Skip to content
.github/workflows/release.yml

Updating ast-cli version and binaries 2.3.54 (#485) #208

Sign in to view logs

Updating ast-cli version and binaries 2.3.54 (#485)

Updating ast-cli version and binaries 2.3.54 (#485) #208

Workflow file for this run

.github/workflows/release.yml at 9d0785d
name: Release Creation
on:
workflow_dispatch:
inputs:
tag:
description: 'Dev release tag'
required: true
type: string
dev:
description: 'Is dev build'
required: false
default: true
type: boolean
cliTag:
description: 'Version of the CLI to bundle'
required: false
type: string
publish:
description: 'Publish package to Maven Central'
required: false
default: false
type: boolean
workflow_call:
inputs:
tag:
description: 'Dev release tag'
required: true
type: string
dev:
description: 'Is dev build'
required: false
default: true
type: boolean
cliTag:
description: 'Version of the CLI to bundle'
required: false
type: string
publish:
description: 'Publish package to Maven Central'
required: false
default: false
type: boolean
permissions:
contents: read
secrets:

Check failure on line 47 in .github/workflows/release.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/release.yml

Invalid workflow file 

You have an error in your yaml syntax on line 47
MAVEN_GPG_PASSPHRASE:
required: true
MAVEN_GPG_PRIVATE_KEY:
required: true
OSSRH_TOKEN:
required: true
OSSRH_USERNAME:
required: true
PERSONAL_ACCESS_TOKEN:
required: true
jobs:
release:
permissions:
id-token: write
contents: write
runs-on: cx-public-ubuntu-x64
outputs:
CLI_VERSION: ${{ steps.extract_cli_version.outputs.CLI_VERSION }}
TAG_NAME: ${{ steps.set_tag_name.outputs.TAG_NAME }}
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
lfs: true
- name: Download CLI
if: inputs.cliTag
run: |
chmod +x ./.github/scripts/update_cli.sh
./.github/scripts/update_cli.sh ${{ inputs.cliTag }}
- name: Extract CLI version
id: extract_cli_version
run: |
CLI_VERSION=$(./src/main/resources/cx-linux version | grep -Eo '^[0-9]+\.[0-9]+\.[0-9]+')
echo "CLI version being packed is $CLI_VERSION"
echo "CLI_VERSION=$CLI_VERSION" >> $GITHUB_ENV
echo "CLI_VERSION=$CLI_VERSION" >> $GITHUB_OUTPUT
- name: Check if CLI version is latest
if: ${{ github.event.inputs.dev == 'false' && !github.event.inputs.cliTag && github.ref == 'refs/heads/main' }}
id: check_latest_cli_version
run: |
LATEST_CLI_VERSION=$(curl -s https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
echo "CLI_VERSION=[$CLI_VERSION]"
echo "LATEST_CLI_VERSION=[$LATEST_CLI_VERSION]"
echo "Latest CLI version from GitHub: $LATEST_CLI_VERSION"
if [ "$CLI_VERSION" = "$LATEST_CLI_VERSION" ]; then
echo "CLI_VERSION ($CLI_VERSION) matches the latest released version ($LATEST_CLI_VERSION). Proceeding."
else
echo "CLI_VERSION ($CLI_VERSION) does not match the latest released version ($LATEST_CLI_VERSION). Failing workflow."
exit 1
fi
- name: Tag
id: set_tag_name
run: |
echo ${{ inputs.tag }}
tag=${{ inputs.tag }}
echo "RELEASE_VERSION=${{ inputs.tag }}" >> $GITHUB_ENV
message='${{ inputs.tag }}'
git config user.name "${GITHUB_ACTOR}"
git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
git tag -a "${tag}" -m "${message}"
git push origin "${tag}"
echo "TAG_NAME=${{ inputs.tag }}" >> $GITHUB_OUTPUT
- name: Set up Maven Central Repository
uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
with:
java-version: '11'
distribution: 'temurin'
server-id: central
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE
- name: Update the POM version.
run: mvn -B versions:set -DnewVersion='${{ env.RELEASE_VERSION }}' --file pom.xml -DskipTests
- name: Build artifactId property
run: |
prop=''
if [ ${{ inputs.dev }} = true ] && ![ "${{ inputs.tag }}" = "1.0.0-SNAPSHOT" ]; then
prop='-Dast.wrapper.id=ast-cli-java-wrapper-dev'
fi
echo "AID_PROP=${prop}" >> $GITHUB_ENV
- name: Publish package
if: inputs.publish == true
run: mvn --batch-mode deploy -DskipTests ${{ env.AID_PROP }}
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Release
uses: step-security/action-gh-release@277bfa82abcfdb73e5bbb19e213fd76532ee2be5 # v3.0.0
with:
generate_release_notes: true
tag_name: ${{ inputs.tag }}
prerelease: ${{ inputs.dev }}
# notify:
# if: inputs.dev == false
# needs: release
# uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main
# with:
# product_name: Java Wrapper
# release_version: ${{ needs.release.outputs.TAG_NAME }}
# cli_release_version: ${{ needs.release.outputs.CLI_VERSION }}
# release_author: "Sypher Team"
# release_url: https://github.com/Checkmarx/ast-cli-java-wrapper/releases/tag/${{ needs.release.outputs.TAG_NAME }}
# jira_product_name: JAVA_WRAPPER
# secrets: inherit
# dispatch_auto_release:
# name: Update Jenkins/Jetbrains/Eclipse Extensions With new Wrapper Version
# if: inputs.dev == false
# needs: notify
# uses: Checkmarx/plugins-release-workflow/.github/workflows/dispatch-workflow.yml@main
# with:
# cli_version: ${{ needs.release.outputs.CLI_VERSION }}
# is_cli_release: false
# is_java_release: true
# secrets: inherit