diff --git a/.github/workflows/delete-dev-releases.yml b/.github/workflows/delete-dev-releases.yml
index d64be7a..057b008 100644
--- a/.github/workflows/delete-dev-releases.yml
+++ b/.github/workflows/delete-dev-releases.yml
@@ -25,10 +25,25 @@ jobs:
- name: Delete releases and tags
continue-on-error: true
- uses: dev-drprasad/delete-older-releases@653dc03d96473ac9e585c68c8bf5aaccb0dadb61 # 0.2.1
env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- keep_latest: 0
- delete_tag_pattern: "-${{inputs.tag}}"
- delete_tags: true
\ No newline at end of file
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GH_REPO: ${{ github.repository }}
+ TAG: ${{ inputs.tag }}
+ run: |
+ set -euo pipefail
+
+ # Find every release whose tag name contains "-"
+ tags=$(gh release list --limit 1000 --json tagName \
+ --jq ".[] | select(.tagName | contains(\"-${TAG}\")) | .tagName")
+
+ if [ -z "$tags" ]; then
+ echo "No releases matching pattern '-${TAG}' found."
+ exit 0
+ fi
+
+ while IFS= read -r tag; do
+ [ -z "$tag" ] && continue
+ echo "Deleting release and tag: $tag"
+ # --cleanup-tag also deletes the underlying git tag
+ gh release delete "$tag" --yes --cleanup-tag
+ done <<< "$tags"
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3056146..5f0a0a2 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -30,6 +30,11 @@ on:
required: true
type: string
+permissions:
+ id-token: write
+ contents: write
+ packages: write
+
jobs:
deleteDevReleases:
uses: Checkmarx/ast-eclipse-plugin/.github/workflows/delete-dev-releases.yml@main
@@ -38,15 +43,18 @@ jobs:
secrets: inherit
if: inputs.rbranch
release:
+ permissions:
+ id-token: write
+ contents: write
runs-on: cx-public-ubuntu-x64
outputs:
TAG_NAME: ${{ steps.generate_tag_name.outputs.TAG_NAME }}
CLI_VERSION: ${{ steps.set_outputs.outputs.CLI_VERSION }}
steps:
- name: Checkout
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+ uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
- token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+ token: ${{ secrets.GITHUB_TOKEN }}
lfs: true
- name: Checkout LFS objects
@@ -75,18 +83,23 @@ jobs:
echo "TAG_NAME=$GH_RELEASE_TAG_NAME" >> $GITHUB_OUTPUT
- name: Set up JDK 17
- uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0
+ uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0
with:
distribution: temurin
java-version: 17
- name: Cache local Maven repository
- uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3.5.0
+ uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3.5.0
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
+
+ - name: Configure echo mirror for dependency resolution
+ run: |
+ sed -i 's||echocentralhttps://maven.echohq.com|' ~/.m2/settings.xml
+
- name: Update the POM version.
run: mvn -B org.eclipse.tycho:tycho-versions-plugin:set-version -DnewVersion='${{ inputs.tag }}' --file pom.xml
@@ -106,115 +119,115 @@ jobs:
echo "::set-output name=CLI_VERSION::${{ env.CLI_VERSION }}"
- name: Release
- uses: step-security/action-gh-release@277bfa82abcfdb73e5bbb19e213fd76532ee2be5 # v3.0.0
+ uses: step-security/action-gh-release@277bfa82abcfdb73e5bbb19e213fd76532ee2be5 # v3.0.0
with:
tag_name: ${{ env.GH_RELEASE_TAG_NAME }}
generate_release_notes: true
files: ./com.checkmarx.eclipse.site/target/com.checkmarx.eclipse.site-*.zip
prerelease: ${{ inputs.rbranch != '' && inputs.rbranch != null }}
- - name: Git configuration
- run: |
- git config --global safe.directory "/tmp/**/*/"
- git config --global http.postBuffer 2097152000
- git config --global https.postBuffer 2097152000
-
- - name: Ensure Git LFS is enabled
- run: |
- git lfs install
- git lfs track "plugins/*.jar" # Ensure large JARs are tracked
- git add .gitattributes
- git commit -m "Ensure LFS tracking for large JAR files" || echo "No changes to commit"
-
- - name: Clone target repository and push changes via PR
- env:
- GH_TOKEN: ${{ secrets.ECLIPSE_SITE_TOKEN }}
- run: |
- # Clone the repository
- git clone https://x-access-token:${{ secrets.ECLIPSE_SITE_TOKEN }}@github.com/CheckmarxDev/ast-eclipse-plugin-update-site.git update-site
- cd update-site
-
- # Ensure Git LFS is installed
- git lfs install
-
- # Configure Git user to prevent commit errors
- git config --global user.email "cylon-bot@checkmarx.com"
- git config --global user.name "cylon-bot"
-
- # Fetch all branches
- git fetch --all
-
- # Ensure the branch exists and check it out
- if git show-ref --verify --quiet refs/remotes/origin/${{ env.GH_BRANCH_NAME }}; then
- echo "Branch ${{ env.GH_BRANCH_NAME }} exists remotely."
- git checkout -B ${{ env.GH_BRANCH_NAME }} origin/${{ env.GH_BRANCH_NAME }}
- else
- echo "Branch ${{ env.GH_BRANCH_NAME }} does not exist remotely."
- exit 1
- fi
-
- # Create a feature branch
- FEATURE_BRANCH="update-site/${{ env.GH_RELEASE_TAG_NAME }}"
- git checkout -b "$FEATURE_BRANCH"
-
- echo "===== Files BEFORE COPY ====="
- ls -lh ../com.checkmarx.eclipse.site/target/repository/
-
- # Copy new files without deleting .git directory
- rsync -av --delete --exclude='.git' ../com.checkmarx.eclipse.site/target/repository/ ./
-
- # Debugging: List files in repository after copying
- echo "===== Files AFTER COPY ====="
- ls -lh .
-
- # Dynamically track all .jar files in the plugins/ and features/ directories
- find plugins -name "*.jar" -exec git lfs track {} +
- find features -name "*.jar" -exec git lfs track {} +
-
- # Ensure .gitattributes is added
- git add .gitattributes
- git add .
-
- # Debugging: Show LFS-tracked files
- echo "===== Git LFS-tracked files ====="
- git lfs ls-files
-
- git commit -m "Update Eclipse update site for ${{ env.GH_RELEASE_TAG_NAME }} (${{ inputs.jira_ticket }})" || echo "No changes to commit"
-
- # Ensure the correct remote URL
- git remote set-url origin https://x-access-token:${{ secrets.ECLIPSE_SITE_TOKEN }}@github.com/CheckmarxDev/ast-eclipse-plugin-update-site.git
-
- # Push the feature branch
- git push origin "$FEATURE_BRANCH"
-
- # Create PR with Jira ID at the end of the title
- gh pr create \
- --repo CheckmarxDev/ast-eclipse-plugin-update-site \
- --base "${{ env.GH_BRANCH_NAME }}" \
- --head "$FEATURE_BRANCH" \
- --title "Update Eclipse update site for ${{ env.GH_RELEASE_TAG_NAME }} (${{ inputs.jira_ticket }})" \
- --body "Automated update of Eclipse update site for release ${{ env.GH_RELEASE_TAG_NAME }}."
-
- # Squash and merge the PR, then delete the branch
- gh pr merge \
- --repo CheckmarxDev/ast-eclipse-plugin-update-site \
- --squash \
- --auto \
- --delete-branch
+ # - name: Git configuration
+ # run: |
+ # git config --global safe.directory "/tmp/**/*/"
+ # git config --global http.postBuffer 2097152000
+ # git config --global https.postBuffer 2097152000
+
+ # - name: Ensure Git LFS is enabled
+ # run: |
+ # git lfs install
+ # git lfs track "plugins/*.jar" # Ensure large JARs are tracked
+ # git add .gitattributes
+ # git commit -m "Ensure LFS tracking for large JAR files" || echo "No changes to commit"
+
+ # - name: Clone target repository and push changes via PR
+ # env:
+ # GH_TOKEN: ${{ secrets.ECLIPSE_SITE_TOKEN }}
+ # run: |
+ # # Clone the repository
+ # git clone https://x-access-token:${{ secrets.ECLIPSE_SITE_TOKEN }}@github.com/Checkmarx/ast-eclipse-plugin-update-site.git update-site
+ # cd update-site
+
+ # # Ensure Git LFS is installed
+ # git lfs install
+
+ # # # Configure Git user to prevent commit errors
+ # # git config --global user.email ""
+ # # git config --global user.name ""
+
+ # # Fetch all branches
+ # git fetch --all
+
+ # # Ensure the branch exists and check it out
+ # if git show-ref --verify --quiet refs/remotes/origin/${{ env.GH_BRANCH_NAME }}; then
+ # echo "Branch ${{ env.GH_BRANCH_NAME }} exists remotely."
+ # git checkout -B ${{ env.GH_BRANCH_NAME }} origin/${{ env.GH_BRANCH_NAME }}
+ # else
+ # echo "Branch ${{ env.GH_BRANCH_NAME }} does not exist remotely."
+ # exit 1
+ # fi
+
+ # # Create a feature branch
+ # FEATURE_BRANCH="update-site/${{ env.GH_RELEASE_TAG_NAME }}"
+ # git checkout -b "$FEATURE_BRANCH"
+
+ # echo "===== Files BEFORE COPY ====="
+ # ls -lh ../com.checkmarx.eclipse.site/target/repository/
+
+ # # Copy new files without deleting .git directory
+ # rsync -av --delete --exclude='.git' ../com.checkmarx.eclipse.site/target/repository/ ./
+
+ # # Debugging: List files in repository after copying
+ # echo "===== Files AFTER COPY ====="
+ # ls -lh .
+
+ # # Dynamically track all .jar files in the plugins/ and features/ directories
+ # find plugins -name "*.jar" -exec git lfs track {} +
+ # find features -name "*.jar" -exec git lfs track {} +
+
+ # # Ensure .gitattributes is added
+ # git add .gitattributes
+ # git add .
+
+ # # Debugging: Show LFS-tracked files
+ # echo "===== Git LFS-tracked files ====="
+ # git lfs ls-files
+
+ # git commit -m "Update Eclipse update site for ${{ env.GH_RELEASE_TAG_NAME }} (${{ inputs.jira_ticket }})" || echo "No changes to commit"
+
+ # # Ensure the correct remote URL
+ # git remote set-url origin https://x-access-token:${{ secrets.ECLIPSE_SITE_TOKEN }}@github.com/CheckmarxDev/ast-eclipse-plugin-update-site.git
+
+ # # Push the feature branch
+ # git push origin "$FEATURE_BRANCH"
+
+ # # Create PR with Jira ID at the end of the title
+ # gh pr create \
+ # --repo CheckmarxDev/ast-eclipse-plugin-update-site \
+ # --base "${{ env.GH_BRANCH_NAME }}" \
+ # --head "$FEATURE_BRANCH" \
+ # --title "Update Eclipse update site for ${{ env.GH_RELEASE_TAG_NAME }} (${{ inputs.jira_ticket }})" \
+ # --body "Automated update of Eclipse update site for release ${{ env.GH_RELEASE_TAG_NAME }}."
+
+ # # Squash and merge the PR, then delete the branch
+ # gh pr merge \
+ # --repo CheckmarxDev/ast-eclipse-plugin-update-site \
+ # --squash \
+ # --auto \
+ # --delete-branch
- notify:
- if: ${{ inputs.rbranch == '' || inputs.rbranch == null }}
- needs: release
- uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main
- with:
- product_name: Eclipse
- release_version: ${{ needs.release.outputs.TAG_NAME }}
- cli_release_version: ${{ needs.release.outputs.CLI_VERSION }}
- release_author: "Phoenix Team"
- release_url: https://github.com/Checkmarx/ast-eclipse-plugin/releases/tag/${{ needs.release.outputs.TAG_NAME }}
- jira_product_name: ECLIPSE
- secrets: inherit
+ # notify:
+ # if: ${{ inputs.rbranch == '' || inputs.rbranch == null }}
+ # needs: release
+ # uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main
+ # with:
+ # product_name: Eclipse
+ # release_version: ${{ needs.release.outputs.TAG_NAME }}
+ # cli_release_version: ${{ needs.release.outputs.CLI_VERSION }}
+ # release_author: "Phoenix Team"
+ # release_url: https://github.com/Checkmarx/ast-eclipse-plugin/releases/tag/${{ needs.release.outputs.TAG_NAME }}
+ # jira_product_name: ECLIPSE
+ # secrets: inherit