Build and Deploy Release #98
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Deploy Release | |
## | |
## Automates the release process | |
## 1. Run `./list-changes.sh` and update the changelog.md. | |
## 2. Run `./prepare-release.sh` | |
## 3. Create PR, merge PR | |
## 4. Run `git push origin --tags` | |
## | |
permissions: | |
contents: write | |
on: | |
push: | |
tags: | |
- v* | |
jobs: | |
build: | |
name: Build dependency-check | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install gpg secret key | |
id: install-gpg-key | |
run: | | |
cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import | |
gpg --list-secret-keys --keyid-format LONG | |
- uses: actions/checkout@v4 | |
- name: Check Maven Cache | |
id: maven-cache | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository/ | |
key: mvn-repo | |
- name: Check Local Maven Cache | |
id: maven-it-cache | |
uses: actions/cache@v4 | |
with: | |
path: maven/target/local-repo | |
key: mvn-it-repo | |
- name: Check ODC Data Cache | |
id: odc-data-cache | |
uses: actions/cache@v4 | |
with: | |
path: core/target/data | |
key: odc-data | |
- uses: actions/[email protected] | |
with: | |
dotnet-version: '6.0.x' | |
- name: Set up JDK 1.8 | |
id: jdk-8 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 8 | |
distribution: 'zulu' | |
server-id: ossrh | |
server-username: ${{ secrets.OSSRH_USERNAME }} | |
server-password: ${{ secrets.OSSRH_TOKEN }} | |
- uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0 | |
with: | |
version: 6.0.2 | |
- name: Configure Git user | |
run: | | |
git config user.email "[email protected]" | |
git config user.name "GitHub Actions" | |
- name: Get version | |
run: | | |
VERSION=$( mvn help:evaluate -Dexpression=project.version -q -DforceStdout ) | |
echo "VERSION=$VERSION" | |
- name: Build Release with Maven | |
id: build-release | |
timeout-minutes: 120 | |
env: | |
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
NVD_API_KEY: ${{ secrets.NVD_API_KEY }} | |
run: | | |
mvn -V -s settings.xml -Prelease "-DnexusUrl=https://oss.sonatype.org/" clean package source:jar javadoc:jar gpg:sign deploy site site:stage -DreleaseTesting --no-transfer-progress --batch-mode -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
- name: Archive code coverage results | |
id: archive-coverage | |
uses: actions/upload-artifact@v4 | |
with: | |
name: code-coverage-report | |
retention-days: 7 | |
path: | | |
**/target/jacoco-results/jacoco.xml | |
**/target/jacoco-results/**/*.html | |
- name: Archive Release | |
id: archive-release | |
uses: actions/upload-artifact@v4 | |
with: | |
name: archive-release | |
retention-days: 7 | |
path: | | |
**/target/*.asc | |
**/target/*.jar | |
**/target/*.pom | |
ant/target/*.zip | |
cli/target/*.zip | |
target/*.buildinfo | |
- name: Archive Site | |
id: archive-site | |
uses: actions/upload-artifact@v4 | |
with: | |
name: archive-site | |
retention-days: 7 | |
path: target/staging/ | |
publish_coverage: | |
name: publish code coverage reports | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Download coverage reports | |
uses: actions/download-artifact@v4 | |
with: | |
name: code-coverage-report | |
- name: Run codacy-coverage-reporter | |
uses: codacy/codacy-coverage-reporter-action@master | |
with: | |
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
coverage-reports: utils/target/jacoco-results/jacoco.xml,core/target/jacoco-results/jacoco.xml,maven/target/jacoco-results/jacoco.xml,ant/target/jacoco-results/jacoco.xml,cli/target/jacoco-results/jacoco.xml | |
docker: | |
name: Publish Docker | |
runs-on: ubuntu-latest | |
needs: build | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} | |
steps: | |
- name: Check Maven Cache | |
id: maven-cache | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository/ | |
key: mvn-repo | |
- name: Check Docker ODC Cache | |
id: docker-odc-cache | |
uses: actions/cache@v4 | |
with: | |
path: ~/OWASP-Dependency-Check | |
key: docker-repo | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download release build | |
uses: actions/download-artifact@v4 | |
with: | |
name: archive-release | |
- name: Build Docker Image | |
run: ./build-docker.sh | |
- name: build scan target | |
run: mvn -s settings.xml package -DskipTests=true --no-transfer-progress --batch-mode | |
- name: Test Docker Image | |
run: ./test-docker.sh | |
- name: Deploy Docker Image | |
run: | | |
echo $DOCKER_TOKEN | docker login -u $DOCKER_USERNAME --password-stdin 2>/dev/null | |
./publish-docker.sh | |
release: | |
name: Publish Release | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Get version | |
id: get-version | |
run: | | |
VERSION=$( mvn help:evaluate -Dexpression=project.version -q -DforceStdout ) | |
echo "VERSION=$VERSION" >> $GITHUB_ENV | |
- name: Download release build | |
uses: actions/download-artifact@v4 | |
with: | |
name: archive-release | |
- name: Create Release | |
id: create_release | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: v${{ env.VERSION }} | |
release_name: Version ${{ env.VERSION }} | |
prerelease: false | |
draft: false | |
body: | | |
Refer to the [CHANGELOG.md](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md#change-log) for information about improvements and upgrade notes. | |
- name: Upload CLI | |
id: upload-release-cli | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: cli/target/dependency-check-${{env.VERSION}}-release.zip | |
asset_name: dependency-check-${{env.VERSION}}-release.zip | |
asset_content_type: application/zip | |
- name: Upload CLI signature | |
id: upload-release-cli-sig | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: cli/target/dependency-check-${{env.VERSION}}-release.zip.asc | |
asset_name: dependency-check-${{env.VERSION}}-release.zip.asc | |
asset_content_type: text/plain | |
- name: Upload ANT | |
id: upload-release-ant | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ant/target/dependency-check-ant-${{env.VERSION}}-release.zip | |
asset_name: dependency-check-ant-${{env.VERSION}}-release.zip | |
asset_content_type: application/zip | |
- name: Upload ANT signature | |
id: upload-release-ant-sig | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ant/target/dependency-check-ant-${{env.VERSION}}-release.zip.asc | |
asset_name: dependency-check-ant-${{env.VERSION}}-release.zip.asc | |
asset_content_type: text/plain | |
- name: Upload buildinfo | |
id: upload-release-buildinfo | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: target/dependency-check-parent-${{env.VERSION}}.buildinfo | |
asset_name: dependency-check-parent-${{env.VERSION}}.buildinfo | |
asset_content_type: text/plain | |
publish: | |
name: Publish gh-pages | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download Site | |
uses: actions/download-artifact@v4 | |
with: | |
name: archive-site | |
path: target/staging | |
- name: Display structure of downloaded files | |
run: ls -R | |
working-directory: target | |
- name: Deploy gh-pages | |
uses: JamesIves/[email protected] | |
with: | |
branch: gh-pages | |
folder: target/staging | |
clean: false |