Update checkmarx ast cli #4924
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update checkmarx ast cli | |
on: | |
workflow_dispatch: | |
inputs: | |
cli-tag: | |
description: 'Optional CLI tag to upgrade to' | |
required: false | |
repository_dispatch: | |
types: [cli-version-update] | |
jobs: | |
update-checkmarx-cli: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
lfs: true | |
- name: Install Git LFS | |
run: | | |
sudo apt-get update | |
sudo apt-get install git-lfs | |
git lfs install | |
- name: Configure Git user | |
run: | | |
git config --global user.name github-actions | |
git config --global user.email [email protected] | |
- name: Determine target CLI version | |
id: determine-cli-version | |
run: | | |
if [ -n "${{ github.event.inputs.cli-tag }}" ]; then | |
echo "Using user-provided CLI tag: ${{ github.event.inputs.cli-tag }}" | |
echo "release_tag=${{ github.event.inputs.cli-tag }}" >> $GITHUB_OUTPUT | |
else | |
echo "Fetching latest release from GitHub..." | |
LATEST_TAG=$(curl -sL https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | jq -r ".tag_name") | |
echo "release_tag=$LATEST_TAG" >> $GITHUB_OUTPUT | |
fi | |
echo "current_tag=$(<checkmarx-ast-cli.version)" >> $GITHUB_OUTPUT | |
- name: Update Checkmarx CLI version file | |
if: steps.determine-cli-version.outputs.current_tag != steps.determine-cli-version.outputs.release_tag | |
run: echo "${{ steps.determine-cli-version.outputs.release_tag }}" > checkmarx-ast-cli.version | |
- name: Download CLI and run update script | |
if: steps.determine-cli-version.outputs.current_tag != steps.determine-cli-version.outputs.release_tag | |
run: | | |
chmod +x ./.github/scripts/update_cli.sh | |
./.github/scripts/update_cli.sh ${{ steps.determine-cli-version.outputs.release_tag }} | |
- name: Track large files with Git LFS | |
if: steps.determine-cli-version.outputs.current_tag != steps.determine-cli-version.outputs.release_tag | |
run: | | |
git lfs track "src/main/wrapper/resources/cx-linux" | |
git lfs track "src/main/wrapper/resources/cx.exe" | |
git lfs track "src/main/wrapper/resources/cx-mac" | |
git add .gitattributes | |
git add src/main/wrapper/resources/cx-linux src/main/wrapper/resources/cx.exe src/main/wrapper/resources/cx-mac | |
- name: Commit and push changes directly (no PR) | |
if: github.event.inputs.cli-tag != '' | |
run: | | |
git add checkmarx-ast-cli.version | |
git commit -m "Direct update of Checkmarx CLI to ${{ steps.determine-cli-version.outputs.release_tag }}" | |
git push origin HEAD | |
- name: Create Pull Request | |
if: github.event.inputs.cli-tag == '' && steps.determine-cli-version.outputs.current_tag != steps.determine-cli-version.outputs.release_tag | |
uses: peter-evans/create-pull-request@v6 | |
with: | |
token: ${{ secrets.AUTOMATION_TOKEN }} | |
commit-message: Update checkmarx-ast-cli to ${{ steps.determine-cli-version.outputs.release_tag }} | |
title: Update checkmarx-ast-cli binaries with ${{ steps.determine-cli-version.outputs.release_tag }} | |
body: | | |
Updates [checkmarx-ast-cli][1] to ${{ steps.determine-cli-version.outputs.release_tag }} | |
Auto-generated by [create-pull-request][2] | |
[1]: https://github.com/Checkmarx/checkmarx-ast-cli | |
labels: cxone | |
branch: feature/update_cli_${{ steps.determine-cli-version.outputs.release_tag }} |