Skip to content

Release

Release #58

# SPDX-License-Identifier: MIT
name: Release
on:
workflow_dispatch:
inputs:
actor-email:
description: Insert your email address here. It will be used in the generated pull requests
required: true
server-version:
description: Server Version (e.g. 0.27.0)
required: false
server-milestone-number:
description: Server Milestone number (e.g. 45)
required: false
client-version:
description: Client Version (e.g. 0.23.0)
required: false
client-milestone-number:
description: Client Milestone number (e.g. 47)
required: false
pds-version:
description: PDS Version (e.g. 0.20.0)
required: false
pds-milestone-number:
description: PDS Milestone number (e.g. 46)
required: false
permissions:
contents: write
issues: write
packages: write
pull-requests: write
env:
ACTIONS_BASE_IMAGE_ALPINE: alpine:3.20
ACTIONS_BASE_IMAGE_DEBIAN: debian:12-slim
ACTIONS_SECHUB_REGISTRY: ghcr.io/mercedes-benz/sechub
ACTIONS_HELM_REGISTRY: "oci://ghcr.io/mercedes-benz/sechub/helm-charts"
jobs:
release-version:
name: Create releases
runs-on: ubuntu-latest
steps:
- name: "Show Inputs"
run: |
echo "actor-email: '${{ inputs.actor-email }}'"
echo "Server '${{ inputs.server-version }}' - Milestone '${{ inputs.server-milestone-number }}'"
echo "Client '${{ inputs.client-version }}' - Milestone '${{ inputs.client-milestone-number }}'"
echo "PDS '${{ inputs.pds-version }}' - Milestone '${{ inputs.pds-milestone-number }}'"
# Check inputs if a milestone number is provided for each version to be released:
- name: "Verify Input: Server"
if: (inputs.server-version != '') && (inputs.server-milestone-number == '')
run: |
echo "For Server release, server-milestone-number must be provided!"
exit 1
- name: "Verify Input: Client"
if: (inputs.client-version != '') && (inputs.client-milestone-number == '')
run: |
echo "For Client release, client-milestone-number must be provided!"
exit 1
- name: "Verify Input: PDS"
if: (inputs.pds-version != '') && (inputs.pds-milestone-number == '')
run: |
echo "For PDS release, pds-milestone-number must be provided!"
exit 1
- name: Checkout master
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
ref: master
fetch-tags: true
fetch-depth: 0
# Create temporary local tags, so we build documentation for this tag...
# The final tag on git server side will be done by the release when the draft is saved as "real" release
# automatically.
- name: "Temporary tag server version: v${{ inputs.server-version }}-server - if defined"
if: inputs.server-version != ''
run: git tag v${{ inputs.server-version }}-server
- name: "Temporary tag client version: v${{ inputs.client-version }}-client - if defined"
if: inputs.client-version != ''
run: git tag v${{ inputs.client-version }}-client
- name: "Temporary tag PDS version: v${{ inputs.pds-version }}-pds - if defined"
if: inputs.pds-version != ''
run: git tag v${{ inputs.pds-version }}-pds
# ----------------------
# Setup + Caching
# ----------------------
- name: Set up JDK 17
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b
with:
java-version: 17
distribution: temurin
- name: Set up Gradle
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
with:
cache-read-only: false
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed
with:
go-version: 1.21.6
- name: Set up Go caching
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a
id: go-cache
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Docker login to ghcr.io
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Gradle clean + spotlessCheck
run: ./gradlew clean spotlessCheck
# ----------------------
# Create pull request if license headers are missing
# ----------------------
- name: run apply-headers.sh
id: apply-headers
run: |
git config user.name "$GITHUB_TRIGGERING_ACTOR (via github-actions)"
git config user.email "${{ inputs.actor-email }}"
./apply-headers.sh
git commit -am "SPDX headers added by SecHub release job @github-actions" || true
COMMITS=`git log --oneline --branches --not --remotes`
echo "commits=$COMMITS" >> $GITHUB_OUTPUT
- name: Create pull request for SPDX license headers
id: pr_spdx_headers
if: steps.apply-headers.outputs.commits != ''
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
with:
branch: release-spdx-headers
branch-suffix: short-commit-hash
delete-branch: true
title: '0 - Before release: Add missing SPDX license headers [auto-generated]'
body: |
Auto-generated by Github Actions release job.
-> Please review and merge **before** publishing the release.
- name: Print PR infos
if: steps.apply-headers.outputs.commits != ''
run: |
echo "Pull Request Number - ${{ steps.pr_spdx_headers.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.pr_spdx_headers.outputs.pull-request-url }}"
# ----------------------
# Build SecHub Client
# ----------------------
- name: Build Client
run: ./gradlew :sechub-cli:buildGo :sechub-cli:testGo
# # ----------------------
# # Build SecHub Server + PDS
# # ----------------------
# - name: Build Server and PDS artifacts
# run: ./gradlew ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-cli:build
# # ----------------------
# # Build API Java publish
# # ----------------------
# - name: Generate and build Java projects related to SecHub Java API
# run: ./gradlew :sechub-api-java:build :sechub-systemtest:build :sechub-pds-tools:buildPDSToolsCLI -Dsechub.build.stage=api-necessary
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
# # ----------------------
# # Integration test
# # ----------------------
# - name: Integration test
# run: ./gradlew :sechub-integrationtest:startIntegrationTestInstances :sechub-systemtest:integrationtest :sechub-integrationtest:integrationtest :sechub-integrationtest:stopIntegrationTestInstances -Dsechub.build.stage=all
# - name: Create combined test report
# if: always()
# run: ./gradlew createCombinedTestReport -Dsechub.build.stage=all
# # To identifiy parts not in git history and leading to "-dirty-$commitId" markern in documentation
# - name: Collect GIT status
# if: always()
# run: |
# # restore reduced-openapi3.json
# git restore sechub-api-java/src/main/resources/reduced-openapi3.json
# git status > build/reports/git-status.txt
# # -----------------------------------------
# # Upload Build Artifacts
# # -----------------------------------------
# - name: Archive combined test report
# if: always()
# uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
# with:
# name: combined-sechub-testreport
# path: build/reports/combined-report
# retention-days: 14
# - name: Archive GIT status
# if: always()
# uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
# with:
# name: git-status.txt
# path: build/reports/git-status.txt
# retention-days: 14
# - name: Archive sechub server artifacts
# if: always()
# uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
# with:
# name: sechub-server
# path: sechub-server/build/libs
# retention-days: 14
# - name: Archive pds server artifacts
# if: always()
# uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
# with:
# name: sechub-pds
# path: sechub-pds/build/libs
# - name: Archive developer tools artifacts
# if: always()
# uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
# with:
# name: sechub-developertools
# path: sechub-developertools/build/libs
# retention-days: 14
# - name: Archive sechub client artifacts
# if: always()
# uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
# with:
# name: sechub-client
# path: sechub-cli/build/go
# retention-days: 14
# - name: Install graphviz (asciidoc diagrams)
# run: sudo apt-get --assume-yes install graphviz
# # -----------------------------------------
# # Build Documentation
# # -----------------------------------------
# - name: Create documentation
# run: ./gradlew documentation-with-pages
# # -----------------------------------------
# # Upload documentation
# # -----------------------------------------
# - name: Archive documentation HTML
# uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
# with:
# name: sechub-docs-html
# path: sechub-doc/build/docs/final-html/
# retention-days: 14
# - name: Archive documentation PDF
# uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
# with:
# name: sechub-docs-pdf
# path: sechub-doc/build/docs/asciidoc/*.pdf
# retention-days: 14
# - name: Archive openAPI3 JSON files
# uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
# with:
# name: sechub-api-spec
# path: sechub-doc/build/api-spec/
# retention-days: 14
# # -----------------------------------------
# # Update and commit release documentation for https://mercedes-benz.github.io/sechub/
# # -----------------------------------------
# - name: Update release documentation
# run: |
# git reset --hard
# sechub-doc/helperscripts/publish+git-add-releasedocs.sh
# git commit -m "docs update by SecHub release job @github-actions"
# # -----------------------------------------
# # Create pull request for release documentation
# # -----------------------------------------
# - name: Create pull request for release documentation
# id: pr_release_documentation
# uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
# with:
# branch: release-documentation
# branch-suffix: short-commit-hash
# delete-branch: true
# title: '1 - Release documentation [auto-generated]'
# body: |
# Release of SecHub documentation
# -> Please review and merge **before** publishing the release.
# - name: Print PR infos
# run: |
# echo "Pull Request Number - ${{ steps.pr_release_documentation.outputs.pull-request-number }}"
# echo "Pull Request URL - ${{ steps.pr_release_documentation.outputs.pull-request-url }}"
# # -----------------------------------------
# # Assert releaseable, so no dirty flags on releases
# # even when all artifact creation parts are done!
# # -----------------------------------------
# - name: Assert releasable
# run: |
# git status
# ./gradlew assertReleaseable
# ******************************************
# S E R V E R release
# ******************************************
- name: Create server release ${{ inputs.server-version }}
id: create_server_release
if: inputs.server-version != ''
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: v${{ inputs.server-version }}-server
commitish: master
release_name: Server Version ${{ inputs.server-version }}
body: |
Changes in this Release
- Some minor changes on SecHub server implementation
For more details please look at [Milestone ${{inputs.server-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.server-milestone-number}}?closed=1)
draft: true
prerelease: false
- name: Create sha256 checksum file for SecHub server jar
if: inputs.server-version != ''
run: |
cd sechub-server/build/libs
sha256sum sechub-server-${{ inputs.server-version }}.jar > sechub-server-${{ inputs.server-version }}.jar.sha256sum
- name: Create sha256 checksum files for SecHub developer tools jars
if: inputs.server-version != ''
run: |
cd sechub-developertools/build/libs/
sha256sum sechub-developer-admin-ui-${{ inputs.server-version }}.jar > sechub-developer-admin-ui-${{ inputs.server-version }}.jar.sha256sum
- name: Upload Server release asset sechub-server-${{ inputs.server-version }}.jar
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: sechub-server/build/libs/sechub-server-${{ inputs.server-version }}.jar
asset_name: sechub-server-${{ inputs.server-version }}.jar
asset_content_type: application/zip
- name: Upload Server release asset sechub-server-${{ inputs.server-version }}.jar.sha256sum
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: sechub-server/build/libs/sechub-server-${{ inputs.server-version }}.jar.sha256sum
asset_name: sechub-server-${{ inputs.server-version }}.jar.sha256sum
asset_content_type: text/plain
- name: Upload SecHub release asset sechub-developer-admin-ui-${{ inputs.server-version }}.jar
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: sechub-developertools/build/libs/sechub-developer-admin-ui-${{ inputs.server-version }}.jar
asset_name: sechub-developer-admin-ui-${{ inputs.server-version }}.jar
asset_content_type: application/zip
- name: Upload Server release asset sechub-developer-admin-ui-${{ inputs.server-version }}.jar.sha256sum
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: sechub-developertools/build/libs/sechub-developer-admin-ui-${{ inputs.server-version }}.jar.sha256sum
asset_name: sechub-developer-admin-ui-${{ inputs.server-version }}.jar.sha256sum
asset_content_type: text/plain
# Server documentation:
- name: Upload sechub-architecture.pdf release asset
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-architecture.pdf
asset_name: sechub-architecture-${{ inputs.server-version }}.pdf
asset_content_type: application/pdf
- name: Upload sechub-operations.pdf release asset
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-operations.pdf
asset_name: sechub-operations-${{ inputs.server-version }}.pdf
asset_content_type: application/pdf
- name: Upload sechub-developer-quickstart-guide.pdf release asset
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-developer-quickstart-guide.pdf
asset_name: sechub-developer-quickstart-guide-${{ inputs.server-version }}.pdf
asset_content_type: application/pdf
- name: Upload sechub-restapi.pdf release asset
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-restapi.pdf
asset_name: sechub-restapi-${{ inputs.server-version }}.pdf
asset_content_type: application/pdf
- name: Upload sechub-openapi3.json release asset
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: ./sechub-doc/build/api-spec/openapi3.json
asset_name: sechub-openapi3-${{ inputs.server-version }}.json
asset_content_type: text/plain
- name: Create Server ${{ inputs.server-version }} release issue
if: inputs.server-version != ''
uses: dacbd/create-issue-action@main
with:
token: ${{ github.token }}
title: Release Server ${{ inputs.server-version }}
body: |
See [Milestone ${{inputs.server-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.server-milestone-number}}?closed=1) for details.
Please close this issue after the release.
milestone: ${{ inputs.server-milestone-number }}
# Build Server container image + push to ghcr
- name: Build Server ${{ inputs.server-version }} container image + push to ghcr
if: inputs.server-version != ''
run: |
SERVER_VERSION="${{ inputs.server-version }}"
BUILD_FLAVOR="alpine"
DOCKER_REGISTRY="$ACTIONS_SECHUB_REGISTRY/sechub-server"
VERSION_TAG="${SERVER_VERSION}_${BUILD_FLAVOR}"
cp sechub-server/build/libs/sechub-server-${SERVER_VERSION}.jar sechub-solution/docker/copy/
cd sechub-solution
export DOCKER_BUILD_TYPE=copy
echo "# Building image $DOCKER_REGISTRY:$VERSION_TAG"
echo " from $ACTIONS_BASE_IMAGE_ALPINE"
./10-create-image-${BUILD_FLAVOR}.sh $DOCKER_REGISTRY $VERSION_TAG $ACTIONS_BASE_IMAGE_ALPINE
echo "# Pushing image $DOCKER_REGISTRY:$VERSION_TAG (latest)"
./20-push-image.sh $DOCKER_REGISTRY $VERSION_TAG yes
- name: Build Server Helm chart + push to ghcr
if: inputs.server-version != ''
shell: bash
run: |
cd "sechub-solution/helm"
echo "# Building Helm chart for sechub-server"
helm package sechub-server
helm push sechub-server-*.tgz $ACTIONS_HELM_REGISTRY
# ******************************************
# C l i e n t release
# ******************************************
- name: Create client binary release asset sechub-cli-${{ inputs.client-version }}.zip
if: inputs.client-version != ''
run: |
cd sechub-cli/build/go
zip -r sechub-cli.zip platform
sha256sum sechub-cli.zip > sechub-cli.zip.sha256
- name: Create client Debian packages
if: inputs.client-version != ''
shell: bash
run: |
# sechub-cli/script/build-debian-packages.sh ${{ inputs.client-version }}
mkdir -p sechub-cli/build/deb-build
cd sechub-cli/build/deb-build
# fake generation of .deb files
for i in sechub-client_${{ inputs.client-version }}_amd64.deb sechub-client_${{ inputs.client-version }}_arm64.deb sechub-client_${{ inputs.client-version }}_arm.deb sechub-client_${{ inputs.client-version }}_i386.deb ; do
touch $i
done
- name: Create client release ${{ inputs.client-version }}
if: inputs.client-version != ''
shell: bash
run: |
set -x
cd sechub-cli/build/
assets=()
assets+=("-a" "go/sechub-cli.zip#sechub-cli-${{ inputs.client-version }}.zip")
assets+=("-a" "go/sechub-cli.zip.sha256#sechub-cli-${{ inputs.client-version }}.zip.sha256")
for asset in deb-build/*.deb ; do
filename=`basename "$asset"`
assets+=("-a" "${asset}#${filename}")
done
tag_name="v${{ inputs.client-version }}-client"
release_title="Client Version ${{ inputs.client-version }}"
multiline_string="This is line 1.
This is line 3."
echo "$multiline_string"
cat - <<EOF > release_message.txt
$release_title
Changes in this Release
- Some minor changes on client implementation
For more details please look at [Milestone ${{inputs.client-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.client-milestone-number}}?closed=1)
EOF
cat release_message.txt
echo hub release create --draft "${assets[@]}" -F release_message.txt "$tag_name"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# - name: Create client release ${{ inputs.client-version }}
# id: create_client_release
# if: inputs.client-version != ''
# uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
# with:
# tag_name: v${{ inputs.client-version }}-client
# commitish: master
# release_name: Client Version ${{ inputs.client-version }}
# body: |
# Changes in this Release
# - Some minor changes on client implementation
# For more details please look at [Milestone ${{inputs.client-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.client-milestone-number}}?closed=1)
# draft: true
# prerelease: false
# - name: Upload Client release asset sechub-cli-${{ inputs.client-version }}.zip
# if: inputs.client-version != ''
# uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# with:
# upload_url: ${{ steps.create_client_release.outputs.upload_url }}
# asset_path: ./sechub-cli/build/go/sechub-cli.zip
# asset_name: sechub-cli-${{ inputs.client-version }}.zip
# asset_content_type: application/zip
# - name: Upload Client release asset sechub-cli-${{ inputs.client-version }}.zip.sha256
# if: inputs.client-version != ''
# uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# with:
# upload_url: ${{ steps.create_client_release.outputs.upload_url }}
# asset_path: ./sechub-cli/build/go/sechub-cli.zip.sha256
# asset_name: sechub-cli-${{ inputs.client-version }}.zip.sha256
# asset_content_type: text/plain
# - name: Upload sechub-client.pdf release asset
# id: upload-sechub-doc-client-release-asset
# if: inputs.client-version != ''
# uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# with:
# upload_url: ${{ steps.create_client_release.outputs.upload_url }}
# asset_path: ./sechub-doc/build/docs/asciidoc/sechub-client.pdf
# asset_name: sechub-client-${{ inputs.client-version }}.pdf
# asset_content_type: application/pdf
# - name: Create Client ${{ inputs.client-version }} release issue
# if: inputs.client-version != ''
# uses: dacbd/create-issue-action@main
# with:
# token: ${{ github.token }}
# title: Release Client ${{ inputs.client-version }}
# body: |
# See [Milestone ${{inputs.client-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.client-milestone-number}}?closed=1) for details.
# Please close this issue after the release.
# milestone: ${{ inputs.client-milestone-number }}
# ******************************************
# P D S release
# ******************************************
- name: Create PDS release ${{ inputs.pds-version }}
id: create_pds_release
if: inputs.pds-version != ''
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: v${{ inputs.pds-version }}-pds
commitish: master
release_name: PDS Version ${{ inputs.pds-version }}
body: |
Changes in this Release
- Some minor changes on PDS server implementation
For more details please look at [Milestone ${{inputs.pds-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.pds-milestone-number}}?closed=1)
draft: true
prerelease: false
- name: Create sha256 checksum file for PDS jar
if: inputs.pds-version != ''
run: |
cd sechub-pds/build/libs/
sha256sum sechub-pds-${{ inputs.pds-version }}.jar > sechub-pds-${{ inputs.pds-version }}.jar.sha256sum
- name: Upload PDS release asset sechub-pds-${{ inputs.pds-version }}.jar
if: inputs.pds-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_pds_release.outputs.upload_url }}
asset_path: sechub-pds/build/libs/sechub-pds-${{ inputs.pds-version }}.jar
asset_name: sechub-pds-${{ inputs.pds-version }}.jar
asset_content_type: application/zip
- name: Upload PDS release asset sechub-pds-${{ inputs.pds-version }}.jar.sha256sum
if: inputs.pds-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_pds_release.outputs.upload_url }}
asset_path: sechub-pds/build/libs/sechub-pds-${{ inputs.pds-version }}.jar.sha256sum
asset_name: sechub-pds-${{ inputs.pds-version }}.jar.sha256sum
asset_content_type: text/plain
# sechub-product-delegation-server.pdf
- name: Upload PDS release asset sechub-product-delegation-server-${{ inputs.pds-version }}.pdf
if: inputs.pds-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_pds_release.outputs.upload_url }}
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-product-delegation-server.pdf
asset_name: /sechub-product-delegation-server-${{ inputs.pds-version }}.pdf
asset_content_type: application/pdf
- name: Create PDS ${{ inputs.pds-version }} release issue
if: inputs.pds-version != ''
uses: dacbd/create-issue-action@main
with:
token: ${{ github.token }}
title: Release PDS ${{ inputs.pds-version }}
body: |
See [Milestone ${{inputs.pds-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.pds-milestone-number}}?closed=1) for details.
Please close this issue after the release.
milestone: ${{ inputs.pds-milestone-number }}
# Build pds-base container image + push to ghcr
- name: Build pds-base ${{ inputs.server-version }} container image + push to ghcr
if: inputs.pds-version != ''
run: |
PDS_VERSION="${{ inputs.pds-version }}"
DOCKER_REGISTRY="$ACTIONS_SECHUB_REGISTRY/pds-base"
VERSION_TAG="${PDS_VERSION}"
cp sechub-pds/build/libs/sechub-pds-${PDS_VERSION}.jar sechub-pds-solutions/pds-base/docker/copy/
cd sechub-pds-solutions/pds-base
echo "# Building image $DOCKER_REGISTRY:$VERSION_TAG"
echo " from $ACTIONS_BASE_IMAGE_DEBIAN"
./10-create-image.sh $DOCKER_REGISTRY $VERSION_TAG $PDS_VERSION $ACTIONS_BASE_IMAGE_DEBIAN copy
echo "# Pushing image $DOCKER_REGISTRY:$VERSION_TAG (latest)"
./20-push-image.sh $DOCKER_REGISTRY $VERSION_TAG yes
# # -----------------------------------------
# # Create a pull request for merging back `master` into `develop`
# # -----------------------------------------
# - name: pull-request master to develop
# id: pr_master_to_develop
# continue-on-error: true
# uses: repo-sync/pull-request@7e79a9f5dc3ad0ce53138f01df2fad14a04831c5
# with:
# github_token: ${{ secrets.GITHUB_TOKEN }}
# source_branch: "master"
# destination_branch: "develop"
# pr_allow_empty: true # should allow an empty PR, but seems not to work
# pr_title: '2 - After release: Merge master back into develop [auto-generated]'
# pr_body: |
# After SecHub release
# - Client '${{ inputs.client-version }}'
# - Server '${{ inputs.server-version }}'
# - PDS '${{ inputs.pds-version }}'
# Merge master branch back into develop
# -> Please merge **after** the release has been published.
# - name: Print PR infos if PR was created
# if: steps.pr_master_to_develop.outcome == 'success'
# run: |
# echo "Pull Request Number - ${{ steps.pr_master_to_develop.outputs.pr_number }}"
# echo "Pull Request URL - ${{ steps.pr_master_to_develop.outputs.pr_url }}"
# - name: Print info if no PR was created
# if: steps.pr_master_to_develop.outcome != 'success'
# run: |
# echo "Nothing to merge - no pull request necessary."
build-pds-solutions:
if: inputs.pds-version != ''
needs: release-version
# Build all PDS solutions based on above released pds-base image
name: Build all PDS solutions
uses: mercedes-benz/sechub/.github/workflows/build+publish-all-pds-solutions.yml@develop
with:
pds-version: ${{ inputs.pds-version }}