-
Notifications
You must be signed in to change notification settings - Fork 10
131 lines (112 loc) · 5.33 KB
/
Copy pathupdate-cli-version.yml
File metadata and controls
131 lines (112 loc) · 5.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Update AST CLI JavaScript Wrapper Version
on:
workflow_dispatch:
inputs:
version:
description: "Specify a version (e.g., 0.0.124). Leave empty for the latest official version."
required: false
default: ""
repository_dispatch:
types: [js-wrapper-version-update]
permissions:
contents: read
jobs:
update-js-wrapper:
runs-on: cx-public-ubuntu-x64
env:
GH_TOKEN: ${{ github.token }}
permissions:
contents: write
pull-requests: write
packages: read
steps:
- name: Checkout Repository
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Verify single lockfile
run: |
if [ -f yarn.lock ] && [ -f package-lock.json ]; then
echo "❌ ERROR: Both yarn.lock and package-lock.json found. Policy requires exactly ONE package manager. Allowed: npm + package-lock.json OR Yarn + yarn.lock"
exit 1
fi
if [ ! -f yarn.lock ] && [ ! -f package-lock.json ]; then
echo "❌ ERROR: No lockfile found. Policy requires exactly ONE package manager lockfile. Required: npm + package-lock.json OR Yarn + yarn.lock"
exit 1
fi
- name: Set Up npm Authentication
run: |
echo "@checkmarx:registry=https://npm.pkg.github.com" > packages/core/.npmrc
echo "//npm.pkg.github.com/:_authToken=${{ github.token }}" >> packages/core/.npmrc
echo "registry=https://npm.echohq.com/" > ~/.npmrc
echo "//npm.echohq.com/:_authToken=${{ secrets.ECHO_LIBRARIES_ACCESS_KEY }}" >> ~/.npmrc
echo "//packages.echohq.com/:_authToken=${{ secrets.ECHO_LIBRARIES_ACCESS_KEY }}" >> ~/.npmrc
echo "@checkmarx:registry=https://npm.pkg.github.com" >> ~/.npmrc
echo "//npm.pkg.github.com/:_authToken=${{ github.token }}" >> ~/.npmrc
- name: Determine Version
id: get_version
run: |
# Enable detailed debugging
set -x
# Check if a version input was provided
if [[ -n "${{ github.event.inputs.version }}" ]]; then
VERSION="${{ github.event.inputs.version }}"
echo "Input version provided: $VERSION"
else
echo "No input version provided. Fetching the latest release version from GitHub API..."
# Fetch the latest release tag from the GitHub API
API_RESPONSE=$(curl -s "https://api.github.com/repos/Checkmarx/ast-cli-javascript-wrapper/releases")
echo "API response received: $API_RESPONSE"
# Extract the latest semantic version tag
VERSION=$(gh api repos/Checkmarx/ast-cli-javascript-wrapper/releases --jq '[.[] | select(.prerelease == false) | .tag_name | select(test("^v?[0-9]+\\.[0-9]+\\.[0-9]+$")) | ltrimstr("v")] | sort_by(split(".") | map(tonumber)) | .[-1]')
echo "Extracted version: $VERSION"
fi
# Remove leading 'v' if present
VERSION="${VERSION#v}"
echo "Normalized version (without leading 'v'): $VERSION"
# Validate the extracted version
if [[ -z "$VERSION" || "$VERSION" == "null" ]]; then
echo "Error: Failed to determine a valid version."
exit 1
fi
# Export the VERSION variable for subsequent steps
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Update package.json
run: |
sed -i "s|\"@checkmarx/ast-cli-javascript-wrapper\": \"[^\"]*\"|\"@checkmarx/ast-cli-javascript-wrapper\": \"${VERSION}\"|" packages/core/package.json
- name: Install Dependencies and Update package-lock.json
run: |
npm run install:all
- name: Check for Changes
id: check_changes
run: |
if git diff --quiet; then
echo "No changes detected. Nothing to commit."
echo "changes=false" >> $GITHUB_ENV
else
echo "Changes detected."
echo "changes=true" >> $GITHUB_ENV
fi
- name: Commit Changes
if: env.changes == 'true'
run: |
git config --global user.name "github-actions"
git config --global user.email "github-actions@github.com"
git add packages/core/package.json packages/core/package-lock.json
git add packages/checkmarx/package.json packages/checkmarx/package-lock.json
git add packages/project-ignite/package.json packages/project-ignite/package-lock.json
git commit -m "Update AST CLI JavaScript Wrapper to version ${VERSION}"
- name: Create Pull Request
if: env.changes == 'true'
uses: step-security/create-pull-request@50c103da2b9ca12cd5bc013fc6931051a5aa872b # v8.1.1
with:
token: ${{ secrets.AUTOMATION_TOKEN }}
commit-message: Update AST CLI JavaScript Wrapper to version ${{ env.VERSION }}
title: Update AST CLI JavaScript Wrapper to version ${{ env.VERSION }}
body: |
Updates the AST CLI JavaScript Wrapper to version `${{ env.VERSION }}`
Auto-generated by [create-pull-request][2]
labels: cxone
branch: other/update_js_wrapper_${{ env.VERSION }}
- name: No Changes to Commit
if: env.changes == 'false'
run: |
echo "No changes detected in the package.json or package-lock.json. Exiting the workflow gracefully."