From fb746c79fe0a9efe63c29d1980ebe7630b82a9ef Mon Sep 17 00:00:00 2001 From: "Philip M. Gollucci" Date: Fri, 1 Nov 2024 11:16:30 -0500 Subject: [PATCH] ci: move p6m7g8-actions/cdk-construct-release (#36) --- .github/workflows/release.yml | 230 +++------------------------------- 1 file changed, 15 insertions(+), 215 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f210ce0..73c41f7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,221 +9,21 @@ on: jobs: release: runs-on: ubuntu-latest - if: ${{ !contains(github.event.head_commit.message, 'chore(release):') }} - steps: - - name: no-op - run: echo "No-op" - - release_github: - name: Release to Github - needs: release - runs-on: ubuntu-latest - outputs: - bump: ${{ steps.bump.outputs.bump }} - if: ${{ !contains(github.event.head_commit.message, 'chore(release):') }} - steps: - - name: Checkout code - uses: actions/checkout@v4.2.2 - with: - fetch-depth: 0 - - name: Bump version - id: bump - run: | - bin/version.bash - if grep -E "^- (chore|fix|feat|major)\!*" dist/changelog.md; then - echo "bump=true" >> $GITHUB_OUTPUT - else - echo "bump=false" >> $GITHUB_OUTPUT - fi - - name: Github Release - if: ${{ steps.bump.outputs.bump == 'true' }} - env: - GITHUB_TOKEN: ${{ secrets.P6_A_GH_TOKEN }} - GITHUB_REPOSITORY: ${{ github.repository }} - GITHUB_REF: ${{ github.ref }} - run: | - TAG_NAME=$(cat dist/releasetag.txt) - - if gh release view "$TAG_NAME" -R "$GITHUB_REPOSITORY" > /dev/null 2>&1; then - echo "Release with tag $TAG_NAME already exists. Skipping release creation." - else - gh release create "$TAG_NAME" -R "$GITHUB_REPOSITORY" -F dist/changelog.md -t "$TAG_NAME" --target "$GITHUB_REF" - echo "Release with tag $TAG_NAME created successfully." - fi - - release_npmjs: - name: Release to NPM JS - needs: release_github - runs-on: ubuntu-latest - container: - image: jsii/superchain:1-bookworm-slim-node22 - if: ${{ needs.release_github.outputs.bump == 'true' && !contains(github.event.head_commit.message, 'chore(release):') }} - steps: - - name: Checkout code - uses: actions/checkout@v4.2.2 - with: - fetch-depth: 0 - - name: Restore NPM node_modules - uses: actions/cache/restore@v4.1.2 - with: - path: node_modules - key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }} - restore-keys: | - ${{ runner.os }}-node_modules- - - name: Install node_modules - run: | - sudo corepack enable - yarn install - - name: Cache NPM node_modules - uses: actions/cache@v4.1.2 - with: - path: node_modules - key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }} - restore-keys: | - ${{ runner.os }}-node_modules- - - name: Bump version - run: bin/version.bash - - name: Compile - run: yarn run compile - - name: JSII Pacmak JS - run: yarn run jsii:pacmak:js - - name: Publish to NPM - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - run: yarn run publish:npm - - release_pypi: - name: Release to PYPI - needs: release_github - runs-on: ubuntu-latest - container: - image: jsii/superchain:1-bookworm-slim-node22 - if: ${{ needs.release_github.outputs.bump == 'true' && !contains(github.event.head_commit.message, 'chore(release):') }} - steps: - - name: Checkout code - uses: actions/checkout@v4.2.2 - with: - fetch-depth: 0 - - name: Setup Python - uses: actions/setup-python@v5.3.0 - with: - python-version: '3.x' - - name: Restore NPM node_modules - uses: actions/cache/restore@v4.1.2 - with: - path: node_modules - key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }} - restore-keys: | - ${{ runner.os }}-node_modules- - - name: Install node_modules - run: | - sudo corepack enable - yarn install - - name: Cache NPM node_modules - uses: actions/cache@v4.1.2 - with: - path: node_modules - key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }} - restore-keys: | - ${{ runner.os }}-node_modules- - - name: Bump version - run: bin/version.bash - - name: Compile - run: yarn run compile - - name: JSII Pacmak PY - run: yarn run jsii:pacmak:py - - name: Publish to PYPI - env: - TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} - TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} - run: yarn run publish:pypi - - release_nuget: - name: Release to Nuget - needs: release_github - runs-on: ubuntu-latest - container: - image: jsii/superchain:1-bookworm-slim-node22 - if: ${{ needs.release_github.outputs.bump == 'true' && !contains(github.event.head_commit.message, 'chore(release):') }} - steps: - - name: Checkout code - uses: actions/checkout@v4.2.2 - with: - fetch-depth: 0 - - name: Restore NPM node_modules - uses: actions/cache/restore@v4.1.2 - with: - path: node_modules - key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }} - restore-keys: | - ${{ runner.os }}-node_modules- - - name: Install node_modules - run: | - sudo corepack enable - yarn install - - name: Cache NPM node_modules - uses: actions/cache@v4.1.2 - with: - path: node_modules - key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }} - restore-keys: | - ${{ runner.os }}-node_modules- - - name: Bump version - run: bin/version.bash - - name: Compile - run: yarn run compile - - name: JSII Pacmak PY - run: yarn run jsii:pacmak:dotnet - - name: Publish to Nuget - env: - NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }} - run: | - yarn run publish:nuget - - release_golang: - name: Release to GoLang - needs: release_github - runs-on: ubuntu-latest + permissions: + id-token: write container: image: jsii/superchain:1-bookworm-slim-node22 - if: ${{ needs.release_github.outputs.bump == 'true' && !contains(github.event.head_commit.message, 'chore(release):') }} steps: - - name: Checkout code - uses: actions/checkout@v4.2.2 - with: - fetch-depth: 0 - - name: Restore NPM node_modules - uses: actions/cache/restore@v4.1.2 - with: - path: node_modules - key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }} - restore-keys: | - ${{ runner.os }}-node_modules- - - name: Install node_modules - run: | - sudo corepack enable - yarn install - - name: Cache NPM node_modules - uses: actions/cache@v4.1.2 - with: - path: node_modules - key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }} - restore-keys: | - ${{ runner.os }}-node_modules- - - name: Bump version - run: bin/version.bash - - name: Compile - run: yarn run compile - - name: JSII Pacmak GoLang - run: yarn run jsii:pacmak:go - - name: Publish to GoLang - env: - GIT_USER_NAME: github-actions - GIT_USER_EMAIL: github-actions@github.com - GH_TOKEN: ${{ secrets.GO_GITHUB_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GO_GITHUB_TOKEN }} - run: | - git config --global user.name "$GIT_USER_NAME" - git config --global user.email "$GIT_USER_EMAIL" - git remote set-url origin "https://$GH_TOKEN@github.com/$GITHUB_REPOSITORY.git" - yarn run publish:golang + - name: CDK Construct Build & Release + uses: p6m7g8-actions/cdk-consruct-release@main + with: + aws_region: ${{ secrets.CDK_DEPLOY_REGION }} + aws_role: ${{ secrets.AWS_ROLE }} + aws_session_name: ${{ secrets.AWS_SESSION_NAME }} + cdk_deploy_account: ${{ secrets.CDK_DEPLOY_ACCOUNT }} + cdk_deploy_region: ${{ secrets.CDK_DEPLOY_REGION }} + npm_token: ${{ secrets.NPM_TOKEN }} + twine_username: ${{ secrets.TWINE_USERNAME }} + twine_password: ${{ secrets.TWINE_PASSWORD }} + nuget_api_key: ${{ secrets.NUGET_API_KEY }} + go_github_token: ${{ secrets.GO_GITHUB_TOKEN }}