Release #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| permissions: | |
| contents: write | |
| id-token: write | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version_bump: | |
| required: false | |
| description: '[Optional] Override semantic versioning with explict version (allowed values: "patch", "minor", "major", or explicit version)' | |
| default: '' | |
| dist_tag: | |
| description: 'NPM distribution tag' | |
| required: false | |
| default: 'latest' | |
| branch: | |
| description: 'The branch to release from' | |
| required: false | |
| default: 'master' | |
| env: | |
| NODE_OPTIONS: "--max-old-space-size=4096" | |
| NPM_CONFIG_UNSAFE_PERM: true | |
| jobs: | |
| pre-release-ci: | |
| uses: ./.github/workflows/shared-ci.yml | |
| # Once all tests have passed, run semantic versioning | |
| version: | |
| runs-on: ubuntu-latest | |
| needs: [pre-release-ci] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - name: Setup Node.js 16 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '16' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci --unsafe-perm | |
| - name: Configure AWS Credentials for Release | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: arn:aws:iam::587316601012:role/GitHub-CI-CI-Bot-Credential-Access-Role-us-west-2 | |
| role-session-name: CI_Bot_Release | |
| # Use AWS Secrets Manager GHA to retrieve CI Bot Creds | |
| - name: Get CI Bot Creds Secret | |
| uses: aws-actions/aws-secretsmanager-get-secrets@v2 | |
| with: | |
| secret-ids: Github/aws-crypto-tools-ci-bot | |
| parse-json-secrets: true | |
| # Log in as the CI Bot | |
| - name: Log in as CI Bot | |
| run: | | |
| echo ${{ env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_ESDK_RELEASE_TOKEN }} > token.txt | |
| gh auth login --with-token < token.txt | |
| rm token.txt | |
| gh auth status | |
| gh auth setup-git | |
| - name: Configure git | |
| env: | |
| BRANCH: ${{ github.event.inputs.branch }} | |
| VERSION_BUMP: ${{ github.event.inputs.version_bump }} | |
| run: | | |
| git config --global user.name "aws-crypto-tools-ci-bot" | |
| git config --global user.email "no-reply@noemail.local" | |
| git checkout $BRANCH | |
| - name: Verify git auth identity | |
| run: | | |
| echo "=== gh auth status ===" | |
| gh auth status | |
| echo "" | |
| echo "=== Git credential helper config ===" | |
| git config --global --get-regexp credential | |
| echo "" | |
| echo "=== Git remote URL ===" | |
| git remote -v | |
| echo "" | |
| echo "=== Authenticated GitHub user ===" | |
| gh api user --jq '.login' | |
| - name: Version packages (dry run - no push) | |
| run: | | |
| # Generate new version and CHANGELOG entry and push it | |
| npx lerna version --conventional-commits --git-remote origin --yes ${VERSION_BUMP:+$VERSION_BUMP --force-publish} | |
| # Log the commit for posterity | |
| git log -n 1 | |
| publish: | |
| runs-on: ubuntu-latest | |
| needs: [pre-release-ci, version] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| registry-url: 'https://registry.npmjs.org' | |
| # Ensure npm 11.5.1 or later is installed | |
| - name: Update npm | |
| run: npm install -g npm@latest | |
| - run: npm ci --unsafe-perm | |
| - run: npm run build --if-present | |
| - run: npx lerna publish from-package --yes --dist-tag ${{ github.event.inputs.dist_tag }} | |
| # Once publishing is complete, validate that the published packages are useable | |
| validate: | |
| uses: ./.github/workflows/shared-ci.yml | |
| needs: [publish] | |
| with: | |
| test-published-packages: true |