Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
5172be8e2f | ||
|
|
1ded416304 | ||
|
|
2ea2c9d9ee |
41
.github/workflows/publish.yml
vendored
41
.github/workflows/publish.yml
vendored
@@ -1,5 +1,9 @@
|
|||||||
name: publish
|
name: publish
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
id-token: write # required for OIDC
|
||||||
|
contents: read
|
||||||
|
|
||||||
concurrency:
|
concurrency:
|
||||||
group: ${{ github.workflow }}-${{ github.ref }}
|
group: ${{ github.workflow }}-${{ github.ref }}
|
||||||
cancel-in-progress: true
|
cancel-in-progress: true
|
||||||
@@ -9,17 +13,40 @@ on:
|
|||||||
tags:
|
tags:
|
||||||
- 'v*'
|
- 'v*'
|
||||||
|
|
||||||
|
env:
|
||||||
|
NODE_VERSION: "24" # at least Node 24 is required for Trusted Publishing with OIDC
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
publish:
|
publish:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Set up Docker Buildx
|
name: Checkout
|
||||||
uses: docker/setup-buildx-action@v3
|
uses: actions/checkout@v6
|
||||||
|
-
|
||||||
|
name: Enable corepack
|
||||||
|
run: |
|
||||||
|
corepack enable
|
||||||
|
yarn --version
|
||||||
|
-
|
||||||
|
name: Setup Node
|
||||||
|
uses: actions/setup-node@v6
|
||||||
|
with:
|
||||||
|
node-version: ${{ env.NODE_VERSION }}
|
||||||
|
cache: 'yarn'
|
||||||
|
-
|
||||||
|
name: Print versions
|
||||||
|
run: |
|
||||||
|
node --version
|
||||||
|
npm --version
|
||||||
|
yarn --version
|
||||||
|
-
|
||||||
|
name: Build
|
||||||
|
run: |
|
||||||
|
yarn install
|
||||||
|
yarn run build
|
||||||
-
|
-
|
||||||
name: Publish
|
name: Publish
|
||||||
uses: docker/bake-action@v6
|
run: |
|
||||||
with:
|
npm version --no-git-tag-version ${GITHUB_REF#refs/tags/v}
|
||||||
targets: publish
|
npm publish --provenance --access public
|
||||||
env:
|
|
||||||
NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}
|
|
||||||
|
|||||||
@@ -101,24 +101,3 @@ RUN --mount=type=bind,target=.,rw \
|
|||||||
|
|
||||||
FROM scratch AS test-coverage
|
FROM scratch AS test-coverage
|
||||||
COPY --from=test /tmp/coverage /
|
COPY --from=test /tmp/coverage /
|
||||||
|
|
||||||
FROM base AS publish
|
|
||||||
ARG GITHUB_REF
|
|
||||||
RUN --mount=type=bind,target=.,rw \
|
|
||||||
--mount=type=cache,target=/src/.yarn/cache \
|
|
||||||
--mount=type=cache,target=/src/node_modules \
|
|
||||||
--mount=type=secret,id=NODE_AUTH_TOKEN,env=NODE_AUTH_TOKEN <<EOT
|
|
||||||
set -e
|
|
||||||
if ! [[ $GITHUB_REF =~ ^refs/tags/v ]]; then
|
|
||||||
echo "GITHUB_REF is not a tag"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
yarn install
|
|
||||||
yarn run build
|
|
||||||
npm config set //registry.npmjs.org/:_authToken $NODE_AUTH_TOKEN
|
|
||||||
npm version --no-git-tag-version ${GITHUB_REF#refs/tags/v}
|
|
||||||
npm publish --access public
|
|
||||||
|
|
||||||
# FIXME: Can't publish with yarn berry atm: https://github.com/changesets/changesets/pull/674
|
|
||||||
#yarn publish --no-git-tag-version --new-version ${GITHUB_REF#refs/tags/v}
|
|
||||||
EOT
|
|
||||||
|
|||||||
@@ -99,23 +99,6 @@ target "test-coverage" {
|
|||||||
secret = ["id=GITHUB_TOKEN,env=GITHUB_TOKEN"]
|
secret = ["id=GITHUB_TOKEN,env=GITHUB_TOKEN"]
|
||||||
}
|
}
|
||||||
|
|
||||||
# GITHUB_REF is the actual ref that triggers the workflow and used as version
|
|
||||||
# when a tag is pushed: https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
|
|
||||||
variable "GITHUB_REF" {
|
|
||||||
default = ""
|
|
||||||
}
|
|
||||||
|
|
||||||
target "publish" {
|
|
||||||
inherits = ["_common"]
|
|
||||||
dockerfile = "dev.Dockerfile"
|
|
||||||
args = {
|
|
||||||
GITHUB_REF = GITHUB_REF
|
|
||||||
}
|
|
||||||
target = "publish"
|
|
||||||
output = ["type=cacheonly"]
|
|
||||||
secret = ["id=NODE_AUTH_TOKEN,env=NODE_AUTH_TOKEN"]
|
|
||||||
}
|
|
||||||
|
|
||||||
target "license-validate" {
|
target "license-validate" {
|
||||||
inherits = ["_common"]
|
inherits = ["_common"]
|
||||||
dockerfile = "./hack/dockerfiles/license.Dockerfile"
|
dockerfile = "./hack/dockerfiles/license.Dockerfile"
|
||||||
|
|||||||
Reference in New Issue
Block a user