|
1 | 1 | name: Automate release |
2 | 2 |
|
3 | | -env: |
4 | | - JIRA_PROJECT_KEY: "SONARPHP" |
5 | | - PROJECT_NAME: "SonarPHP" |
6 | | - LANGUAGE: "php" |
7 | | - USE_JIRA_SANDBOX: true |
8 | | - IS_DRAFT_RELEASE: true |
9 | | - PM_EMAIL: 'yasen.pavlov@sonarsource.com' |
10 | | - RELEASE_AUTOMATION_SECRET_NAME: "sonar-php-release-automation" |
11 | | - |
12 | 3 | on: |
13 | 4 | workflow_dispatch: |
14 | 5 | inputs: |
15 | | - short_description: |
| 6 | + short-description: |
16 | 7 | description: | |
17 | | - A brief summary of what the release contains. |
| 8 | + A brief summary of what the release contains. |
18 | 9 | This will be added directly to the release ticket. |
19 | 10 | required: true |
20 | 11 | rule_properties_changed: |
|
48 | 39 | required: false |
49 | 40 |
|
50 | 41 | jobs: |
51 | | - pre-release-checks: |
52 | | - name: Pre-release checks |
53 | | - runs-on: ubuntu-latest |
54 | | - permissions: |
55 | | - statuses: read |
56 | | - contents: write |
57 | | - pull-requests: write |
58 | | - id-token: write |
59 | | - steps: |
60 | | - - name: Check Releasability Status |
61 | | - uses: SonarSource/release-github-actions/check-releasability-status@update_analyzer_action |
62 | | - |
63 | | - - name: Update Rule Metadata |
64 | | - id: update-rule-metadata |
65 | | - uses: SonarSource/release-github-actions/update-rule-metadata@update_analyzer_action |
66 | | - |
67 | | - - name: Check Rule Metadata Changes |
68 | | - if: steps.update-rule-metadata.outputs.has-changes == 'true' |
69 | | - run: | |
70 | | - echo "::error::Rule metadata changes detected. The generated PR needs to be merged first before continuing with the release." |
71 | | - echo "::error::Pull Request URL: ${{ steps.update-rule-metadata.outputs.pull-request-url }}" |
72 | | - echo "::error::Please merge the PR and restart this workflow." |
73 | | - exit 1 |
74 | | -
|
75 | | - prepare-release: |
76 | | - name: Prepare release |
77 | | - runs-on: ubuntu-latest |
78 | | - needs: pre-release-checks |
79 | | - permissions: |
80 | | - statuses: read |
81 | | - contents: read |
82 | | - id-token: write |
83 | | - outputs: |
84 | | - release-version: ${{ steps.get-release-version.outputs.release-version }} |
85 | | - jira-version-name: ${{ steps.get-jira-version.outputs.jira-version-name }} |
86 | | - release-notes: ${{ steps.get-jira-release-notes.outputs.release-notes }} |
87 | | - jira-release-url: ${{ steps.get-jira-release-notes.outputs.jira-release-url }} |
88 | | - steps: |
89 | | - - name: Get Release Version |
90 | | - id: get-release-version |
91 | | - uses: SonarSource/release-github-actions/get-release-version@update_analyzer_action |
92 | | - |
93 | | - - name: Get Jira Version |
94 | | - id: get-jira-version |
95 | | - uses: SonarSource/release-github-actions/get-jira-version@update_analyzer_action |
96 | | - |
97 | | - - name: Get Jira Release Notes |
98 | | - id: get-jira-release-notes |
99 | | - uses: SonarSource/release-github-actions/get-jira-release-notes@update_analyzer_action |
100 | | - |
101 | | - create-release-ticket: |
102 | | - name: Create release ticket |
103 | | - runs-on: ubuntu-latest |
104 | | - needs: prepare-release |
105 | | - permissions: |
106 | | - id-token: write |
107 | | - outputs: |
108 | | - release-ticket-key: ${{ steps.create-ticket.outputs.release-ticket-key }} |
109 | | - release-ticket-url: ${{ steps.create-ticket.outputs.release-ticket-url }} |
110 | | - steps: |
111 | | - - name: Create Jira Release Ticket |
112 | | - id: create-ticket |
113 | | - uses: SonarSource/release-github-actions/create-jira-release-ticket@update_analyzer_action |
114 | | - with: |
115 | | - project-name: ${{env.PROJECT_NAME }} |
116 | | - short-description: ${{ inputs.short_description }} |
117 | | - sq-compatibility: ${{ inputs.sq_compatibility }} |
118 | | - jira-release-url: ${{ needs.prepare-release.outputs.jira-release-url }} |
119 | | - |
120 | | - - name: Start progress on ticket |
121 | | - uses: SonarSource/release-github-actions/update-release-ticket-status@update_analyzer_action |
122 | | - with: |
123 | | - release-ticket-key: ${{ steps.create-ticket.outputs.release-ticket-key }} |
124 | | - status: "Start Progress" |
125 | | - |
126 | | - publish-github-release: |
127 | | - name: Publish github release |
128 | | - runs-on: ubuntu-latest |
129 | | - needs: [prepare-release, create-release-ticket] |
130 | | - permissions: |
131 | | - id-token: write |
132 | | - contents: write |
133 | | - actions: write |
134 | | - outputs: |
135 | | - github-release-url: ${{ steps.publish-github-release.outputs.release-url}} |
136 | | - steps: |
137 | | - - name: Publish GitHub Release |
138 | | - id: publish-github-release |
139 | | - uses: SonarSource/release-github-actions/publish-github-release@update_analyzer_action |
140 | | - with: |
141 | | - release-version: ${{ needs.prepare-release.outputs.release-version }} |
142 | | - release-notes: ${{ needs.prepare-release.outputs.release-notes }} |
143 | | - release-workflow: 'sonar-release.yml' |
144 | | - draft: true |
145 | | - |
146 | | - update-analyzers: |
147 | | - name: Update Analyzers in SQS and SQC |
148 | | - runs-on: ubuntu-latest |
149 | | - needs: [prepare-release, publish-github-release] |
150 | | - permissions: |
151 | | - id-token: write |
152 | | - outputs: |
153 | | - sqs-pull-request-url: ${{ steps.update-sqs.outputs.pull-request-url }} |
154 | | - steps: |
155 | | - - name: Update analyzer in SQS |
156 | | - id: update-sqs |
157 | | - uses: SonarSource/release-github-actions/update-analyzer@update_analyzer_action |
158 | | - with: |
159 | | - release-version: ${{ needs.prepare-release.outputs.release-version }} |
160 | | - ticket-key: 'SONAR-25669' |
161 | | - plugin-name: ${{ env.LANGUAGE }} |
162 | | - secret-name: ${{ env.RELEASE_AUTOMATION_SECRET_NAME }} |
163 | | - draft: ${{ env.IS_DRAFT_RELEASE }} |
164 | | - reviewers: ${{ github.event.inputs.integration_prs_reviewers }} |
165 | | - |
166 | | - summarize_release: |
167 | | - name: Release |
168 | | - runs-on: ubuntu-latest |
169 | | - needs: [prepare-release, publish-github-release, update-analyzers] |
170 | | - steps: |
171 | | - - name: Post Summary to Workflow |
172 | | - run: | |
173 | | - echo "**Summary of the release:**" >> $GITHUB_STEP_SUMMARY |
174 | | - echo "- **Released Version:** ${{ needs.prepare-release.outputs.release-version }}" >> $GITHUB_STEP_SUMMARY |
175 | | - echo "- **New Version:** ${{ needs.prepare-release.outputs.jira-version-name }}" >> $GITHUB_STEP_SUMMARY |
176 | | - echo "- **Jira Release URL:** ${{ needs.prepare-release.outputs.jira-release-url }}" >> $GITHUB_STEP_SUMMARY |
177 | | - echo "- **GitHub Release URL:** ${{ needs.publish-github-release.outputs.github-release-url }}" >> $GITHUB_STEP_SUMMARY |
178 | | - echo "- **SQS Analyzer PR URL:** ${{ needs.update-analyzers.outputs.sqs_pr_url }}" >> $GITHUB_STEP_SUMMARY |
179 | | - echo "" >> $GITHUB_STEP_SUMMARY |
| 42 | + automated-release: |
| 43 | + uses: SonarSource/release-github-actions/.github/workflows/cloud-security-automated-release.yml@yp/add_cloud_security_workflow |
| 44 | + with: |
| 45 | + jira-project-key: "SONARPHP" |
| 46 | + project-name: "SonarPHP" |
| 47 | + plugin-name: "php" |
| 48 | + use-jira-sandbox: true |
| 49 | + is-draft-release: true |
| 50 | + pm-email: "yasen.pavlov@sonarsource.com" |
| 51 | + release-automation-secret-name: "sonar-php-release-automation" |
| 52 | + short-description: ${{ inputs.short_description }} |
| 53 | + sq-compatibility: ${{ inputs.sq_compatibility }} |
0 commit comments