diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..2a9f6385 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,68 @@ +name: Release Security CLI + +on: + workflow_dispatch: + inputs: + version: + description: 'Release version (e.g., 1.2.3)' + required: true + type: string + default: '0.0.0' + skip_audit: + description: 'Skip running audit command' + required: false + type: boolean + default: false + +jobs: + release: + runs-on: ubuntu-latest + + steps: + - name: Validate version input + run: | + if [ -z "${{ inputs.version }}" ] || [ "${{ inputs.version }}" = "0.0.0" ]; then + echo "Error: Invalid version provided" + exit 1 + fi + echo "NEXT_VERSION=${{ inputs.version }}" >> $GITHUB_ENV + echo "CI=true" >> $GITHUB_ENV + + - name: Checkout code + uses: actions/checkout@v5 + + - name: Set up JFrog CLI + uses: jfrog/setup-jfrog-cli@v4 + with: + version: latest + env: + JF_URL: ${{ secrets.FROGBOT_URL }} + JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }} + + - name: Configure Git + run: | + git config --global user.name "jfrog-security-cli-release-bot" + git config --global user.email "jfrog-security-cli-release-bot@users.noreply.github.com" + + - name: Merge dev into main and create tag + run: | + git checkout main + git merge origin/dev + git tag v${NEXT_VERSION} + + - name: Run audit + if: ${{ inputs.skip_audit != true }} + run: | + jf audit --extended-table + + - name: Push changes and tag + run: | + git clean -fd + git push origin main + git push origin --tags + + - name: Merge changes back to dev + run: | + git checkout dev + git merge origin/main + git push origin dev \ No newline at end of file