uid2-shared-actions/.github/workflows/shared-publish-to-maven-versioned.yaml at 91653789afe358abb1e0ffe97d13eef794d47721 · IABTechLab/uid2-shared-actions · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
name: Shared Pipeline to build and publish JAR Packages to Maven Repos
on:
  workflow_call:
    inputs:
      release_type:
        description: The type of version number to return. Must be one of [Snapshot, Patch, Minor or Major]
        required: true
        type: string
      publish_to_maven:
        description: 'True to publish the artifacts to maven repository, false to skip the step'
        default: true
        required: false
        type: boolean
      java_version:
        type: string
        default: '11'
      publish_vulnerabilities:
        type: string
        default: 'true'
      working_dir:
        description: The path to the directory for which the version should be determined.
        type: string
        default: '.'
      vulnerability_failure_severity:
        description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. Must be one of ['CRITICAL', 'CRITICAL,HIGH' or 'CRITICAL,HIGH,MEDIUM'] (without space in between).
        type: string
        default: 'CRITICAL,HIGH'

env:
  IS_RELEASE: ${{ (inputs.release_type == 'Major' || inputs.release_type == 'Minor' || inputs.release_type == 'Patch') && (github.event.repository.default_branch == github.ref_name ) }}
  REPO: ${{ github.event.repository.name }}

jobs:
  release:
    name: ${{ ((inputs.release_type == 'Major' || inputs.release_type == 'Minor' || inputs.release_type == 'Patch') && (github.event.repository.default_branch == github.ref_name )) && 'Create Release' || 'Publish Pre-release' }}
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
      contents: write
      security-events: write
      packages: write
    steps:
      - name: Show Context
        run: |
          printenv
          echo "$GITHUB_CONTEXT"
        shell: bash
        env:
            GITHUB_CONTEXT: ${{ toJson(github) }}

      - name: Check branch and release type
        id: checkRelease
        uses: IABTechLab/uid2-shared-actions/actions/check_branch_and_release_type@v2
        with:
          release_type: ${{ inputs.release_type }}

      - name: Checkout repo
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Checkout uid2-shared-actions repo
        uses: actions/checkout@v4
        with:
          ref: kcc-UID2-3858-verify-no-of-tests-run
          repository: IABTechLab/uid2-shared-actions
          path: uid2-shared-actions

      - name: Set up JDK
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: ${{ inputs.java_version }}

      - name: Download key
        uses: IABTechLab/uid2-shared-actions/actions/download_gpg_key@v2
        with:
          key: ${{ secrets.GPG_KEY }}

      - name: Vulnerability Scan
        uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v3
        with:
          scan_severity: HIGH,CRITICAL
          failure_severity: ${{ inputs.vulnerability_failure_severity }}
          publish_vulnerabilities: ${{ inputs.publish_vulnerabilities }}

      - name: Set version number
        id: version
        uses: IABTechLab/uid2-shared-actions/actions/version_number@v2
        with:
          type: ${{ inputs.release_type }}
          branch_name: ${{ github.ref }}
          working_dir: ${{ inputs.working_dir }}

      - name: Update pom.xml
        run: |
          current_version=$(grep -o '<version>.*</version>' ${{ inputs.working_dir }}/pom.xml | head -1 | sed 's/<version>\(.*\)<\/version>/\1/')
          new_version=${{ steps.version.outputs.new_version }}
          sed -i "s/$current_version/$new_version/g" ${{ inputs.working_dir }}/pom.xml
          echo "Version number updated from $current_version to $new_version"
      - name: Create Maven Settings
        run: |
          cd ./${{ inputs.working_dir }}
          echo "<settings>
                    <servers>
                        <server>
                            <id>ossrh</id>
                            <username>${{ secrets.SONATYPE_REPO_USERNAME }}</username>
                            <password>${{ secrets.SONATYPE_REPO_TOKEN }}</password>
                        </server>
                    </servers>
                </settings>
                " >> settings.xml

      - name: Publish
        if: ${{ inputs.publish_to_maven }}
        run: |
          cd ./${{ inputs.working_dir }}
          mvn -B -s settings.xml -Dgpg.passphrase="${{ secrets.GPG_PASSPHRASE }}" clean deploy

      - name: Compile
        if: ${{ inputs.publish_to_maven != true }}
        env:
          EXTRA_FLAGS: "-s settings.xml -Dgpg.passphrase=\"${{ secrets.GPG_PASSPHRASE }}\""
        run: |
          cd ./${{ inputs.working_dir }}
          bash uid2-shared-actions/scripts/compile_java_test_and_verify.sh

      - name: Commit pom.xml and version.json
        if: ${{ steps.checkRelease.outputs.is_release != 'true' }}
        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v2
        with:
          add: '${{ inputs.working_dir }}/pom.xml ${{ inputs.working_dir }}/version.json'
          message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}'

      - name: Commit pom.xml, version.json and set tag
        if: ${{ steps.checkRelease.outputs.is_release == 'true' }}
        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v2
        with:
          add: '${{ inputs.working_dir }}/pom.xml ${{ inputs.working_dir }}/version.json'
          message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}'
          tag: v${{ steps.version.outputs.new_version }}

      - name: Build Changelog
        id: github_release
        if: ${{ env.IS_RELEASE == 'true' }}
        uses: mikepenz/release-changelog-builder-action@v4
        with:
          toTag: v${{ steps.version.outputs.new_version }}
          configurationJson: |
            {
              "template": "#{{CHANGELOG}}\n## Maven\n```\n<dependency>\n    <groupId>com.uid2</groupId>\n    <artifactId>${{ env.REPO }}</artifactId>\n    <version>${{ steps.version.outputs.new_version }}</version>\n</dependency>\n```\n\n## Jar Files\n- [${{ env.REPO }}-${{ steps.version.outputs.new_version }}.jar](https://repo1.maven.org/maven2/com/uid2/${{ env.REPO }}/${{ steps.version.outputs.new_version }}/${{ env.REPO }}-${{ steps.version.outputs.new_version }}.jar)\n\n## Changelog\n#{{UNCATEGORIZED}}",
              "pr_template": " - #{{TITLE}} - ( PR: ##{{NUMBER}} )"
            }
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Create Release
        if: ${{ env.IS_RELEASE == 'true' }}
        uses: softprops/action-gh-release@v2
        with:
          name: v${{ steps.version.outputs.new_version }}
          body: ${{ steps.github_release.outputs.changelog }}
          draft: true