-
Notifications
You must be signed in to change notification settings - Fork 2
152 lines (151 loc) · 5.21 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: release
on:
push:
branches:
- main
workflow_dispatch: {}
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
outputs:
latest_commit: ${{ steps.git_remote.outputs.latest_commit }}
tag_exists: ${{ steps.check_tag_exists.outputs.exists }}
env:
CI: "true"
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set git identity
run: |-
git config user.name "github-actions"
git config user.email "[email protected]"
- name: Install dependencies
run: npm ci
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ vars.AWS_ROLE }}
aws-region: ${{ vars.AWS_REGION }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ vars.AWS_ROLE }}
aws-region: ${{ vars.AWS_REGION }}
- name: release
run: npx projen release
- name: Check if version has already been tagged
id: check_tag_exists
run: |-
TAG=$(cat dist/releasetag.txt)
([ ! -z "$TAG" ] && git ls-remote -q --exit-code --tags origin $TAG && (echo "exists=true" >> $GITHUB_OUTPUT)) || (echo "exists=false" >> $GITHUB_OUTPUT)
cat $GITHUB_OUTPUT
- name: Check for new commits
id: git_remote
run: |-
echo "latest_commit=$(git ls-remote origin -h ${{ github.ref }} | cut -f1)" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
- name: Backup artifact permissions
if: ${{ steps.git_remote.outputs.latest_commit == github.sha }}
run: cd dist && getfacl -R . > permissions-backup.acl
continue-on-error: true
- name: Upload artifact
if: ${{ steps.git_remote.outputs.latest_commit == github.sha }}
uses: actions/upload-artifact@v4
with:
name: build-artifact
path: dist
overwrite: true
release_github:
name: Publish to GitHub Releases
needs: test_list
runs-on: ubuntu-latest
permissions:
contents: write
if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
steps:
- uses: actions/setup-node@v4
with:
node-version: 18.x
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
id: branch_exists
uses: actions/checkout@v3
with:
path: repo
fetch-depth: 0
ref: latest
continue-on-error: true
- name: Checkout
if: steps.branch_exists.outcome != 'success'
uses: actions/checkout@v3
with:
path: repo
fetch-depth: 0
- name: Checkout
uses: actions/checkout@v3
with:
path: main
- name: Create a branch if necessary
if: steps.branch_exists.outcome != 'success'
run: git switch --orphan latest
working-directory: ./repo
- run: mv ./repo/.git ./.git
- run: ls -la
- run: cp ./main/action.yml action.yml
- run: cp ./main/README.md README.md
- id: major
run: echo "version=$(cut -d '.' -f 1 dist/version.txt)" >> $GITHUB_OUTPUT
- id: commit
uses: EndBug/add-and-commit@v9
with:
push: origin latest --set-upstream --force
add: dist action.yml README.md
tag: v${{ steps.major.outputs.version }} --force
tag_push: --force
- name: Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REPOSITORY: ${{ github.repository }}
GITHUB_REF: ${{ github.sha }}
run: errout=$(mktemp); gh release create $(cat dist/releasetag.txt) -R $GITHUB_REPOSITORY -F dist/changelog.md -t $(cat dist/releasetag.txt) --target ${{ steps.commit.outputs.commit_long_sha }} 2> $errout && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" $errout; then cat $errout; exit $exitcode; fi
if: steps.commit.outputs.committed == 'true'
test_list:
needs: release
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
env:
CI: "true"
steps:
- uses: actions/checkout@v4
with:
ref: latest
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ vars.AWS_ROLE }}
aws-region: ${{ vars.AWS_REGION }}
- run: |-
mkdir ${{ runner.temp }}/test/
touch ${{ runner.temp }}/test/foo.bar
- uses: ./
with:
source: ${{ runner.temp }}/test
target: s3://${{ vars.AWS_BUCKET }}/
distribution: ${{ vars.AWS_DISTRIBUTION }}
s3args: --exact-timestamps
- run: aws s3 rm s3://${{ vars.AWS_BUCKET }}/ --recursive