A pull-request will only be considered for merging into the upstream codebase after you have signed our contributor agreement, assigning us the rights to the contributed code and granting you a license to use it in return. If you submit a pull request, you will be prompted to review and sign the agreement with one click (we use CLA assistant).
Commit messages must follow the Angular-style commit format (but excluding the scope).
i.e:
fix: minified scripts being removed
Also includes tests
This will allow for the automatic changelog to generate correctly.
Must be one of the following:
- feat: A new feature
- fix: A bug fix
- docs: Documentation only changes
- test: Adding missing tests
- chore: Changes to the build process or auxiliary tools and libraries such as documentation generation
- refactor: A code change that neither fixes a bug nor adds a feature
- style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
- perf: A code change that improves performance
To release a major you need to add BREAKING CHANGE: to the start of the body and the detail of the breaking change.
During the build of this plugin, a number of tests will run in the host platform's environment. To get these tests to run from a developer setting requires some environment variables to be set;
This value is a file path where the test is able to download the Snyk binary to for use in the test. An example might be downloads/snyk.
A Snyk token that can be used in the execution of the test. You can obtain a token for your Snyk user under the "Account Settings" page in the Snyk Web UI.
The path where the Snyk tool would ordinarily be found on the system. An example would be /usr/local/bin/snyk.
To release the plugin from your local machine, perform the following steps.
When releasing the first time, you need to import the GPG key and add Maven repository credentials to your local machine. If you have done this, you can skip to step 4.
- Download GPG keys for Maven Central from the password manager.
- Run
gpg --import maven-master.gpgandgpg --import maven-signing.gpgfor the downloaded keys. - Populate your
~/.m2/settings.xmlwith the following content, replacing ID and password using "Sonatype JIRA" credentials from the password manager:
<settings>
<servers>
<server>
<id>ossrh</id>
<username>your-jira-id</username>
<password>your-jira-pwd</password>
</server>
</servers>
</settings>- Run
mvn versions:set -DnewVersion=1.2.3to setpom.xmlto the desired version to be released. - Ensure the build and tests pass, then trigger release using
mvn clean deploy -P release. - Upon successful completion of Step 5, navigate to Sonatype
- Click on Staging Repositories
- Select
iosnyk-xxxx - Click on
Close. If this not available, perform Step 10. - Wait for the Close activity to finish (takes about 10 min)
- Select
iosnyk-xxxxstaging repository again - Click on
Release(takes about 10 min)
The released version should be available in the Released repository now. It can take some time to update Maven Central Repository.
- Add new release in GitHub manually to create new tag and have better visibility.
If you have questions, consult the official documentation for publishing information.