-
Notifications
You must be signed in to change notification settings - Fork 6
102 lines (85 loc) · 3.28 KB
/
Copy pathrelease.yaml
File metadata and controls
102 lines (85 loc) · 3.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
name: Release
on:
push:
branches:
- main
permissions:
contents: read
jobs:
# Always publish to next tag on push to main
publish-next:
name: 📢 Publish Next
permissions:
contents: read
id-token: write # Required for trusted publishing with provenance
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version-file: package.json
registry-url: https://registry.npmjs.org/
- name: Get Short SHA
run: echo "SHORT_SHA=`echo ${{ github.sha }} | cut -c1-8`" >> $GITHUB_ENV
- name: Get Next Version
run: |
current_date=$(date +'%Y%m%d')
echo "NEW_VERSION=0.0.0-next-${SHORT_SHA}-${current_date}" >> $GITHUB_ENV
- name: Use Next Version
run: |
git config --global user.email "info@descope.com"
git config --global user.name "Descope"
yarn version --new-version ${NEW_VERSION}
cat package.json
- name: Install dependencies
run: npm ci --ignore-scripts
# `npm rebuild` will run all those post-install scripts for us.
- run: npm rebuild && npm run prepare --if-present
- name: Publish to NPM Package Registry
run: npm publish --access=public --tag next --provenance
# Run release-please to create releases and manage changelog
release-please:
name: 📦 Release Please
permissions:
contents: write
pull-requests: write
runs-on: ubuntu-latest
outputs:
release_created: ${{ steps.release.outputs.release_created }}
tag_name: ${{ steps.release.outputs.tag_name }}
steps:
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
with:
app-id: ${{ secrets.RELEASE_APP_ID }}
private-key: ${{ secrets.RELEASE_APP_PEM }}
- uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0
id: release
with:
token: ${{ steps.app-token.outputs.token }}
# Node.js release type for package.json versioning
release-type: node
# Publish stable version (only when release is created)
publish-release:
name: 📦 Publish Release
permissions:
contents: read
id-token: write # Required for trusted publishing with provenance
runs-on: ubuntu-latest
needs: release-please
if: ${{ needs.release-please.outputs.release_created }}
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version-file: package.json
registry-url: 'https://registry.npmjs.org/'
# Skip post-install scripts here, as a malicious
# script could steal NODE_AUTH_TOKEN.
- name: Install dependencies
run: npm ci --ignore-scripts
# `npm rebuild` will run all those post-install scripts for us.
- run: npm rebuild && npm run prepare --if-present
- name: Publish to NPM Package Registry
run: npm publish --access=public --provenance