From 07215236895e71c3af1fd6accb79a04e52b56aea Mon Sep 17 00:00:00 2001 From: Kien Nguyen Date: Mon, 23 Sep 2024 18:14:27 +0200 Subject: [PATCH] =?UTF-8?q?=E2=9A=99=EF=B8=8F=20(jfrog):=20Add=20postpack?= =?UTF-8?q?=20step?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/release.yml | 61 ++++++++--------------------------- 1 file changed, 14 insertions(+), 47 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 35fd2fc06..aa6de75c7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -36,10 +36,11 @@ jobs: id: jfrog-login uses: LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1 - - name: Setup npm config for JFrog + - name: Setup npm config for JFrog and prepare dist folder env: NPM_REGISTRY_TOKEN: ${{ steps.jfrog-login.outputs.oidc-token }} run: | + mkdir -p dist cat << EOF | tee .npmrc registry=https://${NPM_REGISTRY}/ //${NPM_REGISTRY}/:_authToken=${NPM_REGISTRY_TOKEN} @@ -49,55 +50,21 @@ jobs: id: changesets uses: changesets/action@v1 with: - # publish: pnpm release + publish: pnpm release branch: fix/no-issue-jfrog-attest-sign-package createGithubReleases: false env: GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }} - - name: Publish - if: steps.changesets.outputs.hasChangesets == 'false' - run: | - mkdir -p dist - pnpm recursive exec -- pnpm pack --pack-destination dist - ls -al dist - pnpm publish -r - - # - name: Download published packages to attest and sign - # if: steps.changesets.outputs.published == 'true' - # env: - # PUBLISHED_PACKAGE_JSON: published-packages.json - # run: | - # # Extract packages name - # # output will be in the form of: [{"name":"@ledgerhq/package-name","version":"X.X.X"}] - # cat << EOF | tee $PUBLISHED_PACKAGE_JSON - # ${{ steps.changesets.outputs.publishedPackages }} - # EOF - - # # Create dist directory - # mkdir -p dist - - # # Loop over package names and download the tarball into dist directory - # for row in $(cat $PUBLISHED_PACKAGE_JSON | jq -r '.[] | @text'); do - # PACKAGE_NAME=$(echo $row| jq -r '.name') - # PACKAGE_VERSION=$(echo $row | jq -r '.version') - # PACKAGE_NAME_BASENAME=$(basename ${PACKAGE_NAME}) - - # echo -e "\033[0;32mDownload artifact from\033[0m https://${NPM_REGISTRY}/${PACKAGE_NAME}/-/${PACKAGE_NAME}-${PACKAGE_VERSION}.tgz" - # curl -H "Authorization: Bearer ${{ steps.jfrog-login.outputs.oidc-token }}" \ - # -o dist/${PACKAGE_NAME_BASENAME}-${PACKAGE_VERSION}.tgz \ - # https://${NPM_REGISTRY}/${PACKAGE_NAME}/-/${PACKAGE_NAME}-${PACKAGE_VERSION}.tgz - # done - - # - name: Attest tarball - # if: steps.changesets.outputs.published == 'true' - # uses: LedgerHQ/actions-security/actions/attest@actions/attest-1 - # with: - # subject-path: ./dist + - name: Attest tarball + if: steps.changesets.outputs.published == 'true' + uses: LedgerHQ/actions-security/actions/attest@actions/attest-1 + with: + subject-path: ./dist - # # The action currently doesn't support pushing the blob to the registry - # - name: Sign tarball - # if: steps.changesets.outputs.published == 'true' - # uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1 - # with: - # path: ./dist + # The action currently doesn't support pushing the blob to the registry + - name: Sign tarball + if: steps.changesets.outputs.published == 'true' + uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1 + with: + path: ./dist