diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3056146..39f290f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,220 +1,225 @@ -name: Release Creation - -on: - workflow_call: - inputs: - tag: - description: 'Next release tag' - required: true - type: string - rbranch: - description: 'Branch to publish development releases' - required: false - type: string - jira_ticket: - description: 'Jira ticket ID (e.g. AST-12345)' - required: true - type: string - workflow_dispatch: - inputs: - tag: - description: 'Next release tag' - required: true - type: string - rbranch: - description: 'Branch to publish development releases' - required: false - type: string - jira_ticket: - description: 'Jira ticket ID (e.g. AST-12345)' - required: true - type: string - -jobs: - deleteDevReleases: - uses: Checkmarx/ast-eclipse-plugin/.github/workflows/delete-dev-releases.yml@main - with: - tag: ${{ inputs.rbranch }} - secrets: inherit - if: inputs.rbranch - release: - runs-on: cx-public-ubuntu-x64 - outputs: - TAG_NAME: ${{ steps.generate_tag_name.outputs.TAG_NAME }} - CLI_VERSION: ${{ steps.set_outputs.outputs.CLI_VERSION }} - steps: - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - with: - token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} - lfs: true - - - name: Checkout LFS objects - run: git lfs checkout - - - name: Create Release Name - id: generate_tag_name - run: | - echo "Creating release name" - - if [ -z "${{ inputs.rbranch }}" ]; then - export GH_RELEASE_TAG_NAME="${{ inputs.tag }}" - export GH_BRANCH_NAME="main" - else - export GH_RELEASE_TAG_NAME="${{ inputs.tag }}-${{ inputs.rbranch }}" - export GH_BRANCH_NAME="nightly" - fi - - echo "Generated TAG_NAME: $GH_RELEASE_TAG_NAME" - - # Persist the variables - echo "GH_RELEASE_TAG_NAME=$GH_RELEASE_TAG_NAME" >> $GITHUB_ENV - echo "GH_BRANCH_NAME=$GH_BRANCH_NAME" >> $GITHUB_ENV - - # Set outputs for future steps - echo "TAG_NAME=$GH_RELEASE_TAG_NAME" >> $GITHUB_OUTPUT - - - name: Set up JDK 17 +name: Release Creation + +on: + workflow_call: + inputs: + tag: + description: 'Next release tag' + required: true + type: string + rbranch: + description: 'Branch to publish development releases' + required: false + type: string + jira_ticket: + description: 'Jira ticket ID (e.g. AST-12345)' + required: true + type: string + secrets: + ECLIPSE_SITE_TOKEN: + required: true + PERSONAL_ACCESS_TOKEN: + required: true + workflow_dispatch: + inputs: + tag: + description: 'Next release tag' + required: true + type: string + rbranch: + description: 'Branch to publish development releases' + required: false + type: string + jira_ticket: + description: 'Jira ticket ID (e.g. AST-12345)' + required: true + type: string + +jobs: + deleteDevReleases: + uses: Checkmarx/ast-eclipse-plugin/.github/workflows/delete-dev-releases.yml@main + with: + tag: ${{ inputs.rbranch }} + secrets: inherit + if: inputs.rbranch + release: + runs-on: cx-public-ubuntu-x64 + outputs: + TAG_NAME: ${{ steps.generate_tag_name.outputs.TAG_NAME }} + CLI_VERSION: ${{ steps.set_outputs.outputs.CLI_VERSION }} + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + lfs: true + + - name: Checkout LFS objects + run: git lfs checkout + + - name: Create Release Name + id: generate_tag_name + run: | + echo "Creating release name" + + if [ -z "${{ inputs.rbranch }}" ]; then + export GH_RELEASE_TAG_NAME="${{ inputs.tag }}" + export GH_BRANCH_NAME="main" + else + export GH_RELEASE_TAG_NAME="${{ inputs.tag }}-${{ inputs.rbranch }}" + export GH_BRANCH_NAME="nightly" + fi + + echo "Generated TAG_NAME: $GH_RELEASE_TAG_NAME" + + # Persist the variables + echo "GH_RELEASE_TAG_NAME=$GH_RELEASE_TAG_NAME" >> $GITHUB_ENV + echo "GH_BRANCH_NAME=$GH_BRANCH_NAME" >> $GITHUB_ENV + + # Set outputs for future steps + echo "TAG_NAME=$GH_RELEASE_TAG_NAME" >> $GITHUB_OUTPUT + + - name: Set up JDK 17 uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 - with: - distribution: temurin - java-version: 17 - - - name: Cache local Maven repository + with: + distribution: temurin + java-version: 17 + + - name: Cache local Maven repository uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3.5.0 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - - name: Update the POM version. - run: mvn -B org.eclipse.tycho:tycho-versions-plugin:set-version -DnewVersion='${{ inputs.tag }}' --file pom.xml - - - name: Create release - run: mvn -B clean install --file pom.xml -DskipTests -pl "!checkmarx-ast-eclipse-plugin-tests" - - - name: Extract CLI version - id: extract_cli_version - run: | - chmod +x ./.github/scripts/extract_cli_version.sh - ./.github/scripts/extract_cli_version.sh cx-linux - - - name: Echo CLI version to outputs - id: set_outputs - run: | - echo "::set-output name=CLI_VERSION::${{ env.CLI_VERSION }}" - - - name: Release + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + + - name: Update the POM version. + run: mvn -B org.eclipse.tycho:tycho-versions-plugin:set-version -DnewVersion='${{ inputs.tag }}' --file pom.xml + + - name: Create release + run: mvn -B clean install --file pom.xml -DskipTests -pl "!checkmarx-ast-eclipse-plugin-tests" + + - name: Extract CLI version + id: extract_cli_version + run: | + chmod +x ./.github/scripts/extract_cli_version.sh + ./.github/scripts/extract_cli_version.sh cx-linux + + - name: Echo CLI version to outputs + id: set_outputs + run: | + echo "::set-output name=CLI_VERSION::${{ env.CLI_VERSION }}" + + - name: Release uses: step-security/action-gh-release@277bfa82abcfdb73e5bbb19e213fd76532ee2be5 # v3.0.0 - with: - tag_name: ${{ env.GH_RELEASE_TAG_NAME }} - generate_release_notes: true - files: ./com.checkmarx.eclipse.site/target/com.checkmarx.eclipse.site-*.zip - prerelease: ${{ inputs.rbranch != '' && inputs.rbranch != null }} - - - name: Git configuration - run: | - git config --global safe.directory "/tmp/**/*/" - git config --global http.postBuffer 2097152000 - git config --global https.postBuffer 2097152000 - - - name: Ensure Git LFS is enabled - run: | - git lfs install - git lfs track "plugins/*.jar" # Ensure large JARs are tracked - git add .gitattributes - git commit -m "Ensure LFS tracking for large JAR files" || echo "No changes to commit" - - - name: Clone target repository and push changes via PR - env: - GH_TOKEN: ${{ secrets.ECLIPSE_SITE_TOKEN }} - run: | - # Clone the repository - git clone https://x-access-token:${{ secrets.ECLIPSE_SITE_TOKEN }}@github.com/CheckmarxDev/ast-eclipse-plugin-update-site.git update-site - cd update-site - - # Ensure Git LFS is installed - git lfs install - - # Configure Git user to prevent commit errors - git config --global user.email "cylon-bot@checkmarx.com" - git config --global user.name "cylon-bot" - - # Fetch all branches - git fetch --all - - # Ensure the branch exists and check it out - if git show-ref --verify --quiet refs/remotes/origin/${{ env.GH_BRANCH_NAME }}; then - echo "Branch ${{ env.GH_BRANCH_NAME }} exists remotely." - git checkout -B ${{ env.GH_BRANCH_NAME }} origin/${{ env.GH_BRANCH_NAME }} - else - echo "Branch ${{ env.GH_BRANCH_NAME }} does not exist remotely." - exit 1 - fi - - # Create a feature branch - FEATURE_BRANCH="update-site/${{ env.GH_RELEASE_TAG_NAME }}" - git checkout -b "$FEATURE_BRANCH" - - echo "===== Files BEFORE COPY =====" - ls -lh ../com.checkmarx.eclipse.site/target/repository/ - - # Copy new files without deleting .git directory - rsync -av --delete --exclude='.git' ../com.checkmarx.eclipse.site/target/repository/ ./ - - # Debugging: List files in repository after copying - echo "===== Files AFTER COPY =====" - ls -lh . - - # Dynamically track all .jar files in the plugins/ and features/ directories - find plugins -name "*.jar" -exec git lfs track {} + - find features -name "*.jar" -exec git lfs track {} + - - # Ensure .gitattributes is added - git add .gitattributes - git add . - - # Debugging: Show LFS-tracked files - echo "===== Git LFS-tracked files =====" - git lfs ls-files - - git commit -m "Update Eclipse update site for ${{ env.GH_RELEASE_TAG_NAME }} (${{ inputs.jira_ticket }})" || echo "No changes to commit" - - # Ensure the correct remote URL - git remote set-url origin https://x-access-token:${{ secrets.ECLIPSE_SITE_TOKEN }}@github.com/CheckmarxDev/ast-eclipse-plugin-update-site.git - - # Push the feature branch - git push origin "$FEATURE_BRANCH" - - # Create PR with Jira ID at the end of the title - gh pr create \ - --repo CheckmarxDev/ast-eclipse-plugin-update-site \ - --base "${{ env.GH_BRANCH_NAME }}" \ - --head "$FEATURE_BRANCH" \ - --title "Update Eclipse update site for ${{ env.GH_RELEASE_TAG_NAME }} (${{ inputs.jira_ticket }})" \ - --body "Automated update of Eclipse update site for release ${{ env.GH_RELEASE_TAG_NAME }}." - - # Squash and merge the PR, then delete the branch - gh pr merge \ - --repo CheckmarxDev/ast-eclipse-plugin-update-site \ - --squash \ - --auto \ - --delete-branch - - - - - notify: - if: ${{ inputs.rbranch == '' || inputs.rbranch == null }} - needs: release - uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main - with: - product_name: Eclipse - release_version: ${{ needs.release.outputs.TAG_NAME }} - cli_release_version: ${{ needs.release.outputs.CLI_VERSION }} - release_author: "Phoenix Team" - release_url: https://github.com/Checkmarx/ast-eclipse-plugin/releases/tag/${{ needs.release.outputs.TAG_NAME }} - jira_product_name: ECLIPSE - secrets: inherit - + with: + tag_name: ${{ env.GH_RELEASE_TAG_NAME }} + generate_release_notes: true + files: ./com.checkmarx.eclipse.site/target/com.checkmarx.eclipse.site-*.zip + prerelease: ${{ inputs.rbranch != '' && inputs.rbranch != null }} + + - name: Git configuration + run: | + git config --global safe.directory "/tmp/**/*/" + git config --global http.postBuffer 2097152000 + git config --global https.postBuffer 2097152000 + + - name: Ensure Git LFS is enabled + run: | + git lfs install + git lfs track "plugins/*.jar" # Ensure large JARs are tracked + git add .gitattributes + git commit -m "Ensure LFS tracking for large JAR files" || echo "No changes to commit" + + - name: Clone target repository and push changes via PR + env: + GH_TOKEN: ${{ secrets.ECLIPSE_SITE_TOKEN }} + run: | + # Clone the repository + git clone https://x-access-token:${{ secrets.ECLIPSE_SITE_TOKEN }}@github.com/CheckmarxDev/ast-eclipse-plugin-update-site.git update-site + cd update-site + + # Ensure Git LFS is installed + git lfs install + + # Configure Git user to prevent commit errors + git config --global user.email "cylon-bot@checkmarx.com" + git config --global user.name "cylon-bot" + + # Fetch all branches + git fetch --all + + # Ensure the branch exists and check it out + if git show-ref --verify --quiet refs/remotes/origin/${{ env.GH_BRANCH_NAME }}; then + echo "Branch ${{ env.GH_BRANCH_NAME }} exists remotely." + git checkout -B ${{ env.GH_BRANCH_NAME }} origin/${{ env.GH_BRANCH_NAME }} + else + echo "Branch ${{ env.GH_BRANCH_NAME }} does not exist remotely." + exit 1 + fi + + # Create a feature branch + FEATURE_BRANCH="update-site/${{ env.GH_RELEASE_TAG_NAME }}" + git checkout -b "$FEATURE_BRANCH" + + echo "===== Files BEFORE COPY =====" + ls -lh ../com.checkmarx.eclipse.site/target/repository/ + + # Copy new files without deleting .git directory + rsync -av --delete --exclude='.git' ../com.checkmarx.eclipse.site/target/repository/ ./ + + # Debugging: List files in repository after copying + echo "===== Files AFTER COPY =====" + ls -lh . + + # Dynamically track all .jar files in the plugins/ and features/ directories + find plugins -name "*.jar" -exec git lfs track {} + + find features -name "*.jar" -exec git lfs track {} + + + # Ensure .gitattributes is added + git add .gitattributes + git add . + + # Debugging: Show LFS-tracked files + echo "===== Git LFS-tracked files =====" + git lfs ls-files + + git commit -m "Update Eclipse update site for ${{ env.GH_RELEASE_TAG_NAME }} (${{ inputs.jira_ticket }})" || echo "No changes to commit" + + # Ensure the correct remote URL + git remote set-url origin https://x-access-token:${{ secrets.ECLIPSE_SITE_TOKEN }}@github.com/CheckmarxDev/ast-eclipse-plugin-update-site.git + + # Push the feature branch + git push origin "$FEATURE_BRANCH" + + # Create PR with Jira ID at the end of the title + gh pr create \ + --repo CheckmarxDev/ast-eclipse-plugin-update-site \ + --base "${{ env.GH_BRANCH_NAME }}" \ + --head "$FEATURE_BRANCH" \ + --title "Update Eclipse update site for ${{ env.GH_RELEASE_TAG_NAME }} (${{ inputs.jira_ticket }})" \ + --body "Automated update of Eclipse update site for release ${{ env.GH_RELEASE_TAG_NAME }}." + + # Squash and merge the PR, then delete the branch + gh pr merge \ + --repo CheckmarxDev/ast-eclipse-plugin-update-site \ + --squash \ + --auto \ + --delete-branch + + + + + notify: + if: ${{ inputs.rbranch == '' || inputs.rbranch == null }} + needs: release + uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main + with: + product_name: Eclipse + release_version: ${{ needs.release.outputs.TAG_NAME }} + cli_release_version: ${{ needs.release.outputs.CLI_VERSION }} + release_author: "Phoenix Team" + release_url: https://github.com/Checkmarx/ast-eclipse-plugin/releases/tag/${{ needs.release.outputs.TAG_NAME }} + jira_product_name: ECLIPSE + secrets: inherit +