Skip to content

Release Github Action #8

Release Github Action

Release Github Action #8

# SPDX-License-Identifier: MIT
name: Release Github Action
on:
workflow_dispatch:
inputs:
actor-email:
description: Insert your email address here. It will be used in the generated pull requests
required: true
ghaction-version:
description: Github Action Version (e.g. 1.0.0)
required: true
ghaction-milestone-number:
description: Github Action Milestone number (e.g. 70)
required: true
permissions:
contents: write
issues: write
pull-requests: write
jobs:
release-version:
name: Create Github Action release
runs-on: ubuntu-latest
steps:
- name: "Show Inputs"
run: |
echo "actor-email: '${{ inputs.actor-email }}'"
echo "Github Action '${{ inputs.ghaction-version }}' - Milestone '${{ inputs.ghaction-milestone-number }}'"
# Check inputs:
- name: "Verify Input for Github Action release"
if: (inputs.ghaction-version == '') || (inputs.ghaction-milestone-number == '')
run: |
echo "For Github Action release, ghaction-version and ghaction-milestone-number must be provided!"
exit 1
- name: Checkout master
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
with:
ref: master
# ----------------------
# Setup + Caching
# ----------------------
- name: Use Node.js
# We do not define a dedicated node version here, we just use the default environment
# which should be the default environment for the github actions runtime as well
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65
- name: Git setup
run: |
git config user.name "$GITHUB_TRIGGERING_ACTOR (via github-actions)"
git config user.email "${{ inputs.actor-email }}"
# ----------------------
# Create pull request if license headers are missing
# ----------------------
- name: run apply-headers.sh
id: apply-headers
run: |
./apply-headers.sh
git commit -am "SPDX headers added by SecHub release job @github-actions" || true
COMMITS=`git log --oneline --branches --not --remotes`
echo "commits=$COMMITS" >> $GITHUB_OUTPUT
- name: Create pull request for SPDX license headers
id: pr_spdx_headers
if: steps.apply-headers.outputs.commits != ''
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
with:
branch: release-spdx-headers
branch-suffix: short-commit-hash
delete-branch: true
title: '0 - Before ghaction release: Add missing SPDX license headers [auto-generated]'
body: |
Auto-generated by Github Actions ghaction release job.
-> Please review and merge **before** publishing the ghaction release.
- name: Print PR infos
if: steps.apply-headers.outputs.commits != ''
run: |
echo "Pull Request Number - ${{ steps.pr_spdx_headers.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.pr_spdx_headers.outputs.pull-request-url }}"
# ----------------------
# Build SecHub Github Action + set package version
# ----------------------
- name: Build github-actions/scan and set package version to v${{ inputs.ghaction-version }}
run: |
GHACTION="github-actions/scan"
cd $GHACTION
echo "# $GHACTION - Install dependencies"
npm ci
echo "# $GHACTION - Run build"
npm run build
echo "# $GHACTION - Run unit tests"
npm test
echo "# $GHACTION - Update package version to ${{ inputs.ghaction-version }}"
echo "$( jq --arg a "${{ inputs.ghaction-version }}" '.version = $a' package.json )" > package.json
# -----------------------------------------
# Create release issue
# -----------------------------------------
- name: Create SecHub Github Action ${{ inputs.ghaction-version }} release issue
id: release-issue
uses: dacbd/create-issue-action@main
with:
token: ${{ github.token }}
title: Release SecHub Github Action ${{ inputs.ghaction-version }}
body: |
See [Milestone ${{inputs.ghaction-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.ghaction-milestone-number}}?closed=1) for details.
Please close this issue after the release.
milestone: ${{ inputs.ghaction-milestone-number }}
# ----------------------
# Create pull request for updated files
# ----------------------
- name: Commit build artifacts from above steps
id: github-actions_commit
run: |
git commit -am "SecHub release job @github-actions for Github Action ${{ inputs.ghaction-version }} #${{ steps.release-issue.outputs.number }}" || true
COMMITS=`git log --oneline --branches --not --remotes`
echo "commits=$COMMITS" >> $GITHUB_OUTPUT
- name: Create pull request for SecHub Github Action release
id: pr_gha-release
if: steps.github-actions_commit.outputs.commits != ''
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
with:
branch: release-github-action
branch-suffix: short-commit-hash
delete-branch: true
title: '1 - Before ghaction release: Merge Github Action release artifacts [auto-generated]'
body: |
Auto-generated by Github Actions release job.
- closes #${{ steps.release-issue.outputs.number }}
-> Please review and merge **before** publishing the ghaction release.
- name: Print PR infos
if: steps.github-actions_commit.outputs.commits != ''
run: |
echo "Pull Request Number - ${{ steps.pr_gha-release.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.pr_gha-release.outputs.pull-request-url }}"
# # -----------------------------------------
# # Create draft release
# # -----------------------------------------
# - name: Create Github Action release
# id: create_ghaction_release
# uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
# with:
# tag_name: v${{ inputs.ghaction-version }}-gha
# commitish: master
# release_name: Github Action Version ${{ inputs.ghaction-version }}
# body: |
# Changes in this Release
# - Some minor changes on Github Action implementation
# For more details please look at [Milestone ${{inputs.ghaction-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.ghaction-milestone-number}}?closed=1)
# draft: true
# prerelease: false
# # -----------------------------------------
# # Create a pull request for merging back `master` into `develop`
# # -----------------------------------------
# - name: pull-request master to develop
# id: pr_master_to_develop
# continue-on-error: true
# uses: repo-sync/pull-request@7e79a9f5dc3ad0ce53138f01df2fad14a04831c5
# with:
# github_token: ${{ secrets.GITHUB_TOKEN }}
# source_branch: "master"
# destination_branch: "develop"
# pr_allow_empty: true # should allow an empty PR, but seems not to work
# pr_title: '2 - After ghaction release: Merge master back into develop [auto-generated]'
# pr_body: |
# After SecHub Github Action release
# - Github Action '${{ inputs.ghaction-version }}'
# Merge master branch back into develop
# -> Please merge **after** the release has been published.
# - name: Print PR infos if PR was created
# if: steps.pr_master_to_develop.outcome == 'success'
# run: |
# echo "Pull Request Number - ${{ steps.pr_master_to_develop.outputs.pr_number }}"
# echo "Pull Request URL - ${{ steps.pr_master_to_develop.outputs.pr_url }}"
# - name: Print info if no PR was created
# if: steps.pr_master_to_develop.outcome != 'success'
# run: |
# echo "Nothing to merge - no pull request necessary."