Build and Deploy Release #86
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Deploy Release | |
## | |
## Automates the release process | |
## 1. Update the 'body:' below and the changelog.md | |
## 2. Run `./prepare-release.sh` | |
## 3. Create PR, merge PR | |
## 4. Run `git push origin main --tags` | |
## | |
permissions: | |
contents: write | |
on: | |
push: | |
tags: | |
- v* | |
jobs: | |
build: | |
name: Build dependency-check | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install gpg secret key | |
id: install-gpg-key | |
run: | | |
cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import | |
gpg --list-secret-keys --keyid-format LONG | |
- uses: actions/checkout@v4 | |
- name: Check Maven Cache | |
id: maven-cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.m2/repository/ | |
key: mvn-repo | |
- name: Check Local Maven Cache | |
id: maven-it-cache | |
uses: actions/cache@v3 | |
with: | |
path: maven/target/local-repo | |
key: mvn-it-repo | |
- name: Check ODC Data Cache | |
id: odc-data-cache | |
uses: actions/cache@v3 | |
with: | |
path: core/target/data | |
key: odc-data | |
- uses: actions/[email protected] | |
with: | |
dotnet-version: '6.0.x' | |
- name: Set up JDK 1.8 | |
id: jdk-8 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: 8 | |
distribution: 'zulu' | |
server-id: ossrh | |
server-username: ${{ secrets.OSSRH_USERNAME }} | |
server-password: ${{ secrets.OSSRH_TOKEN }} | |
- uses: pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598 # v2.4.0 | |
with: | |
version: 6.0.2 | |
- name: Configure Git user | |
run: | | |
git config user.email "[email protected]" | |
git config user.name "GitHub Actions" | |
- name: Get version | |
run: | | |
VERSION=$( mvn help:evaluate -Dexpression=project.version -q -DforceStdout ) | |
echo "VERSION=$VERSION" | |
- name: Build Release with Maven | |
id: build-release | |
timeout-minutes: 120 | |
env: | |
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
NVD_API_KEY: ${{ secrets.NVD_API_KEY }} | |
run: | | |
mvn -s settings.xml -Prelease "-DnexusUrl=https://oss.sonatype.org/" clean package source:jar javadoc:jar gpg:sign deploy site site:stage -DreleaseTesting --no-transfer-progress --batch-mode -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
- name: Archive code coverage results | |
id: archive-coverage | |
uses: actions/upload-artifact@v3 | |
with: | |
name: code-coverage-report | |
retention-days: 7 | |
path: | | |
**/target/jacoco-results/jacoco.xml | |
**/target/jacoco-results/**/*.html | |
- name: Archive Release | |
id: archive-release | |
uses: actions/upload-artifact@v3 | |
with: | |
name: archive-release | |
retention-days: 7 | |
path: | | |
**/target/*.asc | |
**/target/*.jar | |
**/target/*.pom | |
ant/target/*.zip | |
cli/target/*.zip | |
target/*.buildinfo | |
- name: Archive Site | |
id: archive-site | |
uses: actions/upload-artifact@v3 | |
with: | |
name: archive-site | |
retention-days: 7 | |
path: target/staging/ | |
publish_coverage: | |
name: publish code coverage reports | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Download coverage reports | |
uses: actions/download-artifact@v3 | |
with: | |
name: code-coverage-report | |
- name: Run codacy-coverage-reporter | |
uses: codacy/codacy-coverage-reporter-action@master | |
with: | |
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
coverage-reports: utils/target/jacoco-results/jacoco.xml,core/target/jacoco-results/jacoco.xml,maven/target/jacoco-results/jacoco.xml,ant/target/jacoco-results/jacoco.xml,cli/target/jacoco-results/jacoco.xml | |
docker: | |
name: Publish Docker | |
runs-on: ubuntu-latest | |
needs: build | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} | |
steps: | |
- name: Check Maven Cache | |
id: maven-cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.m2/repository/ | |
key: mvn-repo | |
- name: Check Docker ODC Cache | |
id: docker-odc-cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/OWASP-Dependency-Check | |
key: docker-repo | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download release build | |
uses: actions/download-artifact@v3 | |
with: | |
name: archive-release | |
- name: Build Docker Image | |
run: ./build-docker.sh | |
- name: build scan target | |
run: mvn -s settings.xml package -DskipTests=true --no-transfer-progress --batch-mode | |
- name: Test Docker Image | |
run: ./test-docker.sh | |
- name: Deploy Docker Image | |
run: | | |
echo $DOCKER_TOKEN | docker login -u $DOCKER_USERNAME --password-stdin 2>/dev/null | |
./publish-docker.sh | |
release: | |
name: Publish Release | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Get version | |
id: get-version | |
run: | | |
VERSION=$( mvn help:evaluate -Dexpression=project.version -q -DforceStdout ) | |
echo "VERSION=$VERSION" >> $GITHUB_ENV | |
- name: Download release build | |
uses: actions/download-artifact@v3 | |
with: | |
name: archive-release | |
- name: Create Release | |
id: create_release | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: v${{ env.VERSION }} | |
release_name: Version ${{ env.VERSION }} | |
prerelease: false | |
draft: false | |
body: | | |
- fix: check java 8 update version; minimum JRE is 8 update 251 (#6118) | |
- fix: add retry for failed NVD API requests (#6136) | |
- docs: add default values to documentation for the NVD API Delay (#6135) | |
- chore: Revert "build(deps): bump com.h2database:h2 from 2.1.214 to 2.2.224" (#6131) | |
- this is a **breaking change** for anyone that successfully created the H2 database with 9.0.0. | |
- fix: mute jcs logging (#6130) | |
- docs: update NVD notice (#6110) | |
- fix: Use the correct key for NVD API-Key from Maven Settings serverId (#6109) | |
See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/71?closed=1). | |
- name: Upload CLI | |
id: upload-release-cli | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: cli/target/dependency-check-${{env.VERSION}}-release.zip | |
asset_name: dependency-check-${{env.VERSION}}-release.zip | |
asset_content_type: application/zip | |
- name: Upload CLI signature | |
id: upload-release-cli-sig | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: cli/target/dependency-check-${{env.VERSION}}-release.zip.asc | |
asset_name: dependency-check-${{env.VERSION}}-release.zip.asc | |
asset_content_type: text/plain | |
- name: Upload ANT | |
id: upload-release-ant | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ant/target/dependency-check-ant-${{env.VERSION}}-release.zip | |
asset_name: dependency-check-ant-${{env.VERSION}}-release.zip | |
asset_content_type: application/zip | |
- name: Upload ANT signature | |
id: upload-release-ant-sig | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ant/target/dependency-check-ant-${{env.VERSION}}-release.zip.asc | |
asset_name: dependency-check-ant-${{env.VERSION}}-release.zip.asc | |
asset_content_type: text/plain | |
- name: Upload buildinfo | |
id: upload-release-buildinfo | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: target/dependency-check-parent-${{env.VERSION}}.buildinfo | |
asset_name: dependency-check-parent-${{env.VERSION}}.buildinfo | |
asset_content_type: text/plain | |
publish: | |
name: Publish gh-pages | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download Site | |
uses: actions/download-artifact@v3 | |
with: | |
name: archive-site | |
path: target/staging | |
- name: Display structure of downloaded files | |
run: ls -R | |
working-directory: target | |
- name: Deploy gh-pages | |
uses: JamesIves/[email protected] | |
with: | |
branch: gh-pages | |
folder: target/staging | |
clean: false |