-
Notifications
You must be signed in to change notification settings - Fork 4
191 lines (169 loc) · 7.81 KB
/
license-generation.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
name: License Bundle Generation
permissions: read-all
on:
workflow_dispatch:
inputs:
zowe_version:
description: Version number of Zowe license bundle
type: string
required: true
default: '2.13.0'
publish_release:
description: Should the license bundle be published to libs-release-local
type: boolean
required: true
default: false
overwrite_release:
description: Should the license bundle overwrite and replace an existing artifact
type: boolean
required: false
default: false
release_suffix:
description: Should the license bundle have a suffix (useful during RC testing)
type: string
required: false
default: ''
zowe_sources_branch:
description: The branch of zowe-install-packaging used to determine sources included in the scan
required: true
default: 'v2.x/rc'
dummy_build:
description: Creates empty zip files, bypassing license scans. For test purposes only.
required: false
type: choice
default: 'false'
options:
- 'true'
- 'false'
env:
PUBLISH_RELEASE: ${{ github.event.inputs.publish_release }}
RELEASE_SUFFIX: ${{ github.event.inputs.release_suffix }}
REPLACE_EXISTING_RELEASE: ${{ github.event.inputs.replace_release }}
ZOWE_RELEASE_BRANCH: ${{ github.event.inputs.zowe_sources_branch }}
PENDING_APPROVAL_REPORT_NAME: dependency_approval_action_aggregates.json
DEPENDENCY_SCAN_HOME: licenses/dependency-scan
MARKDOWN_REPORT_NAME: markdown_dependency_report.md
MARKDOWN_CLI_REPORT: cli_dependency_report.md
MARKDOWN_ZOS_REPORT: zos_dependency_report.md
NOTICES_AGGREGATE_FILE: notices_aggregate.txt
NOTICES_CLI_FILE: notices_cli.txt
NOTICES_ZOS_FILE: notices_zos.txt
ARTIFACT_PATH: org/zowe/licenses
VERSION: ${{ github.event.inputs.zowe_version }}
AGG_ARTIFACT_NAME: zowe_licenses_full.zip
CLI_ARTIFACT_NAME: zowe_licenses_cli.zip
ZOS_ARTIFACT_NAME: zowe_licenses_zos.zip
FILENAME_PATTERN: init_in_step_one
ARTIFACT_REPO: init_in_step_one
ARTIFACT_VERSION: init_in_step_one
jobs:
create-licenses:
runs-on: ubuntu-latest
container:
image: zowe-docker-snapshot.jfrog.io/ompzowe/license-scan-build:v2x
steps:
- name: Update variables if releasing
run: |
if [ "$PUBLISH_RELEASE" = true ]; then
echo "ARTIFACT_REPO=libs-release-local" >> $GITHUB_ENV
echo "ARTIFACT_VERSION=$VERSION" >> $GITHUB_ENV
echo "FILENAME_PATTERN={filename}${{ env.RELEASE_SUFFIX }}{fileext}" >> $GITHUB_ENV
else
echo "ARTIFACT_REPO=libs-snapshot-local" >> $GITHUB_ENV
echo "ARTIFACT_VERSION=$VERSION-SNAPSHOT" >> $GITHUB_ENV
echo "FILENAME_PATTERN={filename}-${{ env.VERSION }}-SNAPSHOT{timestamp}{fileext}" >> $GITHUB_ENV
fi
- name: Checkout current repo
uses: actions/checkout@v4
- uses: actions/setup-node@v2
with:
node-version: '16'
- name: 'Install Ansible'
uses: zowe-actions/shared-actions/prepare-workflow@main
- name: '[Zowe Actions] Prepare workflow'
uses: zowe-actions/shared-actions/prepare-workflow@main
- name: 'Setup jFrog CLI'
uses: jfrog/setup-jfrog-cli@v2
env:
JF_ENV_1: ${{ secrets.JF_ARTIFACTORY_TOKEN }}
- name: '[TEST-ONLY] Dummy scan step'
if: ${{ github.event.inputs.dummy_build == 'true' }}
working-directory: ${{ env.DEPENDENCY_SCAN_HOME }}
run: |
mkdir -p zowe_licenses
mkdir -p zowe_cli_licenses
mkdir -p zowe_zos_licenses
echo "HI" >> dummy.txt
cp dummy.txt zowe_licenses
cp dummy.txt zowe_cli_licenses
cp dummy.txt zowe_zos_licenses
zip -j ${{ env.AGG_ARTIFACT_NAME }} zowe_licenses/*
zip -j ${{ env.CLI_ARTIFACT_NAME }} zowe_cli_licenses/*
zip -j ${{ env.ZOS_ARTIFACT_NAME }} zowe_zos_licenses/*
- name: Scan Licenses on Branch ${{ env.ZOWE_RELEASE_BRANCH }}
if: ${{ github.event.inputs.dummy_build == 'false' }}
env:
APP_NOTICES_SCAN: true
APP_LICENSE_SCAN: true
ZOWE_MANIFEST_BRANCH: ${{ env.ZOWE_RELEASE_BRANCH }}
working-directory: ${{ env.DEPENDENCY_SCAN_HOME }}
run: |
yarn install && yarn build
node lib/index.js
cd build
zip -r logs.zip logs/
zip -r license_reports.zip license_reports/
zip -r notice_reports.zip notice_reports/
cd ..
mkdir -p zowe_licenses
mkdir -p zowe_cli_licenses
mkdir -p zowe_zos_licenses
cp ../resources/* zowe_licenses/
cp ../resources/* zowe_cli_licenses/
cp ../resources/* zowe_zos_licenses/
# Aggregate
cp build/notice_reports/${{ env.NOTICES_AGGREGATE_FILE }} zowe_licenses/zowe_full_notices.txt
cp build/license_reports/${{ env.MARKDOWN_REPORT_NAME }} zowe_licenses/zowe_full_dependency_list.md
zip -j ${{ env.AGG_ARTIFACT_NAME }} zowe_licenses/*
# CLI
cp build/notice_reports/${{ env.NOTICES_CLI_FILE }} zowe_cli_licenses/zowe_cli_notices.txt
cp build/license_reports/${{ env.MARKDOWN_CLI_REPORT }} zowe_cli_licenses/zowe_cli_dependency_list.md
zip -j ${{ env.CLI_ARTIFACT_NAME }} zowe_cli_licenses/*
# z/OS
cp build/notice_reports/${{ env.NOTICES_ZOS_FILE }} zowe_zos_licenses/zowe_zos_notices.txt
cp build/license_reports/${{ env.MARKDOWN_ZOS_REPORT }} zowe_zos_licenses/zowe_zos_dependency_list.md
zip -j ${{ env.ZOS_ARTIFACT_NAME }} zowe_zos_licenses/*
- name: Archive Aggregates
uses: actions/upload-artifact@v3
with:
path: |
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.AGG_ARTIFACT_NAME }}
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.CLI_ARTIFACT_NAME }}
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.ZOS_ARTIFACT_NAME }}
- name: Remove existing artifacts
id: cleanup
if: ${{ github.event.inputs.publish_release }} && ${{ github.event.inputs.overwrite_release }}
run: |
jfrog rt del --user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} --pass ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.AGG_ARTIFACT_NAME }}
jfrog rt del --user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} --pass ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.CLI_ARTIFACT_NAME }}
jfrog rt del --user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} --pass ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.ZOS_ARTIFACT_NAME }}
- name: '[PUBLISH] Fix local git configuration (container+runner UID mismatch)'
if: ${{ github.event.inputs.publish_release }}
id: debug-git
run: |
git config --global --add safe.directory /__w/zowe-dependency-scan-pipeline/zowe-dependency-scan-pipeline
- name: Publish to Artifactory
id: publish
timeout-minutes: 10
uses: zowe-actions/shared-actions/publish@main
with:
publish-target-file-pattern: ${{ env.FILENAME_PATTERN }}
publish-target-path-pattern: ${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/
perform-release: ${{ env.PUBLISH_RELEASE }}
artifacts: |
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.AGG_ARTIFACT_NAME }}
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.CLI_ARTIFACT_NAME }}
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.ZOS_ARTIFACT_NAME }}