-
Notifications
You must be signed in to change notification settings - Fork 0
133 lines (123 loc) · 3.9 KB
/
build-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: build-release
on:
pull_request:
types:
- opened
- reopened
- edited
- synchronize
push:
branches:
- 'main'
paths:
- '.github/workflows/build-release.yml'
- 'cmd/**'
- 'pkg/**'
- 'internal/**'
- 'go.mod'
- 'go.sum'
- 'templates/**'
- 'tests/**'
- 'manifest.yaml'
- 'stencil.yaml'
- '.goreleaser.yaml'
- '.mise.toml'
env:
GH_ROLE_ARN: arn:aws:iam::602046956384:role/GithubActions-github-actions-services-repos-Role
jobs:
build-and-test:
name: Build and Test
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
actions: read
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::602046956384:role/GithubActions-github-actions-services-repos-Role
aws-region: 'us-east-1'
- name: Get Github Secrets from Secrets manager
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
GITHUB_CUE_APP_KEY
## <<Stencil::Block(getMoreCiSecrets)>>
## <</Stencil::Block>>
- name: Generate a token
id: generate_token
uses: actions/create-github-app-token@v1
with:
app-id: 407179
private-key: ${{ env.GITHUB_CUE_APP_KEY }}
owner: udemy
- name: Set git Credentials
run: |
git config --global "url.https://udemy:${{ steps.generate_token.outputs.token }}@github.com/.insteadOf" https://github.com/
- name: Checkout
uses: actions/checkout@v4
with:
persist-credentials: false
token: ${{ steps.generate_token.outputs.token }}
# These two required for builds to successfully amend commits
ref: ${{ github.head_ref }}
fetch-depth: 2
- name: Install Tool Versions
uses: jdx/mise-action@052520c41a328779551db19a76697ffa34f3eabc
with:
experimental: true
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Stencil
uses: rgst-io/stencil-action@34abb7be7ca3847f233bd9c38f1da71b30556c35
with:
github-token: ${{ github.token }}
version: 'latest'
## <<Stencil::Block(buildtestauth)>>
## <</Stencil::Block>>
- name: Build Test repo
run: mise run buildtest
env:
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
## <<Stencil::Block(buildTestEnvVars)>>
## <</Stencil::Block>>
- name: Run Tests
run: mise run runtest
env:
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
## <<Stencil::Block(runTestEnvVars)>>
## <</Stencil::Block>>
## <<Stencil::Block(buildteststeps)>>
## <</Stencil::Block>>
build-release:
name: Build and Release
if: ${{ github.ref == 'refs/heads/main' }} # Only run on main branch commits
needs: build-and-test
runs-on: ubuntu-latest
permissions: write-all
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
fetch-tags: true
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set git User
run: |
git config user.name github-actions
git config user.email [email protected]
- name: Install Tool Versions
uses: jdx/mise-action@052520c41a328779551db19a76697ffa34f3eabc
with:
experimental: true
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Semantic-Release
run: yarn install
- name: Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: npx semantic-release
## <<Stencil::Block(extraActions)>>
## <</Stencil::Block>>