Build and Deploy Release #101
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Deploy Release | |
## | |
## Automates the release process | |
## 1. Run `./list-changes.sh` and update the changelog.md. | |
## 2. Run `./prepare-release.sh` | |
## 3. Create PR, merge PR | |
## 4. Run `git push origin --tags` | |
## | |
permissions: | |
contents: write | |
on: | |
push: | |
tags: | |
- v* | |
jobs: | |
build: | |
name: Build dependency-check | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install gpg secret key | |
id: install-gpg-key | |
run: | | |
cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import | |
gpg --list-secret-keys --keyid-format LONG | |
- uses: actions/checkout@v4 | |
- name: Check Maven Cache | |
id: maven-cache | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository/ | |
key: mvn-repo | |
- name: Check Local Maven Cache | |
id: maven-it-cache | |
uses: actions/cache@v4 | |
with: | |
path: maven/target/local-repo | |
key: mvn-it-repo | |
- name: Check ODC Data Cache | |
id: odc-data-cache | |
uses: actions/cache@v4 | |
with: | |
path: core/target/data | |
key: odc-data | |
- uses: actions/setup-dotnet@v4.0.0 | |
with: | |
dotnet-version: '8.0.x' | |
- name: Set up JDK 1.8 | |
id: jdk-8 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 8 | |
distribution: 'zulu' | |
server-id: ossrh | |
server-username: ${{ secrets.OSSRH_USERNAME }} | |
server-password: ${{ secrets.OSSRH_TOKEN }} | |
- uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 | |
with: | |
version: 6.0.2 | |
- name: Configure Git user | |
run: | | |
git config user.email "actions@github.com" | |
git config user.name "GitHub Actions" | |
- name: Get version | |
run: | | |
VERSION=$( mvn help:evaluate -Dexpression=project.version -q -DforceStdout ) | |
echo "VERSION=$VERSION" | |
- name: Build Release with Maven | |
id: build-release | |
timeout-minutes: 120 | |
env: | |
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
NVD_API_KEY: ${{ secrets.NVD_API_KEY }} | |
run: | | |
mvn -V -s settings.xml -Prelease "-DnexusUrl=https://oss.sonatype.org/" clean package source:jar javadoc:jar gpg:sign deploy site site:stage -DreleaseTesting --no-transfer-progress --batch-mode -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
- name: Archive code coverage results | |
id: archive-coverage | |
uses: actions/upload-artifact@v4 | |
with: | |
name: code-coverage-report | |
retention-days: 7 | |
path: | | |
**/target/jacoco-results/jacoco.xml | |
**/target/jacoco-results/**/*.html | |
- name: Archive Release | |
id: archive-release | |
uses: actions/upload-artifact@v4 | |
with: | |
name: archive-release | |
retention-days: 7 | |
path: | | |
**/target/*.asc | |
**/target/*.jar | |
**/target/*.pom | |
ant/target/*.zip | |
cli/target/*.zip | |
target/*.buildinfo | |
- name: Archive Site | |
id: archive-site | |
uses: actions/upload-artifact@v4 | |
with: | |
name: archive-site | |
retention-days: 7 | |
path: target/staging/ | |
publish_coverage: | |
name: publish code coverage reports | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Download coverage reports | |
uses: actions/download-artifact@v4 | |
with: | |
name: code-coverage-report | |
- name: Run codacy-coverage-reporter | |
uses: codacy/codacy-coverage-reporter-action@master | |
with: | |
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
coverage-reports: utils/target/jacoco-results/jacoco.xml,core/target/jacoco-results/jacoco.xml,maven/target/jacoco-results/jacoco.xml,ant/target/jacoco-results/jacoco.xml,cli/target/jacoco-results/jacoco.xml | |
docker: | |
name: Publish Docker | |
runs-on: ubuntu-latest | |
needs: build | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} | |
steps: | |
- name: Check Maven Cache | |
id: maven-cache | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository/ | |
key: mvn-repo | |
- name: Check Docker ODC Cache | |
id: docker-odc-cache | |
uses: actions/cache@v4 | |
with: | |
path: ~/OWASP-Dependency-Check | |
key: docker-repo | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download release build | |
uses: actions/download-artifact@v4 | |
with: | |
name: archive-release | |
- name: Build Docker Image | |
run: ./build-docker.sh | |
- name: build scan target | |
run: mvn -s settings.xml package -DskipTests=true --no-transfer-progress --batch-mode | |
- name: Test Docker Image | |
run: ./test-docker.sh | |
- name: Deploy Docker Image | |
run: | | |
echo $DOCKER_TOKEN | docker login -u $DOCKER_USERNAME --password-stdin 2>/dev/null | |
./publish-docker.sh | |
release: | |
name: Publish Release | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Get version | |
id: get-version | |
run: | | |
VERSION=$( mvn help:evaluate -Dexpression=project.version -q -DforceStdout ) | |
echo "VERSION=$VERSION" >> $GITHUB_ENV | |
- name: Download release build | |
uses: actions/download-artifact@v4 | |
with: | |
name: archive-release | |
- name: Create Release | |
id: create_release | |
uses: actions/create-release@v1.1.4 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: v${{ env.VERSION }} | |
release_name: Version ${{ env.VERSION }} | |
prerelease: false | |
draft: false | |
body: | | |
Refer to the [CHANGELOG.md](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md#change-log) for information about improvements and upgrade notes. | |
- name: Upload CLI | |
id: upload-release-cli | |
uses: actions/upload-release-asset@v1.0.2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: cli/target/dependency-check-${{env.VERSION}}-release.zip | |
asset_name: dependency-check-${{env.VERSION}}-release.zip | |
asset_content_type: application/zip | |
- name: Upload CLI signature | |
id: upload-release-cli-sig | |
uses: actions/upload-release-asset@v1.0.2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: cli/target/dependency-check-${{env.VERSION}}-release.zip.asc | |
asset_name: dependency-check-${{env.VERSION}}-release.zip.asc | |
asset_content_type: text/plain | |
- name: Upload ANT | |
id: upload-release-ant | |
uses: actions/upload-release-asset@v1.0.2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ant/target/dependency-check-ant-${{env.VERSION}}-release.zip | |
asset_name: dependency-check-ant-${{env.VERSION}}-release.zip | |
asset_content_type: application/zip | |
- name: Upload ANT signature | |
id: upload-release-ant-sig | |
uses: actions/upload-release-asset@v1.0.2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ant/target/dependency-check-ant-${{env.VERSION}}-release.zip.asc | |
asset_name: dependency-check-ant-${{env.VERSION}}-release.zip.asc | |
asset_content_type: text/plain | |
- name: Upload buildinfo | |
id: upload-release-buildinfo | |
uses: actions/upload-release-asset@v1.0.2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: target/dependency-check-parent-${{env.VERSION}}.buildinfo | |
asset_name: dependency-check-parent-${{env.VERSION}}.buildinfo | |
asset_content_type: text/plain | |
publish: | |
name: Publish gh-pages | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download Site | |
uses: actions/download-artifact@v4 | |
with: | |
name: archive-site | |
path: target/staging | |
- name: Display structure of downloaded files | |
run: ls -R | |
working-directory: target | |
- name: Deploy gh-pages | |
uses: JamesIves/github-pages-deploy-action@v4.6.1 | |
with: | |
branch: gh-pages | |
folder: target/staging | |
clean: false |