ruby-server-sdk/.github/workflows/release-please.yml at b44ea86aa04ee86efeb4d9a6d4de77a410748d72 · launchdarkly/ruby-server-sdk · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
name: Run Release Please

on:
  push:
    branches:
      - main

jobs:
  release-package:
    runs-on: ubuntu-latest

    permissions:
      contents: write # Contents and pull-requests are for release-please to make releases.
      pull-requests: write

    outputs:
      release-created: ${{ steps.release.outputs.release_created }}
      upload-tag-name: ${{ steps.release.outputs.tag_name }}

    steps:
      - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0
        id: release

  build-ruby-gem:
    needs: ["release-package"]
    if: ${{ needs.release-package.outputs.release-created == 'true' }}
    uses: ./.github/workflows/build-gem.yml
    with:
      version: "3.2"

  build-jruby-gem:
    needs: ["release-package"]
    if: ${{ needs.release-package.outputs.release-created == 'true' }}
    uses: ./.github/workflows/build-gem.yml
    with:
      version: "jruby-9.4"

  publish:
    runs-on: ubuntu-latest
    needs: ["release-package", "build-ruby-gem", "build-jruby-gem"]
    if: ${{ needs.release-package.outputs.release-created == 'true' }}

    outputs:
      gem-hash: ${{ steps.publish.outputs.gem-hash }}

    permissions:
      id-token: write # Needed if using OIDC to get release secrets.
      contents: write # Contents and pull-requests are for release-please to make releases.

    steps:
      - uses: actions/checkout@v4

      - uses: ./.github/actions/setup
        with:
          version: "3.2"
          install-dependencies: false

      - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
        name: "Get rubygems API key"
        with:
          aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
          ssm_parameter_pairs: "/production/common/releasing/rubygems/api_key = GEM_HOST_API_KEY"

      - uses: ./.github/actions/build-docs

      - uses: ./.github/actions/publish
        id: publish
        with:
          dry_run: false

      - uses: ./.github/actions/publish-docs
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

  release-provenance:
    needs: ["release-package", "publish"]
    if: ${{ needs.release-package.outputs.release-created == 'true' }}

    permissions:
      actions: read
      id-token: write
      contents: write

    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
    with:
      base64-subjects: "${{ needs.publish.outputs.gem-hash }}"
      upload-assets: true
      upload-tag-name: ${{ needs.release-package.outputs.upload-tag-name }}