Release Web UI #5

Workflow file for this run

.github/workflows/release-web-ui.yml at 3c26b94

	# SPDX-License-Identifier: MIT
	name: Release Web UI

	on:
	workflow_dispatch:
	inputs:
	actor-email:
	description: Insert your email address here. It will be used in the generated pull requests
	required: true
	web-ui-version:
	description: Web-UI Version (e.g. 1.0.0)
	required: true
	web-ui-milestone-number:
	description: Web-UI Milestone number (e.g. 70)
	required: true

	permissions:
	contents: write
	issues: write
	packages: write
	pull-requests: write

	env:
	ACTIONS_BASE_IMAGE_DEBIAN: debian:12-slim
	ACTIONS_SECHUB_REGISTRY: ghcr.io/mercedes-benz/sechub
	ACTIONS_HELM_REGISTRY: "oci://ghcr.io/mercedes-benz/sechub/helm-charts"
	WEB_UI_RELEASE_ZIPFILE: "sechub-web-ui_htdocs.zip"

	jobs:
	release-version:
	name: Create Web-UI release
	runs-on: ubuntu-latest
	steps:

	- name: "Show Inputs"
	run: \|
	echo "actor-email: '${{ inputs.actor-email }}'"
	echo "Web-UI '${{ inputs.web-ui-version }}' - Milestone '${{ inputs.web-ui-milestone-number }}'"

	# Check inputs:
	- name: "Verify Input for Web-UI release"
	if: (inputs.web-ui-version == '') \|\| (inputs.web-ui-milestone-number == '')
	run: \|
	echo "For Web-UI release, web-ui-version and web-ui-milestone-number must be provided!"
	exit 1

	- name: Checkout master
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
	with:
	ref: master

	# Create temporary local tag, so we build for this tag...
	# The final tag on git server side will be done automatically by the release when the draft is saved as "real" release
	- name: "Temporary tag server version: v${{ inputs.web-ui-version }}-web-ui"
	run: git tag v${{ inputs.web-ui-version }}-web-ui

	# ------------------------------
	# Node.js is needed for building
	# ------------------------------
	- name: Use Node.js
	uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
	with:
	node-version: 22

	- name: Docker login to ghcr.io
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	# ----------------------
	# Create pull request if license headers are missing
	# ----------------------
	- name: run apply-headers.sh
	id: apply-headers
	run: \|
	git config user.name "$GITHUB_TRIGGERING_ACTOR (via github-actions)"
	git config user.email "${{ inputs.actor-email }}"
	./apply-headers.sh
	git commit -am "SPDX headers added by SecHub release job @github-actions" \|\| true
	COMMITS=`git log --oneline --branches --not --remotes`
	echo "commits=$COMMITS" >> $GITHUB_OUTPUT

	- name: Create pull request for SPDX license headers
	id: pr_spdx_headers
	if: steps.apply-headers.outputs.commits != ''
	uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
	with:
	branch: release-spdx-headers
	branch-suffix: short-commit-hash
	delete-branch: true
	title: '0 - Before web-ui release: Add missing SPDX license headers [auto-generated]'
	body: \|
	Auto-generated by Github Actions web-ui release job.

	-> Please review and merge before publishing the web-ui release.

	- name: Print PR infos
	if: steps.apply-headers.outputs.commits != ''
	run: \|
	echo "Pull Request Number - ${{ steps.pr_spdx_headers.outputs.pull-request-number }}"
	echo "Pull Request URL - ${{ steps.pr_spdx_headers.outputs.pull-request-url }}"

	# ----------------------
	# Build SecHub Web-UI
	# ----------------------
	- name: Build SecHub web-ui
	run: \|
	cd sechub-web-ui && \
	npm install && \
	npm run build && \
	cd dist && \
	echo '${{ inputs.web-ui-version }}' > sechub-web-ui_version.txt && \
	zip -r ../../../$WEB_UI_RELEASE_ZIPFILE *

	- name: Collect GIT status
	if: always()
	run: \|
	# restore reduced-openapi3.json
	git restore sechub-api-java/src/main/resources/reduced-openapi3.json
	mkdir -p build/reports
	git status > build/reports/git-status.txt
	echo "--- git tags:" >> build/reports/git-status.txt
	git tag --points-at HEAD >> build/reports/git-status.txt

	- name: Archive GIT status
	if: always()
	uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
	with:
	name: git-status.txt
	path: build/reports/git-status.txt
	retention-days: 7

	- name: Archive Web-UI artifacts
	if: always()
	uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
	with:
	name: sechub-web-ui_htdocs
	path: sechub-web-ui/dist/
	retention-days: 7

	- name: Create Web-UI release
	id: create_web-ui_release
	uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own
	with:
	tag_name: v${{ inputs.web-ui-version }}-web-ui
	commitish: master
	release_name: web-ui frontend Version ${{ inputs.web-ui-version }}
	body: \|
	Changes in this release:
	- New shiny Web-UI features

	For more details please look at [Milestone ${{inputs.web-ui-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.web-ui-milestone-number}}?closed=1)
	draft: true
	prerelease: false

	- name: Create sha256 checksum file for Web-UI zip file
	run: sha256sum $WEB_UI_RELEASE_ZIPFILE > $WEB_UI_RELEASE_ZIPFILE.sha256sum

	- name: Upload Web-UI release asset ${{ env.WEB_UI_RELEASE_ZIPFILE }}
	uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	upload_url: ${{ steps.create_web-ui_release.outputs.upload_url }}
	asset_path: ${{ env.WEB_UI_RELEASE_ZIPFILE }}
	asset_name: ${{ env.WEB_UI_RELEASE_ZIPFILE }}
	asset_content_type: application/zip

	- name: Upload Web-UI release asset ${{ env.WEB_UI_RELEASE_ZIPFILE }}.sha256sum
	uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	upload_url: ${{ steps.create_web-ui_release.outputs.upload_url }}
	asset_path: ${{ env.WEB_UI_RELEASE_ZIPFILE }}.sha256sum
	asset_name: ${{ env.WEB_UI_RELEASE_ZIPFILE }}.sha256sum
	asset_content_type: text/plain

	# -----------------------------------------
	# Create release issue
	# -----------------------------------------
	- name: Create SecHub Web-UI ${{ inputs.web-ui-version }} release issue
	uses: dacbd/create-issue-action@main
	with:
	token: ${{ github.token }}
	title: Release SecHub Web-UI ${{ inputs.web-ui-version }}
	body: \|
	See [Milestone ${{inputs.web-ui-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.web-ui-milestone-number}}?closed=1) for details.

	Please close this issue after the release.
	milestone: ${{ inputs.web-ui-milestone-number }}

	# Build SecHub Web-UI container image + push to ghcr
	- name: Build SecHub web-ui ${{ inputs.web-ui-version }} container image + push to ghcr
	run: \|
	WEB_UI_VERSION="${{ inputs.web-ui-version }}"
	DOCKER_REGISTRY="$ACTIONS_SECHUB_REGISTRY/web-ui"
	VERSION_TAG="${WEB_UI_VERSION}"
	echo "# Building image $DOCKER_REGISTRY:$VERSION_TAG"
	echo " from $ACTIONS_BASE_IMAGE_DEBIAN"
	cp -r sechub-web-ui/dist sechub-web-ui-solution/docker/copy
	cd sechub-web-ui-solution
	export BASE_IMAGE="$ACTIONS_BASE_IMAGE_DEBIAN"
	export BUILD_TYPE=copy
	./10-create-image.sh "$DOCKER_REGISTRY" "$VERSION_TAG" "$WEB_UI_VERSION"
	echo "# Pushing image $DOCKER_REGISTRY:$VERSION_TAG (latest)"
	./20-push-image.sh "$DOCKER_REGISTRY" "$VERSION_TAG" yes

	- name: Build SecHub web-ui Helm chart + push to ghcr
	shell: bash
	run: \|
	cd sechub-web-ui-solution/helm
	rm -f *.tgz
	echo "# Building Helm chart for SecHub Web-UI"
	helm package web-ui
	helm push web-ui-*.tgz $ACTIONS_HELM_REGISTRY

	# -----------------------------------------
	# Create a pull request for merging back `master` into `develop`
	# -----------------------------------------
	- name: pull-request master to develop
	id: pr_master_to_develop
	continue-on-error: true
	uses: repo-sync/pull-request@7e79a9f5dc3ad0ce53138f01df2fad14a04831c5
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}
	source_branch: "master"
	destination_branch: "develop"
	pr_allow_empty: true # should allow an empty PR, but seems not to work
	pr_title: '2 - After web-ui release: Merge master back into develop [auto-generated]'
	pr_body: \|
	After SecHub Web-UI release
	- Web-UI '${{ inputs.web-ui-version }}'

	Merge master branch back into develop

	-> Please merge after the release has been published.

	- name: Print PR infos if PR was created
	if: steps.pr_master_to_develop.outcome == 'success'
	run: \|
	echo "Pull Request Number - ${{ steps.pr_master_to_develop.outputs.pr_number }}"
	echo "Pull Request URL - ${{ steps.pr_master_to_develop.outputs.pr_url }}"

	- name: Print info if no PR was created
	if: steps.pr_master_to_develop.outcome != 'success'
	run: \|
	echo "Nothing to merge - no pull request necessary."

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release Web UI #5

Workflow file

Release Web UI #5

Jobs

Run details

Workflow file for this run