Skip to content
Release

version set to 12.81.0 for release #633

Sign in to view logs

version set to 12.81.0 for release

version set to 12.81.0 for release #633

Workflow file for this run

.github/workflows/release.yml at 68e06ac
name: Release
on:
workflow_dispatch:
inputs:
releaseVersion:
description: Release Version
required: true
default: 12.0.0
snapshotVersion:
description: Snapshot Version
required: true
default: 13.0.0-SNAPSHOT
code-scans:
description: Perform SAST and DAST code scans
type: boolean
default: true
upload-scanned-sarif-report:
description: Upload SAST and DAST code scans to Github Security
type: boolean
default: true
run-name: 'version set to ${{ github.event.inputs.releaseVersion }} for release'
permissions:
contents: write
id-token: write
jobs:
release-docker-images:
runs-on: ${{ matrix.runner }}
strategy:
matrix:
include:
- runner: ubuntu-latest
platform: amd64
- runner: ubuntu-24.04-arm
platform: arm64
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 0
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-maven-
- name: Set up JDK Corretto 21
uses: actions/setup-java@v4
with:
distribution: 'corretto'
java-version: '21'
- name: Install NodeJS
uses: actions/setup-node@v4
with:
node-version: 22.x
registry-url: 'https://registry.npmjs.org'
- name: Install TypeScript and esbuild
run: npm install -g typescript esbuild
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: "Maven: Set Release Version"
run: mvn versions:set -DnewVersion=${{ github.event.inputs.releaseVersion }}
- name: Build Dirigible
run: mvn clean install -P quick-build
- name: Log in to Registry
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push by digest
id: build
uses: docker/build-push-action@v6
with:
context: build/application
platforms: ${{ matrix.platform }}
tags: dirigiblelabs/dirigible
outputs: type=image,push-by-digest=true,name-canonical=true,push=true
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ matrix.platform }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
release-docker-manifest:
needs: release-docker-images
runs-on: ubuntu-latest
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Registry
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
docker buildx imagetools create -t dirigiblelabs/dirigible:${{ github.event.inputs.releaseVersion }} \
$(printf 'dirigiblelabs/dirigible@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect dirigiblelabs/dirigible:${{ github.event.inputs.releaseVersion }}
release-artifacts:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 0
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-maven-
- name: Set up JDK Corretto 21
uses: actions/setup-java@v4
with:
distribution: 'corretto'
java-version: '21'
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
gpg-passphrase: GPG_PASSPHRASE
architecture: x64
- name: Install NodeJS
uses: actions/setup-node@v4
with:
node-version: 22.x
registry-url: 'https://registry.npmjs.org'
# Ensure npm 11.5.1 or later is installed
- name: Update npm
run: npm install -g npm@latest
- name: Install TypeScript and esbuild
run: npm install -g typescript esbuild
- name: "Configure Git"
run: |
git fetch
git checkout ${{ github.event.inputs.branch }}
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: "Maven: Set Release Version"
run: mvn versions:set -DnewVersion=${{ github.event.inputs.releaseVersion }}
- name: Build Dirigible
run: mvn clean install -Dmaven.javadoc.skip=false
- name: Publish packages to Maven Central
run: |
mvn javadoc:jar
mvn deploy -P release -DskipTests -Dmaven.test.skip=true
env:
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASS_PHRASE }}
- name: "Git: Commit Release Version"
run: |
git add '**pom.xml'
git commit -m "version set to ${{ github.event.inputs.releaseVersion }} for release"
- name: "Maven: Set Snapshot Version"
run: mvn versions:set -DnewVersion=${{ github.event.inputs.snapshotVersion }}
- name: "Git: Commit Snapshot Version"
run: |
git add '**pom.xml'
git commit -m "version set to ${{ github.event.inputs.snapshotVersion }} for development"
#---------------Publish to Maven Central-----------------#
#--------------- Publish dirigible jar to NPM -----------------#
- name: (@dirigiblelabs/dirigible) Set the new package version
working-directory: ./npm/dirigible
run: npm version "${{ github.event.inputs.releaseVersion }}" --no-git-tag-version
- name: (@dirigiblelabs/dirigible) Publish the package to npm
working-directory: ./npm/dirigible
run: npm publish --access public
#--------------- Publish dirigible jar to NPM -----------------#
#--------------- Publish dirigible-cli to NPM -----------------#
- name: (@dirigiblelabs/dirigible-cli) Copy cli jar to the npm project
working-directory: ./
run: |
mkdir -p ./npm/dirigible-cli/bin
cp ./cli/target/dirigible-cli-${{ github.event.inputs.releaseVersion }}-executable.jar ./npm/dirigible-cli/bin/dirigible-cli.jar
- name: (@dirigiblelabs/dirigible-cli) Set the new package version
working-directory: ./npm/dirigible-cli
run: npm version "${{ github.event.inputs.releaseVersion }}" --no-git-tag-version
- name: (@dirigiblelabs/dirigible-cli) Set the new dependency version
working-directory: ./npm/dirigible-cli
run: npm pkg set dependencies.@dirigiblelabs/dirigible=${{ github.event.inputs.releaseVersion }}
- name: (@dirigiblelabs/dirigible-cli) Publish the package to npm
working-directory: ./npm/dirigible-cli
run: npm publish --access public
#--------------- Publish dirigible-cli to NPM -----------------#
#--------------- Publish aerokit/sdk to NPM -----------------#
- name: (@aerokit/sdk) Set the new package version
working-directory: ./components/api/api-modules-javascript/src/main/resources/META-INF/dirigible/modules
run: npm version "${{ github.event.inputs.releaseVersion }}" --no-git-tag-version
- name: (@aerokit/sdk) Publish the package to npm
working-directory: ./components/api/api-modules-javascript/src/main/resources/META-INF/dirigible/modules
run: npm publish --access public
#--------------- Publish aerokit/sdk to NPM -----------------#
- name: "Git: Push Changes"
run: |
git checkout -B ${{ github.event.inputs.releaseVersion }}
git push --set-upstream origin ${{ github.event.inputs.releaseVersion }}
git checkout -B master
git push --set-upstream origin master
- name: Package fat JAR
run: |
zip --junk-paths application-all build/application/target/dirigible-application-${{ github.event.inputs.releaseVersion }}-executable.jar
- name: Upload fat JAR as artifact
uses: actions/upload-artifact@v4
with:
name: application-all
path: application-all.zip
sast-docker-scout-scan:
if: ${{ inputs.code-scans }}
runs-on: ubuntu-latest
needs: release-docker-manifest
permissions:
security-events: write # Required to upload SARIF to GitHub Security tab
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in Docker Hub # required dockerhub login for docker/scout-action
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Docker Scout Quickview and CVEs
uses: docker/scout-action@v1
with:
registry-user: ${{ secrets.DOCKER_USER }}
registry-password: ${{ secrets.DOCKER_PASSWORD }}
command: quickview,cves
image: dirigiblelabs/dirigible:${{ github.event.inputs.releaseVersion }}
sarif-file: sast_docker_scout_sarif.json
summary: true
only-fixed: false
- name: Upload Docker Scout SARIF file as artifact
uses: actions/upload-artifact@v4
with:
name: sast_docker_scout_sarif.json
path: sast_docker_scout_sarif.json
- name: Upload Docker Scout SARIF Report to GitHub Security tab
if: ${{ inputs.upload-scanned-sarif-report }}
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: sast_docker_scout_sarif.json
sast-codeql-scan:
if: ${{ inputs.code-scans }}
name: Analyze (${{ matrix.language }})
runs-on: ubuntu-latest
needs: release-docker-manifest
permissions:
security-events: write # Required to upload SARIF to GitHub Security tab
strategy:
fail-fast: false
matrix:
include:
- language: java-kotlin
build-mode: manual
- language: javascript-typescript
build-mode: none
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up JDK Corretto 21
uses: actions/setup-java@v4
with:
distribution: 'corretto'
java-version: '21'
architecture: x64
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: 22.x
- name: Install TypeScript and esbuild
run: npm install -g typescript esbuild
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
config: |
name: "Comprehensive Multi-language CodeQL Config"
query-filters:
- exclude:
id: java/path-injection
queries:
- uses: security-and-quality
- name: Build Java/Kotlin project
if: matrix.language == 'java-kotlin'
run: mvn clean install -P quick-build
- name: Perform CodeQL Analysis for language ${{ matrix.language }}
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{ matrix.language }}"
output: "sast_codeql_report_${{ matrix.language }}"
upload: always
- name: Upload CodeQL Analysis SARIF file as artifact
uses: actions/upload-artifact@v4
with:
name: sast_codeql_sarif_${{ matrix.language }}
path: sast_codeql_report_${{ matrix.language }}
dast-scan:
if: ${{ inputs.code-scans }}
name: Perform DAST testing using ZAP
needs: release-docker-manifest
runs-on: ubuntu-latest
services:
app:
image: dirigiblelabs/dirigible:${{ github.event.inputs.releaseVersion }}
ports:
- 8080:8080
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Wait for app to start
run: |
URL='http://localhost:8080/actuator/health/readiness'
for i in {1..30}; do
echo "Checking readiness at $URL... attempt $i"
if curl -f $URL; then
echo '----------------------'
echo "Application is ready."
break
fi
sleep 5
done
- name: Run OWASP ZAP Full Scan
uses: zaproxy/action-full-scan@v0.12.0
with:
target: 'http://localhost:8080'
cmd_options: '-T 10' # https://www.zaproxy.org/docs/docker/full-scan/
artifact_name: dast_zap_report # all results will be uploaded with an artifact with this name
allow_issue_writing: false # create an issue with the results
issue_title: '[DAST] ZAP Full Scan Report'
wait-for-scans:
if: always() # Runs even if previous jobs were skipped or failed
needs:
- sast-codeql-scan
- sast-docker-scout-scan
- dast-scan
runs-on: ubuntu-latest
steps:
- run: echo "Proceeding to next job"
generate-git-security-report:
if: ${{ inputs.code-scans }}
needs:
- wait-for-scans
runs-on: ubuntu-latest
permissions:
security-events: read
steps:
- name: Create dummy reports folder
run: mkdir reports
- name: Generate GitHub Security Report
uses: rsdmike/github-security-report-action@v3.0.4
with:
template: summary
token: ${{ secrets.GITHUB_TOKEN }}
sarifReportDir: "reports"
outputDir: "security-report"
- name: Upload Generated GitHub Security Report as Artifact
uses: actions/upload-artifact@v4
with:
name: security_report
path: security-report
github-release:
if: ${{ always() && !failure() && !cancelled() }} # run only if all prior jobs succeeded or were skipped, but not if one failed
runs-on: ubuntu-latest
needs: [release-artifacts, generate-git-security-report]
permissions:
packages: write
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Create uploaded-artifacts folder
run: |
mkdir -p uploaded-artifacts/application-all
mkdir -p uploaded-artifacts/dast_zap_report
mkdir -p uploaded-artifacts/sast_codeql_sarif_java-kotlin
mkdir -p uploaded-artifacts/sast_codeql_sarif_javascript-typescript
mkdir -p uploaded-artifacts/sast_docker_scout_sarif.json
mkdir -p uploaded-artifacts/security_report
- name: Download Uploaded Artifacts (application-all)
uses: actions/download-artifact@v5
with:
path: uploaded-artifacts/application-all
pattern: application-all
- name: Download Uploaded Artifacts (dast_zap_report)
uses: actions/download-artifact@v5
with:
path: uploaded-artifacts/dast_zap_report
pattern: dast_zap_report
- name: Download Uploaded Artifacts (sast_codeql_sarif_java-kotlin)
uses: actions/download-artifact@v5
with:
path: uploaded-artifacts/sast_codeql_sarif_java-kotlin
pattern: sast_codeql_sarif_java-kotlin
- name: Download Uploaded Artifacts (sast_codeql_sarif_javascript-typescript)
uses: actions/download-artifact@v5
with:
path: uploaded-artifacts/sast_codeql_sarif_javascript-typescript
pattern: sast_codeql_sarif_javascript-typescript
- name: Download Uploaded Artifacts (sast_docker_scout_sarif.json)
uses: actions/download-artifact@v5
with:
path: uploaded-artifacts/sast_docker_scout_sarif.json
pattern: sast_docker_scout_sarif.json
- name: Download Uploaded Artifacts (security_report)
uses: actions/download-artifact@v5
with:
path: uploaded-artifacts/security_report
pattern: security_report
- name: Display Downloaded Artifacts
run: ls -R uploaded-artifacts
- name: Create release files
run: mkdir release_files
- name: Copy report files due to naming collisions
if: ${{ inputs.code-scans }}
run: |
cp uploaded-artifacts/security_report/summary.pdf release_files/security-report.pdf
cp uploaded-artifacts/sast_codeql_sarif_java-kotlin/java.sarif release_files/sast_codeql_sarif_java-kotlin.sarif
cp uploaded-artifacts/sast_codeql_sarif_javascript-typescript/javascript.sarif release_files/sast_codeql_sarif_javascript-typescript.sarif
cp uploaded-artifacts/sast_docker_scout_sarif.json/sast_docker_scout_sarif.json release_files/sast_docker_scout_sarif.json
cp uploaded-artifacts/dast_zap_report/report_html.html release_files/dast_zap_report.html
cp uploaded-artifacts/application-all/application-all.zip release_files/application-all.zip
- name: Create GitHub Release
id: create_release
uses: softprops/action-gh-release@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
tag_name: v${{ github.event.inputs.releaseVersion }}
name: ${{ github.event.inputs.releaseVersion }}
draft: false
prerelease: false
files: |
release_files/**
body: |
## Eclipse Dirigible - ${{ github.event.inputs.releaseVersion }}
#### Release:
The lates release notes are available [here](https://www.dirigible.io/releases/).
> _**Note:** All released versions can be found [here](https://github.com/eclipse/dirigible/releases/)._
#### Maven:
250+ Maven dependencies can be found [here]( https://search.maven.org/#search%7Cga%7C1%7Corg.eclipse.dirigible).
```xml
<dependency>
<groupId>org.eclipse.dirigible</groupId>
<artifactId>dirigible-components-group-core</artifactId>
<version>${{ github.event.inputs.releaseVersion }}</version>
</dependency>
```
#### Helm:
To install Eclipse Dirigible with Helm go to the [Setup with Helm](https://www.dirigible.io/help/setup/helm/) page.
All Helm charts, with detailed explanation, setup and configurations, can be found [here](https://artifacthub.io/packages/search?org=dirigiblelabs).
```
helm repo add dirigible https://eclipse.github.io/dirigible
helm repo update
helm install dirigible dirigible/dirigible --version ${{ github.event.inputs.releaseVersion }}
```
#### Docker images:
- [dirigiblelabs/dirigible](https://hub.docker.com/r/dirigiblelabs/dirigible/tags?page=1&ordering=last_updated) - All-in-one docker image - recommended for local test & development.
> _**Note:** All Docker images are availalbe [here](https://hub.docker.com/u/dirigiblelabs)_
#### Available for download `*.war` packages:
- _**[application-all](https://github.com/eclipse/dirigible/releases/download/v${{ github.event.inputs.releaseVersion }}/application-all.zip) - All-in-one package - recommended for local test & development.**_
> _**Note:** Unzip the downloaded file to extract the `application-all-XXX.jar` binary._
For more information go to [https://www.dirigible.io/help/setup/](https://www.dirigible.io/help/setup/).
helm-release:
runs-on: ubuntu-latest
needs: github-release
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 0
- name: Helm tool installer
uses: Azure/setup-helm@v4
- name: Helm Charts Release - Checkout gh-pages
run: |
mkdir charts-temp
cp -r build/helm-charts/ charts-temp/
#### Git Checkout Workaround
git add .github/
git add .reuse/
git add LICENSES/
git add logo/
git add components/
git reset --hard
####
git fetch
git checkout gh-pages
cp charts/* .
- name: Helm Charts Release - Set Chart Version - Dirigible
run: |
cd charts-temp/helm-charts/dirigible/
find *.yaml -type f -exec sed -i ''s/#{DirigibleVersion}#/${{ github.event.inputs.releaseVersion }}/g'' {} \;
- name: Helm Charts Release
run: |
cp charts/* charts-temp/helm-charts/
cd charts-temp/helm-charts/
helm package dirigible
cd ..
helm repo index helm-charts/ --url https://eclipse.github.io/dirigible/charts
cp helm-charts/index.yaml ../.
cp helm-charts/dirigible-${{ github.event.inputs.releaseVersion }}.tgz ../charts/
cd ..
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
git add index.yaml
git add charts/
git commit -m "Updates Helm Charts - Release ${{ github.event.inputs.releaseVersion }}"
git push origin gh-pages