Release Creation #147
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Creation | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Dev release tag' | |
| required: true | |
| type: string | |
| dev: | |
| description: 'Is dev build' | |
| required: false | |
| default: true | |
| type: boolean | |
| cliTag: | |
| description: 'Version of the CLI to bundle' | |
| required: false | |
| type: string | |
| workflow_call: | |
| inputs: | |
| tag: | |
| description: 'Dev release tag' | |
| required: true | |
| type: string | |
| dev: | |
| description: 'Is dev build' | |
| required: false | |
| default: true | |
| type: boolean | |
| cliTag: | |
| description: 'Version of the CLI to bundle' | |
| required: false | |
| type: string | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| CLI_VERSION: ${{ steps.extract_cli_version.outputs.CLI_VERSION }} | |
| TAG_NAME: ${{ steps.set_tag_name.outputs.TAG_NAME }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} | |
| lfs: true | |
| - name: Download CLI | |
| if: inputs.cliTag | |
| run: | | |
| chmod +x ./.github/scripts/update_cli.sh | |
| ./.github/scripts/update_cli.sh ${{ inputs.cliTag }} | |
| - name: Tag | |
| id: set_tag_name | |
| run: | | |
| echo ${{ inputs.tag }} | |
| tag=${{ inputs.tag }} | |
| echo "RELEASE_VERSION=${{ inputs.tag }}" >> $GITHUB_ENV | |
| message='${{ inputs.tag }}' | |
| git config user.name "${GITHUB_ACTOR}" | |
| git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
| git tag -a "${tag}" -m "${message}" | |
| git push origin "${tag}" | |
| echo "::set-output name=TAG_NAME::${{ inputs.tag }}" | |
| - name: Cache local Maven repository | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Set up Maven Central Repository | |
| uses: actions/[email protected] | |
| with: | |
| java-version: '11' | |
| distribution: 'temurin' | |
| server-id: ossrh | |
| server-username: MAVEN_USERNAME | |
| server-password: MAVEN_PASSWORD | |
| gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
| gpg-passphrase: MAVEN_GPG_PASSPHRASE | |
| - name: Update the POM version. | |
| run: mvn -B versions:set -DnewVersion='${{ env.RELEASE_VERSION }}' --file pom.xml -DskipTests | |
| - name: Build artifactId property | |
| run: | | |
| prop='' | |
| if [ ${{ inputs.dev }} = true ] && ![ "${{ inputs.tag }}" = "1.0.0-SNAPSHOT" ]; then | |
| prop='-Dast.wrapper.id=ast-cli-java-wrapper-dev' | |
| fi | |
| echo "AID_PROP=${prop}" >> $GITHUB_ENV | |
| - name: Extract CLI version | |
| id: extract_cli_version | |
| run: | | |
| CLI_VERSION=$(./src/main/resources/cx-linux version | grep -Eo '^[0-9]+\.[0-9]+\.[0-9]+') | |
| echo "CLI version being packed is $CLI_VERSION" | |
| echo "CLI_VERSION=$CLI_VERSION" >> $GITHUB_ENV | |
| echo "::set-output name=CLI_VERSION::$CLI_VERSION" | |
| - name: Check if CLI version is latest | |
| id: check_latest_cli_version | |
| run: | | |
| LATEST_CLI_VERSION=$(curl -s https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') | |
| echo "CLI_VERSION=[$CLI_VERSION]" | |
| echo "LATEST_CLI_VERSION=[$LATEST_CLI_VERSION]" | |
| echo "Latest CLI version from GitHub: $LATEST_CLI_VERSION" | |
| if [ "$CLI_VERSION" = "$LATEST_CLI_VERSION" ]; then | |
| echo "CLI_VERSION ($CLI_VERSION) matches the latest released version ($LATEST_CLI_VERSION). Proceeding." | |
| else | |
| echo "CLI_VERSION ($CLI_VERSION) does not match the latest released version ($LATEST_CLI_VERSION). Failing workflow." | |
| exit 1 | |
| fi | |
| - name: Publish package | |
| run: mvn --batch-mode deploy -DskipTests ${{ env.AID_PROP }} | |
| env: | |
| MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
| MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
| MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
| - name: Release | |
| uses: softprops/action-gh-release@a6c7483a42ee9d5daced968f6c217562cd680f7f #v2 | |
| with: | |
| generate_release_notes: true | |
| tag_name: ${{ inputs.tag }} | |
| prerelease: ${{ inputs.dev }} | |
| notify: | |
| if: inputs.dev == false | |
| needs: release | |
| uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main | |
| with: | |
| product_name: Java Wrapper | |
| release_version: ${{ needs.release.outputs.TAG_NAME }} | |
| cli_release_version: ${{ needs.release.outputs.CLI_VERSION }} | |
| release_author: "Phoenix Team" | |
| release_url: https://github.com/CheckmarxDev/ast-cli-java-wrapper/releases/tag/${{ needs.release.outputs.TAG_NAME }} | |
| jira_product_name: JAVA_WRAPPER | |
| secrets: inherit | |
| dispatch_auto_release: | |
| name: Update Jenkins/Jetbrains/Eclipse Extensions With new Wrapper Version | |
| if: inputs.dev == false | |
| needs: notify | |
| uses: Checkmarx/plugins-release-workflow/.github/workflows/dispatch-workflow.yml@main | |
| with: | |
| cli_version: ${{ needs.release.outputs.CLI_VERSION }} | |
| is_cli_release: false | |
| is_java_release: true | |
| secrets: inherit |