Build and publish #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-and-publish | |
| run-name: Build and publish | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| BRANCH: | |
| type: choice | |
| options: | |
| - master | |
| description: Branch to build and push | |
| default: master | |
| required: true | |
| repository_dispatch: | |
| types: [ "ql:publish-command" ] | |
| push: | |
| tags: | |
| - "v*" | |
| # These permissions are required to allow writing comments and reporting check status. | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| actions: write | |
| statuses: write | |
| issues: write | |
| checks: write | |
| packages: write | |
| jobs: | |
| build-and-publish: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: [ 'java' ] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ env.GIT_REF }} | |
| - name: Get git commit hash | |
| uses: pr-mpt/actions-commit-hash@v2 | |
| id: commit | |
| - name: Configure dynamic variables | |
| id: vars | |
| run: | | |
| # For local dev. | |
| if [[ -z $GITHUB_OUTPUT ]]; then | |
| GITHUB_OUTPUT=/dev/stdout | |
| fi | |
| # The version of the CodeQL query pack | |
| version=`cat vertx-codeql-queries/ql/src/qlpack.yml | yq e ".version" -` | |
| # Check if this is a snapshot version | |
| isSnapshot=false | |
| if [[ $version == *"-alpha" ]]; then | |
| isSnapshot=true | |
| fi | |
| echo "Version: $version" | |
| echo "Is snapshot: $isSnapshot" | |
| echo "version=$version" >> $GITHUB_OUTPUT | |
| echo "isSnapshot=$isSnapshot" >> $GITHUB_OUTPUT | |
| - name: Fetch CodeQL | |
| shell: bash | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| run: | | |
| gh extension install github/gh-codeql | |
| gh codeql version | |
| printf "CODEQL_FETCHED_CODEQL_PATH=" >> "${GITHUB_ENV}" | |
| gh codeql version --format=json | jq -r .unpackedLocation >> "${GITHUB_ENV}" | |
| gh codeql version --format=json | jq -r .unpackedLocation >> "${GITHUB_PATH}" | |
| - name: Generate query help files | |
| run: | | |
| cd vertx-codeql-queries/ql/src | |
| codeql generate query-help *.qhelp --format=markdown -o . | |
| ls -al | |
| - name: Get Version ID from the Versions List | |
| if: ${{ steps.package.outputs.isSnapshot != true }} | |
| id: package | |
| run: | | |
| # For dev | |
| #GITHUB_TOKEN=$(cat /tmp/token) | |
| #VERSION=1.0.0-alpha | |
| if [[ -z $GITHUB_OUTPUT ]]; then | |
| GITHUB_OUTPUT=/dev/stdout | |
| fi | |
| GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
| VERSION=${{ steps.vars.outputs.version }} | |
| URL="https://api.github.com/user/packages/container/vertx-codeql-queries/versions" | |
| RESPONSE=$(echo "Sending request to $URL" > /dev/stdout; curl -sS -L -D /dev/stdout -o versions.json -w '%{http_code}' -X GET -H "Authorization: Bearer $GITHUB_TOKEN" $URL || echo "") | |
| HEADERS=$(echo "$RESPONSE" | head -n -2 | sed 's/^/ /') | |
| STATUS_CODE=$(echo "$RESPONSE" | tail -n 1) | |
| RESPONSE=$(cat versions.json) | |
| echo "Response: \n ${RESPONSE}" | |
| # Fail step on request error? | |
| [[ $STATUS_CODE != "200" && $STATUS_CODE != "404" ]] && { echo "Request to $URL returned response ${STATUS_CODE}" ; exit 1; } | |
| if [[ $STATUS_CODE == "404" ]]; then | |
| echo "Version $VERSION has not been found. Version value will be 'unknown'." | |
| echo "versionId=unknown" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| VERSION_ID=$(echo "$RESPONSE" | jq --arg VERSION "$VERSION" -r '.[]|select(.metadata.container.tags|any(. == $VERSION)).id') | |
| echo "Found version id is: ${VERSION_ID}" | |
| echo "versionId=${VERSION_ID}" >> $GITHUB_OUTPUT | |
| - name: Print Version ID | |
| if: ${{ steps.package.outputs.isSnapshot == true }} | |
| run: echo "The selected Version ID is ${{ steps.package.outputs.versionId }}" | |
| - uses: actions/delete-package-versions@v4 | |
| if: ${{ steps.package.outputs.isSnapshot == true }} | |
| with: | |
| token: ${{ secrets.CS_DEVOPS_BOT_TOKEN }} | |
| # Can be a single package version id, or a comma separated list of package version ids. | |
| # Defaults to an empty string. | |
| package-version-ids: ${{ steps.package.outputs.versionId }} | |
| # Owner of the package. | |
| # Defaults to the owner of the repo executing the workflow. | |
| # Required if deleting a version from a package hosted in a different org than the one executing the workflow. | |
| owner: carlspring | |
| # Name of the package. | |
| # Required | |
| package-name: vertx-codeql-queries | |
| # Type of the package. Can be one of container, maven, npm, nuget, or rubygems. | |
| # Required | |
| package-type: container | |
| # If true it will delete only the pre-release versions. | |
| # The number of pre-release versions to keep can be set by using `min-versions-to-keep` value with this. | |
| # When `min-versions-to-keep` is 0, all pre-release versions get deleted. | |
| # Defaults to false. | |
| # Cannot be used with `num-old-versions-to-delete` and `ignore-versions`. | |
| # delete-only-pre-release-versions: true | |
| - name: Publish CodeQL query pack | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| cd vertx-codeql-queries/ql/src | |
| codeql pack install | |
| codeql pack publish --allow-prerelease | |
| - name: Post job report comment reaction | |
| uses: peter-evans/create-or-update-comment@v3 | |
| if: ${{ always() && (github.event.client_payload.slash_command.command != '') }} | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| repository: ${{ github.event.client_payload.github.payload.repository.full_name }} | |
| comment-id: ${{ github.event.client_payload.github.payload.comment.id }} | |
| reactions: ${{ job.status == 'success' && 'hooray' || '-1' }} | |
| - name: Post job report comment failure | |
| uses: peter-evans/create-or-update-comment@v3 | |
| if: ${{ failure() && (github.event.client_payload.slash_command.command != '') }} | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| repository: ${{ github.event.client_payload.github.payload.repository.full_name }} | |
| comment-id: ${{ github.event.client_payload.github.payload.comment.id }} | |
| reactions: ${{ job.status == 'success' && 'hooray' || '-1' }} | |
| body: | | |
| > 🔴 Failed to publish the package. For more details check the [build log](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}). | |
| - name: Post job report add comment on success push | |
| uses: peter-evans/create-or-update-comment@v3 | |
| if: ${{ success() && (github.event.client_payload.slash_command.command != '') }} | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| repository: ${{ github.event.client_payload.github.payload.repository.full_name }} | |
| issue-number: ${{ github.event.client_payload.github.payload.issue.number }} | |
| body: | | |
| #### Status | |
| 🟢 Pushed revision `${{ steps.vars.outputs.version }}` to [carlspring/vertx-codeql-queries:${{ steps.vars.outputs.version }}]https://github.com/users/carlspring/packages/container/package/vertx-codeql-queries). | |
| #### Build log | |
| * For more details check the [build log](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}). | |