Javascript Wrapper Release #79
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Javascript Wrapper Release | |
| on: | |
| workflow_call: | |
| inputs: | |
| cliTag: | |
| description: 'CLI tag name' | |
| required: false | |
| type: string | |
| default: 2.0.0-nightly | |
| jsTag: | |
| description: 'JS Wrapper tag name' | |
| required: false | |
| type: string | |
| default: nightly | |
| dev: | |
| description: 'Is dev build' | |
| required: false | |
| default: true | |
| type: boolean | |
| workflow_dispatch: | |
| inputs: | |
| cliTag: | |
| description: 'CLI tag name (ignored if not dev build)' | |
| required: false | |
| jsTag: | |
| description: 'Tag name (ignored if not dev build)' | |
| required: false | |
| type: string | |
| default: rc | |
| dev: | |
| description: 'Is dev build' | |
| required: false | |
| default: true | |
| type: boolean | |
| permissions: | |
| id-token: write | |
| contents: write | |
| packages: write | |
| jobs: | |
| delete: | |
| uses: Checkmarx/ast-cli-javascript-wrapper-runtime-cli/.github/workflows/delete-packages-and-releases.yml@main | |
| with: | |
| tag: ${{ inputs.jsTag }} | |
| secrets: inherit | |
| if: inputs.dev == true | |
| release: | |
| runs-on: ubuntu-latest | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.OR_GITHUB_TOKEN }} | |
| BRANCH_NAME: npm-version-patch | |
| outputs: | |
| TAG_NAME: ${{ steps.generate_tag_name.outputs.TAG_NAME }} | |
| CLI_VERSION: ${{ steps.extract_cli_version.outputs.CLI_VERSION }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Git Configuration | |
| run: | | |
| git config user.name github-actions | |
| git config user.email github-actions@github.com | |
| - uses: actions/setup-node@v4.0.2 | |
| with: | |
| node-version: 22.11.0 | |
| registry-url: https://npm.pkg.github.com/ | |
| - name: Generate Tag name | |
| id: generate_tag_name | |
| run: | | |
| if [ "${{ inputs.dev }}" == "true" ]; then | |
| TAG_NAME=$(npm version prerelease --preid=${{ inputs.jsTag }} --no-git-tag-version --allow-same-version) | |
| else | |
| TAG_NAME=$(npm version patch --no-git-tag-version) | |
| fi | |
| echo "Generated TAG_NAME: $TAG_NAME" | |
| echo "TAG_NAME=$TAG_NAME" >> $GITHUB_ENV | |
| echo "::set-output name=TAG_NAME::$TAG_NAME" | |
| - name: Extract CLI version | |
| id: extract_cli_version | |
| run: | | |
| CLI_VERSION=$(cat checkmarx-ast-cli.version | grep -Eo '^[0-9]+\.[0-9]+\.[0-9]+') | |
| echo "CLI version being packed is $CLI_VERSION" | |
| echo "CLI_VERSION=$CLI_VERSION" >> $GITHUB_ENV | |
| echo "::set-output name=CLI_VERSION::$CLI_VERSION" | |
| - name: Check if CLI version is latest | |
| id: check_latest_cli_version | |
| run: | | |
| if [ "${{ inputs.dev }}" == "false" ] || [ -n "${{ inputs.cliTag }}" ] || [ "${{ github.ref }}" != "refs/heads/main" ]; then | |
| exit 0 | |
| fi | |
| LATEST_CLI_VERSION=$(curl -s https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') | |
| if [ "$CLI_VERSION" = "$LATEST_CLI_VERSION" ]; then | |
| echo "Confirm that the CLI version in the repository is up-to-date with the most recent release: $CLI_VERSION" | |
| else | |
| echo "The current repository contains a CLI version that differs from the latest released version: Expected $LATEST_CLI_VERSION, got $CLI_VERSION" | |
| exit 1 | |
| fi | |
| - name: NPM ci and build | |
| run: | | |
| npm ci | |
| npm run build | |
| - name: Create Pull Request | |
| id: create_pr | |
| if: inputs.dev == false | |
| uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c #v6.1.0 | |
| with: | |
| token: ${{ env.GITHUB_TOKEN }} | |
| branch: ${{ env.BRANCH_NAME }} | |
| title: "Update Version - Automated Changes" | |
| body: "This is an automated PR created by GitHub Actions" | |
| base: main | |
| draft: false | |
| - name: Wait for PR to be created | |
| id: pr | |
| if: inputs.dev == false | |
| uses: octokit/request-action@872c5c97b3c85c23516a572f02b31401ef82415d #v2.3.1 | |
| with: | |
| route: GET /repos/${{ github.repository }}/pulls?head=${{ github.repository_owner }}:${{ env.BRANCH_NAME }} | |
| - name: Merge Pull Request | |
| if: inputs.dev == false | |
| uses: octokit/request-action@872c5c97b3c85c23516a572f02b31401ef82415d #v2.3.1 | |
| with: | |
| route: PUT /repos/${{ github.repository }}/pulls/${{ steps.create_pr.outputs.pull-request-number }}/merge | |
| merge_method: squash | |
| - name: Push tag | |
| if: inputs.dev == false | |
| run: | | |
| git pull | |
| git tag ${{env.TAG_NAME}} | |
| git push --tags | |
| - name: Publish npm package | |
| run: | | |
| if [ ${{ inputs.dev }} == true ]; then | |
| npm publish --tag=${{ inputs.jsTag }} | |
| else | |
| npm publish --access public | |
| fi | |
| env: | |
| NODE_AUTH_TOKEN: ${{secrets.PERSONAL_ACCESS_TOKEN}} | |
| - name: Create Release | |
| uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 #v2 | |
| with: | |
| name: ${{env.TAG_NAME}} | |
| tag_name: ${{env.TAG_NAME}} | |
| generate_release_notes: true | |
| prerelease: ${{ inputs.dev }} | |
| notify: | |
| if: inputs.dev == false | |
| needs: release | |
| uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main | |
| with: | |
| product_name: Javascript Runtime Wrapper | |
| release_version: ${{ needs.release.outputs.TAG_NAME }} | |
| cli_release_version: ${{ needs.release.outputs.CLI_VERSION }} | |
| release_author: "Phoenix Team" | |
| release_url: https://github.com/Checkmarx/ast-cli-javascript-wrapper-runtime-cli/releases/tag/${{ needs.release.outputs.TAG_NAME }} | |
| jira_product_name: JS_RUNTIME_WRAPPER | |
| secrets: inherit | |
| dispatch_auto_release: | |
| name: Update ADO Extension With new Wrapper Version | |
| if: inputs.dev == false | |
| needs: notify | |
| uses: Checkmarx/plugins-release-workflow/.github/workflows/dispatch-workflow.yml@main | |
| with: | |
| cli_version: ${{ needs.release.outputs.CLI_VERSION }} | |
| is_cli_release: false | |
| is_js_runtime_release: true | |
| secrets: inherit |