-
-
Notifications
You must be signed in to change notification settings - Fork 0
67 lines (56 loc) · 2.33 KB
/
Copy pathpublish.yml
File metadata and controls
67 lines (56 loc) · 2.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# Publishes to pub.dev. Triggered exclusively by the push of a tag matching
# `v{X.Y.Z}` (or `v{X.Y.Z+build}`). The companion `prod.yml` workflow is what
# normally creates those tags, but a maintainer can also tag manually if they
# want to ship without going through the prod branch.
#
# pub.dev's "Automated publishing" must be enabled with:
# Repository: <owner>/<repo>
# Tag pattern: v{{version}}
# pub.dev verifies the OIDC token against that tag pattern, so a publish from
# any other context (e.g. a forked PR, a branch push) will be rejected by
# pub.dev itself — defense in depth.
name: Publish to pub.dev
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+' # v1.2.3
- 'v[0-9]+.[0-9]+.[0-9]+\+*' # v1.2.3+4
jobs:
publish:
name: Publish
runs-on: ubuntu-latest
permissions:
id-token: write # Required for the OIDC token that authenticates pub.dev
steps:
- name: Checkout code
uses: actions/checkout@v5
# setup-dart goes first so its OIDC wiring (PUB_HOSTED_URL + token
# plumbing) is in place before flutter-action manipulates PATH.
# Without setup-dart, `dart pub publish` doesn't see the OIDC env
# vars and falls back to interactive OAuth.
- name: Set up Dart
uses: dart-lang/setup-dart@v1
- name: Set up Flutter
uses: subosito/flutter-action@v2
with:
channel: stable
- name: Install dependencies
run: flutter pub get
# Defensive re-test: the prod.yml workflow already gated on these, but
# someone could have hand-tagged an arbitrary commit. We want a hard
# guarantee that what we ship to pub.dev compiles and passes tests.
- name: Static analysis
run: flutter analyze
- name: Run tests
run: flutter test
- name: Verify pubspec version matches tag
run: |
PUBSPEC_VERSION=$(grep -E '^version:' pubspec.yaml | sed -E 's/^version:[[:space:]]*//; s/[[:space:]]+$//')
TAG_VERSION="${GITHUB_REF_NAME#v}"
if [[ "$PUBSPEC_VERSION" != "$TAG_VERSION" ]]; then
echo "::error::pubspec version ($PUBSPEC_VERSION) does not match tag (v$TAG_VERSION)"
exit 1
fi
echo "pubspec.yaml version matches tag: v${PUBSPEC_VERSION}"
- name: Publish to pub.dev
run: dart pub publish --force