Merge pull request #3360 from mercedes-benz/feature-3359-validation-w…

…rapper-release-and-integration

initial release job for Secretscan Validation Wrapper #3359

.github/workflows/release-wrapper-validation.yml

@@ -0,0 +1,213 @@
+# SPDX-License-Identifier: MIT
+name: Release Secretscan Validation Wrapper
+
+on:
+  workflow_dispatch:
+    inputs:
+      actor-email:
+        description: Insert your email address here. It will be used in the generated pull requests
+        required: true
+      validation-wrapper-version:
+        description: Secretscan-Validation-wrapper Version (e.g. 1.0.0)
+        required: true
+      validation-wrapper-milestone-number:
+        description: Secretscan-Validation-wrapper Milestone number (e.g. 153)
+        required: true
+jobs:
+  release-version:
+    name: Create Secretscan-Validation-wrapper release
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Show Inputs"
+        run: |
+          echo "actor-email: '${{ inputs.actor-email }}'"
+          echo "Secretscan-Validation-wrapper '${{ inputs.validation-wrapper-version }}' - Milestone '${{ inputs.validation-wrapper-milestone-number }}'"
+
+      - name: Checkout branch master
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        with:
+          ref: master
+
+      # Create temporary local tags, so we build documentation for this tag...
+      # The final tag on git server side will be done automatically by the release when the draft is saved as "real" release
+      - name: Tag Secretscan Validation Wrapper version v${{ inputs.validation-wrapper-version }}-validation-wrapper (temporarily)
+        run: git tag v${{ inputs.validation-wrapper-version }}-validation-wrapper
+
+      # ----------------------
+      # Setup + Caching
+      # ----------------------
+      - name: Set up JDK 17
+        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+        with:
+          java-version: 17
+          distribution: temurin
+
+      - name: Set up Gradle
+        uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582
+        with:
+          cache-read-only: false
+
+      # ----------------------
+      # Create a pull request if license headers are missing
+      # ----------------------
+      - name: run apply-headers.sh
+        id: apply-headers
+        run: |
+          git config user.name "$GITHUB_TRIGGERING_ACTOR (via github-actions)"
+          git config user.email "${{ inputs.actor-email }}"
+          ./apply-headers.sh
+          git commit -am "SPDX headers added by SecHub release job @github-actions" || true
+          COMMITS=`git log --oneline --branches --not --remotes`
+          echo "commits=$COMMITS" >> $GITHUB_OUTPUT
+
+      - name: Create a pull request for SPDX license headers
+        id: pr_spdx_headers
+        if: steps.apply-headers.outputs.commits != ''
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        with:
+          branch: release-spdx-headers
+          branch-suffix: short-commit-hash
+          delete-branch: true
+          title: '0 - Before validation-wrapper release: Add missing SPDX license headers [auto-generated]'
+          body: |
+            Auto-generated by Github Actions validation-wrapper release job.
+
+            -> Please review and merge **before** publishing the validation-wrapper release.
+
+      - name: Print PR infos
+        if: steps.apply-headers.outputs.commits != ''
+        run: |
+          echo "Pull Request Number - ${{ steps.pr_spdx_headers.outputs.pull-request-number }}"
+          echo "Pull Request URL - ${{ steps.pr_spdx_headers.outputs.pull-request-url }}"
+
+      - name: Switch back to master branch
+        run: git checkout master
+
+      # -----------------------------------------
+      # Build SecHub Secretscan Validation Wrapper
+      # -----------------------------------------
+      - name: Build Secretscan Validation Wrapper
+        run: ./gradlew :sechub-wrapper-validation:bootjar
+
+      # -----------------------------------------
+      # Upload build artifacts
+      # -----------------------------------------
+      - name: Inspect GIT status
+        if: always()
+        run: |
+          mkdir build/reports -p
+          git status > build/reports/git-status.txt
+
+      - name: Archive GIT status
+        if: always()
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
+        with:
+          name: git-status.txt
+          path: build/reports/git-status.txt
+          retention-days: 14
+
+      - name: Archive Secretscan Validation Wrapper libs directory
+        if: always()
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
+        with:
+          name: sechub-wrapper-validation
+          path: sechub-wrapper-validation/build/libs
+          retention-days: 14
+
+      - name: Switch back to master branch
+        run: git checkout master
+
+      # -----------------------------------------
+      # Assert releaseable, so no dirty flags on releases
+      # even when all artifact creation parts are done!
+      # -----------------------------------------
+      - name: Assert releasable
+        run: ./gradlew assertReleaseable
+
+      - name: Create Secretscan Validation Wrapper release
+        id: create_validation-wrapper_release
+        uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          tag_name: v${{ inputs.validation-wrapper-version }}-validation-wrapper
+          commitish: master
+          release_name: Secretscan Validation Wrapper Version ${{ inputs.validation-wrapper-version }}
+          body: |
+            Changes in this Release
+            - Some minor changes on Secretscan Validation Wrapper implementation
+
+            For more details please look at [Milestone ${{inputs.validation-wrapper-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.validation-wrapper-milestone-number}}?closed=1)
+          draft: true
+          prerelease: false
+
+      # -----------------------------------------
+      # Upload release artifacts
+      # -----------------------------------------
+      - name: Create files and sha256 checksum for Secretscan Validation Wrapper jar
+        run: |
+          cd sechub-wrapper-validation/build/libs/
+          sha256sum sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar > sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar.sha256sum
+
+      - name: Upload asset sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar
+        uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_validation-wrapper_release.outputs.upload_url }}
+          asset_path: sechub-wrapper-validation/build/libs/sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar
+          asset_name: sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar
+          asset_content_type: application/zip
+
+      - name: Upload asset sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar.sha256sum
+        uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_validation-wrapper_release.outputs.upload_url }}
+          asset_path: sechub-wrapper-validation/build/libs/sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar.sha256sum
+          asset_name: sechub-wrapper-validation-${{ inputs.validation-wrapper-version }}.jar.sha256sum
+          asset_content_type: text/plain
+
+      # -----------------------------------------
+      # Create release issue
+      # -----------------------------------------
+      - name: Create Secretscan Validation Wrapper ${{ inputs.validation-wrapper-version }} release issue
+        uses: dacbd/create-issue-action@main
+        with:
+          token: ${{ github.token }}
+          title: Release Secretscan Validation Wrapper ${{ inputs.validation-wrapper-version }}
+          body: |
+            See [Milestone ${{inputs.validation-wrapper-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.validation-wrapper-milestone-number}}?closed=1) for details.
+
+            Please close this issue after the release.
+          milestone: ${{ inputs.validation-wrapper-milestone-number }}
+
+      # -----------------------------------------
+      # Create a pull request for merging back `master` into `develop`
+      # -----------------------------------------
+      - name: pull-request master to develop
+        id: pr_master_to_develop
+        continue-on-error: true
+        uses: repo-sync/pull-request@7e79a9f5dc3ad0ce53138f01df2fad14a04831c5
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          source_branch: "master"
+          destination_branch: "develop"
+          pr_allow_empty: true  # should allow an empty PR, but seems not to work
+          pr_title: '2 - After Secretscan Validation Wrapper release: Merge master back into develop [auto-generated]'
+          pr_body: |
+            Merge master branch back into develop
+
+            -> Please merge **after** the release has been published.
+
+      - name: Print PR infos if PR was created
+        if: steps.pr_master_to_develop.outcome == 'success'
+        run: |
+          echo "Pull Request Number - ${{ steps.pr_master_to_develop.outputs.pr_number }}"
+          echo "Pull Request URL - ${{ steps.pr_master_to_develop.outputs.pr_url }}"
+
+      - name: Print info if no PR was created
+        if: steps.pr_master_to_develop.outcome != 'success'
+        run: |
+          echo "Nothing to merge - no pull request necessary."