chore: #81 Add SBOM geenration during release process

Signed-off-by: Laurent Broudoux <[email protected]>
microcks · Jan 3, 2025 · 87acebf · 87acebf
1 parent 454ea3d
commit 87acebf
Show file tree

Hide file tree

Showing 2 changed files with 109 additions and 0 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,83 @@
+name: release
+on:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Branch to release'
+        required: true
+      version:
+        description: 'Release version'
+        required: true
+      nextVersion:
+        description: 'Next version after release (-SNAPSHOT will be added automatically)'
+        required: true
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      contents: write
+      deployments: write
+      id-token: write
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          ssh-key: ${{ secrets.RELEASE_DEPLOY_KEY }}
+          fetch-depth: 0
+          ref: ${{ github.event.inputs.branch }}
+
+      - name: Set Node.js 18.x
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18.x
+          cache: 'npm'
+
+      - name: Set release version
+        run: |
+          npm install
+          npm version ${{ github.event.inputs.version }} --git-tag-version=false
+
+      - name: Commit, push and tag changes
+        run: |
+          git config user.name "microcks-bot"
+          git config user.email "[email protected]"
+          git commit -m "Releasing version ${{ github.event.inputs.version }}" .
+          git tag ${{ github.event.inputs.version }}
+          git push origin ${{ github.event.inputs.version }}
+
+      - name: Publish package with NPM
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: |
+          npm sbom --sbom-format spdx > microcks-microcks-testcontainers-${{ github.event.inputs.version }}.spdx-sbom.json 
+          npm run build
+          npm publish --provenance
+
+      - name: Publish release with JReleaser
+        uses: jreleaser/release-action@v2
+        env:
+          JRELEASER_PROJECT_VERSION: ${{ github.event.inputs.version }}
+          JRELEASER_GPG_PASSPHRASE: ${{ secrets.JRELEASER_GPG_PASSPHRASE }}
+          JRELEASER_GPG_SECRET_KEY: ${{ secrets.JRELEASER_GPG_SECRET_KEY }}
+          JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.JRELEASER_GPG_PUBLIC_KEY }}
+          JRELEASER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # Persist logs
+      - name: JReleaser release output
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: jreleaser-release
+          path: |
+            target/jreleaser/trace.log
+            target/jreleaser/output.properties
+
+      - name: Set next iteration version
+        run: npm version ${{ github.event.inputs.nextVersion }}-SNAPSHOT --git-tag-version=false
+
+      - name: Commit, push and tag changes
+        run: |
+          git commit -m "Setting SNAPSHOT version ${{ github.event.inputs.nextVersion }}-SNAPSHOT" .
+          git push origin ${{ github.event.inputs.branch }}
diff --git a/jreleaser.yml b/jreleaser.yml
@@ -0,0 +1,26 @@
+project:
+  name: Microcks Testcontainers
+  description: Microcks Testcontainers Node/TS library
+  longDescription: Microcks Testcontainers Node/TypeScript library
+  copyright: The Microcks Authors
+
+signing:
+  active: ALWAYS
+  armored: true
+
+files:
+  active: ALWAYS
+  artifacts:
+    - path: 'microcks-microcks-testcontainers-{{projectVersion}}.spdx-sbom.json'
+    - path: 'microcks-microcks-testcontainers-{{projectVersion}}.tgz'
+
+release:
+  github:
+    overwrite: true
+    releaseName: '{{tagName}}'
+    tagName: '{{projectVersion}}'
+    changelog:
+      formatted: ALWAYS
+      preset: conventional-commits
+      contributors:
+        format: '- {{contributorName}}{{#contributorUsernameAsLink}} ({{.}}){{/contributorUsernameAsLink}}'