release #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
on: | |
workflow_dispatch: {} | |
jobs: | |
release: | |
runs-on: aws-powertools_ubuntu-latest_8-core | |
permissions: | |
contents: write | |
outputs: | |
latest_commit: ${{ steps.git_remote.outputs.latest_commit }} | |
env: | |
CI: "true" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Add repository to git safe directories | |
run: git config --global --add safe.directory $GITHUB_WORKSPACE | |
- name: Set git identity | |
run: |- | |
git config user.name "github-actions" | |
git config user.email "[email protected]" | |
- name: give user docker permission so we can run tests | |
run: sudo chown $(whoami) /var/run/docker.sock | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.0.0 | |
with: | |
platforms: arm64 | |
# NOTE: we need QEMU to build Layer against a different architecture (e.g., ARM) | |
- name: Set up Docker Buildx | |
id: builder | |
uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # v2.4.1 | |
with: | |
install: true | |
driver: docker | |
platforms: linux/amd64,linux/arm64 | |
- name: Install dependencies | |
run: yarn install --check-files --frozen-lockfile | |
- name: release | |
run: npx projen release | |
- name: Check for new commits | |
id: git_remote | |
run: echo ::set-output name=latest_commit::"$(git ls-remote origin -h ${{ | |
github.ref }} | cut -f1)" | |
- name: Upload artifact | |
if: ${{ steps.git_remote.outputs.latest_commit == github.sha }} | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
with: | |
name: build-artifact | |
path: dist | |
container: | |
image: jsii/superchain:1-buster-slim-node16 | |
options: --user root | |
release_github: | |
name: Publish to GitHub Releases | |
needs: release | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
if: needs.release.outputs.latest_commit == github.sha | |
steps: | |
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
node-version: 20 | |
- name: Download build artifacts | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
with: | |
name: build-artifact | |
path: dist | |
- name: Prepare Repository | |
run: mv dist .repo | |
- name: Collect GitHub Metadata | |
run: mv .repo/dist dist | |
- name: Release | |
run: errout=$(mktemp); gh release create $(cat dist/releasetag.txt) -R | |
$GITHUB_REPOSITORY -F dist/changelog.md -t $(cat dist/releasetag.txt) | |
--target $GITHUB_REF 2> $errout && true; exitcode=$?; if [ $exitcode | |
-ne 0 ] && ! grep -q "Release.tag_name already exists" $errout; then | |
cat $errout; exit $exitcode; fi | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_REPOSITORY: ${{ github.repository }} | |
GITHUB_REF: ${{ github.ref }} | |
release_npm: | |
name: Publish to npm | |
needs: release | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
if: needs.release.outputs.latest_commit == github.sha | |
steps: | |
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
node-version: 20 | |
- name: Download build artifacts | |
uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 | |
with: | |
name: build-artifact | |
path: dist | |
- name: Prepare Repository | |
run: mv dist .repo | |
- name: Install Dependencies | |
run: cd .repo && yarn install --check-files --frozen-lockfile | |
- name: Create js artifact | |
run: cd .repo && npx projen package:js | |
- name: Collect js Artifact | |
run: mv .repo/dist dist | |
- name: Release | |
run: npx -p jsii-release@latest jsii-release-npm | |
env: | |
NPM_DIST_TAG: latest | |
NPM_REGISTRY: registry.npmjs.org | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
release_pypi: | |
name: Publish to PyPI | |
needs: release | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
if: needs.release.outputs.latest_commit == github.sha | |
steps: | |
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
node-version: 20 | |
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 | |
with: | |
python-version: 3.12 | |
- name: Download build artifacts | |
uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 | |
with: | |
name: build-artifact | |
path: dist | |
- name: Prepare Repository | |
run: mv dist .repo | |
- name: Install Dependencies | |
run: cd .repo && yarn install --check-files --frozen-lockfile | |
- name: Create python artifact | |
run: cd .repo && npx projen package:python | |
- name: Collect python Artifact | |
run: mv .repo/dist dist | |
- name: Release | |
run: npx -p jsii-release@latest jsii-release-pypi | |
env: | |
TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} | |
TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} |