Skip to content
release

chore(ci): bump actions in GH release workflow to latest versions (#827) #689

Sign in to view logs

chore(ci): bump actions in GH release workflow to latest versions (#827)

chore(ci): bump actions in GH release workflow to latest versions (#827) #689

Workflow file for this run

.github/workflows/release.yml at d0bcc2d
name: release
on:
push:
branches:
- mainline
workflow_dispatch: {}
env:
NX_BRANCH: mainline
NX_RUN_GROUP: ${{ github.run_id }}
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
latest_commit: ${{ steps.git_remote.outputs.latest_commit }}
skip_release: ${{ steps.should_skip_release.outputs.skip_release }}
env:
CI: "true"
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Derive appropriate SHAs for base and head for `nx affected` commands
uses: nrwl/nx-set-shas@v2
with:
main-branch-name: "mainline"
- name: Set git identity
run: |-
git config user.name "github-actions"
git config user.email "github-actions@github.com"
- name: PDK Init
uses: ./.github/actions/pdk-init
- name: Build
run: NX_CLOUD_NO_TIMEOUTS=true pnpm build
- name: Release
run: pnpm run-many --target=release:mainline --all --parallel=4 --output-style stream --nx-bail
- name: Check for mutations
run: git diff --ignore-space-at-eol --exit-code
- name: Check for new commits
id: git_remote
run: echo "latest_commit=$(git ls-remote origin -h ${{ github.ref }} | cut -f1)" >> $GITHUB_OUTPUT
- name: Should skip release
id: should_skip_release
run: echo "skip_release=$(git log --oneline -1 | grep -qE 'build\(?.*\)?:|docs\(?.*\)?:|chore\(?.*\)?:|refactor\(?.*\)?:|test\(?.*\)?:' && echo true || echo false)" >> $GITHUB_OUTPUT
- name: Extract Dists
run: rsync -a . ./dist --include="*/" --include="/docs/dist/**" --include="/packages/pdk/dist/**" --exclude="*" --prune-empty-dirs
- name: Upload artifact
if: ${{ steps.git_remote.outputs.latest_commit == github.sha }}
uses: actions/upload-artifact@v4.4.0
with:
name: build-artifact
path: dist
release_github:
name: Publish to GitHub Releases
needs: release
runs-on: ubuntu-latest
permissions:
contents: write
if: needs.release.outputs.latest_commit == github.sha
steps:
- uses: actions/setup-node@v4
with:
node-version: 14.x
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Release
if: needs.release.outputs.skip_release != 'true'
run: errout=$(mktemp); gh release create $(cat dist/releasetag.txt) -R $GITHUB_REPOSITORY -F dist/changelog.md -t $(cat dist/releasetag.txt) --target $GITHUB_REF 2> $errout && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" $errout; then cat $errout; exit $exitcode; fi
working-directory: dist/packages/pdk
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REPOSITORY: ${{ github.repository }}
GITHUB_REF: ${{ github.ref }}
release_npm:
name: Publish to npm
needs: release
runs-on: ubuntu-latest
permissions:
id-token: write
issues: write
contents: read
if: needs.release.outputs.latest_commit == github.sha && needs.release.outputs.skip_release != 'true'
steps:
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version: 18
- name: Install pnpm
run: npm install -g pnpm
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Release
working-directory: dist/packages/pdk
run: pnpm --package publib@latest dlx publib-npm
env:
NPM_CONFIG_PROVENANCE: "true"
NPM_DIST_TAG: latest
NPM_REGISTRY: registry.npmjs.org
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Extract Version
id: extract-version
working-directory: dist/packages/pdk
if: ${{ failure() }}
run: echo "VERSION=$(cat dist/releasetag.txt)" >> $GITHUB_OUTPUT
- name: Create Issue
if: ${{ failure() }}
uses: imjohnbo/issue-bot@v3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
labels: failed-release
title: Publishing v${{ steps.extract-version.outputs.VERSION }} to npm failed
body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
release_maven:
name: Publish to Maven Central
needs: release
runs-on: ubuntu-latest
permissions:
issues: write
contents: read
if: needs.release.outputs.latest_commit == github.sha && needs.release.outputs.skip_release != 'true'
steps:
- uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 11.x
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version: 18
- name: Install pnpm
run: npm install -g pnpm
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Release
working-directory: dist/packages/pdk
run: pnpm --package publib@latest dlx publib-maven
env:
MAVEN_ENDPOINT: https://aws.oss.sonatype.org
MAVEN_GPG_PRIVATE_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
MAVEN_GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.MAVEN_GPG_PRIVATE_KEY_PASSPHRASE }}
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_STAGING_PROFILE_ID: ${{ secrets.MAVEN_STAGING_PROFILE_ID }}
- name: Extract Version
id: extract-version
working-directory: dist/packages/pdk
if: ${{ failure() }}
run: echo "VERSION=$(cat dist/releasetag.txt)" >> $GITHUB_OUTPUT
- name: Create Issue
if: ${{ failure() }}
uses: imjohnbo/issue-bot@v3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
labels: failed-release
title: Publishing v${{ steps.extract-version.outputs.VERSION }} to maven failed
body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
release_pypi:
name: Publish to PyPI
needs: release
runs-on: ubuntu-latest
permissions:
contents: read
issues: write
if: needs.release.outputs.latest_commit == github.sha && needs.release.outputs.skip_release != 'true'
steps:
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version: 18
- name: Install pnpm
run: npm install -g pnpm
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Release
working-directory: dist/packages/pdk
run: pnpm --package publib@latest dlx publib-pypi
env:
TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
- name: Extract Version
id: extract-version
working-directory: dist/packages/pdk
if: ${{ failure() }}
run: echo "VERSION=$(cat dist/releasetag.txt)" >> $GITHUB_OUTPUT
- name: Create Issue
if: ${{ failure() }}
uses: imjohnbo/issue-bot@v3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
labels: failed-release
title: Publishing v${{ steps.extract-version.outputs.VERSION }} to pypi failed
body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
release_docs:
needs: [release, release_github]
runs-on: ubuntu-latest
permissions:
contents: write
if: needs.release.outputs.latest_commit == github.sha
steps:
- name: Check out
uses: actions/checkout@v4
with:
ref: gh-pages
fetch-depth: 0
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Configure Git
run: |-
git config user.name "AWS PDK Automation"
git config user.email "aws-pdk+automation@amazon.com"
- name: Upload docs to Github
if: needs.release.outputs.skip_release != 'true'
run: zip -r docs.zip dist/docs/dist/docs/* && gh release upload $(cat dist/packages/pdk/dist/releasetag.txt) -R $GITHUB_REPOSITORY docs.zip && rm docs.zip
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REPOSITORY: ${{ github.repository }}
- name: Prepare Commit
run: |-
mv dist/docs/dist ${{ runner.temp }}/dist
rsync --delete --exclude=.git --recursive ${{ runner.temp }}/dist/docs/ .
touch .nojekyll
git add .
git diff --cached --exit-code >/dev/null || (git commit -am 'docs: publish from ${{ github.sha }}')
- name: Push
run: git push origin gh-pages:gh-pages