15de1d6190
* ci: remove invalid release-please input * ci: add npm publish debug diagnostics * ci: allow manual publish of existing release tags
128 lines
3.7 KiB
YAML
128 lines
3.7 KiB
YAML
name: Auto Release
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
workflow_dispatch:
|
|
inputs:
|
|
tag_name:
|
|
description: Existing tag to publish, for example v0.2.0
|
|
required: true
|
|
type: string
|
|
|
|
concurrency:
|
|
group: auto-release-${{ github.ref }}
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
release-please:
|
|
name: Release Please
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
outputs:
|
|
release_created: ${{ steps.release.outputs.release_created }}
|
|
tag_name: ${{ steps.release.outputs.tag_name }}
|
|
version: ${{ steps.release.outputs.version }}
|
|
steps:
|
|
- name: Run release-please
|
|
id: release
|
|
uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
release-type: node
|
|
|
|
publish-npm:
|
|
name: Publish to npm
|
|
needs: release-please
|
|
if: ${{ github.event_name == 'workflow_dispatch' || needs.release-please.outputs.release_created == 'true' }}
|
|
runs-on: ubuntu-latest
|
|
environment: release
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
steps:
|
|
- name: Checkout release tag
|
|
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
|
|
with:
|
|
ref: ${{ github.event_name == 'workflow_dispatch' && inputs.tag_name || needs.release-please.outputs.tag_name }}
|
|
fetch-depth: 0
|
|
|
|
- name: Set up Node.js
|
|
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
|
|
with:
|
|
node-version: 20
|
|
registry-url: https://registry.npmjs.org
|
|
|
|
- name: Set up Bun
|
|
uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6
|
|
with:
|
|
bun-version: 1.3.11
|
|
|
|
- name: Install dependencies
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: Run unit tests
|
|
run: bun test --max-concurrency=1
|
|
|
|
- name: Smoke test
|
|
run: bun run smoke
|
|
|
|
- name: Build
|
|
run: bun run build
|
|
|
|
- name: Dry-run package
|
|
run: npm pack --dry-run
|
|
|
|
- name: Debug GitHub context
|
|
run: |
|
|
echo "repository=$GITHUB_REPOSITORY"
|
|
echo "ref=$GITHUB_REF"
|
|
echo "workflow=$GITHUB_WORKFLOW"
|
|
echo "job=$GITHUB_JOB"
|
|
echo "actor=$GITHUB_ACTOR"
|
|
echo "sha=$GITHUB_SHA"
|
|
|
|
- name: Debug OIDC token claims
|
|
run: |
|
|
python - <<'PY'
|
|
import base64
|
|
import json
|
|
import os
|
|
import urllib.request
|
|
|
|
req = urllib.request.Request(
|
|
os.environ["ACTIONS_ID_TOKEN_REQUEST_URL"] + "&audience=npm:registry.npmjs.org",
|
|
headers={"Authorization": f"Bearer {os.environ['ACTIONS_ID_TOKEN_REQUEST_TOKEN']}"},
|
|
)
|
|
token = json.load(urllib.request.urlopen(req))["value"]
|
|
payload = token.split(".")[1]
|
|
payload += "=" * (-len(payload) % 4)
|
|
claims = json.loads(base64.urlsafe_b64decode(payload))
|
|
|
|
for key in [
|
|
"iss",
|
|
"sub",
|
|
"aud",
|
|
"repository",
|
|
"repository_owner",
|
|
"job_workflow_ref",
|
|
"environment",
|
|
]:
|
|
print(f"{key}={claims.get(key)}")
|
|
PY
|
|
|
|
- name: Publish to npm
|
|
run: npm publish --access public --provenance
|
|
|
|
- name: Release summary
|
|
run: |
|
|
{
|
|
echo "## Released ${{ needs.release-please.outputs.tag_name }}"
|
|
echo
|
|
echo "- npm: https://www.npmjs.com/package/@gitlawb/openclaude"
|
|
echo "- GitHub: https://github.com/Gitlawb/openclaude/releases/tag/${{ needs.release-please.outputs.tag_name }}"
|
|
} >> "$GITHUB_STEP_SUMMARY"
|