Continuous Delivery #253
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Delivery | |
| on: | |
| workflow_run: | |
| workflows: ["Continuous Integration"] | |
| types: [completed] | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| jobs: | |
| fetch-version: | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| release_version: ${{ steps.get_version.outputs.VERSION }} | |
| is_release: ${{ steps.check_snapshot.outputs.RELEASE }} | |
| steps: | |
| - name: π‘οΈ Harden the runner | |
| uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 | |
| with: | |
| egress-policy: audit | |
| - name: π¦ Checkout code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: π³ Setup Node.js | |
| uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 | |
| with: | |
| node-version: "24.11.0" | |
| - name: π·οΈ Get package version | |
| id: get_version | |
| run: echo "VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT | |
| - name: π Check if version is SNAPSHOT | |
| id: check_snapshot | |
| run: | | |
| VERSION="${{ steps.get_version.outputs.VERSION }}" | |
| if [[ "$VERSION" == *"-SNAPSHOT"* ]]; then | |
| echo "RELEASE=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "RELEASE=true" >> $GITHUB_OUTPUT | |
| fi | |
| echo "Release Version: $VERSION" | |
| release: | |
| needs: [fetch-version] | |
| if: ${{ github.event.workflow_run.conclusion == 'success' && needs.fetch-version.outputs.is_release == 'true' }} | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| actions: read | |
| env: | |
| RELEASE_VERSION: ${{ needs.fetch-version.outputs.release_version }} | |
| steps: | |
| - name: π¦ Checkout code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: π³ Setup Node.js | |
| uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 | |
| with: | |
| node-version: "24.11.0" | |
| - name: β¬οΈ Download build artifact | |
| uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 | |
| with: | |
| workflow: ci.yaml | |
| name: blog-${{ github.event.workflow_run.head_sha }} | |
| path: dist | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| run_id: ${{ github.event.workflow_run.id }} | |
| - name: π Add licenses | |
| run: | | |
| cp LICENSE-MIT dist/LICENSE-MIT | |
| cp LICENSE-CC-BY-NC dist/LICENSE-CC-BY-NC | |
| - name: π¦ Create archive | |
| run: | | |
| tar -czvf blog-${{ env.RELEASE_VERSION }}.tar.gz -C dist . | |
| shasum -a 512 blog-${{ env.RELEASE_VERSION }}.tar.gz > blog-${{ env.RELEASE_VERSION }}.tar.gz.sha512 | |
| - name: π Attest release provenance | |
| uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3 | |
| with: | |
| subject-path: "${{ github.workspace }}/blog-${{ env.RELEASE_VERSION }}.tar.gz" | |
| - name: π Create Git Tag | |
| run: | | |
| git config user.name "radagastbot[bot]" | |
| git config user.email "radagastbot[bot]@users.noreply.github.com" | |
| git tag "v${{ env.RELEASE_VERSION }}" | |
| git push origin "v${{ env.RELEASE_VERSION }}" | |
| - name: π Generate changelog | |
| uses: orhun/git-cliff-action@d77b37db2e3f7398432d34b72a12aa3e2ba87e51 # v4 | |
| with: | |
| config: cliff.toml | |
| args: -vv --latest --strip header | |
| env: | |
| OUTPUT: CHANGELOG.md | |
| GITHUB_REPO: ${{ github.repository }} | |
| - name: π Create GitHub Release | |
| uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # v2 | |
| with: | |
| files: | | |
| blog-${{ env.RELEASE_VERSION }}.tar.gz | |
| blog-${{ env.RELEASE_VERSION }}.tar.gz.sha512 | |
| tag_name: v${{ env.RELEASE_VERSION }} | |
| name: Release v${{ env.RELEASE_VERSION }} | |
| body_path: CHANGELOG.md | |
| draft: false | |
| prerelease: true | |
| - name: π’ Generate next package Version | |
| run: | | |
| MAJOR=$(echo ${{ env.RELEASE_VERSION }} | cut -d. -f1) | |
| MINOR=$(echo ${{ env.RELEASE_VERSION }} | cut -d. -f2) | |
| PATCH=$(echo ${{ env.RELEASE_VERSION }} | cut -d. -f3) | |
| PATCH=$((PATCH + 1)) | |
| NEXT_PACKAGE_VERSION="$MAJOR.$MINOR.$PATCH-SNAPSHOT" | |
| echo "Next Version will be: ${NEXT_PACKAGE_VERSION}" | |
| echo "NEXT_PACKAGE_VERSION=${NEXT_PACKAGE_VERSION}" >> $GITHUB_ENV | |
| - name: β¬οΈ Increment package version | |
| run: npm version ${{ env.NEXT_PACKAGE_VERSION }} --no-git-tag-version | |
| - name: π€ Push new package version to repo | |
| run: | | |
| git config user.name "radagastbot[bot]" | |
| git config user.email "radagastbot[bot]@users.noreply.github.com" | |
| git add package.json package-lock.json | |
| git commit -m "chore(release): set next SNAPSHOT version" | |
| git push |