diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index f1f52f6..0000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Deploy CrySL - -on: [workflow_dispatch] - -jobs: - deployment: - runs-on: ubuntu-latest - environment: Deploy - name: Deploy CrySL - steps: - - name: Checkout source code - uses: actions/checkout@v4 - # Sets up Java version - - name: Set up Java - uses: actions/setup-java@v4 - with: - distribution: 'adopt' - java-package: 'jdk' - java-version: '17' - server-id: 'ossrh' # must match the serverId configured for the nexus-staging-maven-plugin - server-username: OSSRH_USERNAME # Env var that holds your OSSRH user name - server-password: OSSRH_PASSWORD # Env var that holds your OSSRH user pw - gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Substituted with the value stored in the referenced secret - gpg-passphrase: SIGN_KEY_PASS # Env var that holds the key's passphrase - - name: Build & Deploy CrySL - run: mvn -B -U clean deploy -Pdeployment - env: - SIGN_KEY_PASS: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }} - OSSRH_USERNAME: ${{ secrets.SONATYPE_USER }} - OSSRH_PASSWORD: ${{ secrets.SONATYPE_PW }} diff --git a/.github/workflows/deploy_and_release.yml b/.github/workflows/deploy_and_release.yml new file mode 100644 index 0000000..ddee79e --- /dev/null +++ b/.github/workflows/deploy_and_release.yml @@ -0,0 +1,82 @@ +name: Deploy CrySL + +on: [workflow_dispatch] + +jobs: + deployment: + runs-on: ubuntu-latest + environment: Deploy + steps: + - name: Checkout source code + uses: actions/checkout@v4 + # Sets up Java version + - name: Set up Java + uses: actions/setup-java@v4 + with: + distribution: 'adopt' + java-package: 'jdk' + java-version: '17' + server-id: 'ossrh' # must match the serverId configured for the nexus-staging-maven-plugin + server-username: OSSRH_USERNAME # Env var that holds your OSSRH user name + server-password: OSSRH_PASSWORD # Env var that holds your OSSRH user pw + gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Substituted with the value stored in the referenced secret + gpg-passphrase: SIGN_KEY_PASS # Env var that holds the key's passphrase + # Tycho requires at least Maven 3.9.0 + - name: Set up Maven + uses: stCarolas/setup-maven@v5 + with: + maven-version: 3.9.0 + - name: Build & Deploy CrySL + run: mvn -B -U clean deploy -Pdeployment + env: + SIGN_KEY_PASS: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }} + OSSRH_USERNAME: ${{ secrets.SONATYPE_USER }} + OSSRH_PASSWORD: ${{ secrets.SONATYPE_PW }} + + release: + runs-on: ubuntu-latest + needs: deployment + - name: Checkout source code + uses: actions/checkout@v4 + + - name: Fetch all tags + run: git fetch --tags + + - name: Extract Version from pom.xml + id: extract_version + run: | + VERSION=$(sed -n 's/.*\(.*\)<\/version>.*/\1/p' pom.xml | head -n 1) + echo "VERSION=$VERSION" >> $GITHUB_ENV + + - name: Generate Release Notes + id: generate_notes + run: | + LATEST_TAG=$(git tag --sort=-creatordate | head -n 1) + git log $LATEST_TAG..HEAD --merges --pretty=format:"%h" > merged_prs.txt + + RELEASE_NOTES="Release Notes:\n\n" + + while IFS= read -r commit_hash; do + if git log -1 --pretty=format:"%s" $commit_hash | grep -iq "dependabot"; then + continue + fi + + PR_NUMBER=$(git log -1 --pretty=format:"%s" $commit_hash | grep -oE "([Pp][Rr]|pull request) #[0-9]+" | grep -oE "[0-9]+" | head -n 1) + + FIRST_COMMENT=$(gh pr view $PR_NUMBER --json body --jq '.body') + + if [ -n "$FIRST_COMMENT" ]; then + RELEASE_NOTES+="- PR #$PR_NUMBER: $FIRST_COMMENT\n" + fi + done < merged_prs.txt + + echo -e "$RELEASE_NOTES" > release_notes.txt + cat release_notes.txt + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Create GitHub Release + run: | + gh release create "$VERSION" --title "$VERSION" --notes-file release_notes.txt + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/main_build.yml b/.github/workflows/main_build.yml index 548d4a5..ce83d9d 100644 --- a/.github/workflows/main_build.yml +++ b/.github/workflows/main_build.yml @@ -2,9 +2,6 @@ name: CrySL build on: push: - branches-ignore: - - master - - develop pull_request: types: [opened, reopened] @@ -26,6 +23,11 @@ jobs: distribution: 'adopt' java-package: jdk java-version: '17' + # Tycho requires at least Maven 3.9.0 + - name: Set up Maven + uses: stCarolas/setup-maven@v5 + with: + maven-version: 3.9.0 # Restores Maven dependecies - name: Restore local Maven repository uses: actions/cache@v3 diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml index 894f163..53c102b 100644 --- a/.github/workflows/style.yml +++ b/.github/workflows/style.yml @@ -3,9 +3,6 @@ description: Check the formatting. Use "mvn spotless:apply" to format the code. on: push: - branches-ignore: - - master - - develop jobs: check-formatting: @@ -14,6 +11,18 @@ jobs: steps: - name: Checkout source code uses: actions/checkout@v4 + # Sets up Java version + - name: Set up Java + uses: actions/setup-java@v4 + with: + distribution: 'adopt' + java-package: jdk + java-version: '17' + # Tycho requires at least Maven 3.9.0 + - name: Set up Maven + uses: stCarolas/setup-maven@v5 + with: + maven-version: 3.9.0 # Restores Maven dependecies - name: Restore local Maven repository uses: actions/cache@v4 diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml index 267a316..8f17bcc 100644 --- a/.github/workflows/version.yml +++ b/.github/workflows/version.yml @@ -25,6 +25,11 @@ jobs: distribution: 'adopt' java-package: jdk java-version: '17' + # Tycho requires at least Maven 3.9.0 + - name: Set up Maven + uses: stCarolas/setup-maven@v5 + with: + maven-version: 3.9.0 # Semantic versioning - name: Semantic versioning id: versioning @@ -83,6 +88,11 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + # Tycho requires at least Maven 3.9.0 + - name: Set up Maven + uses: stCarolas/setup-maven@v5 + with: + maven-version: 3.9.0 # Semantic versioning - name: Semantic versioning id: versioning diff --git a/README.md b/README.md index f7f6c64..0f52460 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,13 @@ CrySL is a domain-specific language that allows to specify the correct usage of APIs. Example specifications for the JavaCryptographicArchitecture (JCA), BouncyCastle and Tink can be found [here](https://github.com/CROSSINGTUD/Crypto-API-Rules). +## Build +CrySL uses Maven as build tool. You can install this project via + +```mvn clean install -DskipTests``` + +Installing requires at least Java 17 and Maven 3.9.0. + ## Parsing CrySL files We implemented a parser that reads a set of `.crysl` files and parses them into Java objects. Include the following dependency in your project (replace `x.y.z` with the latest version): diff --git a/pom.xml b/pom.xml index 84f8655..37014ec 100644 --- a/pom.xml +++ b/pom.xml @@ -52,7 +52,7 @@ - 2.7.5 + 4.0.10 2.35.0 2.19.0 UTF-8