only dispatch release (AST-000)

cx-daniel-greenspan · web-flow · commit ad578e8b6941 · 2025-03-10T17:16:26.000+02:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -29,132 +29,132 @@ permissions:
   contents: write
 
 jobs:
-  build:
-    runs-on: macos-13
-    env:
-      AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
-      APPLE_DEVELOPER_CERTIFICATE_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
-      APPLE_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
-      COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
-      COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
-      COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 #v4.0.0
-        with:
-          fetch-depth: 0
-      - name: Install Go
-        uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 #v4
-        with:
-          go-version-file: go.mod
-      - name: Import Code-Signing Certificates
-        uses: Apple-Actions/import-codesign-certs@253ddeeac23f2bdad1646faac5c8c2832e800071 #v1
-        with:
-          # The certificates in a PKCS12 file encoded as a base64 string
-          p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
-          # The password used to import the PKCS12 file.
-          p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
-      - name: Updating and upgrading brew to a specific version
-        run: |
-          brew --version
-          cd $(brew --repo)
-          git fetch --tags
-          git checkout 4.4.15
-          export HOMEBREW_NO_AUTO_UPDATE=1
-          brew --version
+  # build:
+  #   runs-on: macos-13
+  #   env:
+  #     AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
+  #     APPLE_DEVELOPER_CERTIFICATE_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
+  #     APPLE_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
+  #     COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+  #     COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+  #     COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
+  #   steps:
+  #     - name: Checkout
+  #       uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 #v4.0.0
+  #       with:
+  #         fetch-depth: 0
+  #     - name: Install Go
+  #       uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 #v4
+  #       with:
+  #         go-version-file: go.mod
+  #     - name: Import Code-Signing Certificates
+  #       uses: Apple-Actions/import-codesign-certs@253ddeeac23f2bdad1646faac5c8c2832e800071 #v1
+  #       with:
+  #         # The certificates in a PKCS12 file encoded as a base64 string
+  #         p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
+  #         # The password used to import the PKCS12 file.
+  #         p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
+  #     - name: Updating and upgrading brew to a specific version
+  #       run: |
+  #         brew --version
+  #         cd $(brew --repo)
+  #         git fetch --tags
+  #         git checkout 4.4.15
+  #         export HOMEBREW_NO_AUTO_UPDATE=1
+  #         brew --version
 
-      - name: Install gon
-        run: |
-          brew install Bearer/tap/gon
-      - name: Setup Docker on macOS
-        if: inputs.dev == false
-        uses: douglascamata/setup-docker-macos-action@4fe96839fcba8a2d746e020d00a89a37afbc7dc9  #v1-alpha.15
-      - name: Test docker
-        if: inputs.dev == false
-        run: |
-          docker version
-          docker info
-      - name: Login to Docker Hub
-        if: inputs.dev == false
-        uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 #v1
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+  #     - name: Install gon
+  #       run: |
+  #         brew install Bearer/tap/gon
+  #     - name: Setup Docker on macOS
+  #       if: inputs.dev == false
+  #       uses: douglascamata/setup-docker-macos-action@4fe96839fcba8a2d746e020d00a89a37afbc7dc9  #v1-alpha.15
+  #     - name: Test docker
+  #       if: inputs.dev == false
+  #       run: |
+  #         docker version
+  #         docker info
+  #     - name: Login to Docker Hub
+  #       if: inputs.dev == false
+  #       uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 #v1
+  #       with:
+  #         username: ${{ secrets.DOCKER_USERNAME }}
+  #         password: ${{ secrets.DOCKER_PASSWORD }}
 
-      - name: Install Cosign
-        if: inputs.dev == false
-        run: |
-          brew install sigstore/tap/cosign
+  #     - name: Install Cosign
+  #       if: inputs.dev == false
+  #       run: |
+  #         brew install sigstore/tap/cosign
 
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2
-        with:
-          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
-          aws-region: ${{ secrets.AWS_ASSUME_ROLE_REGION }}
-      - name: Tag
-        run: |
-          echo ${{ inputs.tag }}
-          echo "NEXT_VERSION=${{ inputs.tag }}" >> $GITHUB_ENV
-          tag=${{ inputs.tag }}
-          message='${{ inputs.tag }}: PR #${{ github.event.pull_request.number }} ${{ github.event.pull_request.title }}'
-          git config user.name "${GITHUB_ACTOR}"
-          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
-          git tag -a "${tag}" -m "${message}"
-          git push origin "${tag}"
-      - name: Build GoReleaser Args
-        run: |
-          args='release --clean --debug'
-          if [ ${{ inputs.dev }} = true ]; then
-            args=${args}' --config=".goreleaser-dev.yml"'
-          fi
-          echo "GR_ARGS=${args}" >> $GITHUB_ENV
-      - name: Echo GoReleaser Args
-        run: echo ${{ env.GR_ARGS }}
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 #v3
-        with:
-          version: v1.18.2
-          args: ${{ env.GR_ARGS }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GO_BOT_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-          S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }}
-          S3_BUCKET_REGION: ${{ secrets.S3_BUCKET_REGION }}
-          SIGNING_REMOTE_SSH_USER: ${{ secrets.SIGNING_REMOTE_SSH_USER }}
-          SIGNING_REMOTE_SSH_HOST: ${{ secrets.SIGNING_REMOTE_SSH_HOST }}
-          SIGNING_REMOTE_SSH_PRIVATE_KEY: ${{ secrets.SIGNING_REMOTE_SSH_PRIVATE_KEY }}
-          SIGNING_HSM_CREDS: ${{ secrets.SIGNING_HSM_CREDS }}
-      - name: Sign Docker Image with Cosign
-        if: inputs.dev == false
-        run: |
-          cosign sign --yes --key env://COSIGN_PRIVATE_KEY checkmarx/ast-cli:${{ inputs.tag }}
+  #     - name: Configure AWS Credentials
+  #       uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2
+  #       with:
+  #         role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
+  #         aws-region: ${{ secrets.AWS_ASSUME_ROLE_REGION }}
+  #     - name: Tag
+  #       run: |
+  #         echo ${{ inputs.tag }}
+  #         echo "NEXT_VERSION=${{ inputs.tag }}" >> $GITHUB_ENV
+  #         tag=${{ inputs.tag }}
+  #         message='${{ inputs.tag }}: PR #${{ github.event.pull_request.number }} ${{ github.event.pull_request.title }}'
+  #         git config user.name "${GITHUB_ACTOR}"
+  #         git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+  #         git tag -a "${tag}" -m "${message}"
+  #         git push origin "${tag}"
+  #     - name: Build GoReleaser Args
+  #       run: |
+  #         args='release --clean --debug'
+  #         if [ ${{ inputs.dev }} = true ]; then
+  #           args=${args}' --config=".goreleaser-dev.yml"'
+  #         fi
+  #         echo "GR_ARGS=${args}" >> $GITHUB_ENV
+  #     - name: Echo GoReleaser Args
+  #       run: echo ${{ env.GR_ARGS }}
+  #     - name: Run GoReleaser
+  #       uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 #v3
+  #       with:
+  #         version: v1.18.2
+  #         args: ${{ env.GR_ARGS }}
+  #       env:
+  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  #         GO_BOT_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+  #         S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }}
+  #         S3_BUCKET_REGION: ${{ secrets.S3_BUCKET_REGION }}
+  #         SIGNING_REMOTE_SSH_USER: ${{ secrets.SIGNING_REMOTE_SSH_USER }}
+  #         SIGNING_REMOTE_SSH_HOST: ${{ secrets.SIGNING_REMOTE_SSH_HOST }}
+  #         SIGNING_REMOTE_SSH_PRIVATE_KEY: ${{ secrets.SIGNING_REMOTE_SSH_PRIVATE_KEY }}
+  #         SIGNING_HSM_CREDS: ${{ secrets.SIGNING_HSM_CREDS }}
+  #     - name: Sign Docker Image with Cosign
+  #       if: inputs.dev == false
+  #       run: |
+  #         cosign sign --yes --key env://COSIGN_PRIVATE_KEY checkmarx/ast-cli:${{ inputs.tag }}
 
-      - name: Verify Docker image signature
-        if: inputs.dev == false
-        run: |
-          echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub
-          cosign verify --key cosign.pub checkmarx/ast-cli:${{ inputs.tag }}
-        env:
-          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+  #     - name: Verify Docker image signature
+  #       if: inputs.dev == false
+  #       run: |
+  #         echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub
+  #         cosign verify --key cosign.pub checkmarx/ast-cli:${{ inputs.tag }}
+  #       env:
+  #         COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
 
-  notify:
-    name: Update Teams & JIRA About New Release
-    if: inputs.dev == false
-    needs: build
-    uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main
-    with:
-      product_name: CLI
-      release_version: ${{ inputs.tag }}
-      cli_release_version: ""
-      release_author: "Phoenix Team"
-      release_url: https://github.com/Checkmarx/ast-cli/releases/tag/${{ inputs.tag }}
-      jira_product_name: ASTCLI
-    secrets: inherit
+  # notify:
+  #   name: Update Teams & JIRA About New Release
+  #   if: inputs.dev == false
+  #   needs: build
+  #   uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main
+  #   with:
+  #     product_name: CLI
+  #     release_version: ${{ inputs.tag }}
+  #     cli_release_version: ""
+  #     release_author: "Phoenix Team"
+  #     release_url: https://github.com/Checkmarx/ast-cli/releases/tag/${{ inputs.tag }}
+  #     jira_product_name: ASTCLI
+  #   secrets: inherit
 
   dispatch_auto_release:
     name: Update Plugins With new Cli Version
     if: inputs.dev == false
-    needs: notify
+    #needs: notify
     uses: Checkmarx/plugins-release-workflow/.github/workflows/dispatch-workflow.yml@main
     with:
       cli_version: ${{ inputs.tag }}
