Skip to content
This repository has been archived by the owner on Nov 6, 2024. It is now read-only.

[BCE-26147] Add SAST findings to JetBrains #365

[BCE-26147] Add SAST findings to JetBrains

[BCE-26147] Add SAST findings to JetBrains #365

Workflow file for this run

# GitHub Actions Workflow created for testing and preparing the plugin release in following steps:
# - validate Gradle Wrapper,
# - run test and verifyPlugin tasks,
# - run buildPlugin task and prepare artifact for the further tests,
# - run IntelliJ Plugin Verifier,
# - create a draft release.
#
# Workflow is triggered on push and pull_request events.
#
# Docs:
# - GitHub Actions: https://help.github.com/en/actions
# - IntelliJ Plugin Verifier GitHub Action: https://github.com/ChrisCarini/intellij-platform-plugin-verifier-action
#
## JBIJPPTPL
name: Build
on:
# Trigger the workflow on pushes to only the 'main' branch (this avoids duplicate checks being run e.g. for dependabot pull requests)
push:
branches: ['**']
# Trigger the workflow on any pull request
pull_request:
jobs:
# Run Gradle Wrapper Validation Action to verify the wrapper's checksum
gradleValidation:
name: Gradle Wrapper
runs-on: ubuntu-latest
steps:
# Check out current repository
- name: Fetch Sources
uses: actions/[email protected]
# Validate wrapper
- name: Gradle Wrapper Validation
uses: gradle/[email protected]
# Run verifyPlugin and test Gradle tasks
test:
name: Test
needs: gradleValidation
runs-on: ubuntu-latest
steps:
# Check out current repository
- name: Fetch Sources
uses: actions/[email protected]
# Setup Java 11 environment for the next steps
- name: Setup Java
uses: actions/setup-java@v2
with:
distribution: zulu
java-version: 11
cache: gradle
# Set environment variables
- name: Export Properties
id: properties
shell: bash
run: |
PROPERTIES="$(./gradlew properties --console=plain -q)"
IDE_VERSIONS="$(echo "$PROPERTIES" | grep "^pluginVerifierIdeVersions:" | base64)"
echo "::set-output name=ideVersions::$IDE_VERSIONS"
echo "::set-output name=pluginVerifierHomeDir::~/.pluginVerifier"
# Cache Plugin Verifier IDEs
- name: Setup Plugin Verifier IDEs Cache
uses: actions/[email protected]
with:
path: ${{ steps.properties.outputs.pluginVerifierHomeDir }}/ides
key: ${{ runner.os }}-plugin-verifier-${{ steps.properties.outputs.ideVersions }}
# Run tests
- name: Run Tests
run: ./gradlew test
# Run verifyPlugin Gradle task
- name: Verify Plugin
run: ./gradlew verifyPlugin
# Run IntelliJ Plugin Verifier action using GitHub Action
- name: Run Plugin Verifier
run: ./gradlew runPluginVerifier -Pplugin.verifier.home.dir=${{ steps.properties.outputs.pluginVerifierHomeDir }}
# Build plugin with buildPlugin Gradle task and provide the artifact for the next workflow jobs
# Requires test job to be passed
build:
name: Build
needs: test
runs-on: ubuntu-latest
outputs:
version: ${{ steps.properties.outputs.version }}
changelog: ${{ steps.properties.outputs.changelog }}
steps:
# Check out current repository
- name: Fetch Sources
uses: actions/[email protected]
# Setup Java 11 environment for the next steps
- name: Setup Java
uses: actions/setup-java@v2
with:
distribution: adopt
java-version: 11
architecture: x64
# Set environment variables
- name: Export Properties
id: properties
shell: bash
run: |
PROPERTIES="$(./gradlew properties --console=plain -q)"
VERSION="$(echo "$PROPERTIES" | grep "^version:" | cut -f2- -d ' ')"
NAME="$(echo "$PROPERTIES" | grep "^pluginName:" | cut -f2- -d ' ')"
CHANGELOG="$(./gradlew getChangelog --unreleased --no-header --console=plain -q)"
CHANGELOG="${CHANGELOG//'%'/'%25'}"
CHANGELOG="${CHANGELOG//$'\n'/'%0A'}"
CHANGELOG="${CHANGELOG//$'\r'/'%0D'}"
echo "::set-output name=version::$VERSION"
echo "::set-output name=name::$NAME"
echo "::set-output name=changelog::$CHANGELOG"
# Build artifact using buildPlugin Gradle task
- name: Build Plugin
run: ./gradlew buildPlugin
# Store built plugin as an artifact for downloading
- name: Upload artifacts
uses: actions/[email protected]
with:
name: "${{ steps.properties.outputs.name }} - ${{ steps.properties.outputs.version }}"
path: ./build/distributions/*
# Prepare a draft release for GitHub Releases page for the manual verification
# If accepted and published, release workflow would be triggered
releaseDraft:
name: Release Draft
if: |
github.event_name != 'pull_request' &&
github.ref == 'refs/heads/main'
needs: build
runs-on: [ self-hosted, public, linux, x64 ]
steps:
# Check out current repository
- name: Fetch Sources
uses: actions/[email protected]
- name: Install gh cli
run: |
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-key C99B11DEB97541F0
sudo apt-add-repository https://cli.github.com/packages
sudo apt update
sudo apt install gh
# Remove old release drafts by using the curl request for the available releases with draft flag
- name: Remove Old Release Drafts
env:
GITHUB_TOKEN: ${{ secrets.PUSH_GH_TOKEN }}
run: |
gh api repos/{owner}/{repo}/releases \
--jq '.[] | select(.draft == true) | .id' \
| xargs -I '{}' gh api -X DELETE repos/{owner}/{repo}/releases/{}
# Create new release draft - which is not publicly visible and requires manual acceptance
- name: Create Release Draft
env:
GITHUB_TOKEN: ${{ secrets.YUVAL_GH_TOKEN }}
run: |
gh release create v${{ needs.build.outputs.version }} \
--draft \
--title "v${{ needs.build.outputs.version }}" \
--notes "${{ needs.build.outputs.changelog }}"