-
Notifications
You must be signed in to change notification settings - Fork 925
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
15 changed files
with
492 additions
and
10 deletions.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
* @auth0/dx-sdks-engineer | ||
* @auth0/project-dx-sdks-engineer-codeowner |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
name: Return a boolean indicating if the version contains prerelease identifiers | ||
|
||
# | ||
# Returns a simple true/false boolean indicating whether the version indicates it's a prerelease or not. | ||
# | ||
# TODO: Remove once the common repo is public. | ||
# | ||
|
||
inputs: | ||
version: | ||
required: true | ||
|
||
outputs: | ||
prerelease: | ||
value: ${{ steps.get_prerelease.outputs.PRERELEASE }} | ||
|
||
runs: | ||
using: composite | ||
|
||
steps: | ||
- id: get_prerelease | ||
shell: bash | ||
run: | | ||
if [[ "${VERSION}" == *"beta"* || "${VERSION}" == *"alpha"* ]]; then | ||
echo "PRERELEASE=true" >> $GITHUB_OUTPUT | ||
else | ||
echo "PRERELEASE=false" >> $GITHUB_OUTPUT | ||
fi | ||
env: | ||
VERSION: ${{ inputs.version }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
name: Return the release notes extracted from the body of the PR associated with the release. | ||
|
||
# | ||
# Returns the release notes from the content of a pull request linked to a release branch. It expects the branch name to be in the format release/vX.Y.Z, release/X.Y.Z, release/vX.Y.Z-beta.N. etc. | ||
# | ||
# TODO: Remove once the common repo is public. | ||
# | ||
inputs: | ||
version: | ||
required: true | ||
repo_name: | ||
required: false | ||
repo_owner: | ||
required: true | ||
token: | ||
required: true | ||
|
||
outputs: | ||
release-notes: | ||
value: ${{ steps.get_release_notes.outputs.RELEASE_NOTES }} | ||
|
||
runs: | ||
using: composite | ||
|
||
steps: | ||
- uses: actions/github-script@v7 | ||
id: get_release_notes | ||
with: | ||
result-encoding: string | ||
script: | | ||
const { data: pulls } = await github.rest.pulls.list({ | ||
owner: process.env.REPO_OWNER, | ||
repo: process.env.REPO_NAME, | ||
state: 'all', | ||
head: `${process.env.REPO_OWNER}:release/${process.env.VERSION}`, | ||
}); | ||
core.setOutput('RELEASE_NOTES', pulls[0].body); | ||
env: | ||
GITHUB_TOKEN: ${{ inputs.token }} | ||
REPO_OWNER: ${{ inputs.repo_owner }} | ||
REPO_NAME: ${{ inputs.repo_name }} | ||
VERSION: ${{ inputs.version }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
name: Return the version extracted from the branch name | ||
|
||
# | ||
# Returns the version from the .version file. | ||
# | ||
# TODO: Remove once the common repo is public. | ||
# | ||
|
||
outputs: | ||
version: | ||
value: ${{ steps.get_version.outputs.VERSION }} | ||
|
||
runs: | ||
using: composite | ||
|
||
steps: | ||
- id: get_version | ||
shell: bash | ||
run: | | ||
VERSION=$(head -1 .version) | ||
echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
name: Publish release to Java | ||
|
||
inputs: | ||
ossr-username: | ||
required: true | ||
ossr-token: | ||
required: true | ||
signing-key: | ||
required: true | ||
signing-password: | ||
required: true | ||
java-version: | ||
required: true | ||
|
||
runs: | ||
using: composite | ||
|
||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Setup Java | ||
shell: bash | ||
run: | | ||
curl -s "https://get.sdkman.io" | bash | ||
source "/home/runner/.sdkman/bin/sdkman-init.sh" | ||
sdk list java | ||
sdk install java ${{ inputs.java-version }} && sdk default java ${{ inputs.java-version }} | ||
- uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # [email protected] | ||
|
||
- name: Publish Android/Java Packages to Maven | ||
shell: bash | ||
run: ./gradlew publish -PisSnapshot=false --stacktrace | ||
env: | ||
MAVEN_USERNAME: ${{ inputs.ossr-username }} | ||
MAVEN_PASSWORD: ${{ inputs.ossr-token }} | ||
SIGNING_KEY: ${{ inputs.signing-key}} | ||
SIGNING_PASSWORD: ${{ inputs.signing-password}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
name: Create a GitHub release | ||
|
||
# | ||
# Creates a GitHub release with the given version. | ||
# | ||
# TODO: Remove once the common repo is public. | ||
# | ||
|
||
inputs: | ||
token: | ||
required: true | ||
files: | ||
required: false | ||
name: | ||
required: true | ||
body: | ||
required: true | ||
tag: | ||
required: true | ||
commit: | ||
required: true | ||
draft: | ||
default: false | ||
required: false | ||
prerelease: | ||
default: false | ||
required: false | ||
fail_on_unmatched_files: | ||
default: true | ||
required: false | ||
|
||
runs: | ||
using: composite | ||
|
||
steps: | ||
- uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 | ||
with: | ||
body: ${{ inputs.body }} | ||
name: ${{ inputs.name }} | ||
tag_name: ${{ inputs.tag }} | ||
target_commitish: ${{ inputs.commit }} | ||
draft: ${{ inputs.draft }} | ||
prerelease: ${{ inputs.prerelease }} | ||
fail_on_unmatched_files: ${{ inputs.fail_on_unmatched_files }} | ||
files: ${{ inputs.files }} | ||
env: | ||
GITHUB_TOKEN: ${{ inputs.token }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
name: 'Reversing Labs Scanner' | ||
description: 'Runs the Reversing Labs scanner on a specified artifact.' | ||
inputs: | ||
artifact-path: | ||
description: 'Path to the artifact to be scanned.' | ||
required: true | ||
version: | ||
description: 'Version of the artifact.' | ||
required: true | ||
|
||
runs: | ||
using: 'composite' | ||
steps: | ||
- name: Set up Python | ||
uses: actions/setup-python@v4 | ||
with: | ||
python-version: '3.10' | ||
|
||
- name: Install Python dependencies | ||
shell: bash | ||
run: | | ||
pip install boto3 requests | ||
- name: Configure AWS credentials | ||
uses: aws-actions/configure-aws-credentials@v1 | ||
with: | ||
role-to-assume: ${{ env.PRODSEC_TOOLS_ARN }} | ||
aws-region: us-east-1 | ||
mask-aws-account-id: true | ||
|
||
- name: Install RL Wrapper | ||
shell: bash | ||
run: | | ||
pip install rl-wrapper>=1.0.0 --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple" | ||
- name: Run RL Scanner | ||
shell: bash | ||
env: | ||
RLSECURE_LICENSE: ${{ env.RLSECURE_LICENSE }} | ||
RLSECURE_SITE_KEY: ${{ env.RLSECURE_SITE_KEY }} | ||
SIGNAL_HANDLER_TOKEN: ${{ env.SIGNAL_HANDLER_TOKEN }} | ||
PYTHONUNBUFFERED: 1 | ||
run: | | ||
if [ ! -f "${{ inputs.artifact-path }}" ]; then | ||
echo "Artifact not found: ${{ inputs.artifact-path }}" | ||
exit 1 | ||
fi | ||
rl-wrapper \ | ||
--artifact "${{ inputs.artifact-path }}" \ | ||
--name "${{ github.event.repository.name }}" \ | ||
--version "${{ inputs.version }}" \ | ||
--repository "${{ github.repository }}" \ | ||
--commit "${{ github.sha }}" \ | ||
--build-env "github_actions" \ | ||
--suppress_output | ||
# Check the outcome of the scanner | ||
if [ $? -ne 0 ]; then | ||
echo "RL Scanner failed." | ||
echo "scan-status=failed" >> $GITHUB_ENV | ||
exit 1 | ||
else | ||
echo "RL Scanner passed." | ||
echo "scan-status=success" >> $GITHUB_ENV | ||
fi | ||
outputs: | ||
scan-status: | ||
description: 'The outcome of the scan process.' | ||
value: ${{ env.scan-status }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
name: Return a boolean indicating if a tag already exists for the repository | ||
|
||
# | ||
# Returns a simple true/false boolean indicating whether the tag exists or not. | ||
# | ||
# TODO: Remove once the common repo is public. | ||
# | ||
|
||
inputs: | ||
token: | ||
required: true | ||
tag: | ||
required: true | ||
|
||
outputs: | ||
exists: | ||
description: 'Whether the tag exists or not' | ||
value: ${{ steps.tag-exists.outputs.EXISTS }} | ||
|
||
runs: | ||
using: composite | ||
|
||
steps: | ||
- id: tag-exists | ||
shell: bash | ||
run: | | ||
GET_API_URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/git/ref/tags/${TAG_NAME}" | ||
http_status_code=$(curl -LI $GET_API_URL -o /dev/null -w '%{http_code}\n' -s -H "Authorization: token ${GITHUB_TOKEN}") | ||
if [ "$http_status_code" -ne "404" ] ; then | ||
echo "EXISTS=true" >> $GITHUB_OUTPUT | ||
else | ||
echo "EXISTS=false" >> $GITHUB_OUTPUT | ||
fi | ||
env: | ||
TAG_NAME: ${{ inputs.tag }} | ||
GITHUB_TOKEN: ${{ inputs.token }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
name: Create Java and GitHub Release | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
java-version: | ||
required: true | ||
type: string | ||
|
||
secrets: | ||
ossr-username: | ||
required: true | ||
ossr-token: | ||
required: true | ||
signing-key: | ||
required: true | ||
signing-password: | ||
required: true | ||
github-token: | ||
required: true | ||
|
||
### TODO: Replace instances of './.github/actions/' w/ `auth0/dx-sdk-actions/` and append `@latest` after the common `dx-sdk-actions` repo is made public. | ||
### TODO: Also remove `get-prerelease`, `get-version`, `release-create`, `tag-create` and `tag-exists` actions from this repo's .github/actions folder once the repo is public. | ||
|
||
jobs: | ||
release: | ||
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')) | ||
runs-on: ubuntu-latest | ||
environment: release | ||
|
||
steps: | ||
# Checkout the code | ||
- uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
|
||
# Get the version from the branch name | ||
- id: get_version | ||
uses: ./.github/actions/get-version | ||
|
||
# Get the prerelease flag from the branch name | ||
- id: get_prerelease | ||
uses: ./.github/actions/get-prerelease | ||
with: | ||
version: ${{ steps.get_version.outputs.version }} | ||
|
||
# Get the release notes | ||
- id: get_release_notes | ||
uses: ./.github/actions/get-release-notes | ||
with: | ||
token: ${{ secrets.github-token }} | ||
version: ${{ steps.get_version.outputs.version }} | ||
repo_owner: ${{ github.repository_owner }} | ||
repo_name: ${{ github.event.repository.name }} | ||
|
||
# Check if the tag already exists | ||
- id: tag_exists | ||
uses: ./.github/actions/tag-exists | ||
with: | ||
tag: ${{ steps.get_version.outputs.version }} | ||
token: ${{ secrets.github-token }} | ||
|
||
# If the tag already exists, exit with an error | ||
- if: steps.tag_exists.outputs.exists == 'true' | ||
run: exit 1 | ||
|
||
# Publish the release to Maven | ||
- uses: ./.github/actions/maven-publish | ||
with: | ||
java-version: ${{ inputs.java-version }} | ||
ossr-username: ${{ secrets.ossr-username }} | ||
ossr-token: ${{ secrets.ossr-token }} | ||
signing-key: ${{ secrets.signing-key }} | ||
signing-password: ${{ secrets.signing-password }} | ||
|
||
# Create a release for the tag | ||
- uses: ./.github/actions/release-create | ||
with: | ||
token: ${{ secrets.github-token }} | ||
name: ${{ steps.get_version.outputs.version }} | ||
body: ${{ steps.get_release_notes.outputs.release-notes }} | ||
tag: ${{ steps.get_version.outputs.version }} | ||
commit: ${{ github.sha }} | ||
prerelease: ${{ steps.get_prerelease.outputs.prerelease }} |
Oops, something went wrong.