-
Notifications
You must be signed in to change notification settings - Fork 1
109 lines (96 loc) · 3.66 KB
/
v2-shared-java-publish-versioned-package.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
name: Shared Pipeline to build and publish JAR Packages to Maven Repos
on:
workflow_call:
inputs:
release_type:
description: The type of version number to return. Must be one of [Snapshot, Patch, Minor or Major]
required: true
type: string
publish_to_maven:
description: 'True to publish the artifacts to maven repository, false to skip the step'
default: true
required: false
type: boolean
java_version:
type: string
default: '11'
publish_vulnerabilities:
type: string
default: 'true'
env:
IS_RELEASE: ${{ inputs.release_type == 'Major' || inputs.release_type == 'Minor' || inputs.release_type == 'Patch' }}
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: ${{ inputs.java_version }}
- name: Download key
uses: IABTechLab/uid2-shared-actions/actions/download_gpg_key@main
with:
key: ${{ secrets.GPG_KEY }}
- name: Generate Trivy vulnerability scan report
uses: aquasecurity/[email protected]
if: inputs.publish_vulnerabilities == 'true'
with:
scan-type: 'fs'
format: 'sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
output: 'trivy-results.sarif'
hide-progress: true
- name: Upload Trivy scan report to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
if: inputs.publish_vulnerabilities == 'true'
with:
sarif_file: 'trivy-results.sarif'
- name: Test with Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
scan-type: 'fs'
format: 'table'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL'
hide-progress: true
- name: Set version number
id: version
uses: IABTechLab/uid2-shared-actions/actions/version_number@main
with:
type: ${{ inputs.release_type }}
branch_name: ${{ github.ref }}
- name: Update pom.xml
run: |
current_version=$(grep -o '<version>.*</version>' pom.xml | head -1 | sed 's/<version>\(.*\)<\/version>/\1/')
new_version=${{ steps.version.outputs.new_version }}
sed -i "s/$current_version/$new_version/g" pom.xml
echo "Version number updated from $current_version to $new_version"
- name: Publish
if: ${{ inputs.publish_to_maven }}
run: mvn -B -Drepo.id=ossrh -Drepo.login=${{ secrets.SONATYPE_REPO_ACCOUNT }} -Drepo.pwd="${{ secrets.SONATYPE_REPO_PASSWORD }}" -Dgpg.passphrase="${{ secrets.GPG_PASSPHRASE }}" clean deploy
- name: Commit pom.xml and version.json
uses: EndBug/add-and-commit@v9
with:
add: 'pom.xml version.json'
author_name: Release Workflow
author_email: [email protected]
message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}'
- name: Build Changelog
id: github_release
if: ${{ env.IS_RELEASE }}
uses: mikepenz/release-changelog-builder-action@v3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create Release
if: ${{ env.IS_RELEASE }}
uses: mikepenz/[email protected] #softprops/action-gh-release
with:
body: ${{steps.github_release.outputs.changelog}}