Build and Deploy Release #82
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Deploy Release | |
## | |
## Automates the release process | |
## 1. Update the 'body:' below and the changelog.md | |
## 2. Run `./prepare-release.sh` | |
## 3. Create PR, merge PR | |
## 4. Run `git push origin main --tags` | |
## | |
permissions: | |
contents: write | |
on: | |
push: | |
tags: | |
- v* | |
jobs: | |
build: | |
name: Build dependency-check | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install gpg secret key | |
id: install-gpg-key | |
run: | | |
cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import | |
gpg --list-secret-keys --keyid-format LONG | |
- uses: actions/checkout@v4 | |
- name: Check Maven Cache | |
id: maven-cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.m2/repository/ | |
key: mvn-repo | |
- name: Check Local Maven Cache | |
id: maven-it-cache | |
uses: actions/cache@v3 | |
with: | |
path: maven/target/local-repo | |
key: mvn-it-repo | |
- name: Check ODC Data Cache | |
id: odc-data-cache | |
uses: actions/cache@v3 | |
with: | |
path: core/target/data | |
key: odc-data | |
- uses: actions/[email protected] | |
with: | |
dotnet-version: '6.0.x' | |
- name: Set up JDK 1.8 | |
id: jdk-8 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: 8 | |
distribution: 'zulu' | |
server-id: ossrh | |
server-username: ${{ secrets.OSSRH_USERNAME }} | |
server-password: ${{ secrets.OSSRH_TOKEN }} | |
- uses: pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598 # v2.4.0 | |
with: | |
version: 6.0.2 | |
- name: Configure Git user | |
run: | | |
git config user.email "[email protected]" | |
git config user.name "GitHub Actions" | |
- name: Get version | |
run: | | |
VERSION=$( mvn help:evaluate -Dexpression=project.version -q -DforceStdout ) | |
echo "VERSION=$VERSION" | |
- name: Build Release with Maven | |
id: build-release | |
timeout-minutes: 120 | |
env: | |
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
run: | | |
mvn -s settings.xml -Prelease "-DnexusUrl=https://oss.sonatype.org/" clean package source:jar javadoc:jar gpg:sign deploy site site:stage -DreleaseTesting --no-transfer-progress --batch-mode -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
- name: Archive code coverage results | |
id: archive-coverage | |
uses: actions/upload-artifact@v3 | |
with: | |
name: code-coverage-report | |
retention-days: 7 | |
path: | | |
**/target/jacoco-results/jacoco.xml | |
**/target/jacoco-results/**/*.html | |
- name: Archive Release | |
id: archive-release | |
uses: actions/upload-artifact@v3 | |
with: | |
name: archive-release | |
retention-days: 7 | |
path: | | |
**/target/*.asc | |
**/target/*.jar | |
**/target/*.pom | |
ant/target/*.zip | |
cli/target/*.zip | |
target/*.buildinfo | |
- name: Archive Site | |
id: archive-site | |
uses: actions/upload-artifact@v3 | |
with: | |
name: archive-site | |
retention-days: 7 | |
path: target/staging/ | |
publish_coverage: | |
name: publish code coverage reports | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Download coverage reports | |
uses: actions/download-artifact@v3 | |
with: | |
name: code-coverage-report | |
- name: Run codacy-coverage-reporter | |
uses: codacy/codacy-coverage-reporter-action@master | |
with: | |
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
coverage-reports: utils/target/jacoco-results/jacoco.xml,core/target/jacoco-results/jacoco.xml,maven/target/jacoco-results/jacoco.xml,ant/target/jacoco-results/jacoco.xml,cli/target/jacoco-results/jacoco.xml | |
docker: | |
name: Publish Docker | |
runs-on: ubuntu-latest | |
needs: build | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} | |
steps: | |
- name: Check Maven Cache | |
id: maven-cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.m2/repository/ | |
key: mvn-repo | |
- name: Check Docker ODC Cache | |
id: docker-odc-cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/OWASP-Dependency-Check | |
key: docker-repo | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download release build | |
uses: actions/download-artifact@v3 | |
with: | |
name: archive-release | |
- name: Build Docker Image | |
run: ./build-docker.sh | |
- name: build scan target | |
run: mvn -s settings.xml package -DskipTests=true --no-transfer-progress --batch-mode | |
- name: Test Docker Image | |
run: ./test-docker.sh | |
- name: Deploy Docker Image | |
run: | | |
echo $DOCKER_TOKEN | docker login -u $DOCKER_USERNAME --password-stdin 2>/dev/null | |
./publish-docker.sh | |
release: | |
name: Publish Release | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Get version | |
id: get-version | |
run: | | |
VERSION=$( mvn help:evaluate -Dexpression=project.version -q -DforceStdout ) | |
echo "VERSION=$VERSION" >> $GITHUB_ENV | |
- name: Download release build | |
uses: actions/download-artifact@v3 | |
with: | |
name: archive-release | |
- name: Create Release | |
id: create_release | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: v${{ env.VERSION }} | |
release_name: Version ${{ env.VERSION }} | |
prerelease: false | |
draft: false | |
body: | | |
- fix: upgrade to JCS3 (#5114) | |
- fix: Support ~= version specifier in requirements.txt and pipfile (#5902) | |
- fix: Version of dependency no longer ignored when CPE product has a 'java' suffix in a product name (#5901) | |
- fix: Do not filter out evidences added by hints (#5900) | |
- fix: fixes FP #5925 (#5927) | |
See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/67?closed=1). | |
- name: Upload CLI | |
id: upload-release-cli | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: cli/target/dependency-check-${{env.VERSION}}-release.zip | |
asset_name: dependency-check-${{env.VERSION}}-release.zip | |
asset_content_type: application/zip | |
- name: Upload CLI signature | |
id: upload-release-cli-sig | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: cli/target/dependency-check-${{env.VERSION}}-release.zip.asc | |
asset_name: dependency-check-${{env.VERSION}}-release.zip.asc | |
asset_content_type: text/plain | |
- name: Upload ANT | |
id: upload-release-ant | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ant/target/dependency-check-ant-${{env.VERSION}}-release.zip | |
asset_name: dependency-check-ant-${{env.VERSION}}-release.zip | |
asset_content_type: application/zip | |
- name: Upload ANT signature | |
id: upload-release-ant-sig | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ant/target/dependency-check-ant-${{env.VERSION}}-release.zip.asc | |
asset_name: dependency-check-ant-${{env.VERSION}}-release.zip.asc | |
asset_content_type: text/plain | |
- name: Upload buildinfo | |
id: upload-release-buildinfo | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: target/dependency-check-parent-${{env.VERSION}}.buildinfo | |
asset_name: dependency-check-parent-${{env.VERSION}}.buildinfo | |
asset_content_type: text/plain | |
publish: | |
name: Publish gh-pages | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download Site | |
uses: actions/download-artifact@v3 | |
with: | |
name: archive-site | |
path: target/staging | |
- name: Display structure of downloaded files | |
run: ls -R | |
working-directory: target | |
- name: Deploy gh-pages | |
uses: JamesIves/[email protected] | |
with: | |
branch: gh-pages | |
folder: target/staging | |
clean: false |