Skip to content

Commit

Permalink
⚙️ (jfrog): Add postpack step
Browse files Browse the repository at this point in the history
  • Loading branch information
dedsxc committed Sep 23, 2024
1 parent 307674d commit 0721523
Showing 1 changed file with 14 additions and 47 deletions.
61 changes: 14 additions & 47 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,11 @@ jobs:
id: jfrog-login
uses: LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1

- name: Setup npm config for JFrog
- name: Setup npm config for JFrog and prepare dist folder
env:
NPM_REGISTRY_TOKEN: ${{ steps.jfrog-login.outputs.oidc-token }}
run: |
mkdir -p dist
cat << EOF | tee .npmrc
registry=https://${NPM_REGISTRY}/
//${NPM_REGISTRY}/:_authToken=${NPM_REGISTRY_TOKEN}
Expand All @@ -49,55 +50,21 @@ jobs:
id: changesets
uses: changesets/action@v1
with:
# publish: pnpm release
publish: pnpm release
branch: fix/no-issue-jfrog-attest-sign-package
createGithubReleases: false
env:
GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }}

- name: Publish
if: steps.changesets.outputs.hasChangesets == 'false'
run: |
mkdir -p dist
pnpm recursive exec -- pnpm pack --pack-destination dist
ls -al dist
pnpm publish -r
# - name: Download published packages to attest and sign
# if: steps.changesets.outputs.published == 'true'
# env:
# PUBLISHED_PACKAGE_JSON: published-packages.json
# run: |
# # Extract packages name
# # output will be in the form of: [{"name":"@ledgerhq/package-name","version":"X.X.X"}]
# cat << EOF | tee $PUBLISHED_PACKAGE_JSON
# ${{ steps.changesets.outputs.publishedPackages }}
# EOF

# # Create dist directory
# mkdir -p dist

# # Loop over package names and download the tarball into dist directory
# for row in $(cat $PUBLISHED_PACKAGE_JSON | jq -r '.[] | @text'); do
# PACKAGE_NAME=$(echo $row| jq -r '.name')
# PACKAGE_VERSION=$(echo $row | jq -r '.version')
# PACKAGE_NAME_BASENAME=$(basename ${PACKAGE_NAME})

# echo -e "\033[0;32mDownload artifact from\033[0m https://${NPM_REGISTRY}/${PACKAGE_NAME}/-/${PACKAGE_NAME}-${PACKAGE_VERSION}.tgz"
# curl -H "Authorization: Bearer ${{ steps.jfrog-login.outputs.oidc-token }}" \
# -o dist/${PACKAGE_NAME_BASENAME}-${PACKAGE_VERSION}.tgz \
# https://${NPM_REGISTRY}/${PACKAGE_NAME}/-/${PACKAGE_NAME}-${PACKAGE_VERSION}.tgz
# done

# - name: Attest tarball
# if: steps.changesets.outputs.published == 'true'
# uses: LedgerHQ/actions-security/actions/attest@actions/attest-1
# with:
# subject-path: ./dist
- name: Attest tarball
if: steps.changesets.outputs.published == 'true'
uses: LedgerHQ/actions-security/actions/attest@actions/attest-1
with:
subject-path: ./dist

# # The action currently doesn't support pushing the blob to the registry
# - name: Sign tarball
# if: steps.changesets.outputs.published == 'true'
# uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
# with:
# path: ./dist
# The action currently doesn't support pushing the blob to the registry
- name: Sign tarball
if: steps.changesets.outputs.published == 'true'
uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
with:
path: ./dist

0 comments on commit 0721523

Please sign in to comment.