forked from mercedes-benz/sechub
-
Notifications
You must be signed in to change notification settings - Fork 1
200 lines (174 loc) · 8.21 KB
/
release-github-action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
# SPDX-License-Identifier: MIT
name: Release Github Action
on:
workflow_dispatch:
inputs:
actor-email:
description: Insert your email address here. It will be used in the generated pull requests
required: true
ghaction-version:
description: Github Action Version (e.g. 1.0.0)
required: true
ghaction-milestone-number:
description: Github Action Milestone number (e.g. 70)
required: true
permissions:
contents: write
issues: write
pull-requests: write
jobs:
release-version:
name: Create Github Action release
runs-on: ubuntu-latest
steps:
- name: "Show Inputs"
run: |
echo "actor-email: '${{ inputs.actor-email }}'"
echo "Github Action '${{ inputs.ghaction-version }}' - Milestone '${{ inputs.ghaction-milestone-number }}'"
# Check inputs:
- name: "Verify Input for Github Action release"
if: (inputs.ghaction-version == '') || (inputs.ghaction-milestone-number == '')
run: |
echo "For Github Action release, ghaction-version and ghaction-milestone-number must be provided!"
exit 1
- name: Checkout master
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
ref: master
# ----------------------
# Setup + Caching
# ----------------------
- name: Use Node.js
# We do not define a dedicated node version here, we just use the default environment
# which should be the default environment for the github actions runtime as well
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
- name: Git setup
run: |
git config user.name "$GITHUB_TRIGGERING_ACTOR (via github-actions)"
git config user.email "${{ inputs.actor-email }}"
# ----------------------
# Create pull request if license headers are missing
# ----------------------
- name: run apply-headers.sh
id: apply-headers
run: |
./apply-headers.sh
git commit -am "SPDX headers added by SecHub release job @github-actions" || true
COMMITS=`git log --oneline --branches --not --remotes`
echo "commits=$COMMITS" >> $GITHUB_OUTPUT
- name: Create pull request for SPDX license headers
id: pr_spdx_headers
if: steps.apply-headers.outputs.commits != ''
uses: peter-evans/create-pull-request@6cd32fd93684475c31847837f87bb135d40a2b79
with:
branch: release-spdx-headers
branch-suffix: short-commit-hash
delete-branch: true
title: '0 - Before Github Action release: Add missing SPDX license headers [auto-generated]'
body: |
Auto-generated by Github Actions release job.
-> Please review and merge **before** publishing the ghaction release.
- name: Print PR infos
if: steps.apply-headers.outputs.commits != ''
run: |
echo "Pull Request Number - ${{ steps.pr_spdx_headers.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.pr_spdx_headers.outputs.pull-request-url }}"
# ----------------------
# Build SecHub Github Action + set package version
# ----------------------
- name: Build github-actions/scan and set package version to v${{ inputs.ghaction-version }}
run: |
GHACTION="github-actions/scan"
cd $GHACTION
echo "# $GHACTION - Update package version to ${{ inputs.ghaction-version }}"
echo "$( jq --arg a "${{ inputs.ghaction-version }}" '.version = $a' package.json )" > package.json
echo "# $GHACTION - Install dependencies"
npm ci
echo "# $GHACTION - Run build"
npm run build
echo "# $GHACTION - Run unit tests"
npm test
# -----------------------------------------
# Create release issue
# -----------------------------------------
- name: Create SecHub Github Action ${{ inputs.ghaction-version }} release issue
id: release-issue
uses: dacbd/create-issue-action@main
with:
token: ${{ github.token }}
title: Release SecHub Github Action ${{ inputs.ghaction-version }}
body: |
See [Milestone ${{inputs.ghaction-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.ghaction-milestone-number}}?closed=1) for details.
Please close this issue after the release.
milestone: ${{ inputs.ghaction-milestone-number }}
# ----------------------
# Create pull request for updated files
# ----------------------
- name: Commit build artifacts from above steps
id: github-actions_commit
run: |
git commit -am "SecHub release job @github-actions for Github Action ${{ inputs.ghaction-version }} #${{ steps.release-issue.outputs.number }}" || true
COMMITS=`git log --oneline --branches --not --remotes`
echo "commits=$COMMITS" >> $GITHUB_OUTPUT
- name: Create pull request for SecHub Github Action release
id: pr_gha-release
if: steps.github-actions_commit.outputs.commits != ''
uses: peter-evans/create-pull-request@6cd32fd93684475c31847837f87bb135d40a2b79
with:
branch: release-github-action
branch-suffix: short-commit-hash
delete-branch: true
title: '1 - Before Github Action release: Merge release artifacts [auto-generated]'
body: |
Auto-generated by Github Actions release job.
-> Please review and merge **before** publishing the ghaction release.
- name: Print PR infos
if: steps.github-actions_commit.outputs.commits != ''
run: |
echo "Pull Request Number - ${{ steps.pr_gha-release.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.pr_gha-release.outputs.pull-request-url }}"
# -----------------------------------------
# Create draft release
# -----------------------------------------
- name: Create Github Action release
id: create_ghaction_release
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: v${{ inputs.ghaction-version }}-gha
commitish: master
release_name: Github Action Version ${{ inputs.ghaction-version }}
body: |
Changes in this Release
- Some minor changes on Github Action implementation
For more details please look at [Milestone ${{inputs.ghaction-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.ghaction-milestone-number}}?closed=1)
draft: true
prerelease: false
# -----------------------------------------
# Create a pull request for merging back `master` into `develop`
# -----------------------------------------
- name: pull-request master to develop
id: pr_master_to_develop
continue-on-error: true
uses: repo-sync/pull-request@7e79a9f5dc3ad0ce53138f01df2fad14a04831c5
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
source_branch: "master"
destination_branch: "develop"
pr_allow_empty: true # should allow an empty PR, but seems not to work
pr_title: '2 - After Github Action release: Merge master back into develop [auto-generated]'
pr_body: |
After SecHub Github Action release
- Github Action '${{ inputs.ghaction-version }}'
Merge master branch back into develop
-> Please merge **after** the release has been published.
- name: Print PR infos if PR was created
if: steps.pr_master_to_develop.outcome == 'success'
run: |
echo "Pull Request Number - ${{ steps.pr_master_to_develop.outputs.pr_number }}"
echo "Pull Request URL - ${{ steps.pr_master_to_develop.outputs.pr_url }}"
- name: Print info if no PR was created
if: steps.pr_master_to_develop.outcome != 'success'
run: |
echo "Nothing to merge - no pull request necessary."