-
Notifications
You must be signed in to change notification settings - Fork 67
222 lines (195 loc) · 9.14 KB
/
release-pds-tools.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
# SPDX-License-Identifier: MIT
name: Release PDS-Tools
on:
workflow_dispatch:
inputs:
actor-email:
description: Insert your email address here. It will be used in the generated pull requests
required: true
pds-tools-version:
description: PDS-Tools Version (e.g. 0.1.0)
required: true
pds-tools-milestone-number:
description: PDS-Tools Milestone number (e.g. 70)
required: true
jobs:
release-version:
name: Create PDS-Tools release
runs-on: ubuntu-latest
steps:
- name: "Show Inputs"
run: |
echo "actor-email: '${{ inputs.actor-email }}'"
echo "PDS-Tools '${{ inputs.pds-tools-version }}' - Milestone '${{ inputs.pds-tools-milestone-number }}'"
# Check inputs if a milestone number is provided for each version to be released:
- name: "Verify Input: PDS-Tools"
if: (inputs.pds-tools-version != '') && (inputs.pds-tools-milestone-number == '')
run: |
echo "For PDS-Tools release, pds-tools-milestone-number must be provided!"
exit 1
- name: Checkout master
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
ref: master
# Create temporary local tags, so we build documentation for this tag...
# The final tag on git server side will be done by the release when the draft is saved as "real" release
# automatically.
- name: "Temporary tag server version: v${{ inputs.pds-tools-version }}-pds-tools"
run: git tag v${{ inputs.pds-tools-version }}-pds-tools
# ----------------------
# Setup + Caching
# ----------------------
- name: Install required packages
run: sudo apt-get -y install hub
- name: Set up JDK 17
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b
with:
java-version: 17
distribution: temurin
- name: Set up Gradle
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
with:
cache-read-only: false
# ----------------------
# Create pull request if license headers are missing
# ----------------------
- name: run apply-headers.sh
id: apply-headers
run: |
git config user.name "$GITHUB_TRIGGERING_ACTOR (via github-actions)"
git config user.email "${{ inputs.actor-email }}"
./apply-headers.sh
git commit -am "SPDX headers added by SecHub release job @github-actions" || true
COMMITS=`git log --oneline --branches --not --remotes`
echo "commits=$COMMITS" >> $GITHUB_OUTPUT
- name: Create pull request for SPDX license headers
id: pr_spdx_headers
if: steps.apply-headers.outputs.commits != ''
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
with:
branch: release-spdx-headers
branch-suffix: short-commit-hash
delete-branch: true
title: '0 - Before pds-tools release: Add missing SPDX license headers [auto-generated]'
body: |
Auto-generated by Github Actions pds-tools release job.
-> Please review and merge **before** publishing the pds-tools release.
- name: Print PR infos
if: steps.apply-headers.outputs.commits != ''
run: |
echo "Pull Request Number - ${{ steps.pr_spdx_headers.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.pr_spdx_headers.outputs.pull-request-url }}"
# ----------------------
# Build SecHub PDS-Tools
# ----------------------
- name: Build Server, DAUI and generate OpenAPI file
run: ./gradlew ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-integrationtest:test -x :sechub-cli:build
- name: Generate and build Java projects related to SecHub Java API
run: ./gradlew :sechub-api-java:build :sechub-systemtest:build :sechub-pds-tools:buildPDSToolsCLI -Dsechub.build.stage=api-necessary
# To identifiy parts not in git history and leading to "-dirty-$commitId" markern in documentation
- name: Collect GIT status
if: always()
run: |
# restore reduced-openapi3.json
git restore sechub-api-java/src/main/resources/reduced-openapi3.json
mkdir -p build/reports
git status > build/reports/git-status.txt
echo "--- git tags:" >> build/reports/git-status.txt
git tag --points-at HEAD >> build/reports/git-status.txt
- name: Archive GIT status
if: always()
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: git-status.txt
path: build/reports/git-status.txt
retention-days: 14
- name: Archive PDS-Tools cli artifact
if: always()
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: sechub-pds-tools
path: sechub-pds-tools/build/libs
retention-days: 14
# -----------------------------------------
# Assert releaseable, so no dirty flags on releases
# even when all artifact creation parts are done!
# -----------------------------------------
- name: Assert releasable
run: |
git status
./gradlew assertReleaseable
# ******************************************
# P D S - T o o l s release
# ******************************************
- name: Prepare PDS-Tools ${{ inputs.pds-tools-version }} release artifacts
shell: bash
run: |
mkdir pds-tools-release-artifacts
# Collect release artifacts
cp sechub-pds-tools/build/libs/sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar \
pds-tools-release-artifacts/
# Compute sha256 checksums for .jar files
cd pds-tools-release-artifacts
for i in *.jar ; do
sha256sum "$i" > "$i.sha256sum"
done
- name: Create PDS-Tools ${{ inputs.pds-tools-version }} release draft
shell: bash
run: |
assets=()
echo "# Adding PDS binaries and docs"
cd pds-tools-release-artifacts/
for asset in * ; do
filename=`basename "$asset"`
echo "# - $filename"
assets+=("-a" "${asset}#${filename}")
done
# Define release data
tag_name="v${{ inputs.pds-tools-version }}-pds-tools"
release_title="PDS-Tools Version ${{ inputs.pds-tools-version }}"
release_message="Changes in this Release
- Some minor changes on PDS-Tools implementation"
release_footer="For more details please look at [Milestone ${{inputs.pds-tools-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.pds-tools-milestone-number}}?closed=1)"
echo "# Create release draft \"$release_title\" on github"
hub release create --draft "${assets[@]}" -m "$release_title" -m "$release_message" -m "$release_footer" "$tag_name"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# -----------------------------------------
# Create release issue
# -----------------------------------------
- name: Create PDS-Tool ${{ inputs.pds-tools-version }} release issue
uses: dacbd/create-issue-action@main
with:
token: ${{ github.token }}
title: Release PDS-Tool ${{ inputs.pds-tools-version }}
body: |
See [Milestone ${{inputs.pds-tools-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.pds-tools-milestone-number}}?closed=1) for details.
Please close this issue after the release.
milestone: ${{ inputs.pds-tools-milestone-number }}
# -----------------------------------------
# Create a pull request for merging back `master` into `develop`
# -----------------------------------------
- name: pull-request master to develop
id: pr_master_to_develop
continue-on-error: true
uses: repo-sync/pull-request@7e79a9f5dc3ad0ce53138f01df2fad14a04831c5
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
source_branch: "master"
destination_branch: "develop"
pr_allow_empty: true # should allow an empty PR, but seems not to work
pr_title: '2 - After pds-tools release: Merge master back into develop [auto-generated]'
pr_body: |
After PDS-Tool release
- PDS-Tools '${{ inputs.pds-tools-version }}'
Merge master branch back into develop
-> Please merge **after** the release has been published.
- name: Print PR infos if PR was created
if: steps.pr_master_to_develop.outcome == 'success'
run: |
echo "Pull Request Number - ${{ steps.pr_master_to_develop.outputs.pr_number }}"
echo "Pull Request URL - ${{ steps.pr_master_to_develop.outputs.pr_url }}"
- name: Print info if no PR was created
if: steps.pr_master_to_develop.outcome != 'success'
run: |
echo "Nothing to merge - no pull request necessary."