Release #133
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| releaseVersion: | |
| description: "Default version to use when preparing a release." | |
| required: true | |
| default: "A.B.C" | |
| developmentVersion: | |
| description: "Default version to use for new local working copy (the next version after version A.B.C)." | |
| required: true | |
| default: "X.Y.Z-SNAPSHOT" | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| environment: prod | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: 17 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Pre-Release Check - Version | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh api --method GET /repos/${{github.repository}}/releases -f sort=updated -f direction=asc > releases.json | |
| release_version_exists=$(jq -r --arg RELEASE_VERSION v${{ github.event.inputs.releaseVersion }} '.[].name|select(.|test($RELEASE_VERSION))' releases.json) | |
| if [[ ! -z "$release_version_exists" ]]; then | |
| echo "Version ${{ github.event.inputs.releaseVersion }} has been previously released. Please change release version." | |
| exit 1 | |
| else | |
| echo "New version: ${{ github.event.inputs.releaseVersion }} going to be released!" | |
| fi | |
| - name: Set up Python 3.8 | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.8 | |
| cache: 'pip' | |
| - name: Pre-Release Check - Whitesource vulnurabilities | |
| env: | |
| WS_APIKEY: ${{ secrets.WHITESOURCE_API_KEY }} | |
| WS_PROJECTTOKEN: ${{ secrets.WHITESOURCE_PROJECT_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ secrets.EMA_AWS_DEFAULT_REGION }} | |
| run: | | |
| pip install --quiet --upgrade pip | |
| export VIRTUAL_ENV=./venv | |
| python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate | |
| cd ./.github/workflows/release_scripts/ && pip install --quiet -r requirements.txt && python3.8 whitesource_vulnurability_checker.py | |
| - name: Pre-Release Check - SonarQube Hotspots | |
| env: | |
| SONARQUBE_HOTSPOTS_API_URL: ${{ secrets.SONARQUBE_HOTSPOTS_API_URL }} | |
| SONARQUBE_QUERY_TOKEN: ${{ secrets.SONARQUBE_QUERY_TOKEN }} | |
| run: | | |
| export VIRTUAL_ENV=./venv | |
| python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate | |
| cd ./.github/workflows/release_scripts/ && python3.8 sonarqube_vulnurability_checker.py | |
| - name: Pre-Release Check - Prisma vulnurabilities | |
| env: | |
| PRISMA_ROOT_API_URL: ${{ secrets.PRISMA_ROOT_API_URL }} | |
| DOCKER_IMAGE_TO_CHECK: ${{ secrets.PRISMA_DOCKER_IMAGE_TO_CHECK }} | |
| PRISMA_ACCESS_KEY: ${{ secrets.PRISMA_ACCESS_KEY }} | |
| PRISMA_ACCESS_KEY_SECRET: ${{ secrets.PRISMA_ACCESS_KEY_SECRET }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ secrets.EMA_AWS_DEFAULT_REGION }} | |
| run: | | |
| export VIRTUAL_ENV=./venv | |
| python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate | |
| cd ./.github/workflows/release_scripts/ && python3.8 prisma_vulnurability_checker.py | |
| - name: Prepare Maven Settings | |
| env: | |
| MAVEN_REPO_SERVER_USERNAME: "${{ github.actor }}" | |
| MAVEN_REPO_SERVER_PASSWORD: "${{ secrets.GITHUB_TOKEN }}" | |
| MAVEN_REPO_SERVER_PRIVATE_KEY: "~/.ssh/id_rsa" | |
| SSH_PRIVATE_KEY: "${{ secrets.COMMIT_KEY }}" | |
| run: cd .github/workflows/release_scripts && ./setup-ssh.sh | |
| - name: Set Release Configs | |
| run: | | |
| export SKIP_FLAGS_NON_UNIT_TESTS="-Dcheckstyle.skip -Dpmd.skip -Dcpd.skip -Dfindbugs.skip -Dspotbugs.skip" | |
| echo "SKIP_FLAGS_NON_UNIT_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS" >> $GITHUB_ENV | |
| echo "SKIP_FLAGS_ALL_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS -Dmaven.test.skip=true" >> $GITHUB_ENV | |
| - name: Debug1 - List JAR files | |
| run: | | |
| echo "Listing all JAR files in target directories:" | |
| find . -name "*.jar" | grep "target" | |
| - name: Clean before release | |
| run: mvn clean --file service/pom.xml | |
| - name: Debug2 - List JAR files | |
| run: | | |
| echo "Listing2 all JAR files in target directories:" | |
| find . -name "*.jar" | grep "target" |