Skip to content

Release

Release #119

Workflow file for this run

name: Release
on:
workflow_dispatch:
inputs:
releaseVersion:
description: "Default version to use when preparing a release."
required: true
default: "A.B.C"
developmentVersion:
description: "Default version to use for new local working copy (the next version after version A.B.C)."
required: true
default: "X.Y.Z-SNAPSHOT"
jobs:
release:
runs-on: ubuntu-latest
environment: prod
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: 17
distribution: 'temurin'
cache: 'maven'
- name: Pre-Release Check - Version
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api --method GET /repos/${{github.repository}}/releases -f sort=updated -f direction=asc > releases.json
release_version_exists=$(jq -r --arg RELEASE_VERSION v${{ github.event.inputs.releaseVersion }} '.[].name|select(.|test($RELEASE_VERSION))' releases.json)
if [[ ! -z "$release_version_exists" ]]; then
echo "Version ${{ github.event.inputs.releaseVersion }} has been previously released. Please change release version."
exit 1
else
echo "New version: ${{ github.event.inputs.releaseVersion }} going to be released!"
fi
- name: Set up Python 3.8
uses: actions/setup-python@v4
with:
python-version: 3.8
cache: 'pip'
- name: Pre-Release Check - Whitesource vulnurabilities
env:
WS_APIKEY: ${{ secrets.WHITESOURCE_API_KEY }}
WS_PROJECTTOKEN: ${{ secrets.WHITESOURCE_PROJECT_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.EMA_AWS_DEFAULT_REGION }}
run: |
pip install --quiet --upgrade pip
export VIRTUAL_ENV=./venv
python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate
cd ./.github/workflows/release_scripts/ && pip install --quiet -r requirements.txt && python3.8 whitesource_vulnurability_checker.py
- name: Pre-Release Check - SonarQube Hotspots
env:
SONARQUBE_HOTSPOTS_API_URL: ${{ secrets.SONARQUBE_HOTSPOTS_API_URL }}
SONARQUBE_QUERY_TOKEN: ${{ secrets.SONARQUBE_QUERY_TOKEN }}
run: |
export VIRTUAL_ENV=./venv
python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate
cd ./.github/workflows/release_scripts/ && python3.8 sonarqube_vulnurability_checker.py
- name: Pre-Release Check - Prisma vulnurabilities
env:
PRISMA_ROOT_API_URL: ${{ secrets.PRISMA_ROOT_API_URL }}
DOCKER_IMAGE_TO_CHECK: ${{ secrets.PRISMA_DOCKER_IMAGE_TO_CHECK }}
PRISMA_ACCESS_KEY: ${{ secrets.PRISMA_ACCESS_KEY }}
PRISMA_ACCESS_KEY_SECRET: ${{ secrets.PRISMA_ACCESS_KEY_SECRET }}
AWS_ACCESS_KEY_ID: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.EMA_AWS_DEFAULT_REGION }}
run: |
export VIRTUAL_ENV=./venv
python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate
cd ./.github/workflows/release_scripts/ && python3.8 prisma_vulnurability_checker.py
- name: Prepare Maven Settings
env:
MAVEN_REPO_SERVER_USERNAME: "${{ github.actor }}"
MAVEN_REPO_SERVER_PASSWORD: "${{ secrets.GITHUB_TOKEN }}"
MAVEN_REPO_SERVER_PRIVATE_KEY: "~/.ssh/id_rsa"
SSH_PRIVATE_KEY: "${{ secrets.COMMIT_KEY }}"
run: cd .github/workflows/release_scripts && ./setup-ssh.sh
- name: Set Release Configs
run: |
export SKIP_FLAGS_NON_UNIT_TESTS="-Dcheckstyle.skip -Dpmd.skip -Dcpd.skip -Dfindbugs.skip -Dspotbugs.skip"
echo "SKIP_FLAGS_NON_UNIT_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS" >> $GITHUB_ENV
echo "SKIP_FLAGS_ALL_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS -Dmaven.test.skip=true" >> $GITHUB_ENV
- name: Maven Release
run: mvn release:prepare release:perform -B --file service/pom.xml -DreleaseVersion=${{ github.event.inputs.releaseVersion }} -DdevelopmentVersion=${{ github.event.inputs.developmentVersion }}
- name: Changelog
uses: Bullrich/generate-release-changelog@master
id: Changelog
env:
REPO: ${{ github.repository }}
- name: Create GitHub Release
uses: ncipollo/release-action@v1
with:
tag: "v${{ github.event.inputs.releaseVersion }}"
artifacts: "**/application/target/*.jar"
generateReleaseNotes: true
makeLatest: true
body: ${{ steps.Changelog.outputs.changelog }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.EMA_AWS_DEFAULT_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/[email protected]
- name: ECR Docker Image Release
run: |
MANIFEST=$(aws ecr batch-get-image --repository-name ${{ github.event.repository.name }} \
--image-ids imageTag=main --region ${{ secrets.EMA_AWS_DEFAULT_REGION }} --output json \
| jq --raw-output '.images[].imageManifest')
aws ecr put-image --repository-name ${{ github.event.repository.name }} \
--image-tag ${{ github.event.inputs.releaseVersion }} \
--image-manifest "$MANIFEST" --region ${{ secrets.EMA_AWS_DEFAULT_REGION }}
- name: Update Release Manifest DB
run: |
export squad="event-portal"
export repository="event-management-agent"
export release_tag=production
export version=${{ github.event.inputs.releaseVersion }}
export release_version=${{ github.event.inputs.releaseVersion }}
export image_tag=${{ github.event.inputs.releaseVersion }}
export chart_version="n/a"
export sha=${{ github.sha }}
./.github/workflows/release_scripts/update_release_manifest.sh