refactor: deduplicate constants and error helper in managedInstall (#… #29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: [main] | |
| workflow_dispatch: {} | |
| concurrency: | |
| group: release-${{ github.ref }} | |
| cancel-in-progress: false | |
| permissions: | |
| contents: read | |
| jobs: | |
| release-please: | |
| name: Release Please | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| outputs: | |
| release_created: ${{ steps.release.outputs.release_created }} | |
| tag_name: ${{ steps.release.outputs.tag_name }} | |
| steps: | |
| - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 | |
| id: app-token | |
| with: | |
| client-id: ${{ vars.APP_CLIENT_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0 | |
| id: release | |
| with: | |
| token: ${{ steps.app-token.outputs.token }} | |
| config-file: release-please-config.json | |
| manifest-file: .release-please-manifest.json | |
| release: | |
| name: Package and Upload | |
| needs: [release-please] | |
| if: needs.release-please.outputs.release_created == 'true' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| env: | |
| VSCE_PAT: ${{ secrets.VSCE_PAT }} | |
| OVSX_PAT: ${{ secrets.OVSX_PAT }} | |
| steps: | |
| - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ needs.release-please.outputs.tag_name }} | |
| - uses: ./.github/actions/setup-node | |
| - run: npm run check | |
| - run: npx @vscode/vsce package --out patchloom.vsix | |
| - name: Attest build provenance | |
| uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 | |
| with: | |
| subject-path: patchloom.vsix | |
| - name: Upload .vsix to GitHub Release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: gh release upload "${{ needs.release-please.outputs.tag_name }}" patchloom.vsix | |
| # See ~/.grok/skills/vsce-publish/SKILL.md (or /vsce-publish) for the full | |
| # one-time browser setup (aex.dev.azure.com, PAT scopes, Open VSX agreement | |
| # + create-namespace + ownership claim), secret names, and troubleshooting. | |
| - name: Publish to VS Code Marketplace | |
| if: env.VSCE_PAT != '' | |
| run: npx @vscode/vsce publish --packagePath patchloom.vsix | |
| - name: Publish to Open VSX | |
| if: env.OVSX_PAT != '' | |
| run: npx ovsx publish patchloom.vsix | |
| - name: Extract version from tag | |
| id: version | |
| run: echo "version=${TAG_NAME#patchloom-}" >> "$GITHUB_OUTPUT" | |
| env: | |
| TAG_NAME: ${{ needs.release-please.outputs.tag_name }} | |
| - name: Update version badge | |
| continue-on-error: true | |
| uses: schneegans/dynamic-badges-action@0e50b8bad39e7e1afd3e4e9c2b7dd145fad07501 # v1.8.0 | |
| with: | |
| auth: ${{ secrets.GIST_TOKEN }} | |
| gistID: d01e4551b744b77e2927555e43a4b935 | |
| filename: version.json | |
| label: VS Code Marketplace | |
| message: ${{ steps.version.outputs.version }} | |
| color: blue | |
| namedLogo: visualstudiocode | |
| logoColor: white |