release #1269
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: {} | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| cancel-in-progress: false | |
| jobs: | |
| build_publish: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| env: | |
| CI: 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set git identity | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| - name: Install mise | |
| uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3 | |
| with: | |
| experimental: true | |
| - name: Build / prepare dist | |
| run: mise run build | |
| - name: Backup artifact permissions | |
| run: cd dist && getfacl -R . > permissions-backup.acl | |
| continue-on-error: true | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: build-artifact | |
| path: dist | |
| overwrite: true | |
| publish_npm: | |
| name: Publish to npm | |
| runs-on: ubuntu-latest | |
| needs: build_publish | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 | |
| with: | |
| name: build-artifact | |
| path: dist | |
| - name: Restore build artifact permissions | |
| run: cd dist && setfacl --restore=permissions-backup.acl | |
| continue-on-error: true | |
| - name: Setup Node.js | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 | |
| with: | |
| node-version: '24.x' | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Release | |
| env: | |
| NPM_DIST_TAG: latest | |
| NPM_REGISTRY: registry.npmjs.org | |
| NPM_CONFIG_PROVENANCE: 'true' | |
| NPM_TRUSTED_PUBLISHER: 'true' | |
| run: npx -p publib@latest publib-npm | |
| publish_maven: | |
| name: Publish to Maven Central | |
| runs-on: ubuntu-latest | |
| needs: build_publish | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Install mise | |
| uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 | |
| with: | |
| name: build-artifact | |
| path: dist | |
| - name: Restore build artifact permissions | |
| run: cd dist && setfacl --restore=permissions-backup.acl | |
| continue-on-error: true | |
| - name: Publish | |
| env: | |
| MAVEN_SERVER_ID: github | |
| MAVEN_REPOSITORY_URL: https://maven.pkg.github.com/dbsystel/cdk-sops-secrets | |
| MAVEN_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
| MAVEN_USERNAME: ${{ github.actor }} | |
| run: npx -p publib@latest publib-maven | |
| publish_pypi: | |
| name: Publish to PyPI | |
| runs-on: ubuntu-latest | |
| needs: build_publish | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 | |
| with: | |
| name: build-artifact | |
| path: dist | |
| - name: Restore build artifact permissions | |
| run: cd dist && setfacl --restore=permissions-backup.acl | |
| continue-on-error: true | |
| - name: Setup Node.js | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 | |
| with: | |
| node-version: 'lts/*' | |
| - name: Setup Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 | |
| with: | |
| python-version: '3.14' | |
| - name: Release | |
| env: | |
| PYPI_TRUSTED_PUBLISHER: 'true' | |
| run: npx -p publib@latest publib-pypi | |
| publish_nuget: | |
| name: Publish to NuGet Gallery | |
| runs-on: ubuntu-latest | |
| needs: build_publish | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Install mise | |
| uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 | |
| with: | |
| name: build-artifact | |
| path: dist | |
| - name: Restore build artifact permissions | |
| run: cd dist && setfacl --restore=permissions-backup.acl | |
| continue-on-error: true | |
| - name: Publish | |
| env: | |
| NUGET_API_KEY: ${{ secrets.GITHUB_TOKEN }} | |
| NUGET_SERVER: https://nuget.pkg.github.com/dbsystel/index.json | |
| run: npx -p publib@latest publib-nuget |