From 05b0d7605673061157b8b0c9608cf39d26432728 Mon Sep 17 00:00:00 2001 From: Amol Mane <22643905+cx-amol-mane@users.noreply.github.com> Date: Fri, 27 Feb 2026 21:31:35 +0530 Subject: [PATCH 01/15] Implement changelog generation script and update Gradle build configurations - Added a new script `generateChangelog.sh` to automate changelog generation for plugins based on git logs. - Updated `build.gradle` files across multiple modules to disable specific tasks related to plugin verification and building searchable options. - Modified GitHub Actions workflows to improve version tagging and release management, including new inputs for release type and versioning. - Enhanced the `release.yml` workflow to resolve versions and tags dynamically based on input parameters. --- .github/scripts/generateChangelog.sh | 223 +++++++++++++++++++++ .github/workflows/nightly.yml | 13 +- .github/workflows/release.yml | 253 +++++++++++++++++++----- build.gradle | 4 + common-lib/build.gradle | 4 + devassist-lib/build.gradle | 4 + plugin-checkmarx-devassist/build.gradle | 8 +- 7 files changed, 455 insertions(+), 54 deletions(-) create mode 100644 .github/scripts/generateChangelog.sh diff --git a/.github/scripts/generateChangelog.sh b/.github/scripts/generateChangelog.sh new file mode 100644 index 000000000..96d14ecf0 --- /dev/null +++ b/.github/scripts/generateChangelog.sh @@ -0,0 +1,223 @@ +#!/usr/bin/env bash +set -euo pipefail + +# --------------------------------------------------------------------------- +# Generate changelog for a specific plugin using git log filtered by path. +# +# Mirrors the VS Code extension's generateChangelog.js for the JetBrains +# multi-plugin monorepo. +# +# Usage: +# ./generateChangelog.sh --plugin checkmarx --version 2.3.4 --repo Checkmarx/ast-jetbrains-plugin +# ./generateChangelog.sh --plugin devassist --version 1.0.0 --repo Checkmarx/ast-jetbrains-plugin --dev true +# +# Outputs: +# Structured release body section on stdout between RELEASE_BODY_START / RELEASE_BODY_END +# --------------------------------------------------------------------------- + +PLUGIN="" +VERSION="" +REPO="" +IS_DEV="false" + +while [[ $# -gt 0 ]]; do + case "$1" in + --plugin) PLUGIN="$2"; shift 2 ;; + --version) VERSION="$2"; shift 2 ;; + --repo) REPO="$2"; shift 2 ;; + --dev) IS_DEV="$2"; shift 2 ;; + *) echo "Unknown arg: $1" >&2; exit 1 ;; + esac +done + +if [[ -z "$PLUGIN" || -z "$VERSION" || -z "$REPO" ]]; then + echo "Usage: $0 --plugin checkmarx|devassist --version X.Y.Z --repo owner/repo [--dev true|false]" >&2 + exit 1 +fi + +case "$PLUGIN" in + checkmarx) + DISPLAY_NAME="Checkmarx (AST)" + GIT_PATHS=("plugin-checkmarx-ast/" "common-lib/") + ;; + devassist) + DISPLAY_NAME="DevAssist" + GIT_PATHS=("plugin-checkmarx-devassist/" "devassist-lib/" "common-lib/") + ;; + *) + echo "--plugin must be 'checkmarx' or 'devassist'" >&2 + exit 1 + ;; +esac + +REPO_URL="https://github.com/${REPO}" + +# --------------------------------------------------------------------------- +# Find last stable tag (plain version tags like 2.3.3, no suffix) +# Tags follow the JetBrains convention: plain numbers, no v prefix +# --------------------------------------------------------------------------- +find_last_stable_tag() { + local all_tags + all_tags=$(git tag --sort=-creatordate 2>/dev/null || true) + + if [[ -z "$all_tags" ]]; then + echo "" + return + fi + + while IFS= read -r tag; do + # Match plain version tags (e.g. 2.3.3) -- no suffix like -nightly + if [[ "$tag" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "$tag" + return + fi + done <<< "$all_tags" + + # Fallback: check v-prefixed tags (legacy) + while IFS= read -r tag; do + if [[ "$tag" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "$tag" + return + fi + done <<< "$all_tags" + + echo "" +} + +LAST_TAG=$(find_last_stable_tag) +if [[ -n "$LAST_TAG" ]]; then + echo "Found last stable tag: $LAST_TAG" >&2 + RANGE="${LAST_TAG}..HEAD" +else + echo "No stable tag found, using full history" >&2 + RANGE="HEAD" +fi + +# --------------------------------------------------------------------------- +# Patterns to exclude (automation / version bump commits) +# --------------------------------------------------------------------------- +EXCLUDE_REGEX="(update.*version.*automated|bump version|\[create-pull-request\] automated|Merge pull request.*dependabot|^Merge branch)" + +# --------------------------------------------------------------------------- +# Collect commits filtered by subproject paths +# --------------------------------------------------------------------------- +PATH_ARGS="" +for p in "${GIT_PATHS[@]}"; do + PATH_ARGS="${PATH_ARGS} -- ${p}" +done + +RAW_LOG=$(git log ${RANGE} --pretty=format:"%H|||%s|||%an" ${PATH_ARGS} 2>/dev/null || true) + +# --------------------------------------------------------------------------- +# Categorize commits by conventional commit patterns +# --------------------------------------------------------------------------- +declare -a FEATURES=() +declare -a FIXES=() +declare -a DOCS=() +declare -a REFACTORS=() +declare -a PERFS=() +declare -a OTHERS=() + +if [[ -n "$RAW_LOG" ]]; then + while IFS= read -r line; do + HASH=$(echo "$line" | cut -d'|||' -f1) + MSG=$(echo "$line" | awk -F'\\|\\|\\|' '{print $2}') + AUTHOR_NAME=$(echo "$line" | awk -F'\\|\\|\\|' '{print $3}') + + [[ -z "$MSG" ]] && continue + + if echo "$MSG" | grep -qiE "$EXCLUDE_REGEX"; then + continue + fi + + GH_USER="$AUTHOR_NAME" + if command -v gh &>/dev/null && [[ -n "$HASH" ]]; then + RESOLVED=$(gh api "repos/${REPO}/commits/${HASH}" --template '{{.author.login}}' 2>/dev/null || true) + if [[ -n "$RESOLVED" && "$RESOLVED" != " " ]]; then + GH_USER="$RESOLVED" + else + GH_USER=$(echo "$AUTHOR_NAME" | tr -d ' ') + fi + fi + + ENTRY="* ${MSG} by @${GH_USER}" + MSG_LOWER=$(echo "$MSG" | tr '[:upper:]' '[:lower:]') + + if echo "$MSG" | grep -qE "^feat(\(.+\))?[:\!]" || echo "$MSG_LOWER" | grep -qiE "\b(add|added|adding|new feature|feature|implement|implemented)\b"; then + FEATURES+=("$ENTRY") + elif echo "$MSG" | grep -qE "^fix(\(.+\))?[:\!]" || echo "$MSG_LOWER" | grep -qiE "\b(fix|fixed|fixing|fixes|resolve|resolved|bug)\b"; then + FIXES+=("$ENTRY") + elif echo "$MSG" | grep -qE "^docs(\(.+\))?[:\!]" || echo "$MSG_LOWER" | grep -qiE "\b(doc|docs|documentation|readme)\b"; then + DOCS+=("$ENTRY") + elif echo "$MSG" | grep -qE "^refactor(\(.+\))?[:\!]" || echo "$MSG_LOWER" | grep -qiE "\b(refactor|refactoring|restructure|reorganize)\b"; then + REFACTORS+=("$ENTRY") + elif echo "$MSG" | grep -qE "^perf(\(.+\))?[:\!]" || echo "$MSG_LOWER" | grep -qiE "\b(perf|performance|optimize|optimized|optimization)\b"; then + PERFS+=("$ENTRY") + else + OTHERS+=("$ENTRY") + fi + done <<< "$RAW_LOG" +fi + +# --------------------------------------------------------------------------- +# Build the release body section +# --------------------------------------------------------------------------- +BODY="## ${DISPLAY_NAME}: ${VERSION}\n\n### What's Changed\n\n" + +section_added=false + +if [[ ${#FEATURES[@]} -gt 0 ]]; then + BODY+="#### New Features\n" + for e in "${FEATURES[@]}"; do BODY+="${e}\n"; done + BODY+="\n" + section_added=true +fi + +if [[ ${#FIXES[@]} -gt 0 ]]; then + BODY+="#### Bug Fixes\n" + for e in "${FIXES[@]}"; do BODY+="${e}\n"; done + BODY+="\n" + section_added=true +fi + +if [[ ${#DOCS[@]} -gt 0 ]]; then + BODY+="#### Documentation\n" + for e in "${DOCS[@]}"; do BODY+="${e}\n"; done + BODY+="\n" + section_added=true +fi + +if [[ ${#REFACTORS[@]} -gt 0 ]]; then + BODY+="#### Refactor\n" + for e in "${REFACTORS[@]}"; do BODY+="${e}\n"; done + BODY+="\n" + section_added=true +fi + +if [[ ${#PERFS[@]} -gt 0 ]]; then + BODY+="#### Performance\n" + for e in "${PERFS[@]}"; do BODY+="${e}\n"; done + BODY+="\n" + section_added=true +fi + +if [[ ${#OTHERS[@]} -gt 0 ]]; then + BODY+="#### Other Changes\n" + for e in "${OTHERS[@]}"; do BODY+="${e}\n"; done + BODY+="\n" + section_added=true +fi + +if [[ "$section_added" == "false" ]]; then + BODY+="_No changes_\n\n" +fi + +if [[ -n "$LAST_TAG" ]]; then + BODY+="**Full Changelog**: ${REPO_URL}/compare/${LAST_TAG}...${VERSION}\n" +else + BODY+="**Full Changelog**: ${REPO_URL}/releases/tag/${VERSION}\n" +fi + +echo "RELEASE_BODY_START" +echo -e "$BODY" +echo "RELEASE_BODY_END" diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index a8ba88e0e..5006e1bc2 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -10,17 +10,18 @@ jobs: set_tag: runs-on: ubuntu-latest outputs: - tag_name: ${{ steps.tagname.outputs.tag_name }} + tag_version: ${{ steps.tagname.outputs.tag_version }} steps: - - name: Create tagname - run: echo "tag_name=2.0.$(date +%s)" >> "$GITHUB_OUTPUT" + - name: Create version + run: echo "tag_version=2.0.$(date +%s)" >> "$GITHUB_OUTPUT" id: tagname - - name: Print tagname - run: echo "created tag ${{ steps.tagname.outputs.tag_name }}" + - name: Print version + run: echo "created version ${{ steps.tagname.outputs.tag_version }}" nightly: needs: set_tag uses: Checkmarx/ast-jetbrains-plugin/.github/workflows/release.yml@main with: - tag: ${{ needs.set_tag.outputs.tag_name }} + tag: ${{ needs.set_tag.outputs.tag_version }} + releaseType: "both" rchannels: "nightly" secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2c53d345e..32eeb3488 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,9 +4,22 @@ on: workflow_call: inputs: tag: - description: 'Next release tag' + description: 'Release tag (e.g. 2.3.4)' required: true type: string + releaseType: + description: 'Which plugin(s) to publish to marketplace (checkmarx | devAssist | both)' + required: false + type: string + default: 'both' + ast_version: + description: 'Version for checkmarx-ast-plugin zip (defaults to tag for nightly)' + required: false + type: string + devassist_version: + description: 'Version for checkmarx-developer-assist-plugin zip (defaults to tag for nightly)' + required: false + type: string javawrapperversion: description: 'Java Wrapper Version' required: false @@ -15,10 +28,32 @@ on: description: 'Channels to publish development releases' required: false type: string + publish: + description: 'Publish to JetBrains Marketplace' + required: false + type: boolean + default: true workflow_dispatch: inputs: tag: - description: 'Next release tag' + description: 'Main release tag (e.g. 2.3.4)' + required: true + type: string + releaseType: + description: 'Which plugin(s) to publish to marketplace' + required: true + type: choice + options: + - both + - checkmarx + - devAssist + default: 'both' + ast_version: + description: 'Version for checkmarx-ast-plugin zip (e.g. 2.3.4)' + required: true + type: string + devassist_version: + description: 'Version for checkmarx-developer-assist-plugin zip (e.g. 1.0.0)' required: true type: string javawrapperversion: @@ -29,6 +64,16 @@ on: description: 'Channels to publish development releases' required: false type: string + publish: + description: 'Publish to JetBrains Marketplace' + required: false + type: boolean + default: true + +permissions: + contents: write + packages: write + id-token: write env: CX_BASE_URI: ${{ secrets.CX_BASE_URI }} @@ -43,12 +88,58 @@ env: CX_NOT_MATCH_TEST_BRANCH: ${{ secrets.CX_NOT_MATCH_TEST_BRANCH }} CX_NOT_MATCH_TEST_SCAN_ID: ${{ secrets.CX_NOT_MATCH_TEST_SCAN_ID }} - jobs: + resolve: + runs-on: ubuntu-latest + outputs: + releaseType: ${{ steps.vars.outputs.releaseType }} + ast_version: ${{ steps.vars.outputs.ast_version }} + devassist_version: ${{ steps.vars.outputs.devassist_version }} + gh_tag: ${{ steps.vars.outputs.gh_tag }} + steps: + - name: Resolve versions and tag + id: vars + run: | + TAG="${{ inputs.tag }}" + RELEASE_TYPE="${{ inputs.releaseType }}" + AST_VERSION="${{ inputs.ast_version }}" + DA_VERSION="${{ inputs.devassist_version }}" + CHANNEL="${{ inputs.rchannels }}" + + if [[ -z "${RELEASE_TYPE}" ]]; then + RELEASE_TYPE="both" + fi + + # For workflow_call (nightly), default plugin versions to tag if not provided. + # For workflow_dispatch (manual), both are required inputs. + if [[ -z "${AST_VERSION}" ]]; then + AST_VERSION="${TAG}" + fi + if [[ -z "${DA_VERSION}" ]]; then + DA_VERSION="${TAG}" + fi + + # Build GitHub release tag + if [[ -n "${CHANNEL}" ]]; then + GH_TAG="${TAG}-${CHANNEL}" + else + GH_TAG="${TAG}" + fi + + echo "releaseType=${RELEASE_TYPE}" >> "$GITHUB_OUTPUT" + echo "ast_version=${AST_VERSION}" >> "$GITHUB_OUTPUT" + echo "devassist_version=${DA_VERSION}" >> "$GITHUB_OUTPUT" + echo "gh_tag=${GH_TAG}" >> "$GITHUB_OUTPUT" + + echo "Release type: ${RELEASE_TYPE}" + echo "AST version: ${AST_VERSION}" + echo "DevAssist version: ${DA_VERSION}" + echo "GitHub tag: ${GH_TAG}" + verify: + needs: [resolve] runs-on: ubuntu-latest steps: - # Check out current repository - name: Checkout Code uses: actions/checkout@v4 - name: Free up disk space @@ -56,46 +147,41 @@ jobs: sudo rm -rf /usr/share/dotnet sudo rm -rf /opt/ghc sudo rm -rf /usr/local/lib/android - sudo docker system prune -af - # Setup Java 11 environment for the next steps + sudo docker system prune -af - name: Setup Java uses: actions/setup-java@v3.13.0 with: distribution: zulu java-version: 11 - # Run verifier - name: Run plugin verifier - run: ./gradlew runPluginVerifier + run: ./gradlew :plugin-checkmarx-ast:runPluginVerifier :plugin-checkmarx-devassist:runPluginVerifier env: - JAVA_TOOL_OPTIONS: > - -DpasswordSafe.enabled=false - # Upload verifier report + JAVA_TOOL_OPTIONS: > + -DpasswordSafe.enabled=false - name: Upload report uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 #v4 if: always() with: name: verifier-report - path: build/reports/pluginVerifier + path: | + plugin-checkmarx-ast/build/reports/pluginVerifier + plugin-checkmarx-devassist/build/reports/pluginVerifier + testIntegration: - needs: [ verify ] + needs: [verify] runs-on: ubuntu-latest steps: - # Check out current repository - name: Fetch Sources uses: actions/checkout@v4 - # Setup Java 11 environment for the next steps - name: Setup Java uses: actions/setup-java@v3.13.0 with: distribution: zulu java-version: 11 - # Perform clean before testing - name: Clean run: ./gradlew clean - # Run tests - name: Tests run: ./gradlew test -i --tests com.checkmarx.intellij.integration.standard* - # Save report if tests fail - name: Save fails report if: ${{ failure() }} uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 #v4 @@ -103,78 +189,151 @@ jobs: name: test-fails-report-integration path: | build/reports + deleteDevReleases: + needs: [resolve, verify, testIntegration] uses: Checkmarx/ast-jetbrains-plugin/.github/workflows/delete-dev-releases.yml@main with: tag: ${{ inputs.rchannels }} secrets: inherit - if: inputs.rchannels + if: ${{ inputs.rchannels != '' && inputs.rchannels != null }} + release: + needs: [resolve, verify, testIntegration, deleteDevReleases] + if: ${{ always() && needs.resolve.result == 'success' && needs.verify.result == 'success' && needs.testIntegration.result == 'success' && (needs.deleteDevReleases.result == 'success' || needs.deleteDevReleases.result == 'skipped') }} runs-on: ubuntu-latest outputs: TAG_NAME: ${{ steps.set_outputs.outputs.TAG_NAME }} CLI_VERSION: ${{ steps.set_outputs.outputs.CLI_VERSION }} steps: - # Check out current repository - name: Fetch Sources uses: actions/checkout@v4 - # Setup Java 11 environment for the next steps + with: + fetch-depth: 0 - name: Setup Java uses: actions/setup-java@v3.13.0 with: distribution: zulu java-version: 11 - # Set the tag in an env var - - name: Set env + + - name: Set versions run: | - echo "RELEASE_VERSION=${{ inputs.tag }}" >> $GITHUB_ENV echo "JAVA_WRAPPER_VERSION=${{ inputs.javawrapperversion }}" >> $GITHUB_ENV - - name: Create Release Name + + # Always build BOTH plugins (both zips always present in release) + - name: Build plugin-checkmarx-ast + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - echo "Creating release name" - if [ -z "${{ inputs.rchannels }}" ]; then - echo "GH_RELEASE_TAG_NAME=${{ env.RELEASE_VERSION }}" >> $GITHUB_ENV - else - echo "GH_RELEASE_TAG_NAME=${{ env.RELEASE_VERSION }}-${{ inputs.rchannels }}" >> $GITHUB_ENV - fi - echo "Release name - ${{ env.GH_RELEASE_TAG_NAME }}" + RELEASE_VERSION="${{ needs.resolve.outputs.ast_version }}" \ + ./gradlew :plugin-checkmarx-ast:buildPlugin --info - # Build plugin - - name: Build + - name: Build plugin-checkmarx-devassist env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: ./gradlew buildPlugin --info + run: | + RELEASE_VERSION="${{ needs.resolve.outputs.devassist_version }}" \ + ./gradlew :plugin-checkmarx-devassist:buildPlugin --info - name: Extract CLI version run: | chmod +x ./.github/scripts/extract_cli_version.sh ./.github/scripts/extract_cli_version.sh cx-linux - # Create the release or prerelease + - name: Generate Changelog + run: | + chmod +x ./.github/scripts/generateChangelog.sh + RELEASE_TYPE="${{ needs.resolve.outputs.releaseType }}" + AST_VER="${{ needs.resolve.outputs.ast_version }}" + DA_VER="${{ needs.resolve.outputs.devassist_version }}" + + # --- "Plugins in this release" header (matching VS Code) --- + HEADER="### Plugins in this release\n" + if [[ "${RELEASE_TYPE}" == "checkmarx" || "${RELEASE_TYPE}" == "both" ]]; then + HEADER+="* **Checkmarx (AST):** ${AST_VER} (NEW)\n" + else + HEADER+="* **Checkmarx (AST):** ${AST_VER}\n" + fi + if [[ "${RELEASE_TYPE}" == "devAssist" || "${RELEASE_TYPE}" == "both" ]]; then + HEADER+="* **Checkmarx Developer Assist:** ${DA_VER} (NEW)\n" + else + HEADER+="* **Checkmarx Developer Assist:** ${DA_VER}\n" + fi + HEADER+="\n" + + # --- Per-plugin changelogs --- + CX_SECTION="" + OUTPUT=$(bash ./.github/scripts/generateChangelog.sh \ + --plugin checkmarx \ + --version "${AST_VER}" \ + --repo "${{ github.repository }}" \ + --dev "${{ inputs.rchannels != '' && inputs.rchannels != null }}") + CX_SECTION=$(echo "$OUTPUT" | sed -n '/RELEASE_BODY_START/,/RELEASE_BODY_END/p' | sed '1d;$d') + + DA_SECTION="" + OUTPUT=$(bash ./.github/scripts/generateChangelog.sh \ + --plugin devassist \ + --version "${DA_VER}" \ + --repo "${{ github.repository }}" \ + --dev "${{ inputs.rchannels != '' && inputs.rchannels != null }}") + DA_SECTION=$(echo "$OUTPUT" | sed -n '/RELEASE_BODY_START/,/RELEASE_BODY_END/p' | sed '1d;$d') + + RELEASE_BODY="$(printf "%b" "${HEADER}") + + ${CX_SECTION} + + --- + + ${DA_SECTION}" + + { + echo "RELEASE_BODY<> $GITHUB_ENV + + - name: Collect assets + run: | + mkdir -p release-assets + cp plugin-checkmarx-ast/build/distributions/*.zip release-assets/ + cp plugin-checkmarx-devassist/build/distributions/*.zip release-assets/ + - name: Create Release or Prerelease uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 #v1 with: - tag_name: ${{ env.GH_RELEASE_TAG_NAME }} - name: ${{ env.GH_RELEASE_TAG_NAME }} - files: build/distributions/* - generate_release_notes: true + tag_name: ${{ needs.resolve.outputs.gh_tag }} + name: ${{ needs.resolve.outputs.gh_tag }} + files: release-assets/* prerelease: ${{ inputs.rchannels != '' && inputs.rchannels != null }} + body: ${{ env.RELEASE_BODY }} - name: Echo CLI version and tag name to outputs id: set_outputs run: | - echo "::set-output name=TAG_NAME::${{ env.GH_RELEASE_TAG_NAME }}" - echo "::set-output name=CLI_VERSION::${{ env.CLI_VERSION }}" + echo "TAG_NAME=${{ needs.resolve.outputs.gh_tag }}" >> "$GITHUB_OUTPUT" + echo "CLI_VERSION=${{ env.CLI_VERSION }}" >> "$GITHUB_OUTPUT" - # Publish the plugin in marketplace + # Publish only the plugin(s) selected by releaseType - name: Publish Plugin + if: ${{ inputs.publish != false }} env: PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} run: | - if [ -z "${{ inputs.rchannels }}" ]; then - ./gradlew publishPlugin - else - ./gradlew publishPlugin -Prchannels=${{ inputs.rchannels }} + CHANNEL_ARG="" + if [[ -n "${{ inputs.rchannels }}" ]]; then + CHANNEL_ARG="-Prchannels=${{ inputs.rchannels }}" + fi + + RELEASE_TYPE="${{ needs.resolve.outputs.releaseType }}" + if [[ "${RELEASE_TYPE}" == "both" || "${RELEASE_TYPE}" == "checkmarx" ]]; then + echo "Publishing plugin-checkmarx-ast..." + RELEASE_VERSION="${{ needs.resolve.outputs.ast_version }}" \ + ./gradlew :plugin-checkmarx-ast:publishPlugin ${CHANNEL_ARG} + fi + if [[ "${RELEASE_TYPE}" == "both" || "${RELEASE_TYPE}" == "devAssist" ]]; then + echo "Publishing plugin-checkmarx-devassist..." + RELEASE_VERSION="${{ needs.resolve.outputs.devassist_version }}" \ + ./gradlew :plugin-checkmarx-devassist:publishPlugin ${CHANNEL_ARG} fi notify: diff --git a/build.gradle b/build.gradle index 0f4cb9d62..ee37f436b 100644 --- a/build.gradle +++ b/build.gradle @@ -79,4 +79,8 @@ intellij { runPluginVerifier { ideVersions = verifierIdeVersions.split(',').toList() +} + +[verifyPlugin, runPluginVerifier, buildSearchableOptions, patchPluginXml].each { + tasks.named(it.name) { enabled = false } } \ No newline at end of file diff --git a/common-lib/build.gradle b/common-lib/build.gradle index bd343e134..cdb9de9b3 100644 --- a/common-lib/build.gradle +++ b/common-lib/build.gradle @@ -18,4 +18,8 @@ tasks.withType(JavaCompile).configureEach { test { useJUnitPlatform() +} + +[buildSearchableOptions, patchPluginXml, verifyPlugin, runPluginVerifier, listProductsReleases, prepareSandbox, buildPlugin, jarSearchableOptions].each { + tasks.named(it.name) { enabled = false } } \ No newline at end of file diff --git a/devassist-lib/build.gradle b/devassist-lib/build.gradle index 14b6c409c..8d678691c 100644 --- a/devassist-lib/build.gradle +++ b/devassist-lib/build.gradle @@ -41,4 +41,8 @@ jacocoTestReport { csv.required = true html.required = true } +} + +[buildSearchableOptions, patchPluginXml, verifyPlugin, runPluginVerifier, listProductsReleases, prepareSandbox, buildPlugin, jarSearchableOptions].each { + tasks.named(it.name) { enabled = false } } \ No newline at end of file diff --git a/plugin-checkmarx-devassist/build.gradle b/plugin-checkmarx-devassist/build.gradle index c39e3ccc8..ca49b0837 100644 --- a/plugin-checkmarx-devassist/build.gradle +++ b/plugin-checkmarx-devassist/build.gradle @@ -22,9 +22,15 @@ patchPluginXml { sinceBuild = "${sinceBuildVersion}" } +runPluginVerifier { + ideVersions = verifierIdeVersions.split(',').toList() +} + publishPlugin { token.set System.getenv("PUBLISH_TOKEN") - channels = ['stable'] + if (project.hasProperty("rchannels")) { + channels = [rchannels.toString()] + } } test { From 5f4b4e2bcca911ad4d485c871c984842e1d82c24 Mon Sep 17 00:00:00 2001 From: Amol Mane <22643905+cx-amol-mane@users.noreply.github.com> Date: Fri, 27 Feb 2026 22:16:37 +0530 Subject: [PATCH 02/15] Update GitHub Actions workflow to specify test task for Checkmarx plugin - Changed the test command in the release.yml workflow to explicitly run tests for the Checkmarx plugin using the `:plugin-checkmarx-ast:test` task instead of the generic test command. --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 32eeb3488..b183c2f12 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -181,7 +181,7 @@ jobs: - name: Clean run: ./gradlew clean - name: Tests - run: ./gradlew test -i --tests com.checkmarx.intellij.integration.standard* + run: ./gradlew :plugin-checkmarx-ast:test -i --tests com.checkmarx.intellij.integration.standard* - name: Save fails report if: ${{ failure() }} uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 #v4 From 306079241bc7eb827f76874ee0e833cd86aaa9c2 Mon Sep 17 00:00:00 2001 From: Amol Mane <22643905+cx-amol-mane@users.noreply.github.com> Date: Fri, 27 Feb 2026 22:29:41 +0530 Subject: [PATCH 03/15] Update test command in GitHub Actions workflow for Checkmarx plugin - Modified the test command in the release.yml workflow to target the correct test class path for the Checkmarx plugin integration tests. --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b183c2f12..d3c54f106 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -181,7 +181,7 @@ jobs: - name: Clean run: ./gradlew clean - name: Tests - run: ./gradlew :plugin-checkmarx-ast:test -i --tests com.checkmarx.intellij.integration.standard* + run: ./gradlew :plugin-checkmarx-ast:test -i --tests com.checkmarx.intellij.ast.test.integration.standard* - name: Save fails report if: ${{ failure() }} uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 #v4 From 8319b3c17337372d2c67cad6013a4637b843df5f Mon Sep 17 00:00:00 2001 From: Amol Mane <22643905+cx-amol-mane@users.noreply.github.com> Date: Fri, 27 Feb 2026 22:45:27 +0530 Subject: [PATCH 04/15] Refactor changelog script to improve hash extraction method - Updated the `generateChangelog.sh` script to use `awk` for extracting the commit hash, enhancing readability and maintainability of the code. --- .github/scripts/generateChangelog.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/generateChangelog.sh b/.github/scripts/generateChangelog.sh index 96d14ecf0..358ef7d43 100644 --- a/.github/scripts/generateChangelog.sh +++ b/.github/scripts/generateChangelog.sh @@ -120,7 +120,7 @@ declare -a OTHERS=() if [[ -n "$RAW_LOG" ]]; then while IFS= read -r line; do - HASH=$(echo "$line" | cut -d'|||' -f1) + HASH=$(echo "$line" | awk -F'\\|\\|\\|' '{print $1}') MSG=$(echo "$line" | awk -F'\\|\\|\\|' '{print $2}') AUTHOR_NAME=$(echo "$line" | awk -F'\\|\\|\\|' '{print $3}') From 6b86489de7696a5e43816142ac031fde68c6c48e Mon Sep 17 00:00:00 2001 From: Amol Mane <22643905+cx-amol-mane@users.noreply.github.com> Date: Fri, 27 Feb 2026 23:27:30 +0530 Subject: [PATCH 05/15] Refactor changelog generation and update release workflow - Modified `generateChangelog.sh` to improve markdown formatting and streamline the output process for changelogs. - Updated `release.yml` to write the release body to a temporary file, enhancing clarity and organization of the release notes. --- .github/scripts/generateChangelog.sh | 64 +++++++++++++++----------- .github/workflows/release.yml | 68 ++++++++++++++-------------- 2 files changed, 72 insertions(+), 60 deletions(-) diff --git a/.github/scripts/generateChangelog.sh b/.github/scripts/generateChangelog.sh index 358ef7d43..2e8dacc06 100644 --- a/.github/scripts/generateChangelog.sh +++ b/.github/scripts/generateChangelog.sh @@ -140,7 +140,7 @@ if [[ -n "$RAW_LOG" ]]; then fi fi - ENTRY="* ${MSG} by @${GH_USER}" + ENTRY="- ${MSG} by @${GH_USER}" MSG_LOWER=$(echo "$MSG" | tr '[:upper:]' '[:lower:]') if echo "$MSG" | grep -qE "^feat(\(.+\))?[:\!]" || echo "$MSG_LOWER" | grep -qiE "\b(add|added|adding|new feature|feature|implement|implemented)\b"; then @@ -160,64 +160,76 @@ if [[ -n "$RAW_LOG" ]]; then fi # --------------------------------------------------------------------------- -# Build the release body section +# Build the release body section (write line-by-line for clean markdown) # --------------------------------------------------------------------------- -BODY="## ${DISPLAY_NAME}: ${VERSION}\n\n### What's Changed\n\n" +emit() { printf '%s\n' "$1"; } + +echo "RELEASE_BODY_START" + +emit "## ${DISPLAY_NAME}: ${VERSION}" +emit "" +emit "### What's Changed" +emit "" section_added=false if [[ ${#FEATURES[@]} -gt 0 ]]; then - BODY+="#### New Features\n" - for e in "${FEATURES[@]}"; do BODY+="${e}\n"; done - BODY+="\n" + emit "#### New Features" + emit "" + for e in "${FEATURES[@]}"; do emit "$e"; done + emit "" section_added=true fi if [[ ${#FIXES[@]} -gt 0 ]]; then - BODY+="#### Bug Fixes\n" - for e in "${FIXES[@]}"; do BODY+="${e}\n"; done - BODY+="\n" + emit "#### Bug Fixes" + emit "" + for e in "${FIXES[@]}"; do emit "$e"; done + emit "" section_added=true fi if [[ ${#DOCS[@]} -gt 0 ]]; then - BODY+="#### Documentation\n" - for e in "${DOCS[@]}"; do BODY+="${e}\n"; done - BODY+="\n" + emit "#### Documentation" + emit "" + for e in "${DOCS[@]}"; do emit "$e"; done + emit "" section_added=true fi if [[ ${#REFACTORS[@]} -gt 0 ]]; then - BODY+="#### Refactor\n" - for e in "${REFACTORS[@]}"; do BODY+="${e}\n"; done - BODY+="\n" + emit "#### Refactor" + emit "" + for e in "${REFACTORS[@]}"; do emit "$e"; done + emit "" section_added=true fi if [[ ${#PERFS[@]} -gt 0 ]]; then - BODY+="#### Performance\n" - for e in "${PERFS[@]}"; do BODY+="${e}\n"; done - BODY+="\n" + emit "#### Performance" + emit "" + for e in "${PERFS[@]}"; do emit "$e"; done + emit "" section_added=true fi if [[ ${#OTHERS[@]} -gt 0 ]]; then - BODY+="#### Other Changes\n" - for e in "${OTHERS[@]}"; do BODY+="${e}\n"; done - BODY+="\n" + emit "#### Other Changes" + emit "" + for e in "${OTHERS[@]}"; do emit "$e"; done + emit "" section_added=true fi if [[ "$section_added" == "false" ]]; then - BODY+="_No changes_\n\n" + emit "_No changes_" + emit "" fi if [[ -n "$LAST_TAG" ]]; then - BODY+="**Full Changelog**: ${REPO_URL}/compare/${LAST_TAG}...${VERSION}\n" + emit "**Full Changelog**: ${REPO_URL}/compare/${LAST_TAG}...${VERSION}" else - BODY+="**Full Changelog**: ${REPO_URL}/releases/tag/${VERSION}\n" + emit "**Full Changelog**: ${REPO_URL}/releases/tag/${VERSION}" fi -echo "RELEASE_BODY_START" -echo -e "$BODY" echo "RELEASE_BODY_END" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d3c54f106..02e235ee7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -246,51 +246,51 @@ jobs: RELEASE_TYPE="${{ needs.resolve.outputs.releaseType }}" AST_VER="${{ needs.resolve.outputs.ast_version }}" DA_VER="${{ needs.resolve.outputs.devassist_version }}" + BODY_FILE="${RUNNER_TEMP}/release_body.md" - # --- "Plugins in this release" header (matching VS Code) --- - HEADER="### Plugins in this release\n" - if [[ "${RELEASE_TYPE}" == "checkmarx" || "${RELEASE_TYPE}" == "both" ]]; then - HEADER+="* **Checkmarx (AST):** ${AST_VER} (NEW)\n" - else - HEADER+="* **Checkmarx (AST):** ${AST_VER}\n" - fi - if [[ "${RELEASE_TYPE}" == "devAssist" || "${RELEASE_TYPE}" == "both" ]]; then - HEADER+="* **Checkmarx Developer Assist:** ${DA_VER} (NEW)\n" - else - HEADER+="* **Checkmarx Developer Assist:** ${DA_VER}\n" - fi - HEADER+="\n" + # --- "Plugins in this release" header --- + { + echo "### Plugins in this release" + echo "" + if [[ "${RELEASE_TYPE}" == "checkmarx" || "${RELEASE_TYPE}" == "both" ]]; then + echo "- **Checkmarx (AST):** ${AST_VER} (NEW)" + else + echo "- **Checkmarx (AST):** ${AST_VER}" + fi + if [[ "${RELEASE_TYPE}" == "devAssist" || "${RELEASE_TYPE}" == "both" ]]; then + echo "- **Checkmarx Developer Assist:** ${DA_VER} (NEW)" + else + echo "- **Checkmarx Developer Assist:** ${DA_VER}" + fi + echo "" + } > "$BODY_FILE" # --- Per-plugin changelogs --- - CX_SECTION="" - OUTPUT=$(bash ./.github/scripts/generateChangelog.sh \ + bash ./.github/scripts/generateChangelog.sh \ --plugin checkmarx \ --version "${AST_VER}" \ --repo "${{ github.repository }}" \ - --dev "${{ inputs.rchannels != '' && inputs.rchannels != null }}") - CX_SECTION=$(echo "$OUTPUT" | sed -n '/RELEASE_BODY_START/,/RELEASE_BODY_END/p' | sed '1d;$d') + --dev "${{ inputs.rchannels != '' && inputs.rchannels != null }}" \ + | sed -n '/RELEASE_BODY_START/,/RELEASE_BODY_END/{/RELEASE_BODY_START/d;/RELEASE_BODY_END/d;p}' \ + >> "$BODY_FILE" - DA_SECTION="" - OUTPUT=$(bash ./.github/scripts/generateChangelog.sh \ + echo "" >> "$BODY_FILE" + echo "---" >> "$BODY_FILE" + echo "" >> "$BODY_FILE" + + bash ./.github/scripts/generateChangelog.sh \ --plugin devassist \ --version "${DA_VER}" \ --repo "${{ github.repository }}" \ - --dev "${{ inputs.rchannels != '' && inputs.rchannels != null }}") - DA_SECTION=$(echo "$OUTPUT" | sed -n '/RELEASE_BODY_START/,/RELEASE_BODY_END/p' | sed '1d;$d') - - RELEASE_BODY="$(printf "%b" "${HEADER}") - - ${CX_SECTION} + --dev "${{ inputs.rchannels != '' && inputs.rchannels != null }}" \ + | sed -n '/RELEASE_BODY_START/,/RELEASE_BODY_END/{/RELEASE_BODY_START/d;/RELEASE_BODY_END/d;p}' \ + >> "$BODY_FILE" - --- + echo "--- Release body ---" + cat "$BODY_FILE" + echo "--- End release body ---" - ${DA_SECTION}" - - { - echo "RELEASE_BODY<> $GITHUB_ENV + echo "BODY_FILE=${BODY_FILE}" >> $GITHUB_ENV - name: Collect assets run: | @@ -305,7 +305,7 @@ jobs: name: ${{ needs.resolve.outputs.gh_tag }} files: release-assets/* prerelease: ${{ inputs.rchannels != '' && inputs.rchannels != null }} - body: ${{ env.RELEASE_BODY }} + body_path: ${{ env.BODY_FILE }} - name: Echo CLI version and tag name to outputs id: set_outputs From 25f7837781395919b24d8cb7c90ef0a93f565e21 Mon Sep 17 00:00:00 2001 From: Amol Mane <22643905+cx-amol-mane@users.noreply.github.com> Date: Fri, 27 Feb 2026 23:43:49 +0530 Subject: [PATCH 06/15] Enhance changelog generation by stripping leading whitespace and bullet points from commit messages in `generateChangelog.sh` --- .github/scripts/generateChangelog.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/scripts/generateChangelog.sh b/.github/scripts/generateChangelog.sh index 2e8dacc06..10171fd1d 100644 --- a/.github/scripts/generateChangelog.sh +++ b/.github/scripts/generateChangelog.sh @@ -124,6 +124,9 @@ if [[ -n "$RAW_LOG" ]]; then MSG=$(echo "$line" | awk -F'\\|\\|\\|' '{print $2}') AUTHOR_NAME=$(echo "$line" | awk -F'\\|\\|\\|' '{print $3}') + # Strip leading whitespace, then leading "* " or "- " from squash/merge commit subjects + MSG=$(echo "$MSG" | sed 's/^[[:space:]]*//' | sed 's/^[*-][[:space:]]*//') + [[ -z "$MSG" ]] && continue if echo "$MSG" | grep -qiE "$EXCLUDE_REGEX"; then From 3604b32c7d4e4c30a8699d704db654d6d0306990 Mon Sep 17 00:00:00 2001 From: Amol Mane <22643905+cx-amol-mane@users.noreply.github.com> Date: Sat, 28 Feb 2026 00:04:07 +0530 Subject: [PATCH 07/15] Enhance changelog formatting and update release name in workflow - Updated `generateChangelog.sh` to include emojis in section headers for better visual distinction. - Modified `release.yml` to dynamically build the release name based on the tag and timestamp, improving clarity in release identification. --- .github/scripts/generateChangelog.sh | 12 ++++++------ .github/workflows/release.yml | 12 +++++++++++- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/.github/scripts/generateChangelog.sh b/.github/scripts/generateChangelog.sh index 10171fd1d..756a76215 100644 --- a/.github/scripts/generateChangelog.sh +++ b/.github/scripts/generateChangelog.sh @@ -177,7 +177,7 @@ emit "" section_added=false if [[ ${#FEATURES[@]} -gt 0 ]]; then - emit "#### New Features" + emit "#### 🚀 New Features" emit "" for e in "${FEATURES[@]}"; do emit "$e"; done emit "" @@ -185,7 +185,7 @@ if [[ ${#FEATURES[@]} -gt 0 ]]; then fi if [[ ${#FIXES[@]} -gt 0 ]]; then - emit "#### Bug Fixes" + emit "#### 🐛 Bug Fixes" emit "" for e in "${FIXES[@]}"; do emit "$e"; done emit "" @@ -193,7 +193,7 @@ if [[ ${#FIXES[@]} -gt 0 ]]; then fi if [[ ${#DOCS[@]} -gt 0 ]]; then - emit "#### Documentation" + emit "#### 📝 Documentation" emit "" for e in "${DOCS[@]}"; do emit "$e"; done emit "" @@ -201,7 +201,7 @@ if [[ ${#DOCS[@]} -gt 0 ]]; then fi if [[ ${#REFACTORS[@]} -gt 0 ]]; then - emit "#### Refactor" + emit "#### ♻️ Refactor" emit "" for e in "${REFACTORS[@]}"; do emit "$e"; done emit "" @@ -209,7 +209,7 @@ if [[ ${#REFACTORS[@]} -gt 0 ]]; then fi if [[ ${#PERFS[@]} -gt 0 ]]; then - emit "#### Performance" + emit "#### ⚡ Performance" emit "" for e in "${PERFS[@]}"; do emit "$e"; done emit "" @@ -217,7 +217,7 @@ if [[ ${#PERFS[@]} -gt 0 ]]; then fi if [[ ${#OTHERS[@]} -gt 0 ]]; then - emit "#### Other Changes" + emit "#### 🔧 Other Changes" emit "" for e in "${OTHERS[@]}"; do emit "$e"; done emit "" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 02e235ee7..7ad50a29d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -298,11 +298,21 @@ jobs: cp plugin-checkmarx-ast/build/distributions/*.zip release-assets/ cp plugin-checkmarx-devassist/build/distributions/*.zip release-assets/ + - name: Build release name + run: | + TAG="${{ needs.resolve.outputs.gh_tag }}" + if [[ -n "${{ inputs.rchannels }}" ]]; then + TIMESTAMP=$(date +%s) + echo "RELEASE_NAME=${TAG} (${TIMESTAMP})" >> "$GITHUB_ENV" + else + echo "RELEASE_NAME=${TAG}" >> "$GITHUB_ENV" + fi + - name: Create Release or Prerelease uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 #v1 with: tag_name: ${{ needs.resolve.outputs.gh_tag }} - name: ${{ needs.resolve.outputs.gh_tag }} + name: ${{ env.RELEASE_NAME }} files: release-assets/* prerelease: ${{ inputs.rchannels != '' && inputs.rchannels != null }} body_path: ${{ env.BODY_FILE }} From 5533bce29fb3f133424fad0cbbb44fab7dbb4fb5 Mon Sep 17 00:00:00 2001 From: Amol Mane <22643905+cx-amol-mane@users.noreply.github.com> Date: Sat, 28 Feb 2026 09:37:55 +0530 Subject: [PATCH 08/15] Refactor release workflow to conditionally generate changelogs for plugins - Updated `release.yml` to generate changelogs only for plugins being released as NEW, based on the specified release type. - Improved organization of the changelog sections by adding conditional checks and formatting adjustments. --- .github/workflows/release.yml | 44 +++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7ad50a29d..4910f8869 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -265,26 +265,34 @@ jobs: echo "" } > "$BODY_FILE" - # --- Per-plugin changelogs --- - bash ./.github/scripts/generateChangelog.sh \ - --plugin checkmarx \ - --version "${AST_VER}" \ - --repo "${{ github.repository }}" \ - --dev "${{ inputs.rchannels != '' && inputs.rchannels != null }}" \ - | sed -n '/RELEASE_BODY_START/,/RELEASE_BODY_END/{/RELEASE_BODY_START/d;/RELEASE_BODY_END/d;p}' \ - >> "$BODY_FILE" + # --- Per-plugin changelogs (only for plugins being released as NEW) --- + FIRST_SECTION=true - echo "" >> "$BODY_FILE" - echo "---" >> "$BODY_FILE" - echo "" >> "$BODY_FILE" + if [[ "${RELEASE_TYPE}" == "checkmarx" || "${RELEASE_TYPE}" == "both" ]]; then + bash ./.github/scripts/generateChangelog.sh \ + --plugin checkmarx \ + --version "${AST_VER}" \ + --repo "${{ github.repository }}" \ + --dev "${{ inputs.rchannels != '' && inputs.rchannels != null }}" \ + | sed -n '/RELEASE_BODY_START/,/RELEASE_BODY_END/{/RELEASE_BODY_START/d;/RELEASE_BODY_END/d;p}' \ + >> "$BODY_FILE" + FIRST_SECTION=false + fi - bash ./.github/scripts/generateChangelog.sh \ - --plugin devassist \ - --version "${DA_VER}" \ - --repo "${{ github.repository }}" \ - --dev "${{ inputs.rchannels != '' && inputs.rchannels != null }}" \ - | sed -n '/RELEASE_BODY_START/,/RELEASE_BODY_END/{/RELEASE_BODY_START/d;/RELEASE_BODY_END/d;p}' \ - >> "$BODY_FILE" + if [[ "${RELEASE_TYPE}" == "devAssist" || "${RELEASE_TYPE}" == "both" ]]; then + if [[ "$FIRST_SECTION" == "false" ]]; then + echo "" >> "$BODY_FILE" + echo "---" >> "$BODY_FILE" + echo "" >> "$BODY_FILE" + fi + bash ./.github/scripts/generateChangelog.sh \ + --plugin devassist \ + --version "${DA_VER}" \ + --repo "${{ github.repository }}" \ + --dev "${{ inputs.rchannels != '' && inputs.rchannels != null }}" \ + | sed -n '/RELEASE_BODY_START/,/RELEASE_BODY_END/{/RELEASE_BODY_START/d;/RELEASE_BODY_END/d;p}' \ + >> "$BODY_FILE" + fi echo "--- Release body ---" cat "$BODY_FILE" From e9915ec072555bbb0f947846751b60a597479eb5 Mon Sep 17 00:00:00 2001 From: Amol Mane <22643905+cx-amol-mane@users.noreply.github.com> Date: Sat, 28 Feb 2026 11:12:32 +0530 Subject: [PATCH 09/15] Refactor changelog script and release workflow to remove unnecessary dev flag - Updated `generateChangelog.sh` to simplify usage by removing the `--dev` argument from the usage instructions and argument parsing. - Modified `release.yml` to eliminate the conditional `--dev` flag when generating changelogs for both Checkmarx and devassist plugins, streamlining the workflow. --- .github/scripts/generateChangelog.sh | 13 +++---------- .github/workflows/release.yml | 2 -- 2 files changed, 3 insertions(+), 12 deletions(-) diff --git a/.github/scripts/generateChangelog.sh b/.github/scripts/generateChangelog.sh index 756a76215..581ddecc0 100644 --- a/.github/scripts/generateChangelog.sh +++ b/.github/scripts/generateChangelog.sh @@ -9,7 +9,7 @@ set -euo pipefail # # Usage: # ./generateChangelog.sh --plugin checkmarx --version 2.3.4 --repo Checkmarx/ast-jetbrains-plugin -# ./generateChangelog.sh --plugin devassist --version 1.0.0 --repo Checkmarx/ast-jetbrains-plugin --dev true +# ./generateChangelog.sh --plugin devassist --version 1.0.0 --repo Checkmarx/ast-jetbrains-plugin # # Outputs: # Structured release body section on stdout between RELEASE_BODY_START / RELEASE_BODY_END @@ -18,20 +18,18 @@ set -euo pipefail PLUGIN="" VERSION="" REPO="" -IS_DEV="false" while [[ $# -gt 0 ]]; do case "$1" in --plugin) PLUGIN="$2"; shift 2 ;; --version) VERSION="$2"; shift 2 ;; --repo) REPO="$2"; shift 2 ;; - --dev) IS_DEV="$2"; shift 2 ;; *) echo "Unknown arg: $1" >&2; exit 1 ;; esac done if [[ -z "$PLUGIN" || -z "$VERSION" || -z "$REPO" ]]; then - echo "Usage: $0 --plugin checkmarx|devassist --version X.Y.Z --repo owner/repo [--dev true|false]" >&2 + echo "Usage: $0 --plugin checkmarx|devassist --version X.Y.Z --repo owner/repo" >&2 exit 1 fi @@ -101,12 +99,7 @@ EXCLUDE_REGEX="(update.*version.*automated|bump version|\[create-pull-request\] # --------------------------------------------------------------------------- # Collect commits filtered by subproject paths # --------------------------------------------------------------------------- -PATH_ARGS="" -for p in "${GIT_PATHS[@]}"; do - PATH_ARGS="${PATH_ARGS} -- ${p}" -done - -RAW_LOG=$(git log ${RANGE} --pretty=format:"%H|||%s|||%an" ${PATH_ARGS} 2>/dev/null || true) +RAW_LOG=$(git log ${RANGE} --pretty=format:"%H|||%s|||%an" -- "${GIT_PATHS[@]}" 2>/dev/null || true) # --------------------------------------------------------------------------- # Categorize commits by conventional commit patterns diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4910f8869..05125716c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -273,7 +273,6 @@ jobs: --plugin checkmarx \ --version "${AST_VER}" \ --repo "${{ github.repository }}" \ - --dev "${{ inputs.rchannels != '' && inputs.rchannels != null }}" \ | sed -n '/RELEASE_BODY_START/,/RELEASE_BODY_END/{/RELEASE_BODY_START/d;/RELEASE_BODY_END/d;p}' \ >> "$BODY_FILE" FIRST_SECTION=false @@ -289,7 +288,6 @@ jobs: --plugin devassist \ --version "${DA_VER}" \ --repo "${{ github.repository }}" \ - --dev "${{ inputs.rchannels != '' && inputs.rchannels != null }}" \ | sed -n '/RELEASE_BODY_START/,/RELEASE_BODY_END/{/RELEASE_BODY_START/d;/RELEASE_BODY_END/d;p}' \ >> "$BODY_FILE" fi From 3092de5ddc9a8cd7efc98bf3e4f88f7440a170eb Mon Sep 17 00:00:00 2001 From: Amol Mane <22643905+cx-amol-mane@users.noreply.github.com> Date: Sat, 28 Feb 2026 17:03:54 +0530 Subject: [PATCH 10/15] Update release workflow to dynamically set product name based on release type - Modified `release.yml` to conditionally set the `product_name` based on the `releaseType` input, allowing for more flexible naming for Checkmarx and DevAssist plugins. --- .github/workflows/release.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 05125716c..72b1b50f1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -357,7 +357,10 @@ jobs: needs: release uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main with: - product_name: JetBrains Plugin + product_name: >- + ${{ inputs.releaseType == 'checkmarx' && 'JetBrains Plugin - Checkmarx (AST)' || + inputs.releaseType == 'devAssist' && 'JetBrains Plugin - DevAssist' || + 'JetBrains Plugin - Checkmarx (AST) & DevAssist' }} release_version: ${{ needs.release.outputs.TAG_NAME }} cli_release_version: ${{ needs.release.outputs.CLI_VERSION }} release_author: "Sypher Team" From 51a62fd3f042cbe3549ed1828866d910fa1ce61d Mon Sep 17 00:00:00 2001 From: Amol Mane <22643905+cx-amol-mane@users.noreply.github.com> Date: Sat, 28 Feb 2026 19:25:36 +0530 Subject: [PATCH 11/15] Add skip_tests input to release workflow for optional integration test execution - Updated `release.yml` to include a new `skip_tests` input, allowing users to optionally skip integration tests during the release process. - Adjusted conditions in the `testIntegration` and `release` jobs to accommodate the new input, enhancing workflow flexibility. --- .github/workflows/release.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 72b1b50f1..d3b26680f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -33,6 +33,11 @@ on: required: false type: boolean default: true + skip_tests: + description: 'Skip integration tests' + required: false + type: boolean + default: false workflow_dispatch: inputs: tag: @@ -69,6 +74,11 @@ on: required: false type: boolean default: true + skip_tests: + description: 'Skip integration tests' + required: false + type: boolean + default: false permissions: contents: write @@ -169,6 +179,7 @@ jobs: testIntegration: needs: [verify] + if: ${{ !inputs.skip_tests }} runs-on: ubuntu-latest steps: - name: Fetch Sources @@ -200,7 +211,7 @@ jobs: release: needs: [resolve, verify, testIntegration, deleteDevReleases] - if: ${{ always() && needs.resolve.result == 'success' && needs.verify.result == 'success' && needs.testIntegration.result == 'success' && (needs.deleteDevReleases.result == 'success' || needs.deleteDevReleases.result == 'skipped') }} + if: ${{ always() && needs.resolve.result == 'success' && needs.verify.result == 'success' && (needs.testIntegration.result == 'success' || needs.testIntegration.result == 'skipped') && (needs.deleteDevReleases.result == 'success' || needs.deleteDevReleases.result == 'skipped') }} runs-on: ubuntu-latest outputs: TAG_NAME: ${{ steps.set_outputs.outputs.TAG_NAME }} From 8149b5c6578df26ee65e759f942e70a1fd78c564 Mon Sep 17 00:00:00 2001 From: Amol Mane <22643905+cx-amol-mane@users.noreply.github.com> Date: Sat, 28 Feb 2026 19:41:20 +0530 Subject: [PATCH 12/15] Update release workflow conditions to ensure successful integration tests before proceeding - Modified the `release.yml` file to enhance the conditional logic for the `release` job, ensuring it only runs if integration tests are successful or skipped, in addition to checking for valid `rchannels` input. This improves the reliability of the release process. --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d3b26680f..04a23094d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -207,7 +207,7 @@ jobs: with: tag: ${{ inputs.rchannels }} secrets: inherit - if: ${{ inputs.rchannels != '' && inputs.rchannels != null }} + if: ${{ always() && needs.verify.result == 'success' && (needs.testIntegration.result == 'success' || needs.testIntegration.result == 'skipped') && inputs.rchannels != '' && inputs.rchannels != null }} release: needs: [resolve, verify, testIntegration, deleteDevReleases] From 4365824bb265c974003da6d3d3169e155a9a3ca9 Mon Sep 17 00:00:00 2001 From: Amol Mane <22643905+cx-amol-mane@users.noreply.github.com> Date: Mon, 2 Mar 2026 12:54:55 +0530 Subject: [PATCH 13/15] Enhance nightly and release workflows to include version outputs for plugins - Updated `nightly.yml` to generate and output `ast_version` and `devassist_version` alongside `tag_version`, improving version tracking for plugin releases. - Modified `release.yml` to require `ast_version` and `devassist_version` as inputs, ensuring that versioning is explicitly defined for the Checkmarx and DevAssist plugins during the release process. --- .github/workflows/nightly.yml | 12 ++++++++++-- .github/workflows/release.yml | 17 ++++------------- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 5006e1bc2..80525edf9 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -11,10 +11,16 @@ jobs: runs-on: ubuntu-latest outputs: tag_version: ${{ steps.tagname.outputs.tag_version }} + ast_version: ${{ steps.tagname.outputs.ast_version }} + devassist_version: ${{ steps.tagname.outputs.devassist_version }} steps: - name: Create version - run: echo "tag_version=2.0.$(date +%s)" >> "$GITHUB_OUTPUT" id: tagname + run: | + TS=$(date +%s) + echo "tag_version=2.0.${TS}" >> "$GITHUB_OUTPUT" + echo "ast_version=2.0.${TS}" >> "$GITHUB_OUTPUT" + echo "devassist_version=1.0.${TS}" >> "$GITHUB_OUTPUT" - name: Print version run: echo "created version ${{ steps.tagname.outputs.tag_version }}" nightly: @@ -22,6 +28,8 @@ jobs: uses: Checkmarx/ast-jetbrains-plugin/.github/workflows/release.yml@main with: tag: ${{ needs.set_tag.outputs.tag_version }} - releaseType: "both" + ast_version: ${{ needs.set_tag.outputs.ast_version }} + devassist_version: ${{ needs.set_tag.outputs.devassist_version }} + releaseType: "checkmarx" rchannels: "nightly" secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 04a23094d..71918d43c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,12 +13,12 @@ on: type: string default: 'both' ast_version: - description: 'Version for checkmarx-ast-plugin zip (defaults to tag for nightly)' - required: false + description: 'Version for checkmarx-ast-plugin zip (e.g. 2.0.1234567890)' + required: true type: string devassist_version: - description: 'Version for checkmarx-developer-assist-plugin zip (defaults to tag for nightly)' - required: false + description: 'Version for checkmarx-developer-assist-plugin zip (e.g. 1.0.1234567890)' + required: true type: string javawrapperversion: description: 'Java Wrapper Version' @@ -120,15 +120,6 @@ jobs: RELEASE_TYPE="both" fi - # For workflow_call (nightly), default plugin versions to tag if not provided. - # For workflow_dispatch (manual), both are required inputs. - if [[ -z "${AST_VERSION}" ]]; then - AST_VERSION="${TAG}" - fi - if [[ -z "${DA_VERSION}" ]]; then - DA_VERSION="${TAG}" - fi - # Build GitHub release tag if [[ -n "${CHANNEL}" ]]; then GH_TAG="${TAG}-${CHANNEL}" From 66952367738b7ecd6d8fd12489d5cf7bd3454c97 Mon Sep 17 00:00:00 2001 From: Amol Mane <22643905+cx-amol-mane@users.noreply.github.com> Date: Mon, 2 Mar 2026 13:02:08 +0530 Subject: [PATCH 14/15] Update nightly workflow to use feature branch for release pipeline - Changed the nightly job in `nightly.yml` to reference the `feature/release-pipeline-v2` branch of the release workflow, ensuring alignment with the latest development efforts for the Checkmarx plugin. --- .github/workflows/nightly.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 80525edf9..6894917e5 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -25,7 +25,7 @@ jobs: run: echo "created version ${{ steps.tagname.outputs.tag_version }}" nightly: needs: set_tag - uses: Checkmarx/ast-jetbrains-plugin/.github/workflows/release.yml@main + uses: Checkmarx/ast-jetbrains-plugin/.github/workflows/release.yml@feature/release-pipeline-v2 with: tag: ${{ needs.set_tag.outputs.tag_version }} ast_version: ${{ needs.set_tag.outputs.ast_version }} From f49b879b0a1c546d8f27dae47992ae40a999a8c8 Mon Sep 17 00:00:00 2001 From: Amol Mane <22643905+cx-amol-mane@users.noreply.github.com> Date: Mon, 2 Mar 2026 14:31:49 +0530 Subject: [PATCH 15/15] Update nightly workflow to use main branch for release pipeline - Changed the nightly job in `nightly.yml` to reference the `main` branch of the release workflow, aligning with the latest stable version for the Checkmarx plugin. --- .github/workflows/nightly.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 6894917e5..80525edf9 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -25,7 +25,7 @@ jobs: run: echo "created version ${{ steps.tagname.outputs.tag_version }}" nightly: needs: set_tag - uses: Checkmarx/ast-jetbrains-plugin/.github/workflows/release.yml@feature/release-pipeline-v2 + uses: Checkmarx/ast-jetbrains-plugin/.github/workflows/release.yml@main with: tag: ${{ needs.set_tag.outputs.tag_version }} ast_version: ${{ needs.set_tag.outputs.ast_version }}