This repository has been archived by the owner on Nov 6, 2024. It is now read-only.
[BCE-27972] fix owasp #393
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# GitHub Actions Workflow created for testing and preparing the plugin release in following steps: | |
# - validate Gradle Wrapper, | |
# - run test and verifyPlugin tasks, | |
# - run buildPlugin task and prepare artifact for the further tests, | |
# - run IntelliJ Plugin Verifier, | |
# - create a draft release. | |
# | |
# Workflow is triggered on push and pull_request events. | |
# | |
# Docs: | |
# - GitHub Actions: https://help.github.com/en/actions | |
# - IntelliJ Plugin Verifier GitHub Action: https://github.com/ChrisCarini/intellij-platform-plugin-verifier-action | |
# | |
## JBIJPPTPL | |
name: Build | |
on: | |
# Trigger the workflow on pushes to only the 'main' branch (this avoids duplicate checks being run e.g. for dependabot pull requests) | |
push: | |
branches: ['**'] | |
# Trigger the workflow on any pull request | |
pull_request: | |
jobs: | |
# Run Gradle Wrapper Validation Action to verify the wrapper's checksum | |
gradleValidation: | |
name: Gradle Wrapper | |
runs-on: ubuntu-latest | |
steps: | |
# Check out current repository | |
- name: Fetch Sources | |
uses: actions/[email protected] | |
# Validate wrapper | |
- name: Gradle Wrapper Validation | |
uses: gradle/[email protected] | |
# Run verifyPlugin and test Gradle tasks | |
test: | |
name: Test | |
needs: gradleValidation | |
runs-on: ubuntu-latest | |
steps: | |
# Check out current repository | |
- name: Fetch Sources | |
uses: actions/[email protected] | |
# Setup Java 11 environment for the next steps | |
- name: Setup Java | |
uses: actions/setup-java@v2 | |
with: | |
distribution: zulu | |
java-version: 11 | |
cache: gradle | |
# Set environment variables | |
- name: Export Properties | |
id: properties | |
shell: bash | |
run: | | |
PROPERTIES="$(./gradlew properties --console=plain -q)" | |
IDE_VERSIONS="$(echo "$PROPERTIES" | grep "^pluginVerifierIdeVersions:" | base64)" | |
echo "::set-output name=ideVersions::$IDE_VERSIONS" | |
echo "::set-output name=pluginVerifierHomeDir::~/.pluginVerifier" | |
# Cache Plugin Verifier IDEs | |
- name: Setup Plugin Verifier IDEs Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{ steps.properties.outputs.pluginVerifierHomeDir }}/ides | |
key: ${{ runner.os }}-plugin-verifier-${{ steps.properties.outputs.ideVersions }} | |
# Run tests | |
- name: Run Tests | |
run: ./gradlew test | |
# Run verifyPlugin Gradle task | |
- name: Verify Plugin | |
run: ./gradlew verifyPlugin | |
# Run IntelliJ Plugin Verifier action using GitHub Action | |
- name: Run Plugin Verifier | |
run: ./gradlew runPluginVerifier -Pplugin.verifier.home.dir=${{ steps.properties.outputs.pluginVerifierHomeDir }} | |
# Build plugin with buildPlugin Gradle task and provide the artifact for the next workflow jobs | |
# Requires test job to be passed | |
build: | |
name: Build | |
needs: test | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.properties.outputs.version }} | |
changelog: ${{ steps.properties.outputs.changelog }} | |
steps: | |
# Check out current repository | |
- name: Fetch Sources | |
uses: actions/[email protected] | |
# Setup Java 11 environment for the next steps | |
- name: Setup Java | |
uses: actions/setup-java@v2 | |
with: | |
distribution: adopt | |
java-version: 11 | |
architecture: x64 | |
# Set environment variables | |
- name: Export Properties | |
id: properties | |
shell: bash | |
run: | | |
PROPERTIES="$(./gradlew properties --console=plain -q)" | |
VERSION="$(echo "$PROPERTIES" | grep "^version:" | cut -f2- -d ' ')" | |
NAME="$(echo "$PROPERTIES" | grep "^pluginName:" | cut -f2- -d ' ')" | |
CHANGELOG="$(./gradlew getChangelog --unreleased --no-header --console=plain -q)" | |
CHANGELOG="${CHANGELOG//'%'/'%25'}" | |
CHANGELOG="${CHANGELOG//$'\n'/'%0A'}" | |
CHANGELOG="${CHANGELOG//$'\r'/'%0D'}" | |
echo "::set-output name=version::$VERSION" | |
echo "::set-output name=name::$NAME" | |
echo "::set-output name=changelog::$CHANGELOG" | |
# Build artifact using buildPlugin Gradle task | |
- name: Build Plugin | |
run: ./gradlew buildPlugin | |
# Store built plugin as an artifact for downloading | |
- name: Upload artifacts | |
uses: actions/[email protected] | |
with: | |
name: "${{ steps.properties.outputs.name }} - ${{ steps.properties.outputs.version }}" | |
path: ./build/distributions/* | |
# Prepare a draft release for GitHub Releases page for the manual verification | |
# If accepted and published, release workflow would be triggered | |
releaseDraft: | |
name: Release Draft | |
if: | | |
github.event_name != 'pull_request' && | |
github.ref == 'refs/heads/main' | |
needs: build | |
runs-on: [ self-hosted, public, linux, x64 ] | |
steps: | |
# Check out current repository | |
- name: Fetch Sources | |
uses: actions/[email protected] | |
- name: Install gh cli | |
run: | | |
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-key C99B11DEB97541F0 | |
sudo apt-add-repository https://cli.github.com/packages | |
sudo apt update | |
sudo apt install gh | |
# Remove old release drafts by using the curl request for the available releases with draft flag | |
- name: Remove Old Release Drafts | |
env: | |
GITHUB_TOKEN: ${{ secrets.PUSH_GH_TOKEN }} | |
run: | | |
gh api repos/{owner}/{repo}/releases \ | |
--jq '.[] | select(.draft == true) | .id' \ | |
| xargs -I '{}' gh api -X DELETE repos/{owner}/{repo}/releases/{} | |
# Create new release draft - which is not publicly visible and requires manual acceptance | |
- name: Create Release Draft | |
env: | |
GITHUB_TOKEN: ${{ secrets.YUVAL_GH_TOKEN }} | |
run: | | |
gh release create v${{ needs.build.outputs.version }} \ | |
--draft \ | |
--title "v${{ needs.build.outputs.version }}" \ | |
--notes "${{ needs.build.outputs.changelog }}" |