-
Notifications
You must be signed in to change notification settings - Fork 0
123 lines (113 loc) · 3.63 KB
/
Copy pathrelease.yml
File metadata and controls
123 lines (113 loc) · 3.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: Release
on:
push:
branches: [main]
paths: [VERSION]
workflow_dispatch:
inputs:
publish_to_npm:
description: Publish the current VERSION to npm after verification
required: true
default: false
type: boolean
concurrency:
group: release-${{ github.repository }}-${{ github.ref }}
cancel-in-progress: false
permissions:
contents: read
jobs:
release-ref:
name: Release ref
if: >-
github.event_name == 'workflow_dispatch'
&& inputs.publish_to_npm
&& github.ref != 'refs/heads/main'
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- run: |
echo "::error::Manual npm publishing must run from main."
exit 1
preflight:
name: Preflight
if: >-
github.event_name != 'workflow_dispatch'
|| inputs.publish_to_npm != true
|| github.ref == 'refs/heads/main'
uses: stella/.github/.github/workflows/npm-version-preflight.yml@1cf2d8c99d478e37c653dbe25816bfe5b26157ce
with:
package-files: package.json
publish-to-npm: >-
${{ github.event_name == 'push'
|| (inputs.publish_to_npm && github.ref == 'refs/heads/main') }}
verify:
name: Verify
needs: preflight
if: needs.preflight.outputs.already-released != 'true'
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: "22.21.1"
- uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2
- run: bun install --frozen-lockfile
- run: bun run version:check
- run: bun run lint
- run: bun test
- run: bun run typecheck
- run: bun run build
- run: bun run sync-exports:check
- run: ORACLE_SAMPLES=500 bun run oracle
- run: npm pack --json --ignore-scripts --dry-run
pack:
name: Pack
needs: [preflight, verify]
if: needs.preflight.outputs.already-released != 'true'
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: "22.21.1"
- uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2
- run: bun install --frozen-lockfile
- run: bun run build
- name: Pack release tarball
shell: bash
run: |
set -euo pipefail
mkdir -p release-artifacts
npm pack --json --ignore-scripts --pack-destination release-artifacts
(
cd release-artifacts
sha256sum -- ./*.tgz > SHA256SUMS
)
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: release-artifacts
path: release-artifacts
if-no-files-found: error
finalize:
name: Finalize
needs: [preflight, pack]
if: >-
needs.preflight.outputs.already-released != 'true'
&& (github.event_name == 'push'
|| (inputs.publish_to_npm && github.ref == 'refs/heads/main'))
uses: stella/.github/.github/workflows/npm-version-finalize.yml@1cf2d8c99d478e37c653dbe25816bfe5b26157ce
with:
package-files: package.json
publish-to-npm: >-
${{ github.event_name == 'push'
|| (inputs.publish_to_npm && github.ref == 'refs/heads/main') }}
permissions:
contents: write
id-token: write
pull-requests: write
secrets: inherit