Generate SDKs #14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Display Name of the workflow | |
| name: Generate SDKs | |
| on: | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| jobs: | |
| # Generate the TypeScript SDK client code | |
| TypeScript-Build: | |
| # Generate each SDK client in a separate build process to speed up execution and publishing | |
| strategy: | |
| matrix: | |
| # Spec and SDK root locations | |
| specifications: | |
| - name: SHIELD | |
| sdkPath: 'src/shield/TypeScript' | |
| specPath: 'spec/SHIELD.json' | |
| - name: DataGateway | |
| sdkPath: 'src/dataGateway/TypeScript' | |
| specPath: 'spec/Data-Gateway.json' | |
| # Display name of the job | |
| name: Generate TypeScript SDK | |
| # Operating system filter for the runners | |
| runs-on: ubuntu-latest | |
| # Publish the package to NPM | |
| environment: NPM | |
| # Sets the scopes available to the github_token injected to the GH Actions runner | |
| permissions: | |
| attestations: write | |
| contents: read | |
| id-token: write | |
| # Set of steps required to generate the API client for TypeScript | |
| steps: | |
| # Download all of the source code | |
| - name: Clone Repo Locally | |
| uses: actions/checkout@v4 | |
| # Set up NodeJS on the build host | |
| - name: Setup Node.JS Runtime | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22.x | |
| cache: 'npm' | |
| cache-dependency-path: ${{matrix.specifications.sdkPath}}/package-lock.json | |
| registry-url: https://registry.npmjs.org/ | |
| scope: shi-corp | |
| # Set up all of the supporting components for SDK generation | |
| - name: Initialize Kiota Binaries | |
| uses: microsoft/setup-kiota@v0.5.0 | |
| # Install the dependencies needed to build the project | |
| - name: Install Build Dependencies | |
| run: npm install | |
| working-directory: ${{matrix.specifications.sdkPath}} | |
| # Cryptographically attest that packages haven't been tampered where supported | |
| - name: Attest Provenance | |
| run: npm audit signatures | |
| working-directory: ${{matrix.specifications.sdkPath}} | |
| # Generate the TypeScript SDK | |
| - name: Generate SDK Client Code via Kiota | |
| run: npm run-script generate:Sdk | |
| working-directory: ${{matrix.specifications.sdkPath}} | |
| # Generate the TypeScript SDK | |
| - name: Build Project | |
| run: npm run-script build:Prod | |
| working-directory: ${{matrix.specifications.sdkPath}} | |
| # Log into the Entra ID with the GitHub federated identity credential (using the OIDC token) | |
| - name: Login to Entra ID | |
| uses: azure/login@v2 | |
| with: | |
| enable-AzPSSession: true | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| # Deploys the zip package to the specified azure web app | |
| - name: Get NPM Publish Token | |
| uses: azure/powershell@v2 | |
| id: NPM-Publish-Token | |
| with: | |
| azPSVersion: latest | |
| inlineScript: | | |
| # Get the publish token from the specified Azure KeyVault | |
| [System.String]$PublishToken = Get-AzKeyVaultSecret -VaultName ${{secrets.KEYVAULT_NAME}} -Name ${{secrets.KEYVAULT_SECRET_NAME}} -AsPlainText | |
| # Write the token to GitHub Actions Output to be accessible to subsequent steps | |
| echo "npmToken=$PublishToken" >> $env:GITHUB_OUTPUT | |
| # Publish the artifact to NPM with attestation | |
| - name: Upload Package to NPM Registry | |
| run: npm publish --access public --provenance | |
| working-directory: ${{matrix.specifications.sdkPath}} | |
| env: | |
| NODE_AUTH_TOKEN: ${{ steps.NPM-Publish-Token.outputs.npmToken }} |