Merge pull request #33 from secure-software-engineering/action-updates

Action Updates

Author: schlichtig

.github/workflows/deploy.yml

@@ -8,24 +8,19 @@ jobs:
     name: PathExpression deployment
     steps:
       - name: Checkout source code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       # Sets up Java version
       - name: Set up Java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: 'adopt'
           java-package: 'jdk'
-          java-version: '11'
+          java-version: '8'
           server-id: 'ossrh' # must match the serverId configured for the nexus-staging-maven-plugin
           server-username: OSSRH_USERNAME # Env var that holds your OSSRH user name
           server-password: OSSRH_PASSWORD # Env var that holds your OSSRH user pw
           gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Substituted with the value stored in the referenced secret
           gpg-passphrase: SIGN_KEY_PASS # Env var that holds the key's passphrase
-      # Sets up Maven version
-      - name: Set up Maven
-        uses: stCarolas/setup-maven@v4.5
-        with:
-          maven-version: 3.6.3
       - name: Build & Deploy PathExpression
         run: mvn -B -U clean deploy -Pdeployment
         env:

.github/workflows/maven.yml

@@ -8,46 +8,12 @@ jobs:
   BuildAndTest:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up JDK 1.8
-      uses: actions/setup-java@v1
+      uses: actions/setup-java@v4
       with:
-        java-version: 1.8
+        distribution: 'adopt'
+        java-package: jdk
+        java-version: '8'
     - name: Build with Maven
       run: mvn -B verify --file pom.xml
-
-  Release:
-    name: Release
-    if: github.ref == 'refs/heads/master'
-    runs-on: ubuntu-latest
-    permissions: 
-      contents: read
-      packages: write 
-    needs: [BuildAndTest]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Set up JDK 1.8
-        uses: actions/setup-java@v1
-        with:
-          java-version: 1.8
-      - name: Release
-        uses: qcastel/github-actions-maven-release@master
-        env:
-          JAVA_HOME: /usr/lib/jvm/java-1.8-openjdk/
-        with:
-          release-branch-name: "master"
-          
-          gpg-enabled: "true"
-          gpg-key-id: ${{ secrets.GPG_KEY_ID }}
-          gpg-key: ${{ secrets.GPG_KEY }}
-          
-          maven-repo-server-id: github
-          maven-repo-server-username: ${{ secrets.CI_USER }}
-          maven-repo-server-password: ${{ secrets.CI_PACKAGES_TOKEN }}
-
-          git-release-bot-name:  ${{ secrets.CI_USER }}
-          git-release-bot-email: "admin@codeshield.de"
-
-          access-token: ${{ secrets.GITHUB_TOKEN }}
-          maven-args: "-DskipTests"

.github/workflows/version.yml

@@ -0,0 +1,102 @@
+name: Version handling
+
+on:
+  pull_request:
+    types:
+      - closed
+    branches:
+      - master
+
+jobs:
+  version-update:
+    # This version does not run on self-opened PRs
+    if: ${{ github.event.pull_request.merged == true && github.event.pull_request.user.login != 'github-actions[bot]' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      # Sets up Java version
+      - name: Set up Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'adopt'
+          java-package: jdk
+          java-version: '8'
+      # Semantic versioning
+      - name: Semantic versioning
+        id: versioning
+        uses: paulhatch/semantic-version@v5.4.0
+        with:
+          tag_prefix: ""
+        # A string which, if present in a git commit, indicates that a change represents a
+        # major (breaking) change, supports regular expressions wrapped with '/'
+          major_pattern: "(MAJOR)"
+        # Same as above except indicating a minor change, supports regular expressions wrapped with '/'
+          minor_pattern: "(MINOR)"
+        # A string to determine the format of the version output
+          version_format: "${major}.${minor}.${patch}"
+      # Check, whether there is an existing branch "version_<version>" or an open PR "version_<version>" -> "master"
+      # and store the results as environment variables
+      - name: Check if branch and PR exist
+        # The second command was copied from https://stackoverflow.com/questions/73812503/github-action-stop-the-action-if-pr-already-exists
+        run: |
+          echo VERSION_BRANCH_EXISTS=$(git ls-remote --heads origin refs/heads/version_${{ steps.versioning.outputs.version }} | wc -l) >> $GITHUB_ENV
+          echo PR_EXISTS=$(gh pr list \
+            --repo "$GITHUB_REPOSITORY" \
+            --json baseRefName,headRefName \
+            --jq '
+              map(select(.baseRefName == "master" and .headRefName == "version_${{ steps.versioning.outputs.version }}"))
+              | length
+            ') >> $GITHUB_ENV
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        # If the branch "version_<version>" does not exist, create the branch and update the version in all files
+      - name: Create branch and update PathExpression version
+        if:  ${{ env.VERSION_BRANCH_EXISTS == '0' }}
+        run: |
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+          git checkout -b version_${{ steps.versioning.outputs.version }}
+          mvn build-helper:parse-version versions:set -DnewVersion=\${{ steps.versioning.outputs.version }} versions:commit
+          git ls-files | grep 'pom.xml$' | xargs git add
+          git commit --allow-empty -am "Update PathExpression version to ${{ steps.versioning.outputs.version }}"
+          git push origin version_${{ steps.versioning.outputs.version }}
+      # If a PR "version_<version>" -> "master" does not exist, create the PR
+      - name: Open pull request for version update
+        if: ${{ env.PR_EXISTS == '0' }}
+        run: |
+          gh pr create -B master -H version_${{ steps.versioning.outputs.version }} -t "Update PathExpression version to ${{ steps.versioning.outputs.version }}" -b "This PR was created by the version-update workflow. Please make sure to delete the branch after merging, otherwise future workflows might fail."
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  version-release:
+    # This job runs only on merged PRs, which were opened by the version-update job
+    if: ${{ github.event.pull_request.merged == true && github.event.pull_request.user.login == 'github-actions[bot]' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      # Semantic versioning
+      - name: Semantic versioning
+        id: versioning
+        uses: paulhatch/semantic-version@v5.4.0
+        with:
+          tag_prefix: ""
+        # A string which, if present in a git commit, indicates that a change represents a
+        # major (breaking) change, supports regular expressions wrapped with '/'
+          major_pattern: "(MAJOR)"
+        # Same as above except indicating a minor change, supports regular expressions wrapped with '/'
+          minor_pattern: "(MINOR)"
+        # A string to determine the format of the version output
+          version_format: "${major}.${minor}.${patch}"
+      # Create a tag with the newest version to prepare a release
+      - name: Create tag for new version
+        run: |
+          git config --global user.email "${{ github.actor }}@users.noreply.github.com"
+          git config --global user.name "${{ github.actor }}"
+          git tag -a ${{ steps.versioning.outputs.version }} -m "PathExpression version ${{ steps.versioning.outputs.version }}"
+          git push origin ${{ steps.versioning.outputs.version }}

.gitignore

@@ -101,6 +101,8 @@ local.properties
 .settings/
 .loadpath
 .recommenders
+.project
+.classpath
 
 # External tool builders
 .externalToolBuilders/