Build and Deploy Release #88
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Deploy Release | |
## | |
## Automates the release process | |
## 1. Update the 'body:' below and the changelog.md | |
## 2. Run `./prepare-release.sh` | |
## 3. Create PR, merge PR | |
## 4. Run `git push origin main --tags` | |
## | |
permissions: | |
contents: write | |
on: | |
push: | |
tags: | |
- v* | |
jobs: | |
build: | |
name: Build dependency-check | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install gpg secret key | |
id: install-gpg-key | |
run: | | |
cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import | |
gpg --list-secret-keys --keyid-format LONG | |
- uses: actions/checkout@v4 | |
- name: Check Maven Cache | |
id: maven-cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.m2/repository/ | |
key: mvn-repo | |
- name: Check Local Maven Cache | |
id: maven-it-cache | |
uses: actions/cache@v3 | |
with: | |
path: maven/target/local-repo | |
key: mvn-it-repo | |
- name: Check ODC Data Cache | |
id: odc-data-cache | |
uses: actions/cache@v3 | |
with: | |
path: core/target/data | |
key: odc-data | |
- uses: actions/[email protected] | |
with: | |
dotnet-version: '6.0.x' | |
- name: Set up JDK 1.8 | |
id: jdk-8 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: 8 | |
distribution: 'zulu' | |
server-id: ossrh | |
server-username: ${{ secrets.OSSRH_USERNAME }} | |
server-password: ${{ secrets.OSSRH_TOKEN }} | |
- uses: pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598 # v2.4.0 | |
with: | |
version: 6.0.2 | |
- name: Configure Git user | |
run: | | |
git config user.email "[email protected]" | |
git config user.name "GitHub Actions" | |
- name: Get version | |
run: | | |
VERSION=$( mvn help:evaluate -Dexpression=project.version -q -DforceStdout ) | |
echo "VERSION=$VERSION" | |
- name: Build Release with Maven | |
id: build-release | |
timeout-minutes: 120 | |
env: | |
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
NVD_API_KEY: ${{ secrets.NVD_API_KEY }} | |
run: | | |
mvn -s settings.xml -Prelease "-DnexusUrl=https://oss.sonatype.org/" clean package source:jar javadoc:jar gpg:sign deploy site site:stage -DreleaseTesting --no-transfer-progress --batch-mode -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
- name: Archive code coverage results | |
id: archive-coverage | |
uses: actions/upload-artifact@v3 | |
with: | |
name: code-coverage-report | |
retention-days: 7 | |
path: | | |
**/target/jacoco-results/jacoco.xml | |
**/target/jacoco-results/**/*.html | |
- name: Archive Release | |
id: archive-release | |
uses: actions/upload-artifact@v3 | |
with: | |
name: archive-release | |
retention-days: 7 | |
path: | | |
**/target/*.asc | |
**/target/*.jar | |
**/target/*.pom | |
ant/target/*.zip | |
cli/target/*.zip | |
target/*.buildinfo | |
- name: Archive Site | |
id: archive-site | |
uses: actions/upload-artifact@v3 | |
with: | |
name: archive-site | |
retention-days: 7 | |
path: target/staging/ | |
publish_coverage: | |
name: publish code coverage reports | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Download coverage reports | |
uses: actions/download-artifact@v3 | |
with: | |
name: code-coverage-report | |
- name: Run codacy-coverage-reporter | |
uses: codacy/codacy-coverage-reporter-action@master | |
with: | |
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
coverage-reports: utils/target/jacoco-results/jacoco.xml,core/target/jacoco-results/jacoco.xml,maven/target/jacoco-results/jacoco.xml,ant/target/jacoco-results/jacoco.xml,cli/target/jacoco-results/jacoco.xml | |
docker: | |
name: Publish Docker | |
runs-on: ubuntu-latest | |
needs: build | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} | |
steps: | |
- name: Check Maven Cache | |
id: maven-cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.m2/repository/ | |
key: mvn-repo | |
- name: Check Docker ODC Cache | |
id: docker-odc-cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/OWASP-Dependency-Check | |
key: docker-repo | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download release build | |
uses: actions/download-artifact@v3 | |
with: | |
name: archive-release | |
- name: Build Docker Image | |
run: ./build-docker.sh | |
- name: build scan target | |
run: mvn -s settings.xml package -DskipTests=true --no-transfer-progress --batch-mode | |
- name: Test Docker Image | |
run: ./test-docker.sh | |
- name: Deploy Docker Image | |
run: | | |
echo $DOCKER_TOKEN | docker login -u $DOCKER_USERNAME --password-stdin 2>/dev/null | |
./publish-docker.sh | |
release: | |
name: Publish Release | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Get version | |
id: get-version | |
run: | | |
VERSION=$( mvn help:evaluate -Dexpression=project.version -q -DforceStdout ) | |
echo "VERSION=$VERSION" >> $GITHUB_ENV | |
- name: Download release build | |
uses: actions/download-artifact@v3 | |
with: | |
name: archive-release | |
- name: Create Release | |
id: create_release | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: v${{ env.VERSION }} | |
release_name: Version ${{ env.VERSION }} | |
prerelease: false | |
draft: false | |
body: | | |
- fix: use Java properties for proxy configuration (#6238) | |
- docs: update proxy configuration documentation (#6237) | |
- docs: add documentation on caching (#6204) | |
- docs: Clarify H2 database caching strategy (#6220) | |
- docs: Update list of supported report formats (#6224) | |
- docs: example 5 with new nvdDatafeedUrl parameter (#6215) | |
- fix: prevent NPEs (#6232 and #6206) | |
- fix: check valid for hours for NVD API (#6225) | |
- fix: correct NVD cache last checked logic (#6218) | |
- fix: nvd datafeed should process current year (#6213) | |
- fix: correct references to cvssv2 and cvssv3 fields in json and xml reports (#6212) | |
- fix: correct name on reference links in report (#6205) | |
- fix: flaws int the gitlab report (#6193) | |
See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/73?closed=1). | |
- name: Upload CLI | |
id: upload-release-cli | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: cli/target/dependency-check-${{env.VERSION}}-release.zip | |
asset_name: dependency-check-${{env.VERSION}}-release.zip | |
asset_content_type: application/zip | |
- name: Upload CLI signature | |
id: upload-release-cli-sig | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: cli/target/dependency-check-${{env.VERSION}}-release.zip.asc | |
asset_name: dependency-check-${{env.VERSION}}-release.zip.asc | |
asset_content_type: text/plain | |
- name: Upload ANT | |
id: upload-release-ant | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ant/target/dependency-check-ant-${{env.VERSION}}-release.zip | |
asset_name: dependency-check-ant-${{env.VERSION}}-release.zip | |
asset_content_type: application/zip | |
- name: Upload ANT signature | |
id: upload-release-ant-sig | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ant/target/dependency-check-ant-${{env.VERSION}}-release.zip.asc | |
asset_name: dependency-check-ant-${{env.VERSION}}-release.zip.asc | |
asset_content_type: text/plain | |
- name: Upload buildinfo | |
id: upload-release-buildinfo | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: target/dependency-check-parent-${{env.VERSION}}.buildinfo | |
asset_name: dependency-check-parent-${{env.VERSION}}.buildinfo | |
asset_content_type: text/plain | |
publish: | |
name: Publish gh-pages | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download Site | |
uses: actions/download-artifact@v3 | |
with: | |
name: archive-site | |
path: target/staging | |
- name: Display structure of downloaded files | |
run: ls -R | |
working-directory: target | |
- name: Deploy gh-pages | |
uses: JamesIves/[email protected] | |
with: | |
branch: gh-pages | |
folder: target/staging | |
clean: false |