-
Notifications
You must be signed in to change notification settings - Fork 4
146 lines (129 loc) · 4.37 KB
/
nx-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: release
on:
push:
branches:
- 'main'
jobs:
release:
concurrency: release
runs-on: ubuntu-latest
environment: main
permissions:
# IMPORTANT: this permission is mandatory for trusted publishing
id-token: write
contents: read
issues: write
pull-requests: write
steps:
- name: Generate token from app token #https://github.com/tibdex/github-app-token
id: generate_token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.RELEASE_BOT_APP_ID }}
private_key: ${{ secrets.RELEASE_BOT_PKEY }}
- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ steps.generate_token.outputs.token }}
- name: configure git
run: |
git config user.name "${GITHUB_ACTOR}"
git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
# Setup cache, npm
- uses: actions/setup-node@v4
with:
node-version: 18
cache: 'npm'
registry-url: 'https://registry.npmjs.org'
scope: '@affinidi-tdk'
- name: Set up Python
uses: actions/setup-python@v3
with:
python-version: '3.x'
- name: install python tools
run: |
pip install twine
pip install poetry
- name: Mint pypi token
id: mint
uses: tschm/token-mint-action@v1.0.3
- name: Install gpg secret key for java Maven
run: |
echo "${{ secrets.MAVEN_GPG_SECRET_KEY }}" | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
- name: Set up JDK for deploy to Sonatype
uses: actions/setup-java@v4
with:
distribution: 'corretto'
java-version: 21
server-id: central
server-username: MAVEN_USERNAME
server-password: MAVEN_CENTRAL_TOKEN
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg-passphrase: MAVEN_GPG_SECRET_KEY_PASSWORD
- run: npm ci
# Generate tag/changelog with semantic release
# setting parallel higher than one might cause problems with locking git repo
- run: npx nx run-many -t semantic-release --parallel=false
name: semantic release
env:
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
MAVEN_GPG_SECRET_KEY_PASSWORD: ${{ secrets.MAVEN_GPG_SECRET_KEY_PASSWORD }}
publish:
concurrency: publish
runs-on: ubuntu-latest
environment: main
permissions:
# IMPORTANT: this permission is mandatory for trusted publishing
id-token: write
contents: read
needs: ['release']
steps:
- name: Generate token from app token #https://github.com/tibdex/github-app-token
id: generate_token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.RELEASE_BOT_APP_ID }}
private_key: ${{ secrets.RELEASE_BOT_PKEY }}
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.ref }}
- uses: actions/setup-node@v4
with:
node-version: 18
cache: 'npm'
registry-url: 'https://registry.npmjs.org'
scope: '@affinidi-tdk'
- run: npm ci
- name: Set up Python
uses: actions/setup-python@v3
with:
python-version: '3.x'
- name: install python tools
run: |
pip install twine
pip install poetry
- name: Mint pypi token
id: mint
uses: tschm/token-mint-action@v1.0.3
- name: build
run: |
npx nx run-many -t build --parallel=false
- name: package
run: |
npx nx run-many -t package
# Publish to npm,pypi with new nx release publish functionality
- run: |
npx nx release publish --verbose
name: publish
env:
TWINE_USERNAME: '__token__'
TWINE_PASSWORD: ${{ steps.mint.outputs.api-token }}
POETRY_PYPI_TOKEN_PYPI: ${{ steps.mint.outputs.api-token }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} #publib-npm expects this
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}