Skip to content

Commit

Permalink
Merge pull request #729 from udx/latest
Browse files Browse the repository at this point in the history 
Latest => v4.0
  • Loading branch information
@balexey88
balexey88 authored Mar 28, 2024
2 parents 332440c + 3888709 commit c69f356
Show file tree
Hide file tree
Showing 1,141 changed files with 31,420 additions and 101,588 deletions.
19 changes: 19 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
version: 2
updates:
# Enable checks for the default vendor folder
- package-ecosystem: "composer"
directory: "/"
schedule:
interval: "weekly"

# Enable checks for Google API Client package
- package-ecosystem: "composer"
directory: "/lib/Google"
schedule:
interval: "weekly"

# Enable checks for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
150 changes: 150 additions & 0 deletions .github/workflows/publish-release.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
name: Publish Release
run-name: Publish Release

on:
workflow_dispatch:
inputs:
release:
description: 'Release version (e.g. 1.2.3)'
required: true
prerelease:
description: 'Pre-release version (e.g. RC1, beta, etc...)'
required: false

permissions:
contents: write

env:
TAG: ${{ github.event.inputs.release }}
PRETAG: ${{ github.event.inputs.prerelease }}
BRANCH: temp-release-${{ github.event.inputs.release }}

jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Prepare vars
id: vars
uses: actions/github-script@v7
with:
script: |
const full_tag = [
process.env.TAG,
process.env.PRETAG
].filter(Boolean).join('-');
const branch = `temp-release-${full_tag}`;
const is_prerelease = !!process.env.PRETAG;
core.setOutput('full_tag', full_tag );
core.setOutput('branch', branch );
core.setOutput('is_prerelease', is_prerelease );
# 'ref' and 'repository' are required, otherwise repo could appear in detached head state
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
repository: ${{ github.repository }}

- name: Parse Changelog Entries
uses: actions/github-script@v7
id: changelog
with:
script: |
const { open } = require('fs/promises');
const version = process.env.TAG;
const delimiter = '#### ';
const file = await open('./changes.md');
let description = [];
let found = false;
for await (let line of file.readLines()) {
line = line.trim();
if ( line.startsWith(`${delimiter}${version}`) ) {
found = true;
continue;
}
if (!found) continue;
if ( line.startsWith(delimiter) ) break;
description.push(line);
}
if ( !description.length ) core.setFailed(`Release ${version} not found in the changelog!`);
core.setOutput('description', description.join('\n') );
# cleanup files that are not needed for the release
# but keep the .git folder, because we need it for the next step
- name: Cleanup files
run: |
rm -f composer.lock || true
rm -rf vendor/composer/installers || true
find ./ -name '.git*' -not -path './.git' -type f -delete || true
find ./ -name '.git*' -not -path './.git' -type d -exec rm -rf {} \; || true
find ./vendor -name .svn -exec rm -rf {} \; || true
# cleanup files, specific to Google API PHP library
- name: Cleanup files for Google API library
run: |
rm -f lib/Google/phpstan.neon.dist || true
rm -f lib/Google/vendor/paragonie/random_compat/build-phar.sh || true
find ./lib/Google/ -name '.repo-metadata.json' -type f -delete || true
find ./lib/Google/vendor -name .svn -exec rm -rf '{}' \; || true
# commit changes to temporary release branch and create a new tag
- name: Commit changes
uses: EndBug/add-and-commit@v9
with:
message: Cleanup files for release
new_branch: ${{ steps.vars.outputs.branch }}
tag: ${{ steps.vars.outputs.full_tag }}

# generate SBOM that will be attached to a release as an artifact
- name: Create SBOM
id: sbom
uses: anchore/sbom-action@v0
with:
path: .
output-file: sbom.spdx.json
format: spdx-json

# create a draft release with the version changelog as a description
- name: Create Draft Release
id: draft_release
uses: softprops/action-gh-release@v1
with:
name: "Release ${{ steps.vars.outputs.full_tag }}"
body: "${{ steps.changelog.outputs.description }}"
tag_name: ${{ steps.vars.outputs.full_tag }}
draft: true
prerelease: ${{ steps.vars.outputs.is_prerelease }}

# attach SBOM to release
- name: Upload SBOM to release
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.draft_release.outputs.upload_url }}
asset_path: ./sbom.spdx.json
asset_name: sbom.spdx.json
asset_content_type: application/json

# publish release using an ID from the 'draft_release' step
- name: Publish Release
uses: eregon/publish-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
release_id: ${{ steps.draft_release.outputs.id }}

# delete temporary release branch
- name: Delete temporary release branch
run: |
git push origin --delete ${{ steps.vars.outputs.branch }}
25 changes: 25 additions & 0 deletions .github/workflows/security-scan.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Security Scan
run-name: Security Scan

on:
push:
pull_request:
workflow_dispatch:

jobs:
code-scanning:
name: Code Scanning (grype)
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Run Security Check
id: test
uses: anchore/scan-action@v3
with:
path: .
output-format: table


Loading

0 comments on commit c69f356

Please sign in to comment.