-
Notifications
You must be signed in to change notification settings - Fork 0
203 lines (165 loc) · 7.58 KB
/
build-and-publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
name: build-and-publish
run-name: Build and publish
on:
workflow_dispatch:
inputs:
BRANCH:
type: choice
options:
- master
description: Branch to build and push
default: master
required: true
repository_dispatch:
types: [ "ql:publish-command" ]
push:
tags:
- "v*"
# These permissions are required to allow writing comments and reporting check status.
permissions:
contents: write
pull-requests: write
actions: write
statuses: write
issues: write
checks: write
packages: write
jobs:
build-and-publish:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
language: [ 'java' ]
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ env.GIT_REF }}
- name: Get git commit hash
uses: pr-mpt/actions-commit-hash@v2
id: commit
- name: Configure dynamic variables
id: vars
run: |
# For local dev.
if [[ -z $GITHUB_OUTPUT ]]; then
GITHUB_OUTPUT=/dev/stdout
fi
# The version of the CodeQL query pack
version=`cat vertx-codeql-queries/ql/src/qlpack.yml | yq e ".version" -`
# Check if this is a snapshot version
isSnapshot=false
if [[ $version == *"-alpha" ]]; then
isSnapshot=true
fi
echo "Version: $version"
echo "Is snapshot: $isSnapshot"
echo "version=$version" >> $GITHUB_OUTPUT
echo "isSnapshot=$isSnapshot" >> $GITHUB_OUTPUT
- name: Fetch CodeQL
shell: bash
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
gh extension install github/gh-codeql
gh codeql version
printf "CODEQL_FETCHED_CODEQL_PATH=" >> "${GITHUB_ENV}"
gh codeql version --format=json | jq -r .unpackedLocation >> "${GITHUB_ENV}"
gh codeql version --format=json | jq -r .unpackedLocation >> "${GITHUB_PATH}"
- name: Generate query help files
run: |
cd vertx-codeql-queries/ql/src
codeql generate query-help *.qhelp --format=markdown -o .
ls -al
- name: Get Version ID from the Versions List
if: ${{ steps.package.outputs.isSnapshot != true }}
id: package
run: |
# For dev
#GITHUB_TOKEN=$(cat /tmp/token)
#VERSION=1.0.0-alpha
if [[ -z $GITHUB_OUTPUT ]]; then
GITHUB_OUTPUT=/dev/stdout
fi
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
VERSION=${{ steps.vars.outputs.version }}
URL="https://api.github.com/user/packages/container/vertx-codeql-queries/versions"
RESPONSE=$(echo "Sending request to $URL" > /dev/stdout; curl -sS -L -D /dev/stdout -o versions.json -w '%{http_code}' -X GET -H "Authorization: Bearer $GITHUB_TOKEN" $URL || echo "")
HEADERS=$(echo "$RESPONSE" | head -n -2 | sed 's/^/ /')
STATUS_CODE=$(echo "$RESPONSE" | tail -n 1)
RESPONSE=$(cat versions.json)
echo "Response: \n ${RESPONSE}"
# Fail step on request error?
[[ $STATUS_CODE != "200" && $STATUS_CODE != "404" ]] && { echo "Request to $URL returned response ${STATUS_CODE}" ; exit 1; }
if [[ $STATUS_CODE == "404" ]]; then
echo "Version $VERSION has not been found. Version value will be 'unknown'."
echo "versionId=unknown" >> $GITHUB_OUTPUT
exit 0
fi
VERSION_ID=$(echo "$RESPONSE" | jq --arg VERSION "$VERSION" -r '.[]|select(.metadata.container.tags|any(. == $VERSION)).id')
echo "Found version id is: ${VERSION_ID}"
echo "versionId=${VERSION_ID}" >> $GITHUB_OUTPUT
- name: Print Version ID
if: ${{ steps.package.outputs.isSnapshot == true }}
run: echo "The selected Version ID is ${{ steps.package.outputs.versionId }}"
- uses: actions/delete-package-versions@v4
if: ${{ steps.package.outputs.isSnapshot == true }}
with:
token: ${{ secrets.CS_DEVOPS_BOT_TOKEN }}
# Can be a single package version id, or a comma separated list of package version ids.
# Defaults to an empty string.
package-version-ids: ${{ steps.package.outputs.versionId }}
# Owner of the package.
# Defaults to the owner of the repo executing the workflow.
# Required if deleting a version from a package hosted in a different org than the one executing the workflow.
owner: carlspring
# Name of the package.
# Required
package-name: vertx-codeql-queries
# Type of the package. Can be one of container, maven, npm, nuget, or rubygems.
# Required
package-type: container
# If true it will delete only the pre-release versions.
# The number of pre-release versions to keep can be set by using `min-versions-to-keep` value with this.
# When `min-versions-to-keep` is 0, all pre-release versions get deleted.
# Defaults to false.
# Cannot be used with `num-old-versions-to-delete` and `ignore-versions`.
# delete-only-pre-release-versions: true
- name: Publish CodeQL query pack
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cd vertx-codeql-queries/ql/src
codeql pack install
codeql pack publish --allow-prerelease
- name: Post job report comment reaction
uses: peter-evans/create-or-update-comment@v3
if: ${{ always() && (github.event.client_payload.slash_command.command != '') }}
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
reactions: ${{ job.status == 'success' && 'hooray' || '-1' }}
- name: Post job report comment failure
uses: peter-evans/create-or-update-comment@v3
if: ${{ failure() && (github.event.client_payload.slash_command.command != '') }}
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
reactions: ${{ job.status == 'success' && 'hooray' || '-1' }}
body: |
> 🔴 Failed to publish the package. For more details check the [build log](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).
- name: Post job report add comment on success push
uses: peter-evans/create-or-update-comment@v3
if: ${{ success() && (github.event.client_payload.slash_command.command != '') }}
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
body: |
#### Status
🟢 Pushed revision `${{ steps.vars.outputs.version }}` to [carlspring/vertx-codeql-queries:${{ steps.vars.outputs.version }}]https://github.com/users/carlspring/packages/container/package/vertx-codeql-queries).
#### Build log
* For more details check the [build log](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).