name: Release Check on: push: branches: - 'release/**' - 'hotfix/**' defaults: run: shell: bash env: JAVA_DIST: 'temurin' JAVA_VERSION: 23 jobs: check-preconditions: name: Validate commits pushed to release/hotfix branch to fulfill release requirements runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Java uses: actions/setup-java@v4 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} cache: 'maven' - id: validate-pom-version name: Validate POM version run: | if [[ $GITHUB_REF =~ refs/heads/(hotfix|release)/[0-9]+\.[0-9]+\.[0-9]+.* ]]; then SEM_VER_STR=${GITHUB_REF##*/} else echo "Failed to parse version" exit 1 fi if [[ ${SEM_VER_STR} == `mvn help:evaluate -Dexpression=project.version -q -DforceStdout` ]]; then echo "semVerStr=${SEM_VER_STR}" >> $GITHUB_OUTPUT else echo "Version not set in POM" exit 1 fi - name: Validate release in org.cryptomator.Cryptomator.metainfo.xml file run: | if ! grep -q "" dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml; then echo "Release not set in dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml" exit 1 fi - name: Cache NVD DB uses: actions/cache@v4 with: path: ~/.m2/repository/org/owasp/dependency-check-data/ key: dependency-check-${{ github.run_id }} restore-keys: | dependency-check env: SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5 - name: Run org.owasp:dependency-check plugin id: dependency-check continue-on-error: true run: mvn -B verify -Pdependency-check -DskipTests -Djavafx.platform=linux env: NVD_API_KEY: ${{ secrets.NVD_API_KEY }}