip
- name: Upload PDS-Tools release asset sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar.sha256sum
if: inputs.pds-tools-version != ''
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_pds_tools_release.outputs.upload_url }}
asset_path: sechub-pds-tools/build/libs/sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar.sha256sum
asset_name: sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar.sha256sum
asset_content_type: text/plain
# -----------------------------------------
# Create release issue
# -----------------------------------------
- name: Create PDS-Tool ${{ inputs.pds-tools-version }} release issue
uses: dacbd/create-issue-action@main
with:
token: ${{ github.token }}
title: Release PDS-Tool ${{ inputs.pds-tools-version }}
body: |
See [Milestone ${{inputs.pds-tools-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.pds-tools-milestone-number}}?closed=1) for details.
Please close this issue after the release.
milestone: ${{ inputs.pds-tools-milestone-number }}
# -----------------------------------------
# Create a pull request for merging back `master` into `develop`
# -----------------------------------------
- name: pull-request master to develop
id: pr_master_to_develop
continue-on-error: true
uses: repo-sync/pull-request@v2
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
source_branch: "master"
destination_branch: "develop"
pr_allow_empty: true # should allow an empty PR, but seems not to work
pr_title: '2 - After pds-tools release: Merge master back into develop [auto-generated]'
pr_body: |
After PDS-Tool release
- PDS-Tools '${{ inputs.pds-tools-version }}'
Merge master branch back into develop
-> Please merge **after** the release has been published.
- name: Print PR infos if PR was created
if: steps.pr_master_to_develop.outcome == 'success'
run: |
echo "Pull Request Number - ${{ steps.pr_master_to_develop.outputs.pr_number }}"
echo "Pull Request URL - ${{ steps.pr_master_to_develop.outputs.pr_url }}"
- name: Print info if no PR was created
if: steps.pr_master_to_develop.outcome != 'success'
run: |
echo "Nothing to merge - no pull request necessary."