Moved to workflows folder #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Shared Pipeline to build and publish JAR Packages to Maven Repos | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| release_type: | ||
| description: The type of version number to return. Must be one of [Snapshot, Patch, Minor or Major] | ||
| required: true | ||
| type: string | ||
| publish_to_maven: | ||
| description: 'True to publish the artifacts to maven repository, false to skip the step' | ||
| default: true | ||
| required: false | ||
| type: boolean | ||
| java_version: | ||
| type: string | ||
| default: '11' | ||
| publish_vulnerabilities: | ||
| type: string | ||
| default: 'true' | ||
| env: | ||
| IS_RELEASE: ${{ inputs.release_type == 'Major' || inputs.release_type == 'Minor' || inputs.release_type == 'Patch' }} | ||
| jobs: | ||
| release: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout repo | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Set up JDK | ||
| uses: actions/setup-java@v3 | ||
| with: | ||
| distribution: 'temurin' | ||
| java-version: ${{ inputs.java_version }} | ||
| - name: Download key | ||
| uses: IABTechLab/uid2-shared-actions/actions/download_gpg_key@main | ||
| with: | ||
| key: ${{ secrets.GPG_KEY }} | ||
| - name: Generate Trivy vulnerability scan report | ||
| uses: aquasecurity/[email protected] | ||
| if: inputs.publish_vulnerabilities == 'true' | ||
| with: | ||
| scan-type: 'fs' | ||
| format: 'sarif' | ||
| exit-code: '0' | ||
| ignore-unfixed: true | ||
| severity: 'CRITICAL,HIGH' | ||
| output: 'trivy-results.sarif' | ||
| hide-progress: true | ||
| - name: Upload Trivy scan report to GitHub Security tab | ||
| uses: github/codeql-action/upload-sarif@v2 | ||
| if: inputs.publish_vulnerabilities == 'true' | ||
| with: | ||
| sarif_file: 'trivy-results.sarif' | ||
| - name: Test with Trivy vulnerability scanner | ||
| uses: aquasecurity/[email protected] | ||
| with: | ||
| scan-type: 'fs' | ||
| format: 'table' | ||
| exit-code: '1' | ||
| ignore-unfixed: true | ||
| severity: 'CRITICAL' | ||
| hide-progress: true | ||
| - name: Set version number | ||
| id: version | ||
| uses: IABTechLab/uid2-shared-actions/actions/version_number@main | ||
| with: | ||
| type: ${{ inputs.release_type }} | ||
| branch_name: ${{ github.ref }} | ||
| - name: Update pom.xml | ||
| run: | | ||
| current_version=$(grep -o '<version>.*</version>' pom.xml | head -1 | sed 's/<version>\(.*\)<\/version>/\1/') | ||
| new_version=${{ steps.version.outputs.new_version }} | ||
| sed -i "s/$current_version/$new_version/g" pom.xml | ||
| echo "Version number updated from $current_version to $new_version" | ||
| - name: Publish | ||
| if: ${{ inputs.publish_to_maven }} | ||
| run: mvn -B -Drepo.id=ossrh -Drepo.login=${{ secrets.SONATYPE_REPO_ACCOUNT }} -Drepo.pwd="${{ secrets.SONATYPE_REPO_PASSWORD }}" -Dgpg.passphrase="${{ secrets.GPG_PASSPHRASE }}" clean deploy | ||
| - name: Commit pom.xml and version.json | ||
| uses: EndBug/add-and-commit@v9 | ||
| with: | ||
| add: 'pom.xml version.json' | ||
| author_name: Release Workflow | ||
| author_email: [email protected] | ||
| message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' | ||
| - name: Build Changelog | ||
| id: github_release | ||
| if: ${{ env.IS_RELEASE }} | ||
| uses: mikepenz/release-changelog-builder-action@v3 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Create Release | ||
| if: ${{ env.IS_RELEASE }} | ||
| uses: mikepenz/[email protected] #softprops/action-gh-release | ||
| with: | ||
| body: ${{steps.github_release.outputs.changelog}} | ||
