From 7993602031c079f16dd0f23e96e50d0f126ac999 Mon Sep 17 00:00:00 2001
From: Pedro Lopes <Pedro.Lopes@checkmarx.com>
Date: Wed, 15 Sep 2021 15:02:50 +0100
Subject: [PATCH] add update script and manual tag creation

---
 .github/scripts/update_cli.sh                 | 32 ++++++++++++++
 .github/workflows/{main.yml => ci.yml}        | 17 +------
 .github/workflows/manual-tag.yml              | 27 ++++++++++++
 .../{npm-publish.yml => release.yml}          | 12 ++---
 .github/workflows/update-cli.yml              | 44 +++++++++++++++++++
 checkmarx-ast-cli.version                     |  1 +
 6 files changed, 113 insertions(+), 20 deletions(-)
 create mode 100644 .github/scripts/update_cli.sh
 rename .github/workflows/{main.yml => ci.yml} (62%)
 create mode 100644 .github/workflows/manual-tag.yml
 rename .github/workflows/{npm-publish.yml => release.yml} (68%)
 create mode 100644 .github/workflows/update-cli.yml
 create mode 100644 checkmarx-ast-cli.version

diff --git a/.github/scripts/update_cli.sh b/.github/scripts/update_cli.sh
new file mode 100644
index 00000000..c619330e
--- /dev/null
+++ b/.github/scripts/update_cli.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+release=$1
+filename_windows=ast-cli_${release}_windows_x64.zip
+filename_linux=ast-cli_${release}_linux_x64.tar.gz
+filename_darwin=ast-cli_${release}_darwin_x64.tar.gz
+
+#Windows
+echo "Updating windows binary"
+wget https://github.com/Checkmarx/ast-cli/releases/download/${release}/${filename_windows}
+unzip ${filename_windows} -d tmp
+mv ./tmp/cx.exe ./src/main/resources/cx.exe
+rm -r tmp
+rm ${filename_windows}
+
+#linux
+echo "Updating linux binary"
+wget https://github.com/Checkmarx/ast-cli/releases/download/${release}/${filename_linux}
+mkdir ./tmp/
+tar -xvzf  ${filename_linux} -C ./tmp/
+mv ./tmp/cx ./src/main/resources/cx-linux
+rm -r tmp
+rm ${filename_linux}
+
+#darwin
+echo "Updating mac binary"
+wget https://github.com/Checkmarx/ast-cli/releases/download/${release}/${filename_darwin}
+mkdir ./tmp/
+tar -xvzf  ${filename_darwin} -C ./tmp/
+mv ./tmp/cx ./src/main/resources/cx-mac
+rm -r tmp
+rm ${filename_darwin}
\ No newline at end of file
diff --git a/.github/workflows/main.yml b/.github/workflows/ci.yml
similarity index 62%
rename from .github/workflows/main.yml
rename to .github/workflows/ci.yml
index 3f6b78dd..d1d6c9a0 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/ci.yml
@@ -1,25 +1,12 @@
-# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
-# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
-
-name: Integration Tests
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
+name: AST Javascript wrapper CI
 
+on: [pull_request]
 jobs:
   build:
-
     runs-on: ubuntu-latest
-
     strategy:
       matrix:
-        #node-version: [10.x, 12.x, 14.x, 15.x]
         node-version: [ 15.x ]
-        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
-
     steps:
       - uses: actions/checkout@v2
       - name: Copy executable
diff --git a/.github/workflows/manual-tag.yml b/.github/workflows/manual-tag.yml
new file mode 100644
index 00000000..9b46a75e
--- /dev/null
+++ b/.github/workflows/manual-tag.yml
@@ -0,0 +1,27 @@
+name: Manual Tag Creation
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Next release tag'
+        required: true
+
+jobs:
+  tag-creation:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2.3.4
+        with:
+          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+      - name: Tag
+        run: |
+          echo ${{ github.event.inputs.tag }}
+          echo "NEXT_VERSION=${{ github.event.inputs.tag }}" >> $GITHUB_ENV
+      - name: Create tag
+        uses: actions-ecosystem/action-push-tag@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+        with:
+          tag: ${{ env.NEXT_VERSION }}
diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/release.yml
similarity index 68%
rename from .github/workflows/npm-publish.yml
rename to .github/workflows/release.yml
index 619ae3d8..ff3c6c02 100644
--- a/.github/workflows/npm-publish.yml
+++ b/.github/workflows/release.yml
@@ -1,22 +1,24 @@
-# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
-# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
-
 name: Node.js Package
 
 on:
-  release:
-    types: [created]
+  push:
+    tags:
+      - "*"
 
 jobs:
   publish-gpr:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
+      - name: Set env
+        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
       - uses: actions/setup-node@v2
         with:
           node-version: 12
           registry-url: https://npm.pkg.github.com/
       - run: npm ci
+      - name: Update version
+        run: npm version ${{ env.RELEASE_VERSION }}
       - name: npm build
         run: npm run build
       - name: Set up NPM authentication
diff --git a/.github/workflows/update-cli.yml b/.github/workflows/update-cli.yml
new file mode 100644
index 00000000..8578b470
--- /dev/null
+++ b/.github/workflows/update-cli.yml
@@ -0,0 +1,44 @@
+name: Update checkmarx ast cli
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '*/5 * * * *'
+
+jobs:
+  update-checkmarx-cli:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Get Latest Checkmarx API version
+        id: checkmarx-ast-cli
+        run: |
+          echo ::set-output name=release_tag::$(curl -sL https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | jq -r ".tag_name")
+          echo ::set-output name=current_tag::$(<checkmarx-ast-cli.version)
+      - name: Update Checkmarx cli version
+        if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
+        env:
+          RELEASE_TAG: ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
+        run: |
+          # Update current release
+          echo ${{ steps.checkmarx-ast-cli.outputs.release_tag }} > checkmarx-ast-cli.version
+      - name: Download latest cli and update branch
+        if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
+        run: |
+          # Update binaries
+          chmod +x ./.github/scripts/update_cli.sh
+          ./.github/scripts/update_cli.sh ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
+      - name: Create Pull Request
+        if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
+        uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          commit-message: Update checkmarx-ast-cli to ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
+          title: Update checkmarx-ast-cli binaries with ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
+          body: |
+            Updates [checkmarx-ast-cli][1] to ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
+
+            Auto-generated by [create-pull-request][2]
+
+            [1]: https://github.com/Checkmarx/checkmarx-ast-cli
+          labels: dependencies, automated pr
+          branch: feature/update_cli
diff --git a/checkmarx-ast-cli.version b/checkmarx-ast-cli.version
new file mode 100644
index 00000000..b48c0cd1
--- /dev/null
+++ b/checkmarx-ast-cli.version
@@ -0,0 +1 @@
+2.0.0-rc.22
\ No newline at end of file