|
|
@@ -5,58 +5,34 @@ on: |
|
|
|
types: |
|
|
|
- published |
|
|
|
|
|
|
|
env: |
|
|
|
PYTHONUNBUFFERED: 1 |
|
|
|
|
|
|
|
jobs: |
|
|
|
run_release: |
|
|
|
release: |
|
|
|
permissions: |
|
|
|
id-token: write |
|
|
|
contents: write |
|
|
|
uses: SonarSource/gh-action_release/.github/workflows/main.yaml@5.0.1 |
|
|
|
with: |
|
|
|
publishToBinaries: true |
|
|
|
mavenCentralSync: true |
|
|
|
slackChannel: sonarqube-build |
|
|
|
release_docker: |
|
|
|
runs-on: ubuntu-latest |
|
|
|
name: Start release process |
|
|
|
name: Start Docker release process |
|
|
|
needs: release |
|
|
|
timeout-minutes: 60 |
|
|
|
steps: |
|
|
|
- name: Configure AWS Credentials |
|
|
|
uses: aws-actions/configure-aws-credentials@v1 |
|
|
|
with: |
|
|
|
aws-access-key-id: ${{ secrets.BINARIES_AWS_ACCESS_KEY_ID }} |
|
|
|
aws-secret-access-key: ${{ secrets.BINARIES_AWS_SECRET_ACCESS_KEY }} |
|
|
|
aws-region: ${{ secrets.BINARIES_AWS_REGION }} |
|
|
|
- name: Run release action |
|
|
|
id: run_release |
|
|
|
uses: SonarSource/gh-action_release/main@v4 |
|
|
|
with: |
|
|
|
distribute: true |
|
|
|
publish_to_binaries: true |
|
|
|
attach_artifacts_to_github_release: true |
|
|
|
run_rules_cov: false |
|
|
|
slack_channel: sonarqube-build |
|
|
|
env: |
|
|
|
ARTIFACTORY_API_KEY: ${{ secrets.ARTIFACTORY_API_KEY }} |
|
|
|
BINARIES_AWS_DEPLOY: ${{ secrets.BINARIES_AWS_DEPLOY }} |
|
|
|
BURGRX_USER: ${{ secrets.BURGRX_USER }} |
|
|
|
BURGRX_PASSWORD: ${{ secrets.BURGRX_PASSWORD }} |
|
|
|
CIRRUS_TOKEN: ${{ secrets.CIRRUS_TOKEN }} |
|
|
|
PATH_PREFIX: ${{ secrets.BINARIES_PATH_PREFIX }} |
|
|
|
GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }} |
|
|
|
RELEASE_SSH_USER: ${{ secrets.RELEASE_SSH_USER }} |
|
|
|
RELEASE_SSH_KEY: ${{ secrets.RELEASE_SSH_KEY }} |
|
|
|
SLACK_API_TOKEN: ${{secrets.SLACK_API_TOKEN }} |
|
|
|
- name: Log outputs |
|
|
|
if: always() |
|
|
|
run: | |
|
|
|
echo "${{ steps.run_release.outputs.releasability }}" |
|
|
|
echo "${{ steps.run_release.outputs.release }}" |
|
|
|
echo "${{ steps.run_release.outputs.distribute_release }}" |
|
|
|
- name: Notify success on Slack |
|
|
|
uses: Ilshidur/action-slack@2.0.0 |
|
|
|
env: |
|
|
|
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} |
|
|
|
- name: get secrets |
|
|
|
id: secrets |
|
|
|
uses: SonarSource/vault-action-wrapper@8e22afd670393ed80f489f5dbd517d09ea21d75b |
|
|
|
with: |
|
|
|
args: "Release successful for {{ GITHUB_REPOSITORY }} by {{ GITHUB_ACTOR }}" |
|
|
|
secrets: | |
|
|
|
development/github/token/SonarSource-sonar-scanner-cli-release token | GITHUB_TOKEN_RELEASE; |
|
|
|
development/kv/data/slack token | SLACK_BOT_TOKEN; |
|
|
|
- name: Create Release for Docker Image |
|
|
|
id: create_release |
|
|
|
uses: softprops/action-gh-release@v1 |
|
|
|
env: |
|
|
|
GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }} |
|
|
|
GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN_RELEASE }} |
|
|
|
GITHUB_REPOSITORY: SonarSource/sonar-scanner-cli-docker |
|
|
|
with: |
|
|
|
tag_name: ${{ github.event.release.tag_name }} |
|
|
@@ -64,50 +40,10 @@ jobs: |
|
|
|
draft: false |
|
|
|
prerelease: false |
|
|
|
- name: Notify failures on Slack |
|
|
|
uses: Ilshidur/action-slack@2.0.0 |
|
|
|
uses: slackapi/slack-github-action@v1.23.0 |
|
|
|
if: failure() |
|
|
|
env: |
|
|
|
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} |
|
|
|
with: |
|
|
|
args: "Release failed, see the logs at https://github.com/{{ GITHUB_REPOSITORY }}/actions by {{ GITHUB_ACTOR }}" |
|
|
|
maven-central-sync: |
|
|
|
runs-on: ubuntu-latest |
|
|
|
needs: |
|
|
|
- run_release |
|
|
|
steps: |
|
|
|
- name: Setup JFrog CLI |
|
|
|
uses: jfrog/setup-jfrog-cli@v1 |
|
|
|
- name: JFrog config |
|
|
|
run: jfrog rt config repox --url https://repox.jfrog.io/artifactory/ --apikey $ARTIFACTORY_API_KEY --basic-auth-only |
|
|
|
env: |
|
|
|
ARTIFACTORY_API_KEY: ${{ secrets.ARTIFACTORY_API_KEY }} |
|
|
|
- name: Get the version |
|
|
|
id: get_version |
|
|
|
run: | |
|
|
|
IFS=. read major minor patch build <<< "${{ github.event.release.tag_name }}" |
|
|
|
echo ::set-output name=build::"${build}" |
|
|
|
- name: Create local repository directory |
|
|
|
id: local_repo |
|
|
|
run: echo ::set-output name=dir::"$(mktemp -d repo.XXXXXXXX)" |
|
|
|
- name: Download Artifacts |
|
|
|
uses: SonarSource/gh-action_release/download-build@v4 |
|
|
|
with: |
|
|
|
build-number: ${{ steps.get_version.outputs.build }} |
|
|
|
local-repo-dir: ${{ steps.local_repo.outputs.dir }} |
|
|
|
- name: Maven Central Sync |
|
|
|
id: maven-central-sync |
|
|
|
continue-on-error: true |
|
|
|
uses: SonarSource/gh-action_release/maven-central-sync@v4 |
|
|
|
with: |
|
|
|
local-repo-dir: ${{ steps.local_repo.outputs.dir }} |
|
|
|
env: |
|
|
|
OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} |
|
|
|
OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} |
|
|
|
- name: Notify on failure |
|
|
|
if: ${{ failure() || steps.maven-central-sync.outcome == 'failure' }} |
|
|
|
uses: 8398a7/action-slack@v3 |
|
|
|
with: |
|
|
|
status: failure |
|
|
|
fields: repo,author,eventName |
|
|
|
env: |
|
|
|
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_BUILD_WEBHOOK }} |
|
|
|
channel-id: sonarqube-build |
|
|
|
slack-message: "Release failed, see the logs at https://github.com/{{ GITHUB_REPOSITORY }}/actions by {{ GITHUB_ACTOR }}" |
|
|
|
env: |
|
|
|
SLACK_BOT_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SLACK_BOT_TOKEN }} |