diff --git a/README.md b/README.md index 14f14ca1..f5e75292 100644 --- a/README.md +++ b/README.md @@ -18,14 +18,14 @@ You can find the latest version on [Maven Central](https://central.sonatype.com/ io.securecodebox defectdojo-client - 1.0.0.-beta2 + 1.0.0 ``` ### Gradle ```groovy -implementation group: 'io.securecodebox', name: 'defectdojo-client', version: '1.0.0.-beta2' +implementation group: 'io.securecodebox', name: 'defectdojo-client', version: '1.0.0' ``` ## Development @@ -36,6 +36,10 @@ To run a local build clone this repo and just invoke the following command in th mvn clean install ``` +## Release + +The release process is [documented](docs/release.md) in a separate file. + ## Supported DefectDojo Versions The client is supposed to be compatible with DefectDojo 1.10 and later, older version of DefectDojo might still work, but are not officially supported. diff --git a/docs/release.md b/docs/release.md index fb5bd3d6..a870634b 100644 --- a/docs/release.md +++ b/docs/release.md @@ -4,42 +4,42 @@ Here we describe all the ceremonial stuff necessary to publish a Java library to ## How to Perform a Release -The release process consists of two main tasks: - -1. Build the release on GitHub -2. Release the published artifacts on Maven Central. - -### Build the Release on GitHub - -1. Go to the [release page](https://github.com/secureCodeBox/defectdojo-client-java/releases) and click "Draft a new release". -2. Create a tag for the release (e.g. "1.0.0", for testing you can add a pre-release identifier like "1.0.0-alpha"). - 1. Click "Choose tag". - 2. Type in tag name (e.g. "1.0.0"). - 3. Click "Create new tag..." -3. Click "Generate release notes" -4. Select either - - "Set as a pre-release" if you have a pre-release identifier in the version (e.g. "1.0.0-alpha"). - - or else "Set as the latest release" -5. Click "Publish release" - -### Release the published artifacts on Maven Central. - -Hint: You need to hit the "Refresh" button from time to ime, to see changes. - -1. Login to the [Nexus Repository Manager](https://oss.sonatype.org/). -2. On the left site navigate to "Staging Repositories" -3. You will see an entry for each unpublished release (usually there is only one):
-![](./release_staging_1.png) -4. Select the release (in the "Content" tab you can verify the files contained in the release):
-![](./release_staging_2.png) -5. Close the repository (this triggers the validation of [requirements][ossrh-requirements]):
-![](./release_staging_3.png) -6. You can see if all validation rules passed in the "Activity" tab:
-![](./release_staging_4.png) -7. Then either click "Release" or "Drop": - - Release: This will publish and sync the artifact to Maven Central. (This can't be undone, there is no way to delete a published artifact!). After syncing the staging repo is dropped automatically. - - Drop: Does not publish the artifact. Use this if something is broken and ypu want to publish a new release with the same version. -8. After some time (see below) you can find it on Maven Central: +The whole release process is automated by a [GitHub action workflow](https://github.com/secureCodeBox/defectdojo-client-java/actions) which utilizes the [Maven release plugin](https://maven.apache.org/maven-release/maven-release-plugin/). Since we need the possibility to set custom versions (e.g. 2.0.0-beta) we can not use a simple one-push-button solution. Instead, we utilize en event triggered workflow to achieve this. The release process is as following: + +First go to the "Actions" tab and select the "Publish Release" workflow: + +![](release_01_select-workflow.png) + +Then click the "Run workflow" button: + +![](release_02_run-workflow.png) + +For an ordinary release simply click the green "Run workflow" button and leave the optional text input fields blank: + +![](release_03_trigger-workflow.png) + +Now a "Publish Release" workflow run should appear in the list of runs: + +![](release_04_running-workflow.png) + +## Custom Release Version + +Typically, a release by Maven simply means: + +- Remove the "-SNAPSHOT" qualifier from the version in the `pom.xml`. E.g. "1.0.0-SNAPSHOT" will become "1.0.0". +- Build everything, make a commit with this version and tag this version. +- Upload the resulting artifacts to [Sonatype Nexus](https://oss.sonatype.org/) and stage them. +- Increment to next development version in `pom.xml`. In this example "1.0.1-SNAPSHOT". +- Build everything and make a commit. + +In the case you want to publish a custom release, e.g. a "1.0.2-beta", it is necessary to pass it to Maven. For this purpose we introduced the two optional text inputs: + +1. _Custom version_: Here you add the version with a custom qualifier. E.g. for the development version "1.0.2-SNAPSHOT" and a beta release, it is "1.0.2-beta". +2. _Next development version_: Since Maven simply increments the last number of the semantic version and appends "-SNAPSHOT", automatic increment is not sufficient here because it will end in something like "1.0.2-beta-SNAPSHOT". So you must specify the next development version by hand. In this example still "1.0.2-SNAPSHOT". + +![](release_05_custom-version.png) + +### Additional Information About the Release Process After the first release a [bot created the Maven Central sync][ossrh-jira-issue]: diff --git a/docs/release_01_select-workflow.png b/docs/release_01_select-workflow.png new file mode 100644 index 00000000..745a3476 Binary files /dev/null and b/docs/release_01_select-workflow.png differ diff --git a/docs/release_02_run-workflow.png b/docs/release_02_run-workflow.png new file mode 100644 index 00000000..efbed4f0 Binary files /dev/null and b/docs/release_02_run-workflow.png differ diff --git a/docs/release_03_trigger-workflow.png b/docs/release_03_trigger-workflow.png new file mode 100644 index 00000000..4b8e79a4 Binary files /dev/null and b/docs/release_03_trigger-workflow.png differ diff --git a/docs/release_04_running-workflow.png b/docs/release_04_running-workflow.png new file mode 100644 index 00000000..6b235cfc Binary files /dev/null and b/docs/release_04_running-workflow.png differ diff --git a/docs/release_05_custom-version.png b/docs/release_05_custom-version.png new file mode 100644 index 00000000..ed36dbe4 Binary files /dev/null and b/docs/release_05_custom-version.png differ diff --git a/docs/release_staging_1.png b/docs/release_staging_1.png deleted file mode 100644 index 515716eb..00000000 Binary files a/docs/release_staging_1.png and /dev/null differ diff --git a/docs/release_staging_2.png b/docs/release_staging_2.png deleted file mode 100644 index 941ec074..00000000 Binary files a/docs/release_staging_2.png and /dev/null differ diff --git a/docs/release_staging_3.png b/docs/release_staging_3.png deleted file mode 100644 index 7853e2b9..00000000 Binary files a/docs/release_staging_3.png and /dev/null differ diff --git a/docs/release_staging_4.png b/docs/release_staging_4.png deleted file mode 100644 index 30f25b7b..00000000 Binary files a/docs/release_staging_4.png and /dev/null differ