Javascript Wrapper Release #100
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Javascript Wrapper Release | |
| on: | |
| workflow_call: | |
| inputs: | |
| cliTag: | |
| description: 'CLI tag name' | |
| required: false | |
| type: string | |
| default: 2.0.0-nightly | |
| jsTag: | |
| description: 'JS Wrapper tag name' | |
| required: false | |
| type: string | |
| default: nightly | |
| dev: | |
| description: 'Is dev build' | |
| required: false | |
| default: true | |
| type: boolean | |
| bumpVersion: | |
| description: 'Bump npm version, create and merge version PR' | |
| required: false | |
| default: true | |
| type: boolean | |
| workflow_dispatch: | |
| inputs: | |
| cliTag: | |
| description: 'CLI tag name (ignored if not dev build)' | |
| required: false | |
| jsTag: | |
| description: 'Tag name (ignored if not dev build)' | |
| required: false | |
| type: string | |
| default: rc | |
| dev: | |
| description: 'Is dev build' | |
| required: false | |
| default: true | |
| type: boolean | |
| bumpVersion: | |
| description: 'Bump npm version, create and merge version PR' | |
| required: false | |
| default: true | |
| type: boolean | |
| permissions: | |
| contents: read | |
| jobs: | |
| delete: | |
| permissions: | |
| contents: write | |
| packages: write | |
| uses: Checkmarx/ast-cli-javascript-wrapper-runtime-cli/.github/workflows/delete-packages-and-releases.yml@main | |
| with: | |
| tag: ${{ inputs.jsTag }} | |
| secrets: inherit | |
| if: inputs.dev == true | |
| release: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| packages: write | |
| runs-on: cx-public-ubuntu-x64 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BRANCH_NAME: npm-version-patch | |
| outputs: | |
| TAG_NAME: ${{ steps.generate_tag_name.outputs.TAG_NAME }} | |
| CLI_VERSION: ${{ steps.extract_cli_version.outputs.CLI_VERSION }} | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Git Configuration | |
| run: | | |
| git config user.name github-actions | |
| git config user.email github-actions@github.com | |
| - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: 22.11.0 | |
| registry-url: https://npm.echohq.com/ | |
| - name: Configure GitHub Packages auth | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: npm config set //npm.pkg.github.com/:_authToken "${GH_TOKEN}" | |
| - name: Generate Tag name | |
| id: generate_tag_name | |
| env: | |
| INPUT_DEV: ${{ inputs.dev }} | |
| INPUT_JS_TAG: ${{ inputs.jsTag }} | |
| INPUT_BUMP_VERSION: ${{ inputs.bumpVersion }} | |
| run: | | |
| if [ "$INPUT_DEV" == "true" ]; then | |
| TAG_NAME=$(npm version prerelease --preid="$INPUT_JS_TAG" --no-git-tag-version --allow-same-version) | |
| elif [ "$INPUT_BUMP_VERSION" == "true" ]; then | |
| TAG_NAME=$(npm version patch --no-git-tag-version) | |
| else | |
| TAG_NAME=v$(node -p "require('./package.json').version") | |
| fi | |
| echo "Generated TAG_NAME: $TAG_NAME" | |
| echo "TAG_NAME=$TAG_NAME" >> $GITHUB_ENV | |
| echo "TAG_NAME=$TAG_NAME" >> $GITHUB_OUTPUT | |
| - name: Extract CLI version | |
| id: extract_cli_version | |
| run: | | |
| CLI_VERSION=$(cat checkmarx-ast-cli.version | grep -Eo '^[0-9]+\.[0-9]+\.[0-9]+') | |
| echo "CLI version being packed is $CLI_VERSION" | |
| echo "CLI_VERSION=$CLI_VERSION" >> $GITHUB_ENV | |
| echo "CLI_VERSION=$CLI_VERSION" >> $GITHUB_OUTPUT | |
| - name: Check if CLI version is latest | |
| id: check_latest_cli_version | |
| env: | |
| INPUT_DEV: ${{ inputs.dev }} | |
| INPUT_CLI_TAG: ${{ inputs.cliTag }} | |
| GIT_REF: ${{ github.ref }} | |
| run: | | |
| if [ "$INPUT_DEV" == "false" ] || [ -n "$INPUT_CLI_TAG" ] || [ "$GIT_REF" != "refs/heads/main" ]; then | |
| exit 0 | |
| fi | |
| LATEST_CLI_VERSION=$(curl -s https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') | |
| if [ "$CLI_VERSION" = "$LATEST_CLI_VERSION" ]; then | |
| echo "Confirm that the CLI version in the repository is up-to-date with the most recent release: $CLI_VERSION" | |
| else | |
| echo "The current repository contains a CLI version that differs from the latest released version: Expected $LATEST_CLI_VERSION, got $CLI_VERSION" | |
| exit 1 | |
| fi | |
| - name: NPM ci and build | |
| run: | | |
| npm ci | |
| npm run build | |
| - name: Create Pull Request | |
| id: create_pr | |
| if: inputs.dev == false && inputs.bumpVersion == true | |
| uses: step-security/create-pull-request@50c103da2b9ca12cd5bc013fc6931051a5aa872b # v8.1.1 | |
| with: | |
| token: ${{ env.GITHUB_TOKEN }} | |
| branch: ${{ env.BRANCH_NAME }} | |
| title: "Update Version - Automated Changes" | |
| body: "This is an automated PR created by GitHub Actions" | |
| base: main | |
| draft: false | |
| - name: Wait for PR to be created | |
| id: pr | |
| if: inputs.dev == false && inputs.bumpVersion == true | |
| uses: octokit/request-action@b91aabaa861c777dcdb14e2387e30eddf04619ae # v3.0.0 | |
| with: | |
| route: GET /repos/${{ github.repository }}/pulls?head=${{ github.repository_owner }}:${{ env.BRANCH_NAME }} | |
| - name: Merge Pull Request | |
| if: inputs.dev == false && inputs.bumpVersion == true | |
| uses: octokit/request-action@b91aabaa861c777dcdb14e2387e30eddf04619ae # v3.0.0 | |
| with: | |
| route: PUT /repos/${{ github.repository }}/pulls/${{ steps.create_pr.outputs.pull-request-number }}/merge | |
| merge_method: squash | |
| - name: Push tag | |
| if: inputs.dev == false | |
| run: | | |
| git pull | |
| git tag ${{env.TAG_NAME}} | |
| git push --tags | |
| - name: Publish npm package | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| INPUT_DEV: ${{ inputs.dev }} | |
| INPUT_JS_TAG: ${{ inputs.jsTag }} | |
| run: | | |
| if [ "$INPUT_DEV" == "true" ]; then | |
| npm publish --tag="$INPUT_JS_TAG" | |
| else | |
| npm publish --access public | |
| fi | |
| - name: Create Release | |
| uses: step-security/action-gh-release@277bfa82abcfdb73e5bbb19e213fd76532ee2be5 # v3.0.0 | |
| with: | |
| name: ${{env.TAG_NAME}} | |
| tag_name: ${{env.TAG_NAME}} | |
| generate_release_notes: true | |
| prerelease: ${{ inputs.dev }} | |
| # notify: | |
| # if: inputs.dev == false | |
| # needs: release | |
| # uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main | |
| # with: | |
| # product_name: Javascript Runtime Wrapper | |
| # release_version: ${{ needs.release.outputs.TAG_NAME }} | |
| # cli_release_version: ${{ needs.release.outputs.CLI_VERSION }} | |
| # release_author: "Sypher Team" | |
| # release_url: https://github.com/Checkmarx/ast-cli-javascript-wrapper-runtime-cli/releases/tag/${{ needs.release.outputs.TAG_NAME }} | |
| # jira_product_name: JS_RUNTIME_WRAPPER | |
| # secrets: inherit | |
| # dispatch_auto_release: | |
| # name: Update ADO Extension With new Wrapper Version | |
| # if: inputs.dev == false | |
| # needs: notify | |
| # uses: Checkmarx/plugins-release-workflow/.github/workflows/dispatch-workflow.yml@main | |
| # with: | |
| # cli_version: ${{ needs.release.outputs.CLI_VERSION }} | |
| # is_cli_release: false | |
| # is_js_runtime_release: true | |
| # secrets: inherit |