Make Release #43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Make Release | |
| on: | |
| workflow_dispatch: {} | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: on-release-publish | |
| jobs: | |
| run-unit-tests: | |
| uses: ./.github/workflows/reusable-run-linting-check-and-unit-tests.yml | |
| publish-npm: | |
| needs: run-unit-tests | |
| # Needed as recommended by npm docs on publishing with provenance https://docs.npmjs.com/generating-provenance-statements | |
| permissions: | |
| id-token: write | |
| contents: write | |
| environment: Release | |
| runs-on: ubuntu-latest | |
| outputs: | |
| RELEASE_VERSION: ${{ steps.set-release-version.outputs.RELEASE_VERSION }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| # Here `token` is needed to avoid incurring in error GH006 Protected Branch Update Failed, | |
| token: ${{ secrets.GH_PUBLISH_TOKEN }} | |
| # While `fetch-depth` is used to allow the workflow to later commit & push the changes. | |
| fetch-depth: 0 | |
| - name: Setup NodeJS | |
| uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 | |
| with: | |
| node-version: "20" | |
| cache: "npm" | |
| - name: Setup auth tokens | |
| run: | | |
| git config --global user.name 'github-actions[bot]' | |
| git config --global user.email 'github-actions[bot]@users.noreply.github.com' | |
| git remote set-url origin https://x-access-token:${{ secrets.GH_PUBLISH_TOKEN }}@github.com/$GITHUB_REPOSITORY | |
| npm set "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" | |
| - name: Setup dependencies | |
| uses: ./.github/actions/cached-node-modules | |
| - name: Version | |
| run: | | |
| npx lerna version minor --force-publish --no-commit-hooks --yes | |
| - name: Publish to npm | |
| run: | | |
| NPM_CONFIG_PROVENANCE=true npx lerna publish from-git --yes | |
| - name: Set release version | |
| id: set-release-version | |
| run: | | |
| VERSION=$(cat lerna.json | jq .version -r) | |
| echo RELEASE_VERSION="$VERSION" >> "$GITHUB_OUTPUT" | |
| # NOTE: Watch out for the depth limit of 4 nested workflow_calls. | |
| # publish_layer -> reusable_deploy_layer_stack -> reusable_update_layer_arn_docs | |
| publish_layer: | |
| needs: publish-npm | |
| secrets: inherit | |
| permissions: | |
| id-token: write | |
| contents: write | |
| pages: write | |
| uses: ./.github/workflows/publish_layer.yml | |
| with: | |
| latest_published_version: ${{ needs.publish-npm.outputs.RELEASE_VERSION }} |