Merge pull request #18 from CoreMedia/fix_third_party_security_issue #89
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
workflow_dispatch: | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Git | |
run: | | |
git config --global user.name 'coremedia-ci' | |
git config --global user.email 'coremedia-ci@coremedia.com' | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '11' | |
distribution: 'adopt' | |
server-id: coremedia.external.releases | |
server-username: PLUGINS_NEXUS_USER | |
server-password: PLUGINS_NEXUS_PASSWORD | |
cache: 'maven' | |
- name: Setup PNPM | |
uses: pnpm/action-setup@v3 | |
with: | |
version: 8 | |
- name: Setup NodeJS | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
cache: 'pnpm' | |
cache-dependency-path: "studio-client/pnpm-lock.yaml" | |
- name: Setup registry npm.coremedia.io | |
run: | | |
NPM_AUTH_TOKEN=$(curl -s -H "Accept: application/json" -H "Content-Type:application/json" -X PUT --data '{"name": "${{ secrets.CM_NPM_USER }}", "password": "${{ secrets.CM_NPM_READ_ONLY_PASSWORD }}"}' https://npm.coremedia.io/-/user/org.couchdb.user:${{ secrets.CM_NPM_USER }} | jq -r .token) | |
echo "::add-mask::$NPM_AUTH_TOKEN" | |
pnpm config set //npm.coremedia.io/:_authToken=$NPM_AUTH_TOKEN | |
pnpm config set @coremedia:registry=https://npm.coremedia.io | |
pnpm config set @jangaroo:registry=https://npm.coremedia.io | |
- name: Install PNPM Dependencies | |
working-directory: studio-client | |
run: pnpm install | |
- name: Set Release Version | |
id: set-release-version | |
if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main' | |
env: | |
PLUGINS_NEXUS_USER: ${{ secrets.PLUGINS_NEXUS_USER }} | |
PLUGINS_NEXUS_PASSWORD: ${{ secrets.PLUGINS_NEXUS_PASSWORD }} | |
run: | | |
mvn --batch-mode org.codehaus.mojo:versions-maven-plugin:2.8.1:set -DremoveSnapshot -DartifactId='*' | |
release_version=$(mvn --batch-mode org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout) | |
cd studio-client | |
pnpm set-version ${release_version} | |
cd .. | |
git add . | |
git commit -m "set release version: ${release_version}" | |
release_tag="v${release_version}" | |
git tag "${release_tag}" | |
echo "version=${release_version}" >> $GITHUB_OUTPUT | |
echo "tag=${release_tag}" >> $GITHUB_OUTPUT | |
- name: Output Version | |
id: output-version | |
env: | |
PLUGINS_NEXUS_USER: ${{ secrets.PLUGINS_NEXUS_USER }} | |
PLUGINS_NEXUS_PASSWORD: ${{ secrets.PLUGINS_NEXUS_PASSWORD }} | |
run: | | |
version=$(mvn --batch-mode org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout) | |
echo "version=${version}" >> $GITHUB_OUTPUT | |
- name: Build with Pnpm | |
working-directory: studio-client | |
run: | | |
pnpm -r build | |
pnpm -r package | |
- name: Build with Maven | |
env: | |
PLUGINS_NEXUS_USER: ${{ secrets.PLUGINS_NEXUS_USER }} | |
PLUGINS_NEXUS_PASSWORD: ${{ secrets.PLUGINS_NEXUS_PASSWORD }} | |
run: mvn --batch-mode --update-snapshots install | |
- name: Update license info | |
if: github.event_name == 'pull_request' | |
env: | |
PLUGINS_NEXUS_USER: ${{ secrets.PLUGINS_NEXUS_USER }} | |
PLUGINS_NEXUS_PASSWORD: ${{ secrets.PLUGINS_NEXUS_PASSWORD }} | |
run: | | |
mvn --batch-mode -Pdocs-third-party generate-resources | |
if [ -n "$(git status --porcelain documentation)" ]; then | |
git add documentation | |
git commit -m "update license information" | |
branch_name=${{ github.head_ref }} | |
git pull origin $branch_name --rebase | |
git push origin HEAD:$branch_name | |
fi | |
- name: Create Bundle | |
env: | |
VERSION: ${{ steps.output-version.outputs.version }} | |
DESCRIPTOR_TEMPLATE: 'content-hub-adapter-youtube.json' | |
CREATE_RELEASE: ${{ github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main' }} | |
RELEASE_TAG: ${{ steps.set-release-version.outputs.tag }} | |
URL_PATTERN: 'https://github.com/${GITHUB_REPOSITORY}/releases/download/${RELEASE_TAG}/${REL_FILE}' | |
run: | | |
mkdir -p target/bundle | |
RESULT="$(cat ${DESCRIPTOR_TEMPLATE})" | |
APPS=$(cat ${DESCRIPTOR_TEMPLATE} | jq -r '.plugins | keys[]') | |
for APP in ${APPS}; do | |
FILE_TEMPLATE=$(cat ${DESCRIPTOR_TEMPLATE} | jq -r --arg APP "${APP}" '.plugins[$APP].file') | |
FILE=$(eval echo ${FILE_TEMPLATE}) | |
REL_FILE=$(echo "${FILE}" | sed 's#.*/##g') | |
cp "${FILE}" target/bundle | |
if [ "${CREATE_RELEASE}" = true ]; then | |
URL=$(eval echo ${URL_PATTERN}) | |
RESULT="$(echo ${RESULT} | jq -r --arg APP "${APP}" --arg URL "${URL}" '.plugins[$APP] = {"url": $URL}')" | |
else | |
RESULT="$(echo ${RESULT} | jq -r --arg APP "${APP}" --arg REL_FILE "${REL_FILE}" '.plugins[$APP] = {"file": $REL_FILE}')" | |
fi | |
done | |
echo "${RESULT}" > "target/bundle/$(echo ${DESCRIPTOR_TEMPLATE} | sed 's#.*/##g' | cut -d '.' -f1)-${VERSION}.json" | |
- name: Set Next Snapshot Version | |
id: set-snapshot-version | |
if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main' | |
env: | |
PLUGINS_NEXUS_USER: ${{ secrets.PLUGINS_NEXUS_USER }} | |
PLUGINS_NEXUS_PASSWORD: ${{ secrets.PLUGINS_NEXUS_PASSWORD }} | |
run: | | |
mvn --batch-mode org.codehaus.mojo:versions-maven-plugin:2.8.1:set -DnextSnapshot -DartifactId='*' | |
snapshot_version=$(mvn --batch-mode org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout) | |
cd studio-client | |
pnpm set-version ${snapshot_version} | |
cd .. | |
git add . | |
git commit -m "set next snapshot version" | |
git push && git push --tags | |
echo "version=${snapshot_version}" >> $GITHUB_OUTPUT | |
- name: Upload Build Artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: content-hub-adapter-youtube-${{ steps.output-version.outputs.version }} | |
path: target/bundle | |
if-no-files-found: error | |
- name: Upload Release Artifacts | |
if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main' | |
uses: softprops/action-gh-release@v2 | |
with: | |
tag_name: v${{ steps.set-release-version.outputs.version }} | |
files: target/bundle/* |