-
Notifications
You must be signed in to change notification settings - Fork 67
220 lines (192 loc) · 9.09 KB
/
release-pds-tools.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
# SPDX-License-Identifier: MIT
name: Release PDS-Tools
on:
workflow_dispatch:
inputs:
pds-tools-version:
description: PDS-Tools Version (e.g. 0.1.0)
required: true
pds-tools-milestone-number:
description: PDS-Tools Milestone number (e.g. 70)
required: true
jobs:
release-version:
name: Create PDS-Tools release
runs-on: ubuntu-latest
steps:
- name: "Show Inputs"
run: |
echo "PDS-Tools '${{ inputs.pds-tools-version }}' - Milestone '${{ inputs.pds-tools-milestone-number }}'"
# Check inputs if a milestone number is provided for each version to be released:
- name: "Verify Input: PDS-Tools"
if: (inputs.pds-tools-version != '') && (inputs.pds-tools-milestone-number == '')
run: |
echo "For PDS-Tools release, pds-tools-milestone-number must be provided!"
exit 1
- name: Checkout master
uses: actions/checkout@v4
with:
ref: master
# Create temporary local tags, so we build documentation for this tag...
# The final tag on git server side will be done by the release when the draft is saved as "real" release
# automatically.
- name: "Temporary tag server version: v${{ inputs.pds-tools-version }}-pds-tools - if defined"
if: inputs.pds-tools-version != ''
run: git tag v${{ inputs.pds-tools-version }}-pds-tools
# ----------------------
# Setup + Caching
# ----------------------
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: 17
distribution: temurin
cache: gradle
# ----------------------
# Create pull request if license headers are missing
# ----------------------
- name: run apply-headers.sh
id: apply-headers
run: |
git config user.name "SecHub release job (github-actions)"
git config user.email [email protected]
./apply-headers.sh
git commit -am "SPDX headers added by SecHub release job @github-actions" || true
COMMITS=`git log --oneline --branches --not --remotes`
echo "commits=$COMMITS" >> $GITHUB_OUTPUT
- name: Create pull request for SPDX license headers
id: pr_spdx_headers
if: steps.apply-headers.outputs.commits != ''
uses: peter-evans/[email protected]
with:
branch: release-spdx-headers
branch-suffix: short-commit-hash
delete-branch: true
title: '0 - Before pds-tools release: Add missing SPDX license headers [auto-generated]'
body: |
Auto-generated by Github Actions pds-tools release job.
-> Please review and merge **before** publishing the pds-tools release.
- name: Print PR infos
if: steps.apply-headers.outputs.commits != ''
run: |
echo "Pull Request Number - ${{ steps.pr_spdx_headers.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.pr_spdx_headers.outputs.pull-request-url }}"
# ----------------------
# SecHub PDS-Tools
# ----------------------
- name: Build Server, DAUI and generate OpenAPI file
run: ./gradlew ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-integrationtest:test -x :sechub-cli:build
- name: Generate and build Java projects related to SecHub Java API
run: ./gradlew :sechub-api-java:build :sechub-systemtest:build :sechub-pds-tools:buildPDSToolsCLI -Dsechub.build.stage=api-necessary
# To identifiy parts not in git history and leading to "-dirty-$commitId" markern in documentation
- name: Collect GIT status
if: always()
run: |
# restore reduced-openapi3.json
git restore sechub-api-java/src/main/resources/reduced-openapi3.json
mkdir -p build/reports
git status > build/reports/git-status.txt
echo "--- git tags:" >> build/reports/git-status.txt
git tag --points-at HEAD >> build/reports/git-status.txt
- name: Archive GIT status
if: always()
uses: actions/upload-artifact@v3
with:
name: git-status.txt
path: build/reports/git-status.txt
retention-days: 14
- name: Archive PDS-Tools cli artifact
if: always()
uses: actions/upload-artifact@v3
with:
name: sechub-pds-tools
path: sechub-pds-tools/build/libs
retention-days: 14
# -----------------------------------------
# Assert releaseable, so no dirty flags on releases
# even when all artifact creation parts are done!
# -----------------------------------------
- name: Assert releasable
run: |
git status
./gradlew assertReleaseable
- name: Create PDS-Tools release
id: create_pds_tools_release
if: inputs.pds-tools-version != ''
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: v${{ inputs.pds-tools-version }}-pds-tools
commitish: master
release_name: PDS-Tools Version ${{ inputs.pds-tools-version }}
body: |
Changes in this Release
- Some minor changes on PDS-Tools implementation
For more details please look at [Milestone ${{inputs.pds-tools-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.pds-tools-milestone-number}}?closed=1)
draft: true
prerelease: false
- name: Create sha256 checksum file for PDS-Tools cli jar
if: inputs.pds-tools-version != ''
run: |
cd sechub-pds-tools/build/libs
sha256sum sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar > sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar.sha256sum
- name: Upload PDS-Tools release asset sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar
if: inputs.pds-tools-version != ''
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_pds_tools_release.outputs.upload_url }}
asset_path: sechub-pds-tools/build/libs/sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar
asset_name: sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar
asset_content_type: application/zip
- name: Upload PDS-Tools release asset sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar.sha256sum
if: inputs.pds-tools-version != ''
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_pds_tools_release.outputs.upload_url }}
asset_path: sechub-pds-tools/build/libs/sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar.sha256sum
asset_name: sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar.sha256sum
asset_content_type: text/plain
# -----------------------------------------
# Create release issue
# -----------------------------------------
- name: Create PDS-Tool ${{ inputs.pds-tools-version }} release issue
uses: dacbd/create-issue-action@main
with:
token: ${{ github.token }}
title: Release PDS-Tool ${{ inputs.pds-tools-version }}
body: |
See [Milestone ${{inputs.pds-tools-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.pds-tools-milestone-number}}?closed=1) for details.
Please close this issue after the release.
milestone: ${{ inputs.pds-tools-milestone-number }}
# -----------------------------------------
# Create a pull request for merging back `master` into `develop`
# -----------------------------------------
- name: pull-request master to develop
id: pr_master_to_develop
continue-on-error: true
uses: repo-sync/pull-request@v2
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
source_branch: "master"
destination_branch: "develop"
pr_allow_empty: true # should allow an empty PR, but seems not to work
pr_title: '2 - After pds-tools release: Merge master back into develop [auto-generated]'
pr_body: |
After PDS-Tool release
- PDS-Tools '${{ inputs.pds-tools-version }}'
Merge master branch back into develop
-> Please merge **after** the release has been published.
- name: Print PR infos if PR was created
if: steps.pr_master_to_develop.outcome == 'success'
run: |
echo "Pull Request Number - ${{ steps.pr_master_to_develop.outputs.pr_number }}"
echo "Pull Request URL - ${{ steps.pr_master_to_develop.outputs.pr_url }}"
- name: Print info if no PR was created
if: steps.pr_master_to_develop.outcome != 'success'
run: |
echo "Nothing to merge - no pull request necessary."