Skip to content

Commit

Permalink
⚙️ (jfrog): Disable github release
Browse files Browse the repository at this point in the history
  • Loading branch information
dedsxc committed Sep 20, 2024
1 parent e339e77 commit de8868c
Showing 1 changed file with 36 additions and 19 deletions.
55 changes: 36 additions & 19 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ on:

env:
FORCE_COLOR: "1"
# NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ldk-npm-prod-public
NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ldk-npm-sandbox-green

permissions:
id-token: write
Expand Down Expand Up @@ -34,8 +36,6 @@ jobs:

- name: Setup npm config for JFrog
env:
# NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ldk-npm-prod-public
NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ldk-npm-sandbox-green
NPM_REGISTRY_TOKEN: ${{ steps.jfrog-login.outputs.oidc-token }}
run: |
cat << EOF | tee .npmrc
Expand All @@ -50,29 +50,46 @@ jobs:
with:
publish: pnpm release
# to remove
title: "⚙️ (release) [NO-ISSUE]: Version packages"
commit: "⚙️ (release): Version packages"
branch: feat/no-issue-jfrog-attest-sign-package
createGithubReleases: false
env:
GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }}

- name: Download published packages to attest and sign
# if: steps.changesets.outputs.published == 'true'
if: steps.changesets.outputs.published == 'true'
run: |
# Extract package name
PACKAGE_NAME=${{ steps.changesets.outputs.publishedPackages }}
# output will be in the form of
# [{"name":"@ledgerhq/device-sdk-core","version":"0.4.0"}]
cat << EOF | tee published-packages.json
${{ steps.changesets.outputs.publishedPackages }}
EOF
PACKAGE_NAME=$(cat published-packages.json | jq -r '.[0].name')
PACKAGE_VERSION=$(cat published-packages.json | jq -r '.[0].version')
PACKAGE_NAME_BASENAME=$(basename ${PACKAGE_NAME})
echo $PACKAGE_NAME
mkdir dist
# - name: Attest tarball
# if: steps.changesets.outputs.published == 'true'
# uses: LedgerHQ/actions-security/actions/attest@actions/attest-1
# with:
# subject-path: ./dist
# push-to-registry: true
# Create dist directory
mkdir -p dist
ls -al
echo -e "\033[0;32mDownload artifact from\033[0m https://${NPM_REGISTRY}/${PACKAGE_NAME}/-/${PACKAGE_NAME}-${PACKAGE_VERSION}.tgz"
curl -H "Authorization: Bearer ${{ steps.jfrog-login.outputs.oidc-token }}" \
-o dist/${PACKAGE_NAME_BASENAME}-${PACKAGE_VERSION}.tgz \
https://${NPM_REGISTRY}/${PACKAGE_NAME}/-/${PACKAGE_NAME}-${PACKAGE_VERSION}.tgz
ls -al dist
# - name: Sign tarball
# if: steps.changesets.outputs.published == 'true'
# uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
# with:
# path: ./dist
- name: Attest tarball
if: steps.changesets.outputs.published == 'true'
uses: LedgerHQ/actions-security/actions/attest@actions/attest-1
with:
subject-path: ./dist
push-to-registry: true

# The action currently doesn't support pushing the blob to the registry
- name: Sign tarball
if: steps.changesets.outputs.published == 'true'
uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
with:
path: ./dist

0 comments on commit de8868c

Please sign in to comment.