forked from mercedes-benz/sechub
-
Notifications
You must be signed in to change notification settings - Fork 0
214 lines (186 loc) · 9.23 KB
/
release-wrapper-owaspzap.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
# SPDX-License-Identifier: MIT
name: Release wrapper for OWASP-ZAP
on:
workflow_dispatch:
inputs:
actor-email:
description: Insert your email address here. It will be used in the generated pull requests
required: true
owaspzap-wrapper-version:
description: OWASP-ZAP Wrapper Version (e.g. 1.0.0)
required: true
owaspzap-wrapper-milestone-number:
description: OWASP-ZAP Wrapper Milestone number (e.g. 90)
required: true
jobs:
release-version:
name: Create OWASP-ZAP Wrapper release
runs-on: ubuntu-latest
steps:
- name: Show Inputs
run: |
echo "actor-email: '${{ inputs.actor-email }}'"
echo "OWASP-ZAP Wrapper '${{ inputs.owaspzap-wrapper-version }}' - Milestone '${{ inputs.owaspzap-wrapper-milestone-number }}'"
- name: Checkout branch master
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
ref: master
# Create temporary local tags, so we build documentation for this tag...
# The final tag on git server side will be done automatically by the release when the draft is saved as "real" release
- name: Tag OWASP-ZAP Wrapper version v${{ inputs.owaspzap-wrapper-version }}-owaspzap-wrapper (temporarily)
run: git tag v${{ inputs.owaspzap-wrapper-version }}-owaspzap-wrapper
# ----------------------
# Setup + Caching
# ----------------------
- name: Set up JDK 17
uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8
with:
java-version: 17
distribution: temurin
- name: Set up Gradle
uses: gradle/gradle-build-action@29c0906b64b8fc82467890bfb7a0a7ef34bda89e
with:
cache-read-only: false
# ----------------------
# Create a pull request if license headers are missing
# ----------------------
- name: run apply-headers.sh
id: apply-headers
run: |
git config user.name "$GITHUB_TRIGGERING_ACTOR (via github-actions)"
git config user.email "${{ inputs.actor-email }}"
./apply-headers.sh
git commit -am "SPDX headers added by SecHub release job @github-actions" || true
COMMITS=`git log --oneline --branches --not --remotes`
echo "commits=$COMMITS" >> $GITHUB_OUTPUT
- name: Create a pull request for SPDX license headers
id: pr_spdx_headers
if: steps.apply-headers.outputs.commits != ''
uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc
with:
branch: release-spdx-headers
branch-suffix: short-commit-hash
delete-branch: true
title: '0 - Before owaspzap-wrapper release: Add missing SPDX license headers [auto-generated]'
body: |
Auto-generated by Github Actions owaspzap-wrapper release job.
-> Please review and merge **before** publishing the owaspzap-wrapper release.
- name: Print PR infos
if: steps.apply-headers.outputs.commits != ''
run: |
echo "Pull Request Number - ${{ steps.pr_spdx_headers.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.pr_spdx_headers.outputs.pull-request-url }}"
- name: Switch back to master branch
run: git checkout master
# -----------------------------------------
# Build SecHub OWASP-ZAP Wrapper
# -----------------------------------------
- name: Build OWASP-ZAP Wrapper
run: ./gradlew buildWrapperOwaspZap
# -----------------------------------------
# Upload build artifacts
# -----------------------------------------
- name: Inspect GIT status
if: always()
run: |
mkdir build/reports -p
git status > build/reports/git-status.txt
- name: Archive GIT status
if: always()
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: git-status.txt
path: build/reports/git-status.txt
retention-days: 14
- name: Archive OWASP-ZAP Wrapper libs directory
if: always()
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: sechub-wrapper-owasp-zap
path: sechub-wrapper-owasp-zap/build/libs
retention-days: 14
- name: Switch back to master branch
run: git checkout master
# -----------------------------------------
# Assert releaseable, so no dirty flags on releases
# even when all artifact creation parts are done!
# -----------------------------------------
- name: Assert releasable
run: ./gradlew assertReleaseable
- name: Create OWASP-ZAP Wrapper release
id: create_owaspzap-wrapper_release
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: v${{ inputs.owaspzap-wrapper-version }}-owaspzap-wrapper
commitish: master
release_name: OWASP-ZAP Wrapper Version ${{ inputs.owaspzap-wrapper-version }}
body: |
Changes in this Release
- Some minor changes on OWASP-ZAP Wrapper implementation
For more details please look at [Milestone ${{inputs.owaspzap-wrapper-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.owaspzap-wrapper-milestone-number}}?closed=1)
draft: true
prerelease: false
# -----------------------------------------
# Upload release artifacts
# -----------------------------------------
- name: Create files and sha256 checksum for OWASP-ZAP Wrapper jar
run: |
cd sechub-wrapper-owasp-zap/build/libs/
sha256sum sechub-pds-wrapperowaspzap-${{ inputs.owaspzap-wrapper-version }}.jar > sechub-pds-wrapperowaspzap-${{ inputs.owaspzap-wrapper-version }}.jar.sha256sum
- name: Upload asset sechub-pds-wrapperowaspzap-${{ inputs.owaspzap-wrapper-version }}.jar
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_owaspzap-wrapper_release.outputs.upload_url }}
asset_path: sechub-wrapper-owasp-zap/build/libs/sechub-pds-wrapperowaspzap-${{ inputs.owaspzap-wrapper-version }}.jar
asset_name: sechub-pds-wrapperowaspzap-${{ inputs.owaspzap-wrapper-version }}.jar
asset_content_type: application/zip
- name: Upload asset sechub-pds-wrapperowaspzap-${{ inputs.owaspzap-wrapper-version }}.jar.sha256sum
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_owaspzap-wrapper_release.outputs.upload_url }}
asset_path: sechub-wrapper-owasp-zap/build/libs/sechub-pds-wrapperowaspzap-${{ inputs.owaspzap-wrapper-version }}.jar.sha256sum
asset_name: sechub-pds-wrapperowaspzap-${{ inputs.owaspzap-wrapper-version }}.jar.sha256sum
asset_content_type: text/plain
# -----------------------------------------
# Create release issue
# -----------------------------------------
- name: Create OWASP-ZAP Wrapper ${{ inputs.owaspzap-wrapper-version }} release issue
uses: dacbd/create-issue-action@main
with:
token: ${{ github.token }}
title: Release OWASP-ZAP Wrapper ${{ inputs.owaspzap-wrapper-version }}
body: |
See [Milestone ${{inputs.owaspzap-wrapper-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.owaspzap-wrapper-milestone-number}}?closed=1) for details.
Please close this issue after the release.
milestone: ${{ inputs.owaspzap-wrapper-milestone-number }}
# -----------------------------------------
# Create a pull request for merging back `master` into `develop`
# -----------------------------------------
- name: pull-request master to develop
id: pr_master_to_develop
continue-on-error: true
uses: repo-sync/pull-request@7e79a9f5dc3ad0ce53138f01df2fad14a04831c5
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
source_branch: "master"
destination_branch: "develop"
pr_allow_empty: true # should allow an empty PR, but seems not to work
pr_title: '2 - After OWASP-ZAP Wrapper release: Merge master back into develop [auto-generated]'
pr_body: |
Merge master branch back into develop
-> Please merge **after** the release has been published.
- name: Print PR infos if PR was created
if: steps.pr_master_to_develop.outcome == 'success'
run: |
echo "Pull Request Number - ${{ steps.pr_master_to_develop.outputs.pr_number }}"
echo "Pull Request URL - ${{ steps.pr_master_to_develop.outputs.pr_url }}"
- name: Print info if no PR was created
if: steps.pr_master_to_develop.outcome != 'success'
run: |
echo "Nothing to merge - no pull request necessary."