.github/workflows/release.yml
name: Verify and Release
on:
workflow_dispatch:
inputs:
release:
description: 'Version to release'
required: true
permissions: write-all
env:
javaVersion: java21
jobs:
release:
name: Release
runs-on: ubuntu-22.04
strategy:
fail-fast: false
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
- name: Set up JDK 21
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: 'temurin'
java-version: '21-ea'
cache: 'maven'
- name: APT update
run: sudo apt-get update
- name: Install buildtools
run: sudo apt-get install -y graphviz build-essential fakeroot devscripts debhelper dh-make bzr-builddeb wget
- name: Remove localtime
run: sudo rm /etc/localtime
- name: Set Swedish localtime
run: sudo ln -s /usr/share/zoneinfo/Europe/Stockholm /etc/localtime
- name: Update tzdata
run: sudo dpkg-reconfigure -f noninteractive tzdata
- name: Download Maven
run: wget https://archive.apache.org/dist/maven/maven-3/3.9.7/binaries/apache-maven-3.9.7-bin.tar.gz
- name: Unpack Maven
run: tar xzvf apache-maven-3.9.7-bin.tar.gz
- name: Set Maven
run: mv apache-maven-3.9.7 maven
- name: Set Version for release
run: maven/bin/mvn -B --file parent-pom/pom.xml versions:set -DnewVersion="${{ github.event.inputs.release }}" -Pall-modules versions:commit
- uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1
with:
commit_message: Automated Release ${{ github.event.inputs.release }}
branch: release-${{ github.event.inputs.release }}
tagging_message: '${{ github.event.inputs.release }}'
create_branch: true
- name: Build with Maven
run: maven/bin/mvn -B --file pom.xml clean install -Prelease-site,all-modules -DforkMode=once '-Dtest=!**ITest*,!**DocumentationTest*' -Dmaven.test.skip=true -DfailIfNoTests=false -Dsurefire.failIfNoSpecifiedTests=false -Dsurefire.reportNameSuffix=UNIT
- name: Generate artifact attestation
uses: actions/attest-build-provenance@534b352d658f90498fd148d231fdbf88f3886a3a # v1.3.1
id: attest
with:
subject-path: 'cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb'
bundle-path: 'cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb.intoto.jsonl'
- name: Copy artifact attestation
run: cp ${{ steps.attest.outputs.bundle-path }} cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb.intoto.jsonl
- name: Generate SBOM attestation
id: attestsbom
uses: actions/attest-sbom@91d05efbc376a456f8abf965e8929c5c04ece8af # v1.3.1
with:
subject-path: 'cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb'
sbom-path: 'cia-dist-deb/target/site/com.hack23.cia_cia-dist-deb-${{ github.event.inputs.release }}.spdx.json'
- name: Copy SBOM attestation
run: cp ${{ steps.attestsbom.outputs.bundle-path }} cia-dist-deb/target/site/com.hack23.cia_cia-dist-deb-${{ github.event.inputs.release }}.spdx.json.intoto.jsonl
- name: Create a GitHub release
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
with:
tag: '${{ github.event.inputs.release }}'
generateReleaseNotes: false
name: Release ${{ github.event.inputs.release }}
artifacts: "cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb,cia-dist-deb/target/cia-dist-deb-${{ github.event.inputs.release }}.all.deb.intoto.jsonl,cia-dist-deb/target/site/com.hack23.cia_cia-dist-deb-${{ github.event.inputs.release }}.spdx.json,cia-dist-deb/target/site/com.hack23.cia_cia-dist-deb-${{ github.event.inputs.release }}.spdx.json.intoto.jsonl,cia-dist-cloudformation/target/dependency/cia-dist-cloudformation-${{ github.event.inputs.release }}.template,citizen-intelligence-agency/target/site/com.hack23.cia_citizen-intelligence-agency-${{ github.event.inputs.release }}.spdx.json,cia-dist-deb/target/site/com.hack23.cia_cia-dist-deb-${{ github.event.inputs.release }}.spdx.json,cia-dist-cloudformation/target/dependency/cia-dist-cloudformation-${{ github.event.inputs.release }}.template"