name: Release Check on: push: branches: - 'release/**' - 'hotfix/**' defaults: run: shell: bash env: JAVA_DIST: 'temurin' JAVA_VERSION: 25 jobs: check-preconditions: name: Validate commits pushed to release/hotfix branch to fulfill release requirements runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Java uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} cache: 'maven' - id: validate-pom-version name: Validate POM version run: | if [[ $GITHUB_REF =~ refs/heads/(hotfix|release)/[0-9]+\.[0-9]+\.[0-9]+.* ]]; then SEM_VER_STR=${GITHUB_REF##*/} else echo "Failed to parse version" exit 1 fi if [[ ${SEM_VER_STR} == `mvn help:evaluate -Dexpression=project.version -q -DforceStdout` ]]; then echo "semVerStr=${SEM_VER_STR}" >> $GITHUB_OUTPUT else echo "Version not set in POM" exit 1 fi - name: Validate release in org.cryptomator.Cryptomator.metainfo.xml file if: ${{ ! (contains(github.event.head_commit.message, '[skip metadata check]') || contains(github.event.head_commit.message, '[metadata check skip]')) }} run: | if ! grep -q "" dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml; then echo "Release not set in dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml" exit 1 fi - name: Cache NVD DB uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.m2/repository/org/owasp/dependency-check-data/ key: dependency-check-${{ github.run_id }} restore-keys: | dependency-check env: SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5 - name: Run org.owasp:dependency-check plugin id: dependency-check continue-on-error: true run: mvn -B verify -Pdependency-check -DskipTests env: NVD_API_KEY: ${{ secrets.NVD_API_KEY }}