-
Notifications
You must be signed in to change notification settings - Fork 4
69 lines (58 loc) · 1.89 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
name: publish npm packages
on:
pull_request:
# push:
# branches:
# - main
env:
FORCE_COLOR: "1"
# NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ldk-npm-prod-public
NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ldk-npm-sandbox-green
permissions:
id-token: write
contents: write
pull-requests: write
# Need to attest artifacts
attestations: write
jobs:
publish:
# environment: Production
runs-on: ledgerhq-shared-medium
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-toolchain-composite
- name: install dependencies
run: pnpm install
- name: build libraries
run: pnpm build
- name: Login to internal JFrog registry
id: jfrog-login
uses: LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1
- name: Setup npm config for JFrog
env:
NPM_REGISTRY_TOKEN: ${{ steps.jfrog-login.outputs.oidc-token }}
run: |
cat << EOF | tee .npmrc
registry=https://${NPM_REGISTRY}/
//${NPM_REGISTRY}/:_authToken=${NPM_REGISTRY_TOKEN}
EOF
- name: Publish
id: changesets
uses: changesets/action@v1
with:
publish: pnpm release
branch: fix/no-issue-jfrog-attest-sign-package
createGithubReleases: false
env:
GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }}
- name: Attest tarball
if: steps.changesets.outputs.published == 'true'
uses: LedgerHQ/actions-security/actions/attest@actions/attest-1
with:
subject-path: ./dist
# The action currently doesn't support pushing the blob to the registry
- name: Sign tarball
if: steps.changesets.outputs.published == 'true'
uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
with:
path: ./dist