| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 |
- name: Release Check
- on:
- push:
- branches:
- - 'release/**'
- - 'hotfix/**'
- defaults:
- run:
- shell: bash
- env:
- JAVA_DIST: 'temurin'
- JAVA_VERSION: 23
- jobs:
- check-preconditions:
- name: Validate commits pushed to release/hotfix branch to fulfill release requirements
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v4
- - name: Setup Java
- uses: actions/setup-java@v4
- with:
- distribution: ${{ env.JAVA_DIST }}
- java-version: ${{ env.JAVA_VERSION }}
- cache: 'maven'
- - id: validate-pom-version
- name: Validate POM version
- run: |
- if [[ $GITHUB_REF =~ refs/heads/(hotfix|release)/[0-9]+\.[0-9]+\.[0-9]+.* ]]; then
- SEM_VER_STR=${GITHUB_REF##*/}
- else
- echo "Failed to parse version"
- exit 1
- fi
- if [[ ${SEM_VER_STR} == `mvn help:evaluate -Dexpression=project.version -q -DforceStdout` ]]; then
- echo "semVerStr=${SEM_VER_STR}" >> $GITHUB_OUTPUT
- else
- echo "Version not set in POM"
- exit 1
- fi
- - name: Validate release in org.cryptomator.Cryptomator.metainfo.xml file
- run: |
- if ! grep -q "<release date=\".*\" version=\"${{ steps.validate-pom-version.outputs.semVerStr }}\">" dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml; then
- echo "Release not set in dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml"
- exit 1
- fi
- - name: Cache NVD DB
- uses: actions/cache@v4
- with:
- path: ~/.m2/repository/org/owasp/dependency-check-data/
- key: dependency-check-${{ github.run_id }}
- restore-keys: |
- dependency-check
- env:
- SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5
- - name: Run org.owasp:dependency-check plugin
- id: dependency-check
- continue-on-error: true
- run: mvn -B verify -Pdependency-check -DskipTests -Djavafx.platform=linux
- env:
- NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
|
