From d485eaec267e62b66340a6a6db147d5469383896 Mon Sep 17 00:00:00 2001 From: Pedro Lopes Date: Fri, 15 Oct 2021 08:52:25 +0100 Subject: [PATCH] update release process --- .github/scripts/update_cli.sh | 6 +-- .github/workflows/ci.yml | 9 ++-- .github/workflows/manual-tag.yml | 2 +- .github/workflows/release.yml | 90 ++++++++++++++++++++------------ .github/workflows/update-cli.yml | 12 +++-- 5 files changed, 73 insertions(+), 46 deletions(-) diff --git a/.github/scripts/update_cli.sh b/.github/scripts/update_cli.sh index 93424f56..d1c2a3d7 100755 --- a/.github/scripts/update_cli.sh +++ b/.github/scripts/update_cli.sh @@ -7,7 +7,7 @@ filename_darwin=ast-cli_${release}_darwin_x64.tar.gz #Windows echo "Updating windows binary" -wget https://github.com/CheckmarxDev/ast-cli/releases/download/${release}/${filename_windows} +wget https://github.com/checkmarx/ast-cli/releases/download/${release}/${filename_windows} unzip ${filename_windows} -d tmp mv ./tmp/cx.exe ./src/main/resources/cx.exe rm -r tmp @@ -15,7 +15,7 @@ rm ${filename_windows} #linux echo "Updating linux binary" -wget https://github.com/CheckmarxDev/ast-cli/releases/download/${release}/${filename_linux} +wget https://github.com/checkmarx/ast-cli/releases/download/${release}/${filename_linux} mkdir ./tmp/ tar -xvzf ${filename_linux} -C ./tmp/ mv ./tmp/cx ./src/main/resources/cx-linux @@ -24,7 +24,7 @@ rm ${filename_linux} #darwin echo "Updating mac binary" -wget https://github.com/CheckmarxDev/ast-cli/releases/download/${release}/${filename_darwin} +wget https://github.com/checkmarx/ast-cli/releases/download/${release}/${filename_darwin} mkdir ./tmp/ tar -xvzf ${filename_darwin} -C ./tmp/ mv ./tmp/cx ./src/main/resources/cx-mac diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 556fba02..d53a5439 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,23 +6,20 @@ jobs: integration-tests: runs-on: ubuntu-latest steps: - - name: Checkout the repository + - name: Checkout uses: actions/checkout@v2 + - name: Set up JDK 8 uses: actions/setup-java@v1 with: java-version: 8 - - name: Copy executable - run: cp ./src/main/resources/cx-linux /tmp/ - - name: Permissions to executable - run: sudo chmod 777 /tmp/cx-linux + - name: Run tests with Maven env: CX_CLIENT_ID: ${{ secrets.CLIENT_ID}} CX_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET}} CX_BASE_URI: ${{ secrets.BASE_URI }} CX_TENANT: ${{ secrets.TENANT }} - PATH_TO_EXECUTABLE: /tmp/cx-linux run: mvn -B test --file pom.xml cx-scan: runs-on: ubuntu-latest diff --git a/.github/workflows/manual-tag.yml b/.github/workflows/manual-tag.yml index 9b46a75e..4cca27b3 100644 --- a/.github/workflows/manual-tag.yml +++ b/.github/workflows/manual-tag.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2.3.4 + uses: actions/checkout@v2 with: token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} - name: Tag diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b09f595f..56e2a345 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,36 +9,60 @@ jobs: release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - - name: Set env - run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV - - - name: Cache local Maven repository - uses: actions/cache@v2 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - - name: Set up Maven Central Repository - uses: actions/setup-java@v2 - with: - java-version: '11' - distribution: 'adopt' - server-id: ossrh - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} - gpg-passphrase: MAVEN_GPG_PASSPHRASE - - - name: Update the POM version. - run: mvn -B versions:set -DnewVersion='${{ env.RELEASE_VERSION }}' --file pom.xml -DskipTests - - - name: Publish package - run: mvn --batch-mode deploy -DskipTests - env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + - name: Checkout + uses: actions/checkout@v2 + with: + token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + + - name: Set env + run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV + + - name: Cache local Maven repository + uses: actions/cache@v2 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + + - name: Set up Maven Central Repository + uses: actions/setup-java@v2 + with: + java-version: '11' + distribution: 'adopt' + server-id: ossrh + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE + + - name: Update the POM version. + run: mvn -B versions:set -DnewVersion='${{ env.RELEASE_VERSION }}' --file pom.xml -DskipTests + + - name: Commit pom change version + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add pom.xml + git commit -m '[auto-release] Update pom version' + git push + + - name: Publish package + run: mvn --batch-mode deploy -DskipTests + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Build Changelog + id: build_changelog + uses: mikepenz/release-changelog-builder-action@v2.4.3 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + outputFile: ${{ github.workspace }}-CHANGELOG.txt + + - name: Release + uses: softprops/action-gh-release@v1 + with: + body_path: ${{ github.workspace }}-CHANGELOG.txt diff --git a/.github/workflows/update-cli.yml b/.github/workflows/update-cli.yml index 2d837bdf..b76bca77 100644 --- a/.github/workflows/update-cli.yml +++ b/.github/workflows/update-cli.yml @@ -1,4 +1,5 @@ name: Update checkmarx ast cli + on: workflow_dispatch: schedule: @@ -8,12 +9,15 @@ jobs: updateCheckmarxJenkins: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - name: Checkout + uses: actions/checkout@v2 + - name: Get Latest Checkmarx API version id: checkmarx-ast-cli run: | - echo ::set-output name=release_tag::$(curl -sL https://api.github.com/repos/CheckmarxDev/ast-cli/releases/latest | jq -r ".tag_name") + echo ::set-output name=release_tag::$(curl -sL https://api.github.com/repos/checkmarx/ast-cli/releases/latest | jq -r ".tag_name") echo ::set-output name=current_tag::$( checkmarx-ast-cli.version + - name: Download latest cli and update branch if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag run: | # Update binaries chmod +x ./.github/scripts/update_cli.sh ./.github/scripts/update_cli.sh ${{ steps.checkmarx-ast-cli.outputs.release_tag }} + - name: Create Pull Request if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag uses: peter-evans/create-pull-request@v3 @@ -39,6 +45,6 @@ jobs: Auto-generated by [create-pull-request][2] - [1]: https://github.com/CheckmarxDev/checkmarx-ast-cli + [1]: https://github.com/Checkmarx/checkmarx-ast-cli labels: dependencies, automated pr branch: feature/update_cli