Skip to content

Build and Deploy Release #99

Build and Deploy Release

Build and Deploy Release #99

Workflow file for this run

name: Build and Deploy Release
##
## Automates the release process
## 1. Run `./list-changes.sh` and update the changelog.md.
## 2. Run `./prepare-release.sh`
## 3. Create PR, merge PR
## 4. Run `git push origin --tags`
##
permissions:
contents: write
on:
push:
tags:
- v*
jobs:
build:
name: Build dependency-check
runs-on: ubuntu-latest
steps:
- name: Install gpg secret key
id: install-gpg-key
run: |
cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
- uses: actions/checkout@v4
- name: Check Maven Cache
id: maven-cache
uses: actions/cache@v4
with:
path: ~/.m2/repository/
key: mvn-repo
- name: Check Local Maven Cache
id: maven-it-cache
uses: actions/cache@v4
with:
path: maven/target/local-repo
key: mvn-it-repo
- name: Check ODC Data Cache
id: odc-data-cache
uses: actions/cache@v4
with:
path: core/target/data
key: odc-data
- uses: actions/[email protected]
with:
dotnet-version: '8.0.x'
- name: Set up JDK 1.8
id: jdk-8
uses: actions/setup-java@v4
with:
java-version: 8
distribution: 'zulu'
server-id: ossrh
server-username: ${{ secrets.OSSRH_USERNAME }}
server-password: ${{ secrets.OSSRH_TOKEN }}
- uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0
with:
version: 6.0.2
- name: Configure Git user
run: |
git config user.email "[email protected]"
git config user.name "GitHub Actions"
- name: Get version
run: |
VERSION=$( mvn help:evaluate -Dexpression=project.version -q -DforceStdout )
echo "VERSION=$VERSION"
- name: Build Release with Maven
id: build-release
timeout-minutes: 120
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
run: |
mvn -V -s settings.xml -Prelease "-DnexusUrl=https://oss.sonatype.org/" clean package source:jar javadoc:jar gpg:sign deploy site site:stage -DreleaseTesting --no-transfer-progress --batch-mode -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
- name: Archive code coverage results
id: archive-coverage
uses: actions/upload-artifact@v4
with:
name: code-coverage-report
retention-days: 7
path: |
**/target/jacoco-results/jacoco.xml
**/target/jacoco-results/**/*.html
- name: Archive Release
id: archive-release
uses: actions/upload-artifact@v4
with:
name: archive-release
retention-days: 7
path: |
**/target/*.asc
**/target/*.jar
**/target/*.pom
ant/target/*.zip
cli/target/*.zip
target/*.buildinfo
- name: Archive Site
id: archive-site
uses: actions/upload-artifact@v4
with:
name: archive-site
retention-days: 7
path: target/staging/
publish_coverage:
name: publish code coverage reports
runs-on: ubuntu-latest
needs: build
steps:
- name: Download coverage reports
uses: actions/download-artifact@v4
with:
name: code-coverage-report
- name: Run codacy-coverage-reporter
uses: codacy/codacy-coverage-reporter-action@master
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
coverage-reports: utils/target/jacoco-results/jacoco.xml,core/target/jacoco-results/jacoco.xml,maven/target/jacoco-results/jacoco.xml,ant/target/jacoco-results/jacoco.xml,cli/target/jacoco-results/jacoco.xml
docker:
name: Publish Docker
runs-on: ubuntu-latest
needs: build
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
steps:
- name: Check Maven Cache
id: maven-cache
uses: actions/cache@v4
with:
path: ~/.m2/repository/
key: mvn-repo
- name: Check Docker ODC Cache
id: docker-odc-cache
uses: actions/cache@v4
with:
path: ~/OWASP-Dependency-Check
key: docker-repo
- name: Checkout code
uses: actions/checkout@v4
- name: Download release build
uses: actions/download-artifact@v4
with:
name: archive-release
- name: Build Docker Image
run: ./build-docker.sh
- name: build scan target
run: mvn -s settings.xml package -DskipTests=true --no-transfer-progress --batch-mode
- name: Test Docker Image
run: ./test-docker.sh
- name: Deploy Docker Image
run: |
echo $DOCKER_TOKEN | docker login -u $DOCKER_USERNAME --password-stdin 2>/dev/null
./publish-docker.sh
release:
name: Publish Release
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Get version
id: get-version
run: |
VERSION=$( mvn help:evaluate -Dexpression=project.version -q -DforceStdout )
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Download release build
uses: actions/download-artifact@v4
with:
name: archive-release
- name: Create Release
id: create_release
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: v${{ env.VERSION }}
release_name: Version ${{ env.VERSION }}
prerelease: false
draft: false
body: |
Refer to the [CHANGELOG.md](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md#change-log) for information about improvements and upgrade notes.
- name: Upload CLI
id: upload-release-cli
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: cli/target/dependency-check-${{env.VERSION}}-release.zip
asset_name: dependency-check-${{env.VERSION}}-release.zip
asset_content_type: application/zip
- name: Upload CLI signature
id: upload-release-cli-sig
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: cli/target/dependency-check-${{env.VERSION}}-release.zip.asc
asset_name: dependency-check-${{env.VERSION}}-release.zip.asc
asset_content_type: text/plain
- name: Upload ANT
id: upload-release-ant
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ant/target/dependency-check-ant-${{env.VERSION}}-release.zip
asset_name: dependency-check-ant-${{env.VERSION}}-release.zip
asset_content_type: application/zip
- name: Upload ANT signature
id: upload-release-ant-sig
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ant/target/dependency-check-ant-${{env.VERSION}}-release.zip.asc
asset_name: dependency-check-ant-${{env.VERSION}}-release.zip.asc
asset_content_type: text/plain
- name: Upload buildinfo
id: upload-release-buildinfo
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: target/dependency-check-parent-${{env.VERSION}}.buildinfo
asset_name: dependency-check-parent-${{env.VERSION}}.buildinfo
asset_content_type: text/plain
publish:
name: Publish gh-pages
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Download Site
uses: actions/download-artifact@v4
with:
name: archive-site
path: target/staging
- name: Display structure of downloaded files
run: ls -R
working-directory: target
- name: Deploy gh-pages
uses: JamesIves/[email protected]
with:
branch: gh-pages
folder: target/staging
clean: false