Merge pull request #3296 from mercedes-benz/feature-3290-release-and-build-pds-prepare

haerter-tss · web-flow · commit c8de41b81562 · 2024-07-12T13:09:22.000+02:00
Added build and release steps for pds prepare
diff --git a/.github/workflows/_build+publish-pds-solution.yml b/.github/workflows/_build+publish-pds-solution.yml
@@ -68,6 +68,7 @@ jobs:
           export OWASPZAP_VERSION
           export OWASPZAP_SHA256SUM
           export OWASPZAP_WRAPPER_VERSION
+          export PREPARE_WRAPPER_VERSION
           export PMD_VERSION
           export SCANCODE_VERSION
           export SPDX_TOOL_VERSION
diff --git a/.github/workflows/build+publish-all-pds-solutions.yml b/.github/workflows/build+publish-all-pds-solutions.yml
@@ -62,6 +62,12 @@ jobs:
       pds-solution: owaspzap
       pds-version: ${{ inputs.pds-version }}
 
+  call_build_pds-prepare:
+    uses: mercedes-benz/sechub/.github/workflows/_build+publish-pds-solution.yml@develop
+    with:
+      pds-solution: prepare
+      pds-version: ${{ inputs.pds-version }}
+
   call_build-and-publish-pmd:
     uses: mercedes-benz/sechub/.github/workflows/_build+publish-pds-solution.yml@develop
     with:
diff --git a/.github/workflows/release-wrapper-prepare.yml b/.github/workflows/release-wrapper-prepare.yml
@@ -0,0 +1,213 @@
+# SPDX-License-Identifier: MIT
+name: Release wrapper for Prepare
+
+on:
+  workflow_dispatch:
+    inputs:
+      actor-email:
+        description: Insert your email address here. It will be used in the generated pull requests
+        required: true
+      prepare-wrapper-version:
+        description: Prepare-wrapper Version (e.g. 1.0.0)
+        required: true
+      prepare-wrapper-milestone-number:
+        description: Prepare-wrapper Milestone number (e.g. 91)
+        required: true
+jobs:
+  release-version:
+    name: Create Prepare-wrapper release
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Show Inputs"
+        run: |
+          echo "actor-email: '${{ inputs.actor-email }}'"
+          echo "Prepare-wrapper '${{ inputs.prepare-wrapper-version }}' - Milestone '${{ inputs.prepare-wrapper-milestone-number }}'"
+
+      - name: Checkout branch master
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        with:
+          ref: master
+
+      # Create temporary local tags, so we build documentation for this tag...
+      # The final tag on git server side will be done automatically by the release when the draft is saved as "real" release
+      - name: Tag Prepare Wrapper version v${{ inputs.prepare-wrapper-version }}-prepare-wrapper (temporarily)
+        run: git tag v${{ inputs.prepare-wrapper-version }}-prepare-wrapper
+
+      # ----------------------
+      # Setup + Caching
+      # ----------------------
+      - name: Set up JDK 17
+        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9
+        with:
+          java-version: 17
+          distribution: temurin
+
+      - name: Set up Gradle
+        uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda
+        with:
+          cache-read-only: false
+
+      # ----------------------
+      # Create a pull request if license headers are missing
+      # ----------------------
+      - name: run apply-headers.sh
+        id: apply-headers
+        run: |
+          git config user.name "$GITHUB_TRIGGERING_ACTOR (via github-actions)"
+          git config user.email "${{ inputs.actor-email }}"
+          ./apply-headers.sh
+          git commit -am "SPDX headers added by SecHub release job @github-actions" || true
+          COMMITS=`git log --oneline --branches --not --remotes`
+          echo "commits=$COMMITS" >> $GITHUB_OUTPUT
+
+      - name: Create a pull request for SPDX license headers
+        id: pr_spdx_headers
+        if: steps.apply-headers.outputs.commits != ''
+        uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
+        with:
+          branch: release-spdx-headers
+          branch-suffix: short-commit-hash
+          delete-branch: true
+          title: '0 - Before prepare-wrapper release: Add missing SPDX license headers [auto-generated]'
+          body: |
+            Auto-generated by Github Actions prepare-wrapper release job.
+
+            -> Please review and merge **before** publishing the prepare-wrapper release.
+
+      - name: Print PR infos
+        if: steps.apply-headers.outputs.commits != ''
+        run: |
+          echo "Pull Request Number - ${{ steps.pr_spdx_headers.outputs.pull-request-number }}"
+          echo "Pull Request URL - ${{ steps.pr_spdx_headers.outputs.pull-request-url }}"
+
+      - name: Switch back to master branch
+        run: git checkout master
+
+      # -----------------------------------------
+      # Build SecHub Prepare Wrapper
+      # -----------------------------------------
+      - name: Build Prepare Wrapper
+        run: ./gradlew :sechub-wrapper-prepare:bootjar
+
+      # -----------------------------------------
+      # Upload build artifacts
+      # -----------------------------------------
+      - name: Inspect GIT status
+        if: always()
+        run: |
+          mkdir build/reports -p
+          git status > build/reports/git-status.txt
+
+      - name: Archive GIT status
+        if: always()
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
+        with:
+          name: git-status.txt
+          path: build/reports/git-status.txt
+          retention-days: 14
+
+      - name: Archive Prepare Wrapper libs directory
+        if: always()
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
+        with:
+          name: sechub-wrapper-prepare
+          path: sechub-wrapper-prepare/build/libs
+          retention-days: 14
+
+      - name: Switch back to master branch
+        run: git checkout master
+
+      # -----------------------------------------
+      # Assert releaseable, so no dirty flags on releases
+      # even when all artifact creation parts are done!
+      # -----------------------------------------
+      - name: Assert releasable
+        run: ./gradlew assertReleaseable
+
+      - name: Create Prepare Wrapper release
+        id: create_prepare-wrapper_release
+        uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          tag_name: v${{ inputs.prepare-wrapper-version }}-prepare-wrapper
+          commitish: master
+          release_name: Prepare Wrapper Version ${{ inputs.prepare-wrapper-version }}
+          body: |
+            Changes in this Release
+            - Some minor changes on Prepare Wrapper implementation
+
+            For more details please look at [Milestone ${{inputs.prepare-wrapper-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.prepare-wrapper-milestone-number}}?closed=1)
+          draft: true
+          prerelease: false
+
+      # -----------------------------------------
+      # Upload release artifacts
+      # -----------------------------------------
+      - name: Create files and sha256 checksum for Prepare Wrapper jar
+        run: |
+          cd sechub-wrapper-prepare/build/libs/
+          sha256sum sechub-wrapper-prepare-${{ inputs.prepare-wrapper-version }}.jar > sechub-wrapper-prepare-${{ inputs.prepare-wrapper-version }}.jar.sha256sum
+
+      - name: Upload asset sechub-wrapper-prepare-${{ inputs.prepare-wrapper-version }}.jar
+        uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_prepare-wrapper_release.outputs.upload_url }}
+          asset_path: sechub-wrapper-prepare/build/libs/sechub-wrapper-prepare-${{ inputs.prepare-wrapper-version }}.jar
+          asset_name: sechub-wrapper-prepare-${{ inputs.prepare-wrapper-version }}.jar
+          asset_content_type: application/zip
+
+      - name: Upload asset sechub-wrapper-prepare-${{ inputs.prepare-wrapper-version }}.jar.sha256sum
+        uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_prepare-wrapper_release.outputs.upload_url }}
+          asset_path: sechub-wrapper-prepare/build/libs/sechub-wrapper-prepare-${{ inputs.prepare-wrapper-version }}.jar.sha256sum
+          asset_name: sechub-wrapper-prepare-${{ inputs.prepare-wrapper-version }}.jar.sha256sum
+          asset_content_type: text/plain
+
+      # -----------------------------------------
+      # Create release issue
+      # -----------------------------------------
+      - name: Create Prepare Wrapper ${{ inputs.prepare-wrapper-version }} release issue
+        uses: dacbd/create-issue-action@main
+        with:
+          token: ${{ github.token }}
+          title: Release Prepare Wrapper ${{ inputs.prepare-wrapper-version }}
+          body: |
+            See [Milestone ${{inputs.prepare-wrapper-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.prepare-wrapper-milestone-number}}?closed=1) for details.
+
+            Please close this issue after the release.
+          milestone: ${{ inputs.prepare-wrapper-milestone-number }}
+
+      # -----------------------------------------
+      # Create a pull request for merging back `master` into `develop`
+      # -----------------------------------------
+      - name: pull-request master to develop
+        id: pr_master_to_develop
+        continue-on-error: true
+        uses: repo-sync/pull-request@7e79a9f5dc3ad0ce53138f01df2fad14a04831c5
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          source_branch: "master"
+          destination_branch: "develop"
+          pr_allow_empty: true  # should allow an empty PR, but seems not to work
+          pr_title: '2 - After Prepare Wrapper release: Merge master back into develop [auto-generated]'
+          pr_body: |
+            Merge master branch back into develop
+
+            -> Please merge **after** the release has been published.
+
+      - name: Print PR infos if PR was created
+        if: steps.pr_master_to_develop.outcome == 'success'
+        run: |
+          echo "Pull Request Number - ${{ steps.pr_master_to_develop.outputs.pr_number }}"
+          echo "Pull Request URL - ${{ steps.pr_master_to_develop.outputs.pr_url }}"
+
+      - name: Print info if no PR was created
+        if: steps.pr_master_to_develop.outcome != 'success'
+        run: |
+          echo "Nothing to merge - no pull request necessary."
