Skip to content

Commit 03b29ba

Browse files
thomasm-ttdthomasm-ttd
authored
Merge pull request #21 from IABTechLab/tjm-UID2-2324-new-shared-java-package-pipeline
New shared java package pipeline
2 parents e4bd96a + 6a41493 commit 03b29ba

File tree

1 file changed

+142
-0
lines changed

1 file changed

+142
-0
lines changed

.github/workflows/v2-shared-java-publish-versioned-package.yaml

+142
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,142 @@
1+
name: Shared Pipeline to build and publish JAR Packages to Maven Repos
2+
on:
3+
workflow_call:
4+
inputs:
5+
release_type:
6+
description: The type of version number to return. Must be one of [Snapshot, Patch, Minor or Major]
7+
required: true
8+
type: string
9+
publish_to_maven:
10+
description: 'True to publish the artifacts to maven repository, false to skip the step'
11+
default: false
12+
required: false
13+
type: boolean
14+
java_version:
15+
type: string
16+
default: '11'
17+
publish_vulnerabilities:
18+
type: string
19+
default: 'true'
20+
21+
env:
22+
IS_RELEASE: ${{ (inputs.release_type == 'Major' || inputs.release_type == 'Minor' || inputs.release_type == 'Patch') && (github.event.repository.default_branch == github.ref_name ) }}
23+
REPO: ${{ github.event.repository.name }}
24+
25+
jobs:
26+
release:
27+
name: ${{ github.env.IS_RELEASE == 'true' && 'Create Release' || 'Publish Pre-release' }}
28+
runs-on: ubuntu-latest
29+
steps:
30+
- name: Show Context
31+
run: |
32+
printenv
33+
echo "$GITHUB_CONTEXT"
34+
shell: bash
35+
env:
36+
GITHUB_CONTEXT: ${{ toJson(github) }}
37+
38+
- name: Fail if Pre-release on Default branch
39+
if: ${{ inputs.release_type == 'Snapshot' && github.event.repository.default_branch == github.ref_name }}
40+
uses: actions/github-script@v7
41+
with:
42+
script: |
43+
core.setFailed('Snapshot packages can not be created on the default branch. Release Type: ${{ inputs.release_type }}, Branch: ${{ github.ref_name }}')
44+
45+
- name: Fail if Release and not on Default branch
46+
if: ${{ inputs.release_type != 'Snapshot' && github.event.repository.default_branch != github.ref_name }}
47+
uses: actions/github-script@v7
48+
with:
49+
script: |
50+
core.setFailed('Releases can not be created on a feature branch. Release Type: ${{ inputs.release_type }}, Branch: ${{ github.ref_name }}')
51+
52+
- name: Checkout repo
53+
uses: actions/checkout@v3
54+
with:
55+
fetch-depth: 0
56+
57+
- name: Set up JDK
58+
uses: actions/setup-java@v3
59+
with:
60+
distribution: 'temurin'
61+
java-version: ${{ inputs.java_version }}
62+
63+
- name: Download key
64+
uses: IABTechLab/uid2-shared-actions/actions/download_gpg_key@main
65+
with:
66+
key: ${{ secrets.GPG_KEY }}
67+
68+
- name: Generate Trivy vulnerability scan report
69+
uses: aquasecurity/[email protected]
70+
if: inputs.publish_vulnerabilities == 'true'
71+
with:
72+
scan-type: 'fs'
73+
format: 'sarif'
74+
exit-code: '0'
75+
ignore-unfixed: true
76+
severity: 'CRITICAL,HIGH'
77+
output: 'trivy-results.sarif'
78+
hide-progress: true
79+
80+
- name: Upload Trivy scan report to GitHub Security tab
81+
uses: github/codeql-action/upload-sarif@v2
82+
if: inputs.publish_vulnerabilities == 'true'
83+
with:
84+
sarif_file: 'trivy-results.sarif'
85+
86+
- name: Test with Trivy vulnerability scanner
87+
uses: aquasecurity/[email protected]
88+
with:
89+
scan-type: 'fs'
90+
format: 'table'
91+
exit-code: '1'
92+
ignore-unfixed: true
93+
severity: 'CRITICAL'
94+
hide-progress: true
95+
96+
- name: Set version number
97+
id: version
98+
uses: IABTechLab/uid2-shared-actions/actions/version_number@main
99+
with:
100+
type: ${{ inputs.release_type }}
101+
branch_name: ${{ github.ref }}
102+
103+
- name: Update pom.xml
104+
run: |
105+
current_version=$(grep -o '<version>.*</version>' pom.xml | head -1 | sed 's/<version>\(.*\)<\/version>/\1/')
106+
new_version=${{ steps.version.outputs.new_version }}
107+
sed -i "s/$current_version/$new_version/g" pom.xml
108+
echo "Version number updated from $current_version to $new_version"
109+
110+
- name: Publish
111+
if: ${{ inputs.publish_to_maven }}
112+
run: mvn -B -Drepo.id=ossrh -Drepo.login=${{ secrets.SONATYPE_REPO_ACCOUNT }} -Drepo.pwd="${{ secrets.SONATYPE_REPO_PASSWORD }}" -Dgpg.passphrase="${{ secrets.GPG_PASSPHRASE }}" clean deploy
113+
114+
- name: Commit pom.xml and version.json
115+
uses: EndBug/add-and-commit@v9
116+
with:
117+
add: 'pom.xml version.json'
118+
author_name: Release Workflow
119+
author_email: [email protected]
120+
message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}'
121+
tag: v${{ steps.version.outputs.new_version }}
122+
123+
- name: Build Changelog
124+
id: github_release
125+
if: ${{ env.IS_RELEASE == 'true' }}
126+
uses: mikepenz/release-changelog-builder-action@v3
127+
with:
128+
configurationJson: |
129+
{
130+
"template": "#{{CHANGELOG}}\n## Maven\n```\n<dependency>\n <groupId>com.uid2</groupId>\n <artifactId>${{ env.REPO }}</artifactId>\n <version>${{ steps.version.outputs.new_version }}</version>\n</dependency>\n```\n\n## Jar Files\n- [${{ env.REPO }}-${{ steps.version.outputs.new_version }}.jar](https://repo1.maven.org/maven2/com/uid2/${{ env.REPO }}/${{ steps.version.outputs.new_version }}/${{ env.REPO }}-${{ steps.version.outputs.new_version }}.jar)\n\n## Changelog\n#{{UNCATEGORIZED}}",
131+
"pr_template": " - #{{TITLE}} - ( PR: ##{{NUMBER}} )"
132+
}
133+
env:
134+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
135+
136+
- name: Create Release
137+
if: ${{ env.IS_RELEASE == 'true' }}
138+
uses: softprops/action-gh-release@v1
139+
with:
140+
name: ${{ steps.version.outputs.new_version }}
141+
body: ${{ steps.github_release.outputs.changelog }}
142+
draft: true

0 commit comments

Comments
 (0)