forked from chains-project/maven-lockfile
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaction.yml
More file actions
185 lines (167 loc) · 7.58 KB
/
action.yml
File metadata and controls
185 lines (167 loc) · 7.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
name: 'Maven-Lockfile'
description: 'This action generates a lockfile for a Maven project.'
branding:
icon: 'lock'
color: 'blue'
inputs:
github-token:
description: 'GitHub token'
required: true
commit-lockfile:
description: 'Commit the lockfile to the repository in case the pom.xml or workflow file has updated. If this is false or the pom.xml and workflow.yml files are unchanged the action will verify the current lockfile.json.'
required: false
default: 'true'
commit-message:
description: 'Commit message for the lockfile'
required: false
default: 'chore: update lockfile'
include-maven-plugins:
description: 'Include Maven plugins in the lockfile'
required: false
default: 'false'
lockfile-name:
description: 'Name of the lockfile (default="lockfile.json")'
required: false
default: 'lockfile.json'
workflow-filename:
description: 'Name of the workflow file'
required: false
default: 'Lockfile.yml'
skip-older-regeneration:
description: 'Skip lockfile regeneration if the existing lockfile was generated by a newer plugin version than this action. Useful to avoid unnecessary commits after a release.'
required: false
default: 'true'
runs:
using: "composite"
steps:
- name: checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
token: ${{ inputs.github-token }}
- name: Setup Java
uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
with:
java-version: '17'
distribution: 'temurin'
cache: maven
- name: Get all changed pom.xml and workflow file(s) and set into POM_CHANGED env variable
id: changed-files
run: |
# Default to no change
echo "POM_CHANGED=false" >> $GITHUB_ENV
if [ -n "$GITHUB_BASE_REF" ]; then # Comparing against base branch (pull request)
BASE_REF="origin/$GITHUB_BASE_REF"
else # No base branch, comparing against previous commit
BASE_REF="HEAD^"
fi
# Safely attempt diff
if CHANGED_FILES=$(git diff --name-only "$BASE_REF"...HEAD 2>/dev/null); then
echo "Changed files: $CHANGED_FILES"
# Check if relevant files changed
if echo "$CHANGED_FILES" | grep -Eq "(pom.xml|${{ inputs.workflow-filename }})"; then
echo "Relevant files changed."
echo "POM_CHANGED=true" >> $GITHUB_ENV
else
echo "No relevant files changed."
fi
else
echo "Git diff failed, setting POM_CHANGED to false."
fi
shell: bash
- name: print POM-CHANGED
run: echo "pom changed ${{ env.POM_CHANGED }}"
shell: bash
- name: Set COMMIT_UPDATED_LOCKFILE environment variable
run: echo "COMMIT_UPDATED_LOCKFILE=${{ inputs.commit-lockfile }}" >> $GITHUB_ENV
shell: bash
- name: Maven Lockfile Action
id: maven-lockfile
run: |
#!/bin/bash
set -e
# -------- Begin Maven Lockfile Action --------
echo "::group::maven-lockfile"
# Configuration from inputs
INCLUDE_MAVEN_PLUGINS="${{ inputs.include-maven-plugins }}"
LOCKFILE_NAME="${{ inputs.lockfile-name }}"
POM_CHANGED="${POM_CHANGED}"
COMMIT_UPDATED_LOCKFILE="${COMMIT_UPDATED_LOCKFILE}"
# Convert to Maven plugin args
PLUGIN_VERSION="5.14.2"
MAVEN_ARGS=""
if [ "$INCLUDE_MAVEN_PLUGINS" == "true" ]; then
MAVEN_ARGS="$MAVEN_ARGS -DincludeMavenPlugins=true"
fi
if [ "$LOCKFILE_NAME" != "lockfile.json" ]; then
MAVEN_ARGS="$MAVEN_ARGS -DlockfileName=$LOCKFILE_NAME"
fi
# Function to execute Maven plugin and handle errors
function execute_maven_command() {
local COMMAND=$1
local SUMMARY_TITLE=$2
local SUCCESS_MESSAGE=$3
local FAILURE_MESSAGE=$4
echo "Executing: mvn $COMMAND $MAVEN_ARGS -q"
if mvn $COMMAND $MAVEN_ARGS -q; then
# Success
echo "::notice::$SUCCESS_MESSAGE"
echo "# Maven Lockfile" >> $GITHUB_STEP_SUMMARY
echo "✅**Success** $SUCCESS_MESSAGE" >> $GITHUB_STEP_SUMMARY
if [ -n "$5" ]; then
echo "$5" >> $GITHUB_STEP_SUMMARY
fi
return 0
else
# Failure
echo "::error::$FAILURE_MESSAGE"
echo "# Maven Lockfile" >> $GITHUB_STEP_SUMMARY
echo "⚠️**Warning** $FAILURE_MESSAGE" >> $GITHUB_STEP_SUMMARY
if [ -n "$6" ]; then
echo "$6" >> $GITHUB_STEP_SUMMARY
fi
return 1
fi
}
# Check if the existing lockfile was generated by a newer plugin version.
# This prevents the action from overwriting a lockfile created during a release
# with a regenerated one from an older pinned action version.
SKIP_GENERATE="false"
SKIP_OLDER_REGENERATION="${{ inputs.skip-older-regeneration }}"
if [ "$SKIP_OLDER_REGENERATION" == "true" ] && [ -f "$LOCKFILE_NAME" ]; then
EXISTING_VERSION=$(jq -r '.metaData.config.mavenLockfileVersion // empty' "$LOCKFILE_NAME")
if [ -n "$EXISTING_VERSION" ]; then
SORTED_FIRST=$(printf '%s\n%s\n' "$PLUGIN_VERSION" "$EXISTING_VERSION" | sort -V | head -1)
if [ "$SORTED_FIRST" = "$PLUGIN_VERSION" ] && [ "$PLUGIN_VERSION" != "$EXISTING_VERSION" ]; then
echo "::notice::Lockfile was generated by a newer version ($EXISTING_VERSION) than this action ($PLUGIN_VERSION). Skipping regeneration."
SKIP_GENERATE="true"
fi
fi
fi
# Determine whether to generate or validate
if [ "$POM_CHANGED" == "true" ] && [ "$COMMIT_UPDATED_LOCKFILE" == "true" ] && [ "$SKIP_GENERATE" == "false" ]; then
echo "::notice::Pom file changed, running lockfile generation"
GENERATE_COMMAND="io.github.chains-project:maven-lockfile:$PLUGIN_VERSION:generate"
if ! execute_maven_command "$GENERATE_COMMAND" "Lockfile Generation" "Lockfile generation succeeded" "Lockfile generation failed"; then
echo "::endgroup::"
exit 1
fi
else
echo "::notice::Pom file not changed, running lockfile validation"
VALIDATE_COMMAND="io.github.chains-project:maven-lockfile:$PLUGIN_VERSION:validate"
ADDITIONAL_FAILURE_MESSAGE="The lockfile is not up to date with the pom file. Please run io.github.chains-project:maven-lockfile:$PLUGIN_VERSION:generate to update the lockfile. For your convenience, you can also download the generated lockfile from the artifacts of this check run."
ADDITIONAL_SUCCESS_MESSAGE="The lockfile is up to date with the pom files."
if ! execute_maven_command "$VALIDATE_COMMAND" "Integrity Check" "Integrity check passed" "Integrity check failed" "$ADDITIONAL_SUCCESS_MESSAGE" "$ADDITIONAL_FAILURE_MESSAGE"; then
echo "::endgroup::"
exit 1
fi
fi
echo "::endgroup::"
shell: bash
- id: commit-lockfile
if: inputs.commit-lockfile == 'true'
uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # 7.1.0
with:
commit_message: ${{ inputs.commit-message }}