core/.github/workflows/release.yml at develop · maximbaele/core · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
name: Release
on:
  pull_request:
    branches:
      - main
    types:
      - closed
jobs:
  release:
    outputs:
      BRANCH_NAME: ${{ steps.releaseInfo.outputs.BRANCH_NAME }}
      RELEASE_VERSION: ${{ steps.releaseInfo.outputs.RELEASE_VERSION }}
    name: Publish new release
    runs-on: ubuntu-latest
    if: github.event.pull_request.merged == true     # only merged pull requests must trigger this job
    steps:
      - name: Extract version from branch name (for release branches)
        if: startsWith(github.event.pull_request.head.ref, 'release/')
        env:
          BRANCH_NAME: "${{ github.event.pull_request.head.ref }}"
        run: |
          VERSION="${BRANCH_NAME#release/}"
          echo "RELEASE_VERSION=$VERSION" >> "$GITHUB_ENV"
      - name: Extract version from branch name (for hotfix branches)
        if: startsWith(github.event.pull_request.head.ref, 'hotfix/')
        env:
          BRANCH_NAME: "${{ github.event.pull_request.head.ref }}"
        run: |
          VERSION="${BRANCH_NAME#hotfix/}"
          echo "RELEASE_VERSION=$VERSION" >> "$GITHUB_ENV"
      - uses: actions/checkout@v3
      - run: tar -cvzf samm.tar.gz images model texts
      - name: Generate Excel spreadsheet from the model
        uses: owaspsamm/toolbox-spreadsheet@main
        with:
          version: ${{ env.RELEASE_VERSION }}
      - name: Build Changelog
        id: github_release
        uses: mikepenz/release-changelog-builder-action@v3
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - uses: ncipollo/release-action@v1
        with:
          commit: main
          artifacts: samm.tar.gz, SAMM_spreadsheet.xlsx
          tag: ${{ env.RELEASE_VERSION }}
          token: ${{ secrets.GITHUB_TOKEN }}
          body: ${{steps.github_release.outputs.changelog}}
      - name: Merge main into develop branch
        uses: thomaseizinger/create-pull-request@1.0.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          head: main
          base: develop
          title: Merge main into develop branch
          body: |
            This PR merges the main branch back into develop.
            This happens to ensure that the updates that happened on the release branch, i.e. CHANGELOG and manifest updates are also present on the develop branch.
      - name: Passing release information for next job
        id: releaseInfo
        env:
          BRANCH_NAME: "${{ github.event.pull_request.head.ref }}"
        run: |
            echo "BRANCH_NAME=$BRANCH_NAME" >> "$GITHUB_OUTPUT"
            echo "RELEASE_VERSION=$RELEASE_VERSION" >> "$GITHUB_OUTPUT"
  generate-markdown-build-website:
    needs: release
    uses: owaspsamm/core/.github/workflows/yaml-process.yml@7cdf8a9a0cc583bfe597a11ff5b2de44960a4575
    secrets: inherit
    with:
      release: ${{ needs.release.outputs.BRANCH_NAME }}
      release_name: ${{ needs.release.outputs.RELEASE_VERSION }}