From 87125758c0697e49399a5f4a34a8b7c311cb29fa Mon Sep 17 00:00:00 2001 From: Kien Nguyen Date: Mon, 23 Sep 2024 22:07:51 +0200 Subject: [PATCH] =?UTF-8?q?=E2=9A=99=EF=B8=8F=20(jfrog):=20Add=20postpack?= =?UTF-8?q?=20step?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/release.yml | 68 ++++++++++++----------------------- 1 file changed, 22 insertions(+), 46 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5ec5247a0..525d9221d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,12 +1,14 @@ name: publish npm packages on: - push: - branches: - - main + pull_request: + # push: + # branches: + # - main env: FORCE_COLOR: "1" - NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ldk-npm-prod-public + # NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ldk-npm-prod-public + NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ldk-npm-sandbox-green permissions: id-token: write @@ -22,26 +24,26 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/setup-toolchain-composite + # - uses: ./.github/actions/setup-toolchain-composite - - name: install dependencies - run: pnpm install + # - name: install dependencies + # run: pnpm install - - name: build libraries - run: pnpm build + # - name: build libraries + # run: pnpm build - - name: Login to internal JFrog registry - id: jfrog-login - uses: LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1 + # - name: Login to internal JFrog registry + # id: jfrog-login + # uses: LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1 - - name: Setup npm config for JFrog - env: - NPM_REGISTRY_TOKEN: ${{ steps.jfrog-login.outputs.oidc-token }} - run: | - cat << EOF | tee .npmrc - registry=https://${NPM_REGISTRY}/ - //${NPM_REGISTRY}/:_authToken=${NPM_REGISTRY_TOKEN} - EOF + # - name: Setup npm config for JFrog + # env: + # NPM_REGISTRY_TOKEN: ${{ steps.jfrog-login.outputs.oidc-token }} + # run: | + # cat << EOF | tee .npmrc + # registry=https://${NPM_REGISTRY}/ + # //${NPM_REGISTRY}/:_authToken=${NPM_REGISTRY_TOKEN} + # EOF - name: Publish id: changesets @@ -51,32 +53,6 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }} - - name: Download published packages to attest and sign - if: steps.changesets.outputs.published == 'true' - env: - PUBLISHED_PACKAGE_JSON: published-packages.json - run: | - # Extract packages name - # output will be in the form of: [{"name":"@ledgerhq/package-name","version":"X.X.X"}] - cat << EOF | tee $PUBLISHED_PACKAGE_JSON - ${{ steps.changesets.outputs.publishedPackages }} - EOF - - # Create dist directory - mkdir -p dist - - # Loop over package names and download the tarball into dist directory - for row in $(cat $PUBLISHED_PACKAGE_JSON | jq -r '.[] | @text'); do - PACKAGE_NAME=$(echo $row| jq -r '.name') - PACKAGE_VERSION=$(echo $row | jq -r '.version') - PACKAGE_NAME_BASENAME=$(basename ${PACKAGE_NAME}) - - echo -e "\033[0;32mDownload artifact from\033[0m https://${NPM_REGISTRY}/${PACKAGE_NAME}/-/${PACKAGE_NAME}-${PACKAGE_VERSION}.tgz" - curl -H "Authorization: Bearer ${{ steps.jfrog-login.outputs.oidc-token }}" \ - -o dist/${PACKAGE_NAME_BASENAME}-${PACKAGE_VERSION}.tgz \ - https://${NPM_REGISTRY}/${PACKAGE_NAME}/-/${PACKAGE_NAME}-${PACKAGE_VERSION}.tgz - done - - name: Attest tarball if: steps.changesets.outputs.published == 'true' uses: LedgerHQ/actions-security/actions/attest@actions/attest-1