Skip to content
Javascript Wrapper Release

Javascript Wrapper Release #330

Sign in to view logs

Javascript Wrapper Release

Javascript Wrapper Release #330

Workflow file for this run

.github/workflows/release.yml at f54d215
name: Javascript Wrapper Release
on:
workflow_call:
inputs:
cliTag:
description: 'CLI tag name'
required: false
type: string
default: 2.0.0-nightly
jsTag:
description: 'JS Wrapper tag name'
required: false
type: string
default: nightly
dev:
description: 'Is dev build'
required: false
default: true
type: boolean
bumpVersion:
description: 'Bump npm version, create and merge version PR'
required: false
default: true
type: boolean
workflow_dispatch:
inputs:
cliTag:
description: 'CLI tag name (ignored if not dev build)'
required: false
jsTag:
description: 'Tag name (ignored if not dev build)'
required: false
type: string
default: rc
dev:
description: 'Is dev build'
required: false
default: true
type: boolean
bumpVersion:
description: 'Bump npm version, create and merge version PR'
required: false
default: true
type: boolean
permissions:
contents: read
jobs:
delete:
permissions:
contents: write
packages: write
uses: Checkmarx/ast-cli-javascript-wrapper/.github/workflows/delete-packages-and-releases.yml@main
with:
tag: ${{ inputs.jsTag }}
secrets: inherit
if: inputs.dev == true
release:
permissions:
id-token: write
contents: write
packages: write
runs-on: cx-public-ubuntu-x64
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BRANCH_NAME: npm-version-patch
outputs:
TAG_NAME: ${{ steps.set_tag_name.outputs.TAG_NAME }}
CLI_VERSION: ${{ steps.extract_cli_version.outputs.CLI_VERSION }}
steps:
# CHECKOUT PROJECT
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
fetch-depth: 0
lfs: true # Ensure LFS files are checked out
# GIT CONFIGURATION
- run: |
git config user.name github-actions
git config user.email github-actions@github.com
# SETUP NODE
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 22.11.0
registry-url: https://npm.echohq.com/
# GET TAG NAME
- name: Generate Tag name
id: set_tag_name
env:
INPUT_DEV: ${{ inputs.dev }}
INPUT_JS_TAG: ${{ inputs.jsTag }}
INPUT_BUMP_VERSION: ${{ inputs.bumpVersion }}
run: |
if [ "$INPUT_DEV" == "true" ]; then
TAG_NAME=$(npm version prerelease --preid="$INPUT_JS_TAG" --no-git-tag-version --allow-same-version)
elif [ "$INPUT_BUMP_VERSION" == "true" ]; then
TAG_NAME=$(npm version patch --no-git-tag-version)
else
TAG_NAME=v$(node -p "require('./package.json').version")
fi
echo "TAG_NAME=$TAG_NAME" >> $GITHUB_ENV
echo "TAG_NAME=$TAG_NAME" >> $GITHUB_OUTPUT
# DOWNLOAD CLI IF IT IS A DEV VERSION AND A CLI TAG WAS PROVIDED
- name: Download cli with tag
if: inputs.dev == true && inputs.cliTag != ''
env:
INPUT_CLI_TAG: ${{ inputs.cliTag }}
run: |
# Update binaries
chmod +x ./.github/scripts/update_cli.sh
./.github/scripts/update_cli.sh "$INPUT_CLI_TAG"
- name: Extract CLI version
id: extract_cli_version
run: |
CLI_VERSION=$(./src/main/wrapper/resources/cx-linux version | grep -Eo '^[0-9]+\.[0-9]+\.[0-9]+')
echo "CLI version being packed is $CLI_VERSION"
echo "CLI_VERSION=$CLI_VERSION" >> $GITHUB_ENV
echo "CLI_VERSION=$CLI_VERSION" >> $GITHUB_OUTPUT
# RUN NPM INSTALL AND BUILD
- name: NPM ci and build
run: |
npm ci
npm run build
# CREATE PR FOR VERSION
- name: Create Pull Request
id: create_pr
if: inputs.dev == false && inputs.bumpVersion == true
uses: step-security/create-pull-request@50c103da2b9ca12cd5bc013fc6931051a5aa872b # v8.1.1
with:
token: ${{ env.GITHUB_TOKEN }}
branch: ${{ env.BRANCH_NAME }}
title: "Update Version - Automated Changes"
body: "This is an automated PR created by GitHub Actions"
base: main
draft: false
# WAIT FOR PR CREATION
- name: Wait for PR to be created
id: pr
if: inputs.dev == false && inputs.bumpVersion == true
uses: octokit/request-action@b91aabaa861c777dcdb14e2387e30eddf04619ae # v3.0.0
with:
route: GET /repos/${{ github.repository }}/pulls?head=${{ github.repository_owner }}:${{ env.BRANCH_NAME }}
# MERGE PR TO MAIN
- name: Merge Pull Request
if: inputs.dev == false && inputs.bumpVersion == true
uses: octokit/request-action@b91aabaa861c777dcdb14e2387e30eddf04619ae # v3.0.0
with:
route: PUT /repos/${{ github.repository }}/pulls/${{ steps.create_pr.outputs.pull-request-number }}/merge
merge_method: squash
# PUSH TAGS IF IT IS A RELEASE
- name: Push tag
if: inputs.dev == false
run: |
git pull
git tag ${{env.TAG_NAME}}
git push --tags
# PUBLISH NPM PACKAGE
- name: Publish npm package
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
INPUT_DEV: ${{ inputs.dev }}
INPUT_JS_TAG: ${{ inputs.jsTag }}
run: |
if [ "$INPUT_DEV" == "true" ]; then
npm publish --tag="$INPUT_JS_TAG"
else
npm publish --access public
fi
# CREATE RELEASE
- name: Create Release
uses: step-security/action-gh-release@277bfa82abcfdb73e5bbb19e213fd76532ee2be5 # v3.0.0
with:
name: ${{env.TAG_NAME}}
tag_name: ${{env.TAG_NAME}}
generate_release_notes: true
prerelease: ${{ inputs.dev }}
# notify:
# if: inputs.dev == false
# needs: release
# uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main
# with:
# product_name: Javascript Wrapper
# release_version: ${{ needs.release.outputs.TAG_NAME }}
# cli_release_version: ${{ needs.release.outputs.CLI_VERSION }}
# release_author: "Phoenix Team"
# release_url: https://github.com/Checkmarx/ast-cli-javascript-wrapper/releases/tag/${{ needs.release.outputs.TAG_NAME }}
# jira_product_name: JAVASCRIPT_WRAPPER
# secrets: inherit
# dispatch_auto_release:
# name: Update VS Code Extension With new Wrapper Version
# if: inputs.dev == false
# needs: notify
# uses: Checkmarx/plugins-release-workflow/.github/workflows/dispatch-workflow.yml@main
# with:
# cli_version: ${{ needs.release.outputs.CLI_VERSION }}
# is_cli_release: false
# is_js_release: true
# secrets: inherit