-
Notifications
You must be signed in to change notification settings - Fork 1
80 lines (70 loc) · 2.89 KB
/
on-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# This workflow is triggered when someone create a new release in GitHub
# and checks the "This is a pre-relase" box.
name: Trigger Release creation
on:
release:
types: [prereleased]
jobs:
on-release:
runs-on: ubuntu-latest
# The cimg-mvn-cache is an image containing a .m2 folder warmed-up
# with common Jahia dependencies. Using this prevents maven from
# downloading the entire world when building.
# More on https://github.com/Jahia/cimg-mvn-cache
container:
image: jahia/cimg-mvn-cache:ga_cimg_openjdk_11.0.20-node
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
steps:
# Providing the SSH PRIVATE of a user part of an admin group
# is necessary to bypass PR checks
- uses: actions/checkout@v4
with:
ssh-key: ${{ secrets.GH_SSH_PRIVATE_KEY_JAHIACI }}
# Setting up the SSH agent to be able to commit back to the repository
# https://github.com/webfactory/ssh-agent
- uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.GH_SSH_PRIVATE_KEY_JAHIACI }}
- uses: jahia/jahia-modules-action/release@v2
name: Release Module
with:
github_slug: Jahia/site-settings-seo
primary_release_branch: master
release_id: ${{ github.event.release.id }}
release_version: ${{ github.event.release.tag_name }}
github_api_token: ${{ secrets.GH_API_TOKEN }}
nexus_username: ${{ secrets.NEXUS_USERNAME }}
nexus_password: ${{ secrets.NEXUS_PASSWORD }}
- uses: jahia/jahia-modules-action/update-signature@v2
with:
nexus_username: ${{ secrets.NEXUS_USERNAME }}
nexus_password: ${{ secrets.NEXUS_PASSWORD }}
nexus_enterprise_releases_url: ${{ secrets.NEXUS_ENTERPRISE_RELEASES_URL }}
force_signature: true
- uses: jahia/jahia-modules-action/release-publication@v2
name: Publish Module
with:
module_id: site-settings-seo
release_version: ${{ github.event.release.tag_name }}
nexus_username: ${{ secrets.NEXUS_USERNAME }}
nexus_password: ${{ secrets.NEXUS_PASSWORD }}
# Tmate only starts if any of the previous steps fails.
# Be careful since it also means that if a step fails the workflow will
# keep running until it reaches the timeout
- name: Setup tmate session
if: ${{ failure() }}
uses: mxschmitt/action-tmate@v3
timeout-minutes: 15
sbom:
name: SBOM processing
needs: on-release
runs-on: ubuntu-latest
container:
image: cyclonedx/cyclonedx-cli:0.24.2
steps:
- uses: jahia/jahia-modules-action/sbom-processing@v2
with:
dependencytrack_hostname: ${{ vars.DEPENDENCYTRACK_HOSTNAME }}
dependencytrack_apikey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}