fix: gradle component analsyis duplicates artifacts in sbom #44
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Release | |
env: | |
# 🖊️ EDIT to change the image build settings. | |
IMAGE_NAME: exhort-javascript-api | |
IMAGE_REGISTRY: quay.io/ecosystem-appeng | |
DOCKERFILE_PATH: ./docker-image/Dockerfiles/Dockerfile.alpha | |
on: | |
workflow_dispatch: | |
pull_request_target: | |
types: | |
- closed | |
branches: | |
- 'main' | |
paths: | |
- "generated/**" | |
- "src/**" | |
- "package-lock.json" | |
- "package.json" | |
- "tsconfig.json" | |
- ".github/workflows/release.yml" | |
jobs: | |
release: | |
runs-on: ubuntu-latest | |
environment: staging | |
if: github.repository_owner == 'RHEcosystemAppEng' && github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/' ) | |
name: Release the project | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v3 | |
with: | |
ssh-key: ${{ secrets.DEPLOY_KEY }} | |
fetch-depth: 0 | |
- name: Install node 18 | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
cache: npm | |
registry-url: 'https://npm.pkg.github.com' | |
- name: Configure git | |
run: | | |
git config user.name "${{ github.actor }}" | |
git config user.email "${{ github.actor }}@users.noreply.github.com" | |
- name: get previous released annotated tag | |
id: last-release | |
run: | | |
echo "base-tag=$(git describe | awk -F '-' '{print $1}')" >> "$GITHUB_OUTPUT" | |
echo "full-tag=$(git describe)" >> "$GITHUB_OUTPUT" | |
- name: get first tag in current development iteration according to base | |
id: fetch-tag | |
if: ${{ contains(steps.last-release.outputs.full-tag , '-ea.') }} | |
run: | | |
echo "oldest-tag=$(git for-each-ref --sort=creatordate --format '%(refname:lstrip=2)' refs/tags | grep ${{ steps.last-release.outputs.base-tag }} | head -n 1)" >> "$GITHUB_OUTPUT" | |
- name: determine semver component to bump | |
env: | |
BUMP_PART: ${{ contains(github.event.pull_request.title,'major') && 'major' || 'check-minor' }} | |
id: bump-decision | |
run: | | |
if [[ $BUMP_PART == 'check-minor' ]]; then | |
echo "bump-part=${{ contains(github.event.pull_request.title,'minor') && 'minor' || 'patch' }}" >> "$GITHUB_OUTPUT" | |
else | |
echo "bump-part=major" >> "$GITHUB_OUTPUT" | |
fi | |
- name: Update package with new version | |
id: bump | |
run: | | |
echo "version=$(npm version ${{ steps.bump-decision.outputs.bump-part }} --no-git-tag-version )" >> "$GITHUB_OUTPUT" | |
- name: Install project modules | |
run: npm ci | |
- name: Compile project | |
run: npm run compile | |
- name: Publish package | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: npm publish | |
- name: Commit and push package modifications | |
run: | | |
git add package.json | |
git add package-lock.json | |
git commit -m "build: updated package with ${{ steps.bump.outputs.version }} [skip ci]" | |
git push | |
- name: Create and push new tag | |
run: | | |
git tag ${{ steps.bump.outputs.version }} -m "${{ steps.bump.outputs.version }}" | |
git push origin ${{ steps.bump.outputs.version }} | |
- name: Create release notes for ${{ steps.bump.outputs.version }} release | |
uses: actions/github-script@v6 | |
id: release-notes | |
with: | |
github-token: ${{ secrets.STAGING_PAT }} | |
script: | | |
const repo_name = context.payload.repository.full_name | |
const response = await github.request('POST /repos/' + repo_name + '/releases' + '/generate-notes', { | |
tag_name: '${{ steps.bump.outputs.version }}', | |
previous_tag_name: '${{ steps.fetch-tag.outputs.oldest-tag != '' && steps.fetch-tag.outputs.oldest-tag || steps.last-release.outputs.base-tag }}' | |
}) | |
return response.data.body | |
- name: Create a release | |
uses: actions/github-script@v6.4.1 | |
with: | |
github-token: ${{ secrets.STAGING_PAT }} | |
script: | | |
const repo_name = context.payload.repository.full_name | |
const response = await github.request('POST /repos/' + repo_name + '/releases', { | |
tag_name: '${{ steps.bump.outputs.version }}', | |
name: '${{ steps.bump.outputs.version }}', | |
draft: false, | |
body: ${{ steps.release-notes.outputs.result }}, | |
prerelease: false, | |
make_latest: 'true' | |
}) |