Release #119
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
workflow_dispatch: | |
inputs: | |
releaseVersion: | |
description: "Default version to use when preparing a release." | |
required: true | |
default: "A.B.C" | |
developmentVersion: | |
description: "Default version to use for new local working copy (the next version after version A.B.C)." | |
required: true | |
default: "X.Y.Z-SNAPSHOT" | |
jobs: | |
release: | |
runs-on: ubuntu-latest | |
environment: prod | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: 17 | |
distribution: 'temurin' | |
cache: 'maven' | |
- name: Pre-Release Check - Version | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
gh api --method GET /repos/${{github.repository}}/releases -f sort=updated -f direction=asc > releases.json | |
release_version_exists=$(jq -r --arg RELEASE_VERSION v${{ github.event.inputs.releaseVersion }} '.[].name|select(.|test($RELEASE_VERSION))' releases.json) | |
if [[ ! -z "$release_version_exists" ]]; then | |
echo "Version ${{ github.event.inputs.releaseVersion }} has been previously released. Please change release version." | |
exit 1 | |
else | |
echo "New version: ${{ github.event.inputs.releaseVersion }} going to be released!" | |
fi | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.8 | |
cache: 'pip' | |
- name: Pre-Release Check - Whitesource vulnurabilities | |
env: | |
WS_APIKEY: ${{ secrets.WHITESOURCE_API_KEY }} | |
WS_PROJECTTOKEN: ${{ secrets.WHITESOURCE_PROJECT_TOKEN }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: ${{ secrets.EMA_AWS_DEFAULT_REGION }} | |
run: | | |
pip install --quiet --upgrade pip | |
export VIRTUAL_ENV=./venv | |
python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate | |
cd ./.github/workflows/release_scripts/ && pip install --quiet -r requirements.txt && python3.8 whitesource_vulnurability_checker.py | |
- name: Pre-Release Check - SonarQube Hotspots | |
env: | |
SONARQUBE_HOTSPOTS_API_URL: ${{ secrets.SONARQUBE_HOTSPOTS_API_URL }} | |
SONARQUBE_QUERY_TOKEN: ${{ secrets.SONARQUBE_QUERY_TOKEN }} | |
run: | | |
export VIRTUAL_ENV=./venv | |
python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate | |
cd ./.github/workflows/release_scripts/ && python3.8 sonarqube_vulnurability_checker.py | |
- name: Pre-Release Check - Prisma vulnurabilities | |
env: | |
PRISMA_ROOT_API_URL: ${{ secrets.PRISMA_ROOT_API_URL }} | |
DOCKER_IMAGE_TO_CHECK: ${{ secrets.PRISMA_DOCKER_IMAGE_TO_CHECK }} | |
PRISMA_ACCESS_KEY: ${{ secrets.PRISMA_ACCESS_KEY }} | |
PRISMA_ACCESS_KEY_SECRET: ${{ secrets.PRISMA_ACCESS_KEY_SECRET }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: ${{ secrets.EMA_AWS_DEFAULT_REGION }} | |
run: | | |
export VIRTUAL_ENV=./venv | |
python3.8 -m venv $VIRTUAL_ENV && source $VIRTUAL_ENV/bin/activate | |
cd ./.github/workflows/release_scripts/ && python3.8 prisma_vulnurability_checker.py | |
- name: Prepare Maven Settings | |
env: | |
MAVEN_REPO_SERVER_USERNAME: "${{ github.actor }}" | |
MAVEN_REPO_SERVER_PASSWORD: "${{ secrets.GITHUB_TOKEN }}" | |
MAVEN_REPO_SERVER_PRIVATE_KEY: "~/.ssh/id_rsa" | |
SSH_PRIVATE_KEY: "${{ secrets.COMMIT_KEY }}" | |
run: cd .github/workflows/release_scripts && ./setup-ssh.sh | |
- name: Set Release Configs | |
run: | | |
export SKIP_FLAGS_NON_UNIT_TESTS="-Dcheckstyle.skip -Dpmd.skip -Dcpd.skip -Dfindbugs.skip -Dspotbugs.skip" | |
echo "SKIP_FLAGS_NON_UNIT_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS" >> $GITHUB_ENV | |
echo "SKIP_FLAGS_ALL_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS -Dmaven.test.skip=true" >> $GITHUB_ENV | |
- name: Maven Release | |
run: mvn release:prepare release:perform -B --file service/pom.xml -DreleaseVersion=${{ github.event.inputs.releaseVersion }} -DdevelopmentVersion=${{ github.event.inputs.developmentVersion }} | |
- name: Changelog | |
uses: Bullrich/generate-release-changelog@master | |
id: Changelog | |
env: | |
REPO: ${{ github.repository }} | |
- name: Create GitHub Release | |
uses: ncipollo/release-action@v1 | |
with: | |
tag: "v${{ github.event.inputs.releaseVersion }}" | |
artifacts: "**/application/target/*.jar" | |
generateReleaseNotes: true | |
makeLatest: true | |
body: ${{ steps.Changelog.outputs.changelog }} | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.EMA_AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/[email protected] | |
- name: ECR Docker Image Release | |
run: | | |
MANIFEST=$(aws ecr batch-get-image --repository-name ${{ github.event.repository.name }} \ | |
--image-ids imageTag=main --region ${{ secrets.EMA_AWS_DEFAULT_REGION }} --output json \ | |
| jq --raw-output '.images[].imageManifest') | |
aws ecr put-image --repository-name ${{ github.event.repository.name }} \ | |
--image-tag ${{ github.event.inputs.releaseVersion }} \ | |
--image-manifest "$MANIFEST" --region ${{ secrets.EMA_AWS_DEFAULT_REGION }} | |
- name: Update Release Manifest DB | |
run: | | |
export squad="event-portal" | |
export repository="event-management-agent" | |
export release_tag=production | |
export version=${{ github.event.inputs.releaseVersion }} | |
export release_version=${{ github.event.inputs.releaseVersion }} | |
export image_tag=${{ github.event.inputs.releaseVersion }} | |
export chart_version="n/a" | |
export sha=${{ github.sha }} | |
./.github/workflows/release_scripts/update_release_manifest.sh |