|
1 | 1 | name: Release |
2 | 2 | on: |
3 | | - workflow_run: |
4 | | - workflows: ['Lint & Unit Test'] |
| 3 | + push: |
5 | 4 | branches: [master] |
6 | | - types: |
7 | | - - completed |
8 | | - |
9 | | -permissions: |
10 | | - contents: read # for checkout |
11 | 5 |
|
12 | 6 | jobs: |
| 7 | + lint-and-test: |
| 8 | + uses: ./.github/workflows/lint-test.yml |
| 9 | + secrets: |
| 10 | + inherit |
13 | 11 | release: |
14 | | - env: |
15 | | - GITHUB_TRIGGER_REF: ${{ github.event.workflow_run.head_branch }} # For workflow_run the GITHUB_REF is the default branch, as mentioned in the docs |
16 | | - if: ${{ github.event.workflow_run.conclusion == 'success' }} |
17 | | - name: Release |
| 12 | + needs: lint-and-test |
18 | 13 | runs-on: ubuntu-latest |
19 | 14 | permissions: |
20 | | - contents: write # to be able to publish a GitHub release |
21 | | - issues: write # to be able to comment on released issues |
22 | | - pull-requests: write # to be able to comment on released pull requests |
23 | | - id-token: write # to enable use of OIDC for npm provenance |
| 15 | + contents: write |
| 16 | + issues: write |
| 17 | + pull-requests: write |
| 18 | + id-token: write |
24 | 19 | steps: |
25 | 20 | - name: Checkout |
26 | 21 | uses: actions/checkout@v3 |
27 | 22 | with: |
28 | 23 | fetch-depth: 0 |
29 | | - ref: ${{ env.GITHUB_TRIGGER_REF }} |
30 | 24 | - name: Setup Node.js |
31 | 25 | uses: actions/setup-node@v3 |
32 | 26 | with: |
33 | | - node-version: 'lts/*' # semantic-release requires Node >= 18 |
| 27 | + node-version: 'lts/*' |
34 | 28 | - name: Install dependencies |
35 | 29 | run: npm clean-install |
36 | 30 | - name: Build |
37 | | - env: # temporary workaround for "Error: error:0308010C:digital envelope routines::unsupported" in Node lts / 18 |
| 31 | + env: |
38 | 32 | NODE_OPTIONS: --openssl-legacy-provider |
39 | 33 | run: npm run build && npm run babel |
40 | | - - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies |
| 34 | + - name: Verify provenance |
41 | 35 | run: npm audit signatures |
42 | 36 | - name: Release |
43 | 37 | env: |
44 | 38 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
45 | 39 | NPM_TOKEN: ${{ secrets.NPM_TOKEN }} |
46 | 40 | run: | |
47 | | - npm install -g @semantic-release/changelog @semantic-release/git semantic-release |
48 | | - GITHUB_REF=${{ env.GITHUB_TRIGGER_REF }} semantic-release |
49 | | - echo release success |
50 | | - - name: Notify |
51 | | - run: | |
52 | | - curl -s ${{ secrets.GITEE_SYNC_URL }} |
| 41 | + npm install -g @semantic-release/changelog @semantic-release/git semantic-release |
| 42 | + semantic-release |
0 commit comments