Skip to content

Update checkmarx ast cli #4924

Update checkmarx ast cli

Update checkmarx ast cli #4924

Workflow file for this run

name: Update checkmarx ast cli
on:
workflow_dispatch:
inputs:
cli-tag:
description: 'Optional CLI tag to upgrade to'
required: false
repository_dispatch:
types: [cli-version-update]
jobs:
update-checkmarx-cli:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
lfs: true
- name: Install Git LFS
run: |
sudo apt-get update
sudo apt-get install git-lfs
git lfs install
- name: Configure Git user
run: |
git config --global user.name github-actions
git config --global user.email [email protected]
- name: Determine target CLI version
id: determine-cli-version
run: |
if [ -n "${{ github.event.inputs.cli-tag }}" ]; then
echo "Using user-provided CLI tag: ${{ github.event.inputs.cli-tag }}"
echo "release_tag=${{ github.event.inputs.cli-tag }}" >> $GITHUB_OUTPUT
else
echo "Fetching latest release from GitHub..."
LATEST_TAG=$(curl -sL https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | jq -r ".tag_name")
echo "release_tag=$LATEST_TAG" >> $GITHUB_OUTPUT
fi
echo "current_tag=$(<checkmarx-ast-cli.version)" >> $GITHUB_OUTPUT
- name: Update Checkmarx CLI version file
if: steps.determine-cli-version.outputs.current_tag != steps.determine-cli-version.outputs.release_tag
run: echo "${{ steps.determine-cli-version.outputs.release_tag }}" > checkmarx-ast-cli.version
- name: Download CLI and run update script
if: steps.determine-cli-version.outputs.current_tag != steps.determine-cli-version.outputs.release_tag
run: |
chmod +x ./.github/scripts/update_cli.sh
./.github/scripts/update_cli.sh ${{ steps.determine-cli-version.outputs.release_tag }}
- name: Track large files with Git LFS
if: steps.determine-cli-version.outputs.current_tag != steps.determine-cli-version.outputs.release_tag
run: |
git lfs track "src/main/wrapper/resources/cx-linux"
git lfs track "src/main/wrapper/resources/cx.exe"
git lfs track "src/main/wrapper/resources/cx-mac"
git add .gitattributes
git add src/main/wrapper/resources/cx-linux src/main/wrapper/resources/cx.exe src/main/wrapper/resources/cx-mac
- name: Commit and push changes directly (no PR)
if: github.event.inputs.cli-tag != ''
run: |
git add checkmarx-ast-cli.version
git commit -m "Direct update of Checkmarx CLI to ${{ steps.determine-cli-version.outputs.release_tag }}"
git push origin HEAD
- name: Create Pull Request
if: github.event.inputs.cli-tag == '' && steps.determine-cli-version.outputs.current_tag != steps.determine-cli-version.outputs.release_tag
uses: peter-evans/create-pull-request@v6
with:
token: ${{ secrets.AUTOMATION_TOKEN }}
commit-message: Update checkmarx-ast-cli to ${{ steps.determine-cli-version.outputs.release_tag }}
title: Update checkmarx-ast-cli binaries with ${{ steps.determine-cli-version.outputs.release_tag }}
body: |
Updates [checkmarx-ast-cli][1] to ${{ steps.determine-cli-version.outputs.release_tag }}
Auto-generated by [create-pull-request][2]
[1]: https://github.com/Checkmarx/checkmarx-ast-cli
labels: cxone
branch: feature/update_cli_${{ steps.determine-cli-version.outputs.release_tag }}