forked from INRIA/spoon
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'INRIA:master' into master
- Loading branch information
Showing
112 changed files
with
5,649 additions
and
476 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| # file such that Spoon is considered as sponsorable by Github | ||
|
|
||
| # https://opencollective.com/spoon-java | ||
| open_collective: spoon-java |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,130 @@ | ||
| name: Release | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| version: | ||
| description: 'Next release version' | ||
| required: true | ||
| default: 'patch' | ||
| type: choice | ||
| options: | ||
| - major | ||
| - minor | ||
| - patch | ||
|
|
||
| jobs: | ||
|
|
||
| build: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| # Setups the environment | ||
| - name: Checkout | ||
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 | ||
| with: | ||
| fetch-depth: 0 | ||
| token: ${{ secrets.JRELEASER_GITHUB_TOKEN }} | ||
| - name: Set git user | ||
| run: | | ||
| git config --global user.name "GitHub Actions Bot" | ||
| git config --global user.email "<>" | ||
| - name: Set up JDK 11 | ||
| uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3 | ||
| with: | ||
| java-version: '11' | ||
| distribution: 'temurin' | ||
| cache: maven | ||
|
|
||
| - name: install go | ||
| uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4 | ||
| - name: install semversion | ||
| run: go install github.com/ffurrer2/semver/cmd/semver@latest | ||
| # Get current version from pom and remove snapshot if present. | ||
| - name: Get current version from pom and remove snapshot if present. | ||
| run: echo "CURRENT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout | sed 's/-SNAPSHOT//')" >> $GITHUB_ENV | ||
| - name: Get version with snapshot | ||
| run: echo "CURRENT_VERSION_WITH_SNAPSHOT=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV | ||
| # Calculate release version: | ||
| # - if `version` is patch, we just increment drop the `-SNAPSHOT` suffix | ||
| # (e.g. 10.0.1-SNAPSHOT -> 10.0.1) | ||
| # - if `version` is minor or major, we increment the minor or major version and | ||
| # set the patch version to `0` (e.g. 10.0.1-SNAPSHOT -> 11.0.0 or 10.1.0) | ||
| # | ||
| # As we are using a snapshot version, the first call to `semver next` slices | ||
| # off only the `-SNAPSHOT` suffix. We therefore run `semver next` on the | ||
| # version *without* the `-SNAPSHOT` prefix for major and minor bumps. | ||
| # | ||
| # After release, we run `semver next` once again and append the `-SNAPSHOT` | ||
| # suffix. This results in our patch version from above becoming | ||
| # `10.0.2-SNAPSHOT`. The major/minor just get the patch set to `1` and | ||
| # `-SNAPSHOT` appended. | ||
| - name: Set next version for patch | ||
| if: ${{ github.event.inputs.version == 'patch' }} | ||
| run: echo "NEXT_VERSION=$(semver next ${{ github.event.inputs.version }} $CURRENT_VERSION_WITH_SNAPSHOT)" >> $GITHUB_ENV | ||
| - name: Set next version for major/minor | ||
| if: ${{ github.event.inputs.version == 'major' || github.event.inputs.version == 'minor' }} | ||
| run: echo "NEXT_VERSION=$(semver next ${{ github.event.inputs.version }} $CURRENT_VERSION)" >> $GITHUB_ENV | ||
| - name: set branchname to next version | ||
| run: echo "BRANCH_NAME=release/$NEXT_VERSION" >> $GITHUB_ENV | ||
| - name: Set release version | ||
| run: | | ||
| mvn -f spoon-pom --no-transfer-progress --batch-mode versions:set -DnewVersion=$NEXT_VERSION -DprocessAllModules | ||
| mvn --no-transfer-progress --batch-mode versions:set -DnewVersion=$NEXT_VERSION -DprocessAllModules | ||
| mvn -f spoon-javadoc --no-transfer-progress --batch-mode versions:set -DnewVersion=$NEXT_VERSION -DprocessAllModules | ||
| - name: Commit & Push changes | ||
| run: | | ||
| git checkout -b ${{env.BRANCH_NAME}} | ||
| git commit -am "release: Releasing version ${{ env.NEXT_VERSION }}" | ||
| git push --set-upstream origin ${{ env.BRANCH_NAME }} | ||
| # Now we can run the release | ||
| - name: Stage release | ||
| run: mvn -f spoon-pom --no-transfer-progress --batch-mode -Pjreleaser clean deploy -DaltDeploymentRepository=local::default::file:./target/staging-deploy | ||
| - name: Print next version | ||
| run: mvn help:evaluate -Dexpression=project.version -q -DforceStdout | sed 's/-SNAPSHOT//' | ||
| - name: Run JReleaser | ||
| uses: jreleaser/release-action@0b198089c53ad2aef0d2bff6b5e6061ead2bbb90 # v2 | ||
| with: | ||
| setup-java: false | ||
| version: 1.4.0 | ||
| arguments: full-release | ||
| env: | ||
| JRELEASER_PROJECT_VERSION: ${{ env.NEXT_VERSION }} | ||
| JRELEASER_GITHUB_TOKEN: ${{ secrets.JRELEASER_GITHUB_TOKEN }} | ||
| JRELEASER_GPG_PASSPHRASE: ${{ secrets.JRELEASER_GPG_PASSPHRASE }} | ||
| JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.JRELEASER_GPG_PUBLIC_KEY }} | ||
| JRELEASER_GPG_SECRET_KEY: ${{ secrets.JRELEASER_GPG_SECRET_KEY }} | ||
| JRELEASER_NEXUS2_MAVEN_CENTRAL_USERNAME: ${{ secrets.JRELEASER_NEXUS2_MAVEN_CENTRAL_USERNAME }} | ||
| JRELEASER_NEXUS2_MAVEN_CENTRAL_PASSWORD: ${{ secrets.JRELEASER_NEXUS2_MAVEN_CENTRAL_PASSWORD }} | ||
| # Time to set the next version: The next version of any Release is a snapshot version of the next patch version | ||
| - name : Set next version (patch of release version) with -SNAPSHOT suffix | ||
| run: | | ||
| echo "NEXT_RELEASE_VERSION=$(semver next patch $NEXT_VERSION)-SNAPSHOT" >> $GITHUB_ENV | ||
| echo "NEXT_RELEASE_VERSION_WITHOUT_SNAPSHOT=$(semver next patch $NEXT_VERSION)" >> $GITHUB_ENV | ||
| - name: Set release version | ||
| run: | | ||
| mvn -f spoon-pom --no-transfer-progress --batch-mode versions:set -DnewVersion=$NEXT_RELEASE_VERSION -DprocessAllModules | ||
| mvn --no-transfer-progress --batch-mode versions:set -DnewVersion=$NEXT_RELEASE_VERSION -DprocessAllModules | ||
| mvn -f spoon-javadoc --no-transfer-progress --batch-mode versions:set -DnewVersion=$NEXT_RELEASE_VERSION -DprocessAllModules | ||
| # Commit and push changes | ||
| - name: Commit & Push changes | ||
| run: | | ||
| git commit -am "release: Setting SNAPSHOT version $NEXT_RELEASE_VERSION" | ||
| git push --set-upstream origin ${{ env.BRANCH_NAME }} | ||
| - name: Merge Fast Forward | ||
| run: | | ||
| git checkout master | ||
| git merge --ff-only ${{ env.BRANCH_NAME }} | ||
| git push origin master | ||
| # Log failure: | ||
| - name: JReleaser release output | ||
| if: always() | ||
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3 | ||
| with: | ||
| name: jreleaser-release | ||
| path: | | ||
| out/jreleaser/trace.log | ||
| out/jreleaser/output.properties |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| # This workflow uses actions that are not certified by GitHub. They are provided | ||
| # by a third-party and are governed by separate terms of service, privacy | ||
| # policy, and support documentation. | ||
|
|
||
| name: Scorecard supply-chain security | ||
| on: | ||
| # For Branch-Protection check. Only the default branch is supported. See | ||
| # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection | ||
| branch_protection_rule: | ||
| # To guarantee Maintained check is occasionally updated. See | ||
| # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained | ||
| schedule: | ||
| - cron: '20 7 * * 2' | ||
| push: | ||
| branches: ["master"] | ||
|
|
||
| # Declare default permissions as read only. | ||
| permissions: read-all | ||
|
|
||
| jobs: | ||
| analysis: | ||
| name: Scorecard analysis | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| # Needed to upload the results to code-scanning dashboard. | ||
| security-events: write | ||
| # Needed to publish results and get a badge (see publish_results below). | ||
| id-token: write | ||
| contents: read | ||
| actions: read | ||
|
|
||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - name: "Checkout code" | ||
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
| with: | ||
| persist-credentials: false | ||
|
|
||
| - name: "Run analysis" | ||
| uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 | ||
| with: | ||
| results_file: results.sarif | ||
| results_format: sarif | ||
| # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: | ||
| # - you want to enable the Branch-Protection check on a *public* repository, or | ||
| # - you are installing Scorecards on a *private* repository | ||
| # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. | ||
| # repo_token: ${{ secrets.SCORECARD_TOKEN }} | ||
|
|
||
| # Public repositories: | ||
| # - Publish results to OpenSSF REST API for easy access by consumers | ||
| # - Allows the repository to include the Scorecard badge. | ||
| # - See https://github.com/ossf/scorecard-action#publishing-results. | ||
| # For private repositories: | ||
| # - `publish_results` will always be set to `false`, regardless | ||
| # of the value entered here. | ||
| publish_results: true | ||
|
|
||
| # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF | ||
| # format to the repository Actions tab. | ||
| - name: "Upload artifact" | ||
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | ||
| with: | ||
| name: SARIF file | ||
| path: results.sarif | ||
| retention-days: 5 | ||
|
|
||
| # Upload the results to GitHub's code scanning dashboard. | ||
| - name: "Upload to code-scanning" | ||
| uses: github/codeql-action/upload-sarif@46ed16ded91731b2df79a2893d3aea8e9f03b5c4 # v2.20.3 | ||
| with: | ||
| sarif_file: results.sarif |
Oops, something went wrong.