Release #130
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| dryRun: | |
| description: 'Dry run (no actual release)' | |
| required: false | |
| default: false | |
| type: boolean | |
| repository_dispatch: | |
| types: [release-trigger] | |
| jobs: | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # create releases/tags and push the version-bump commit | |
| issues: write # semantic-release success/failure comments | |
| pull-requests: write # semantic-release PR comments | |
| id-token: write # mint the OIDC token used to sign artifact attestations | |
| attestations: write # publish build provenance attestations for the assets | |
| strategy: | |
| matrix: | |
| node-version: [22] | |
| outputs: | |
| released: ${{ steps.release.outputs.released }} | |
| version: ${{ steps.extract-version.outputs.version }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: npm | |
| - name: Setup Deno | |
| uses: denolib/setup-deno@v2 | |
| with: | |
| deno-version: v1.x | |
| - name: Validate trigger | |
| id: validate | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" || "${{ github.event_name }}" == "repository_dispatch" ]]; then | |
| echo "valid=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "valid=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Install dependencies | |
| if: steps.validate.outputs.valid == 'true' | |
| run: npm install | |
| - name: Build | |
| if: steps.validate.outputs.valid == 'true' | |
| run: npm run build --if-present | |
| - name: Run tests | |
| if: steps.validate.outputs.valid == 'true' | |
| run: npm run test | |
| - name: Release | |
| id: release | |
| if: steps.validate.outputs.valid == 'true' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| DRY_RUN: ${{ github.event.inputs.dryRun || 'false' }} | |
| run: | | |
| node - <<'NODE' | |
| import fs from 'node:fs'; | |
| (async () => { | |
| try { | |
| const { default: semanticRelease } = await import('semantic-release'); | |
| const result = await semanticRelease({ | |
| dryRun: process.env.DRY_RUN === 'true', | |
| }); | |
| if (!result || process.env.DRY_RUN === 'true') { | |
| fs.appendFileSync(process.env.GITHUB_OUTPUT, 'released=false\n'); | |
| process.exit(0); | |
| } | |
| fs.appendFileSync(process.env.GITHUB_OUTPUT, 'released=true\n'); | |
| fs.appendFileSync(process.env.GITHUB_OUTPUT, `version=${result.nextRelease.version}\n`); | |
| } catch (error) { | |
| console.error(error); | |
| process.exit(1); | |
| } | |
| })(); | |
| NODE | |
| # Generate cryptographic build-provenance attestations for the released | |
| # assets so users can verify they were built from this repository's source | |
| # by this workflow (GitHub attestations API). | |
| - name: Attest build provenance for release assets | |
| if: steps.release.outputs.released == 'true' | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-path: | | |
| main.js | |
| manifest.json | |
| - name: Extract version | |
| id: extract-version | |
| if: steps.release.outputs.released == 'true' | |
| run: | | |
| VERSION=$(node -p "require('./package.json').version") | |
| echo "version=$VERSION" >> "$GITHUB_OUTPUT" |