From 9839a423b913df312445922f29be2e09b150d2e5 Mon Sep 17 00:00:00 2001 From: Kien Nguyen Date: Thu, 19 Sep 2024 18:11:17 +0200 Subject: [PATCH] =?UTF-8?q?=E2=9A=99=EF=B8=8F=20(jfrog):=20Disable=20githu?= =?UTF-8?q?b=20release?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/release.yml | 39 +++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 70dfb5464..7520ea336 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,6 +7,8 @@ on: env: FORCE_COLOR: "1" + # NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ldk-npm-prod-public + NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ldk-npm-sandbox-green permissions: id-token: write @@ -34,8 +36,6 @@ jobs: - name: Setup npm config for JFrog env: - # NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ldk-npm-prod-public - NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ldk-npm-sandbox-green NPM_REGISTRY_TOKEN: ${{ steps.jfrog-login.outputs.oidc-token }} run: | cat << EOF | tee .npmrc @@ -50,26 +50,39 @@ jobs: with: publish: pnpm release # to remove + title: "⚙️ (release) [NO-ISSUE]: Version packages" + commit: "⚙️ (release): Version packages" branch: feat/no-issue-jfrog-attest-sign-package + createGithubReleases: false env: GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }} - name: Download published packages to attest and sign - # if: steps.changesets.outputs.published == 'true' + if: steps.changesets.outputs.published == 'true' run: | # Extract package name - PACKAGE_NAME=${{ steps.changesets.outputs.publishedPackages }} + # output will be in the form of + # [{"name":"@ledgerhq/device-sdk-core","version":"0.4.0"}] + cat << EOF | tee published-packages.json + ${{ steps.changesets.outputs.publishedPackages }} + EOF + PACKAGE_NAME=$(cat published-packages.json | jq -r '.[0].name') + PACKAGE_VERSION=$(cat published-packages.json | jq -r '.[0].version') - echo $PACKAGE_NAME - - mkdir dist + ls -al + # Create dist directory + mkdir -p dist + echo "https://${NPM_REGISTRY}/${PACKAGE_NAME}/-/${PACKAGE_NAME}-{PACKAGE_VERSION}.tgz" + curl -s --output dist/${PACKAGE_NAME}-{PACKAGE_VERSION}.tgz https://${NPM_REGISTRY}/${PACKAGE_NAME}/-/${PACKAGE_NAME}-{PACKAGE_VERSION}.tgz + + ls -al dist - # - name: Attest tarball - # if: steps.changesets.outputs.published == 'true' - # uses: LedgerHQ/actions-security/actions/attest@actions/attest-1 - # with: - # subject-path: ./dist - # push-to-registry: true + - name: Attest tarball + if: steps.changesets.outputs.published == 'true' + uses: LedgerHQ/actions-security/actions/attest@actions/attest-1 + with: + subject-path: ./dist + push-to-registry: true # - name: Sign tarball # if: steps.changesets.outputs.published == 'true'