From 87acebfb7379288418151999b32d7d987a5017e0 Mon Sep 17 00:00:00 2001 From: Laurent Broudoux Date: Fri, 3 Jan 2025 18:08:22 +0100 Subject: [PATCH] chore: #81 Add SBOM geenration during release process Signed-off-by: Laurent Broudoux --- .github/workflows/release.yml | 83 +++++++++++++++++++++++++++++++++++ jreleaser.yml | 26 +++++++++++ 2 files changed, 109 insertions(+) create mode 100644 .github/workflows/release.yml create mode 100644 jreleaser.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..944cefb --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,83 @@ +name: release +on: + workflow_dispatch: + inputs: + branch: + description: 'Branch to release' + required: true + version: + description: 'Release version' + required: true + nextVersion: + description: 'Next version after release (-SNAPSHOT will be added automatically)' + required: true +jobs: + release: + name: Release + runs-on: ubuntu-latest + permissions: + issues: write + contents: write + deployments: write + id-token: write + steps: + - name: Checkout Code + uses: actions/checkout@v4 + with: + ssh-key: ${{ secrets.RELEASE_DEPLOY_KEY }} + fetch-depth: 0 + ref: ${{ github.event.inputs.branch }} + + - name: Set Node.js 18.x + uses: actions/setup-node@v4 + with: + node-version: 18.x + cache: 'npm' + + - name: Set release version + run: | + npm install + npm version ${{ github.event.inputs.version }} --git-tag-version=false + + - name: Commit, push and tag changes + run: | + git config user.name "microcks-bot" + git config user.email "info@microcks.io" + git commit -m "Releasing version ${{ github.event.inputs.version }}" . + git tag ${{ github.event.inputs.version }} + git push origin ${{ github.event.inputs.version }} + + - name: Publish package with NPM + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + run: | + npm sbom --sbom-format spdx > microcks-microcks-testcontainers-${{ github.event.inputs.version }}.spdx-sbom.json + npm run build + npm publish --provenance + + - name: Publish release with JReleaser + uses: jreleaser/release-action@v2 + env: + JRELEASER_PROJECT_VERSION: ${{ github.event.inputs.version }} + JRELEASER_GPG_PASSPHRASE: ${{ secrets.JRELEASER_GPG_PASSPHRASE }} + JRELEASER_GPG_SECRET_KEY: ${{ secrets.JRELEASER_GPG_SECRET_KEY }} + JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.JRELEASER_GPG_PUBLIC_KEY }} + JRELEASER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Persist logs + - name: JReleaser release output + if: always() + uses: actions/upload-artifact@v4 + with: + name: jreleaser-release + path: | + target/jreleaser/trace.log + target/jreleaser/output.properties + + - name: Set next iteration version + run: npm version ${{ github.event.inputs.nextVersion }}-SNAPSHOT --git-tag-version=false + + - name: Commit, push and tag changes + run: | + git commit -m "Setting SNAPSHOT version ${{ github.event.inputs.nextVersion }}-SNAPSHOT" . + git push origin ${{ github.event.inputs.branch }} diff --git a/jreleaser.yml b/jreleaser.yml new file mode 100644 index 0000000..9f8b543 --- /dev/null +++ b/jreleaser.yml @@ -0,0 +1,26 @@ +project: + name: Microcks Testcontainers + description: Microcks Testcontainers Node/TS library + longDescription: Microcks Testcontainers Node/TypeScript library + copyright: The Microcks Authors + +signing: + active: ALWAYS + armored: true + +files: + active: ALWAYS + artifacts: + - path: 'microcks-microcks-testcontainers-{{projectVersion}}.spdx-sbom.json' + - path: 'microcks-microcks-testcontainers-{{projectVersion}}.tgz' + +release: + github: + overwrite: true + releaseName: '{{tagName}}' + tagName: '{{projectVersion}}' + changelog: + formatted: ALWAYS + preset: conventional-commits + contributors: + format: '- {{contributorName}}{{#contributorUsernameAsLink}} ({{.}}){{/contributorUsernameAsLink}}' \ No newline at end of file