-
-
Notifications
You must be signed in to change notification settings - Fork 14
156 lines (134 loc) · 5.31 KB
/
ci-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# This file is part of Dependency-Track.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) OWASP Foundation. All Rights Reserved.
name: Release CI
on:
workflow_dispatch:
inputs:
version-overwrite:
required: false
default: ''
description: 'Use this to overwrite the version number to release, otherwise uses the current SNAPSHOT version (expected format x.y.z)'
type: string
permissions: { }
jobs:
prepare-release:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.variables.outputs.version }}
next-version: ${{ steps.variables.outputs.next-version }}
release-branch: ${{ steps.variables.outputs.release-branch }}
steps:
- name: Checkout Repository
uses: actions/[email protected]
- name: Setup Environment
id: variables
run: |-
VERSION="${{ github.event.inputs.version-overwrite }}"
if [[ -z ${VERSION} ]]; then
CURRENT_SNAPSHOT=`yq -p=xml '.project.version' pom.xml`
VERSION=${CURRENT_SNAPSHOT%-SNAPSHOT}
fi
NEXT_VERSION="${VERSION%.*}.$((${VERSION##*.} + 1))-SNAPSHOT"
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "next-version=${NEXT_VERSION}" >> $GITHUB_OUTPUT
echo "release-branch=${VERSION%.*}.x" >> $GITHUB_OUTPUT
create-release:
runs-on: ubuntu-latest
permissions:
# Required for pushing changes via git command (rather than via GitHub API).
# TODO: Use bot credentials for git, or rewrite the "Commit Version" step to use API instead.
contents: write
needs:
- prepare-release
env:
VERSION: ${{ needs.prepare-release.outputs.version }}
BRANCH_NAME: ${{ needs.prepare-release.outputs.release-branch }}
steps:
- name: Checkout Repository
uses: actions/[email protected]
- name: Set up JDK
uses: actions/[email protected]
with:
distribution: 'temurin'
java-version: '21'
cache: 'maven'
- name: Set Version
run: mvn -B --no-transfer-progress versions:set -DnewVersion=${VERSION}
- name: Commit Version
env:
GITHUB_TOKEN: ${{ secrets.BOT_RELEASE_TOKEN }}
run: |-
MESSAGE="prepare-release: set version to ${VERSION}"
CONTENT=$(base64 -i pom.xml)
if [[ -z `git ls-remote --quiet --heads origin "${BRANCH_NAME}"` ]]; then
SHA=$(git rev-parse ${GITHUB_REF#refs/heads/}:pom.xml)
# https://gist.github.com/swinton/03e84635b45c78353b1f71e41007fc7c
gh api --method PUT /repos/{owner}/{repo}/contents/pom.xml \
--field message="${MESSAGE}" \
--field content="${CONTENT}" \
--field encoding="base64" \
--field branch="${GITHUB_REF_NAME}" \
--field sha="${SHA}"
git fetch
git reset --hard "origin/${GITHUB_REF_NAME}"
git checkout -b "${BRANCH_NAME}"
git push origin "${BRANCH_NAME}"
else
git checkout "${BRANCH_NAME}"
SHA=$(git rev-parse ${BRANCH_NAME}:pom.xml)
gh api --method PUT /repos/{owner}/{repo}/contents/pom.xml \
--field message="${MESSAGE}" \
--field content="${CONTENT}" \
--field encoding="base64" \
--field branch="${BRANCH_NAME}" \
--field sha="${SHA}"
fi
- name: Create GitHub Release
env:
GITHUB_TOKEN: ${{ secrets.BOT_RELEASE_TOKEN }}
run: |-
gh release create "${{ needs.prepare-release.outputs.version }}" \
--target "${{ needs.prepare-release.outputs.release-branch }}" \
--generate-notes
post-release:
runs-on: ubuntu-latest
needs:
- prepare-release
- create-release
env:
NEXT_VERSION: ${{ needs.prepare-release.outputs.next-version }}
BRANCH_NAME: ${{ needs.prepare-release.outputs.release-branch }}
steps:
- name: Checkout Repository
uses: actions/[email protected]
with:
ref: ${{ needs.prepare-release.outputs.release-branch }}
- name: Set SNAPSHOT Version after Release
run: mvn -B --no-transfer-progress versions:set -DnewVersion=${NEXT_VERSION}
- name: Commit SNAPSHOT Version
env:
GITHUB_TOKEN: ${{ secrets.BOT_RELEASE_TOKEN }}
run: |-
MESSAGE="prepare-iteration: set version to ${NEXT_VERSION}"
CONTENT=$(base64 -i pom.xml)
SHA=$(git rev-parse ${BRANCH_NAME}:pom.xml)
gh api --method PUT /repos/{owner}/{repo}/contents/pom.xml \
--field message="${MESSAGE}" \
--field content="${CONTENT}" \
--field encoding="base64" \
--field branch="${BRANCH_NAME}" \
--field sha="${SHA}"