Skip to content

Release

Release #48

# SPDX-License-Identifier: MIT
name: Release
on:
workflow_dispatch:
inputs:
actor-email:
description: Insert your email address here. It will be used in the generated pull requests
required: true
server-version:
description: Server Version (e.g. 0.27.0)
required: false
server-milestone-number:
description: Server Milestone number (e.g. 45)
required: false
client-version:
description: Client Version (e.g. 0.23.0)
required: false
client-milestone-number:
description: Client Milestone number (e.g. 47)
required: false
pds-version:
description: PDS Version (e.g. 0.20.0)
required: false
pds-milestone-number:
description: PDS Milestone number (e.g. 46)
required: false
permissions:
contents: write
issues: write
packages: write
pull-requests: write
env:
ACTIONS_BASE_IMAGE_ALPINE: alpine:3.17
ACTIONS_BASE_IMAGE_DEBIAN: debian:12-slim
ACTIONS_SECHUB_REGISTRY: ghcr.io/mercedes-benz/sechub
ACTIONS_HELM_REGISTRY: "oci://ghcr.io/mercedes-benz/sechub/helm-charts"
jobs:
release-version:
name: Create releases
runs-on: ubuntu-latest
steps:
- name: "Show Inputs"
run: |
echo "actor-email: '${{ inputs.actor-email }}'"
echo "Server '${{ inputs.server-version }}' - Milestone '${{ inputs.server-milestone-number }}'"
echo "Client '${{ inputs.client-version }}' - Milestone '${{ inputs.client-milestone-number }}'"
echo "PDS '${{ inputs.pds-version }}' - Milestone '${{ inputs.pds-milestone-number }}'"
# Check inputs if a milestone number is provided for each version to be released:
- name: "Verify Input: Server"
if: (inputs.server-version != '') && (inputs.server-milestone-number == '')
run: |
echo "For Server release, server-milestone-number must be provided!"
exit 1
- name: "Verify Input: Client"
if: (inputs.client-version != '') && (inputs.client-milestone-number == '')
run: |
echo "For Client release, client-milestone-number must be provided!"
exit 1
- name: "Verify Input: PDS"
if: (inputs.pds-version != '') && (inputs.pds-milestone-number == '')
run: |
echo "For PDS release, pds-milestone-number must be provided!"
exit 1
- name: Checkout master
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
ref: master
fetch-tags: true
fetch-depth: 0
# Create temporary local tags, so we build documentation for this tag...
# The final tag on git server side will be done by the release when the draft is saved as "real" release
# automatically.
- name: "Temporary tag server version: v${{ inputs.server-version }}-server - if defined"
if: inputs.server-version != ''
run: git tag v${{ inputs.server-version }}-server
- name: "Temporary tag client version: v${{ inputs.client-version }}-client - if defined"
if: inputs.client-version != ''
run: git tag v${{ inputs.client-version }}-client
- name: "Temporary tag PDS version: v${{ inputs.pds-version }}-pds - if defined"
if: inputs.pds-version != ''
run: git tag v${{ inputs.pds-version }}-pds
# ----------------------
# Setup + Caching
# ----------------------
- name: Set up JDK 17
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9
with:
java-version: 17
distribution: temurin
- name: Set up Gradle
uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda
with:
cache-read-only: false
- name: Set up Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
with:
go-version: 1.21.6
- name: Set up Go caching
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9
id: go-cache
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Docker login to ghcr.io
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Gradle clean + spotlessCheck
run: ./gradlew clean spotlessCheck
# ----------------------
# Create pull request if license headers are missing
# ----------------------
- name: run apply-headers.sh
id: apply-headers
run: |
git config user.name "$GITHUB_TRIGGERING_ACTOR (via github-actions)"
git config user.email "${{ inputs.actor-email }}"
./apply-headers.sh
git commit -am "SPDX headers added by SecHub release job @github-actions" || true
COMMITS=`git log --oneline --branches --not --remotes`
echo "commits=$COMMITS" >> $GITHUB_OUTPUT
- name: Create pull request for SPDX license headers
id: pr_spdx_headers
if: steps.apply-headers.outputs.commits != ''
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
with:
branch: release-spdx-headers
branch-suffix: short-commit-hash
delete-branch: true
title: '0 - Before release: Add missing SPDX license headers [auto-generated]'
body: |
Auto-generated by Github Actions release job.
-> Please review and merge **before** publishing the release.
- name: Print PR infos
if: steps.apply-headers.outputs.commits != ''
run: |
echo "Pull Request Number - ${{ steps.pr_spdx_headers.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.pr_spdx_headers.outputs.pull-request-url }}"
# ----------------------
# Build SecHub Client
# ----------------------
- name: Build Client
run: ./gradlew :sechub-cli:buildGo :sechub-cli:testGo
# ----------------------
# Build SecHub Server + PDS
# ----------------------
- name: Build Server and PDS artifacts
run: ./gradlew ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-cli:build
# ----------------------
# Build API Java publish
# ----------------------
- name: Generate and build Java projects related to SecHub Java API
run: ./gradlew :sechub-api-java:build :sechub-systemtest:build :sechub-pds-tools:buildPDSToolsCLI -Dsechub.build.stage=api-necessary
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
# ----------------------
# Integration test
# ----------------------
- name: Integration test
run: ./gradlew :sechub-integrationtest:startIntegrationTestInstances :sechub-systemtest:integrationtest :sechub-integrationtest:integrationtest :sechub-integrationtest:stopIntegrationTestInstances -Dsechub.build.stage=all
- name: Create combined test report
if: always()
run: ./gradlew createCombinedTestReport -Dsechub.build.stage=all
# To identifiy parts not in git history and leading to "-dirty-$commitId" markern in documentation
- name: Collect GIT status
if: always()
run: |
# restore reduced-openapi3.json
git restore sechub-api-java/src/main/resources/reduced-openapi3.json
git status > build/reports/git-status.txt
# -----------------------------------------
# Upload Build Artifacts
# -----------------------------------------
- name: Archive combined test report
if: always()
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: combined-sechub-testreport
path: build/reports/combined-report
retention-days: 14
- name: Archive GIT status
if: always()
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: git-status.txt
path: build/reports/git-status.txt
retention-days: 14
- name: Archive sechub server artifacts
if: always()
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: sechub-server
path: sechub-server/build/libs
retention-days: 14
- name: Archive pds server artifacts
if: always()
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: sechub-pds
path: sechub-pds/build/libs
- name: Archive developer tools artifacts
if: always()
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: sechub-developertools
path: sechub-developertools/build/libs
retention-days: 14
- name: Archive sechub client artifacts
if: always()
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: sechub-client
path: sechub-cli/build/go
retention-days: 14
- name: Install graphviz (asciidoc diagrams)
run: sudo apt-get --assume-yes install graphviz
# -----------------------------------------
# Build Documentation
# -----------------------------------------
- name: Create documentation
run: ./gradlew documentation-with-pages
# -----------------------------------------
# Upload documentation
# -----------------------------------------
- name: Archive documentation HTML
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: sechub-docs-html
path: sechub-doc/build/docs/final-html/
retention-days: 14
- name: Archive documentation PDF
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: sechub-docs-pdf
path: sechub-doc/build/docs/asciidoc/*.pdf
retention-days: 14
- name: Archive openAPI3 JSON files
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: sechub-api-spec
path: sechub-doc/build/api-spec/
retention-days: 14
# -----------------------------------------
# Update and commit release documentation for https://mercedes-benz.github.io/sechub/
# -----------------------------------------
- name: Update release documentation
run: |
git reset --hard
sechub-doc/helperscripts/publish+git-add-releasedocs.sh
git commit -m "docs update by SecHub release job @github-actions"
# -----------------------------------------
# Create pull request for release documentation
# -----------------------------------------
- name: Create pull request for release documentation
id: pr_release_documentation
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
with:
branch: release-documentation
branch-suffix: short-commit-hash
delete-branch: true
title: '1 - Release documentation [auto-generated]'
body: |
Release of SecHub documentation
-> Please review and merge **before** publishing the release.
- name: Print PR infos
run: |
echo "Pull Request Number - ${{ steps.pr_release_documentation.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.pr_release_documentation.outputs.pull-request-url }}"
# -----------------------------------------
# Assert releaseable, so no dirty flags on releases
# even when all artifact creation parts are done!
# -----------------------------------------
- name: Assert releasable
run: |
git status
./gradlew assertReleaseable
# ******************************************
# S E R V E R release
# ******************************************
- name: Create server release ${{ inputs.server-version }}
id: create_server_release
if: inputs.server-version != ''
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: v${{ inputs.server-version }}-server
commitish: master
release_name: Server Version ${{ inputs.server-version }}
body: |
Changes in this Release
- Some minor changes on SecHub server implementation
For more details please look at [Milestone ${{inputs.server-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.server-milestone-number}}?closed=1)
draft: true
prerelease: false
- name: Create sha256 checksum file for SecHub server jar
if: inputs.server-version != ''
run: |
cd sechub-server/build/libs
sha256sum sechub-server-${{ inputs.server-version }}.jar > sechub-server-${{ inputs.server-version }}.jar.sha256sum
- name: Create sha256 checksum files for SecHub developer tools jars
if: inputs.server-version != ''
run: |
cd sechub-developertools/build/libs/
sha256sum sechub-developer-admin-ui-${{ inputs.server-version }}.jar > sechub-developer-admin-ui-${{ inputs.server-version }}.jar.sha256sum
- name: Upload Server release asset sechub-server-${{ inputs.server-version }}.jar
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: sechub-server/build/libs/sechub-server-${{ inputs.server-version }}.jar
asset_name: sechub-server-${{ inputs.server-version }}.jar
asset_content_type: application/zip
- name: Upload Server release asset sechub-server-${{ inputs.server-version }}.jar.sha256sum
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: sechub-server/build/libs/sechub-server-${{ inputs.server-version }}.jar.sha256sum
asset_name: sechub-server-${{ inputs.server-version }}.jar.sha256sum
asset_content_type: text/plain
- name: Upload SecHub release asset sechub-developer-admin-ui-${{ inputs.server-version }}.jar
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: sechub-developertools/build/libs/sechub-developer-admin-ui-${{ inputs.server-version }}.jar
asset_name: sechub-developer-admin-ui-${{ inputs.server-version }}.jar
asset_content_type: application/zip
- name: Upload Server release asset sechub-developer-admin-ui-${{ inputs.server-version }}.jar.sha256sum
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: sechub-developertools/build/libs/sechub-developer-admin-ui-${{ inputs.server-version }}.jar.sha256sum
asset_name: sechub-developer-admin-ui-${{ inputs.server-version }}.jar.sha256sum
asset_content_type: text/plain
# Server documentation:
- name: Upload sechub-architecture.pdf release asset
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-architecture.pdf
asset_name: sechub-architecture-${{ inputs.server-version }}.pdf
asset_content_type: application/pdf
- name: Upload sechub-operations.pdf release asset
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-operations.pdf
asset_name: sechub-operations-${{ inputs.server-version }}.pdf
asset_content_type: application/pdf
- name: Upload sechub-developer-quickstart-guide.pdf release asset
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-developer-quickstart-guide.pdf
asset_name: sechub-developer-quickstart-guide-${{ inputs.server-version }}.pdf
asset_content_type: application/pdf
- name: Upload sechub-restapi.pdf release asset
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-restapi.pdf
asset_name: sechub-restapi-${{ inputs.server-version }}.pdf
asset_content_type: application/pdf
- name: Upload sechub-openapi3.json release asset
if: inputs.server-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_server_release.outputs.upload_url }}
asset_path: ./sechub-doc/build/api-spec/openapi3.json
asset_name: sechub-openapi3-${{ inputs.server-version }}.json
asset_content_type: text/plain
- name: Create Server ${{ inputs.server-version }} release issue
if: inputs.server-version != ''
uses: dacbd/create-issue-action@main
with:
token: ${{ github.token }}
title: Release Server ${{ inputs.server-version }}
body: |
See [Milestone ${{inputs.server-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.server-milestone-number}}?closed=1) for details.
Please close this issue after the release.
milestone: ${{ inputs.server-milestone-number }}
# Build Server container image + push to ghcr
- name: Build Server ${{ inputs.server-version }} container image + push to ghcr
if: inputs.server-version != ''
run: |
SERVER_VERSION="${{ inputs.server-version }}"
BUILD_FLAVOR="alpine"
DOCKER_REGISTRY="$ACTIONS_SECHUB_REGISTRY/sechub-server"
VERSION_TAG="${SERVER_VERSION}_${BUILD_FLAVOR}"
cp sechub-server/build/libs/sechub-server-${SERVER_VERSION}.jar sechub-solution/docker/copy/
cd sechub-solution
export DOCKER_BUILD_TYPE=copy
echo "# Building image $DOCKER_REGISTRY:$VERSION_TAG"
echo " from $ACTIONS_BASE_IMAGE_ALPINE"
./10-create-image-${BUILD_FLAVOR}.sh $DOCKER_REGISTRY $VERSION_TAG $ACTIONS_BASE_IMAGE_ALPINE
echo "# Pushing image $DOCKER_REGISTRY:$VERSION_TAG (latest)"
./20-push-image.sh $DOCKER_REGISTRY $VERSION_TAG yes
- name: Build Server Helm chart + push to ghcr
if: inputs.server-version != ''
shell: bash
run: |
cd "sechub-solution/helm"
echo "# Building Helm chart for sechub-server"
helm package sechub-server
helm push sechub-server-*.tgz $ACTIONS_HELM_REGISTRY
# ******************************************
# C l i e n t release
# ******************************************
- name: Create client release ${{ inputs.client-version }}
id: create_client_release
if: inputs.client-version != ''
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: v${{ inputs.client-version }}-client
commitish: master
release_name: Client Version ${{ inputs.client-version }}
body: |
Changes in this Release
- Some minor changes on client implementation
For more details please look at [Milestone ${{inputs.client-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.client-milestone-number}}?closed=1)
draft: true
prerelease: false
- name: Create client release asset sechub-cli-${{ inputs.client-version }}.zip
if: inputs.client-version != ''
run: |
cd sechub-cli/build/go
zip -r sechub-cli.zip platform
sha256sum sechub-cli.zip > sechub-cli.zip.sha256
- name: Upload Client release asset sechub-cli-${{ inputs.client-version }}.zip
if: inputs.client-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_client_release.outputs.upload_url }}
asset_path: ./sechub-cli/build/go/sechub-cli.zip
asset_name: sechub-cli-${{ inputs.client-version }}.zip
asset_content_type: application/zip
- name: Upload Client release asset sechub-cli-${{ inputs.client-version }}.zip.sha256
if: inputs.client-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_client_release.outputs.upload_url }}
asset_path: ./sechub-cli/build/go/sechub-cli.zip.sha256
asset_name: sechub-cli-${{ inputs.client-version }}.zip.sha256
asset_content_type: text/plain
- name: Upload sechub-client.pdf release asset
id: upload-sechub-doc-client-release-asset
if: inputs.client-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_client_release.outputs.upload_url }}
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-client.pdf
asset_name: sechub-client-${{ inputs.client-version }}.pdf
asset_content_type: application/pdf
- name: Create Client ${{ inputs.client-version }} release issue
if: inputs.client-version != ''
uses: dacbd/create-issue-action@main
with:
token: ${{ github.token }}
title: Release Client ${{ inputs.client-version }}
body: |
See [Milestone ${{inputs.client-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.client-milestone-number}}?closed=1) for details.
Please close this issue after the release.
milestone: ${{ inputs.client-milestone-number }}
# ******************************************
# P D S release
# ******************************************
- name: Create PDS release ${{ inputs.pds-version }}
id: create_pds_release
if: inputs.pds-version != ''
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: v${{ inputs.pds-version }}-pds
commitish: master
release_name: PDS Version ${{ inputs.pds-version }}
body: |
Changes in this Release
- Some minor changes on PDS server implementation
For more details please look at [Milestone ${{inputs.pds-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.pds-milestone-number}}?closed=1)
draft: true
prerelease: false
- name: Create sha256 checksum file for PDS jar
if: inputs.pds-version != ''
run: |
cd sechub-pds/build/libs/
sha256sum sechub-pds-${{ inputs.pds-version }}.jar > sechub-pds-${{ inputs.pds-version }}.jar.sha256sum
- name: Upload PDS release asset sechub-pds-${{ inputs.pds-version }}.jar
if: inputs.pds-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_pds_release.outputs.upload_url }}
asset_path: sechub-pds/build/libs/sechub-pds-${{ inputs.pds-version }}.jar
asset_name: sechub-pds-${{ inputs.pds-version }}.jar
asset_content_type: application/zip
- name: Upload PDS release asset sechub-pds-${{ inputs.pds-version }}.jar.sha256sum
if: inputs.pds-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_pds_release.outputs.upload_url }}
asset_path: sechub-pds/build/libs/sechub-pds-${{ inputs.pds-version }}.jar.sha256sum
asset_name: sechub-pds-${{ inputs.pds-version }}.jar.sha256sum
asset_content_type: text/plain
# sechub-product-delegation-server.pdf
- name: Upload PDS release asset sechub-product-delegation-server-${{ inputs.pds-version }}.pdf
if: inputs.pds-version != ''
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_pds_release.outputs.upload_url }}
asset_path: ./sechub-doc/build/docs/asciidoc/sechub-product-delegation-server.pdf
asset_name: /sechub-product-delegation-server-${{ inputs.pds-version }}.pdf
asset_content_type: application/pdf
- name: Create PDS ${{ inputs.pds-version }} release issue
if: inputs.pds-version != ''
uses: dacbd/create-issue-action@main
with:
token: ${{ github.token }}
title: Release PDS ${{ inputs.pds-version }}
body: |
See [Milestone ${{inputs.pds-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.pds-milestone-number}}?closed=1) for details.
Please close this issue after the release.
milestone: ${{ inputs.pds-milestone-number }}
# Build pds-base container image + push to ghcr
- name: Build pds-base ${{ inputs.server-version }} container image + push to ghcr
if: inputs.pds-version != ''
run: |
PDS_VERSION="${{ inputs.pds-version }}"
DOCKER_REGISTRY="$ACTIONS_SECHUB_REGISTRY/pds-base"
VERSION_TAG="${PDS_VERSION}"
cp sechub-pds/build/libs/sechub-pds-${PDS_VERSION}.jar sechub-pds-solutions/pds-base/docker/copy/
cd sechub-pds-solutions/pds-base
echo "# Building image $DOCKER_REGISTRY:$VERSION_TAG"
echo " from $ACTIONS_BASE_IMAGE_DEBIAN"
./10-create-image.sh $DOCKER_REGISTRY $VERSION_TAG $PDS_VERSION $ACTIONS_BASE_IMAGE_DEBIAN copy
echo "# Pushing image $DOCKER_REGISTRY:$VERSION_TAG (latest)"
./20-push-image.sh $DOCKER_REGISTRY $VERSION_TAG yes
# -----------------------------------------
# Create a pull request for merging back `master` into `develop`
# -----------------------------------------
- name: pull-request master to develop
id: pr_master_to_develop
continue-on-error: true
uses: repo-sync/pull-request@7e79a9f5dc3ad0ce53138f01df2fad14a04831c5
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
source_branch: "master"
destination_branch: "develop"
pr_allow_empty: true # should allow an empty PR, but seems not to work
pr_title: '2 - After release: Merge master back into develop [auto-generated]'
pr_body: |
After SecHub release
- Client '${{ inputs.client-version }}'
- Server '${{ inputs.server-version }}'
- PDS '${{ inputs.pds-version }}'
Merge master branch back into develop
-> Please merge **after** the release has been published.
- name: Print PR infos if PR was created
if: steps.pr_master_to_develop.outcome == 'success'
run: |
echo "Pull Request Number - ${{ steps.pr_master_to_develop.outputs.pr_number }}"
echo "Pull Request URL - ${{ steps.pr_master_to_develop.outputs.pr_url }}"
- name: Print info if no PR was created
if: steps.pr_master_to_develop.outcome != 'success'
run: |
echo "Nothing to merge - no pull request necessary."
build-pds-solutions:
if: inputs.pds-version != ''
needs: release-version
# Build all PDS solutions based on above released pds-base image
name: Build all PDS solutions
uses: mercedes-benz/sechub/.github/workflows/build+publish-all-pds-solutions.yml@develop
with:
pds-version: ${{ inputs.pds-version }}