From eeda133e07452b7120d402e1e619dfe7d9e885c8 Mon Sep 17 00:00:00 2001
From: Albert Tregnaghi <albert.tregnaghi@mercedes-benz.com>
Date: Fri, 13 Dec 2024 14:46:43 +0100
Subject: [PATCH] Provide deploy.sh script for deployments #3741

---
 github-actions/scan/README.adoc  | 21 +++++++++++++++
 github-actions/scan/deploy.sh    | 45 ++++++++++++++++++++++++++++++++
 github-actions/scan/package.json |  1 +
 3 files changed, 67 insertions(+)
 create mode 100755 github-actions/scan/deploy.sh

diff --git a/github-actions/scan/README.adoc b/github-actions/scan/README.adoc
index e5fd3f57de..635439bdae 100644
--- a/github-actions/scan/README.adoc
+++ b/github-actions/scan/README.adoc
@@ -129,6 +129,27 @@ npm run build
 
 This runs the ncc compiler and transpiles the files from the src folder into the `dist/` folder.
 
+=== Deployment
+A GitHub action needs a transpiled `index.js` to be used as an action from workflows.
+
+As long as we do not provide a new index.js the old action is still in usage, even when the source code has 
+changed. If we do not build the file and commit and push it to git repository, the action will not 
+be available!
+
+Of course the steps can be done manual, but for convenience a script is avialable:
+
+[source,bash]
+----
+./deploy.sh
+----
+
+This will
+- setup (npm install)
+- build (npm run build)
+- test (npm run test)
+- verify (only index.js is changed now)
+- deploy - when no error happened - deploy the new `index.js` file by doing a commit and a push to the remote repository
+
 === Test
 
 ==== Unit tests
diff --git a/github-actions/scan/deploy.sh b/github-actions/scan/deploy.sh
new file mode 100755
index 0000000000..c35a4cf779
--- /dev/null
+++ b/github-actions/scan/deploy.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+set -e
+
+echo "--------------------------------"
+echo "Deployment of SecHub scan action"
+echo "--------------------------------"
+echo "[SETUP]"
+npm install
+
+echo "[BUILD]"
+npm run build
+
+echo "[TEST]"
+npm run test
+
+# Check for any changes in the repository
+changed_files=$(git diff --name-only HEAD)
+
+# Check if there are no changes
+if [ -z "$changed_files" ]; then
+  echo "No changes detected in the repository."
+  echo "[CANCELED]"
+
+  exit 5
+fi
+
+# Check if the only changed file is index.js
+if [ "$changed_files" != "index.js" ]; then
+  echo "Changes detected in files other than index.js (only):"
+  echo "$changed_files"
+  echo ""
+  echo "This may not happen on a deployment! Check the other changes"
+  echo "[FAILED]"
+  exit 1
+fi
+echo "Only index.js has changes, deployment is possible."
+echo "[DEPLOY]"
+
+git add --all
+git commit -m "GitHub action (scan) deployment"
+git push
+
+
+
diff --git a/github-actions/scan/package.json b/github-actions/scan/package.json
index a2b1b52947..37db237428 100644
--- a/github-actions/scan/package.json
+++ b/github-actions/scan/package.json
@@ -5,6 +5,7 @@
   "main": "dist/main.js",
   "scripts": {
     "build": "ncc build src/main.ts",
+    "deploy" : "./deploy.sh",
     "cleanBuild": "ncc cache clean;ncc build src/main.ts",
     "lint": "eslint src",
     "prettier": "npx prettier --write src",