.github/workflows/release.yml

Summary

Maintainability
Test Coverage
name: Verify and Release
on:
  workflow_dispatch:
    inputs:
      release:
        description: 'Version to release'
        required: true
permissions: write-all
env:
  javaVersion: java21

jobs:
  release:
    name: Release
    runs-on: ubuntu-22.04

    strategy:
      fail-fast: false

    steps:
    - name: Checkout repository
      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      with:
        # We must fetch at least the immediate parents so that if this is
        # a pull request then we can checkout the head.
        fetch-depth: 2

    - name: Set up JDK 21
      uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
      with:
        distribution: 'temurin'
        java-version: '21-ea'
        cache: 'maven'

    - name: APT update
      run: sudo apt-get update

    - name: Install buildtools
      run: sudo apt-get install -y graphviz build-essential fakeroot devscripts debhelper dh-make bzr-builddeb wget

    - name: Remove localtime
      run: sudo rm /etc/localtime

    - name: Set Swedish localtime
      run: sudo ln -s /usr/share/zoneinfo/Europe/Stockholm /etc/localtime 

    - name: Update tzdata
      run: sudo dpkg-reconfigure -f noninteractive tzdata 

    - name: Download Maven
      run: wget https://archive.apache.org/dist/maven/maven-3/3.9.7/binaries/apache-maven-3.9.7-bin.tar.gz

    - name: Unpack Maven
      run: tar xzvf apache-maven-3.9.7-bin.tar.gz

    - name: Set Maven
      run: mv apache-maven-3.9.7 maven

    - name: Set Version for release
      run: maven/bin/mvn -B --file parent-pom/pom.xml versions:set -DnewVersion="${{ github.event.inputs.release }}" -Pall-modules versions:commit    

    - uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1
      with:
        commit_message: Automated Release ${{ github.event.inputs.release }}
        branch: release-${{ github.event.inputs.release }}
        tagging_message: '${{ github.event.inputs.release }}'
        create_branch: true      
    - name: Build with Maven
      run: maven/bin/mvn -B --file pom.xml clean install -Prelease-site,all-modules -DforkMode=once '-Dtest=!**ITest*,!**DocumentationTest*' -Dmaven.test.skip=true -DfailIfNoTests=false  -Dsurefire.failIfNoSpecifiedTests=false  -Dsurefire.reportNameSuffix=UNIT
    - name: Generate artifact attestation
      uses: actions/attest-build-provenance@534b352d658f90498fd148d231fdbf88f3886a3a # v1.3.1
      id: attest
      with:
        subject-path: 'cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb'
        bundle-path: 'cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb.intoto.jsonl'
    - name: Copy artifact attestation
      run: cp ${{ steps.attest.outputs.bundle-path }} cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb.intoto.jsonl
    - name: Generate SBOM attestation
      id: attestsbom
      uses: actions/attest-sbom@91d05efbc376a456f8abf965e8929c5c04ece8af # v1.3.1
      with:
        subject-path: 'cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb'
        sbom-path: 'cia-dist-deb/target/site/com.hack23.cia_cia-dist-deb-${{ github.event.inputs.release }}.spdx.json'
    - name: Copy SBOM attestation
      run: cp ${{ steps.attestsbom.outputs.bundle-path }} cia-dist-deb/target/site/com.hack23.cia_cia-dist-deb-${{ github.event.inputs.release }}.spdx.json.intoto.jsonl
    - name: Create a GitHub release
      uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
      with:
        tag: '${{ github.event.inputs.release }}'
        generateReleaseNotes: false
        name: Release ${{ github.event.inputs.release }}
        artifacts: "cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb,cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb.intoto.jsonl,cia-dist-deb/target/site/com.hack23.cia_cia-dist-deb-${{ github.event.inputs.release }}.spdx.json,cia-dist-deb/target/site/com.hack23.cia_cia-dist-deb-${{ github.event.inputs.release }}.spdx.json.intoto.jsonl,cia-dist-cloudformation/target/dependency/cia-dist-cloudformation-${{ github.event.inputs.release }}.template,citizen-intelligence-agency/target/site/com.hack23.cia_citizen-intelligence-agency-${{ github.event.inputs.release }}.spdx.json,cia-dist-deb/target/site/com.hack23.cia_cia-dist-deb-${{ github.event.inputs.release }}.spdx.json,cia-dist-cloudformation/target/dependency/cia-dist-cloudformation-${{ github.event.inputs.release }}.template"