ruby-server-sdk-ai/.github/workflows/publish.yml at main · launchdarkly/ruby-server-sdk-ai · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
name: Publish Package
on:
  workflow_call:
    inputs:
      dry_run:
        description: 'Is this a dry run. If so no package will be published.'
        type: boolean
        required: true

  workflow_dispatch:
    inputs:
      dry_run:
        description: 'Is this a dry run. If so no package will be published.'
        type: boolean
        required: true

jobs:
  build-publish:
    runs-on: ubuntu-latest
    # Needed to get tokens during publishing.
    permissions:
      id-token: write
      contents: write # Needed in this case to write github pages.
      attestations: write
    steps:
      - uses: actions/checkout@v4

      - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
        name: 'Get rubygems API key'
        with:
          aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
          ssm_parameter_pairs: '/production/common/releasing/rubygems/api_key = GEM_HOST_API_KEY'

      - id: build-and-test
        name: Build and Test
        uses: ./.github/actions/ci
        with:
          ruby-version: 3.1

      - id: build-docs
        name: Build docs
        uses: ./.github/actions/build-docs

      - id: publish
        name: Publish Package
        uses: ./.github/actions/publish
        with:
          dry_run: ${{ inputs.dry_run }}

      - uses: ./.github/actions/publish-docs
        with:
          token: ${{secrets.GITHUB_TOKEN}}

      - name: Attest build provenance
        if: ${{ format('{0}', inputs.dry_run) == 'false' }}
        uses: actions/attest@v4
        with:
          subject-path: 'launchdarkly-server-sdk-ai-*.gem'