mirror of
https://github.com/arx-research/libhalo.git
synced 2026-01-09 13:18:04 -05:00
164 lines
5.9 KiB
YAML
164 lines
5.9 KiB
YAML
name: Release libhalo.js
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'libhalo-v*'
|
|
|
|
jobs:
|
|
create_release:
|
|
name: Create libhalo release
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: Prepare version number
|
|
id: parse_version
|
|
run: |
|
|
( echo -n "version=" && ( echo "$GITHUB_REF" | cut -f2 -d- | tr -d '\n' ) ) >> "$GITHUB_OUTPUT"
|
|
- name: Draft release
|
|
id: create_release
|
|
uses: softprops/action-gh-release@v2
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
tag_name: ${{ github.ref }}
|
|
name: LibHaLo ${{ steps.parse_version.outputs.version }}
|
|
draft: true
|
|
prerelease: false
|
|
body: |
|
|
Standalone JavaScript library for usage with classic HTML applications.
|
|
|
|
Release contents:
|
|
* `libhalo.js` - standalone JavaScript library for inclusion in classic HTML applications;
|
|
* `libhalo.js.LICENSE` - license information;
|
|
|
|
**Note:** The files `*-keyless.sig` and `*-keyless.pem` constitute a part of [build audit trail](https://github.com/arx-research/libhalo/blob/master/docs/build-audit-trail.md).
|
|
- name: Store release upload URL
|
|
run: |
|
|
echo -n "${{ steps.create_release.outputs.upload_url }}" > release-upload-url.txt
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: release-upload-url
|
|
path: release-upload-url.txt
|
|
|
|
build_js_lib:
|
|
name: Build libhalo and release
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
contents: write
|
|
id-token: write
|
|
needs: create_release
|
|
steps:
|
|
- name: Checkout the repository
|
|
uses: actions/checkout@v4
|
|
- name: Install Node.JS
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
- name: Install dependencies (root)
|
|
run: |
|
|
cd core
|
|
yarn install --frozen-lockfile --production=false
|
|
- name: Run webpack
|
|
run: |
|
|
cd core
|
|
webpack
|
|
- name: Download release upload URL
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: release-upload-url
|
|
- name: Store release upload URL output
|
|
id: out_store
|
|
run: |
|
|
echo "release_upload_url=$(cat release-upload-url.txt)" >> "$GITHUB_OUTPUT"
|
|
- name: Install cosign
|
|
uses: sigstore/cosign-installer@v3.5.0
|
|
- name: Sign libhalo.js with cosign
|
|
run: |
|
|
cd ./core/dist
|
|
echo y | cosign sign-blob ./libhalo.js --output-certificate ./libhalo.js-keyless.pem --output-signature ./libhalo.js-keyless.sig
|
|
cosign verify-blob --cert ./libhalo.js-keyless.pem --signature ./libhalo.js-keyless.sig --certificate-identity "https://github.com/arx-research/libhalo/.github/workflows/prod_build_lib.yml@${GITHUB_REF}" --certificate-oidc-issuer https://token.actions.githubusercontent.com ./libhalo.js
|
|
- name: Upload release asset (JS bundle)
|
|
id: upload-release-asset
|
|
uses: actions/upload-release-asset@v1
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
upload_url: ${{ steps.out_store.outputs.release_upload_url }}
|
|
asset_path: ./core/dist/libhalo.js
|
|
asset_name: libhalo.js
|
|
asset_content_type: text/javascript
|
|
- name: Upload release asset (LICENSE file)
|
|
id: upload-release-asset-license
|
|
uses: actions/upload-release-asset@v1
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
upload_url: ${{ steps.out_store.outputs.release_upload_url }}
|
|
asset_path: ./core/dist/libhalo.js.LICENSE.txt
|
|
asset_name: libhalo.js.LICENSE.txt
|
|
asset_content_type: text/plain
|
|
- name: Upload release asset (cosign pem)
|
|
id: upload-release-asset-cosign-pem
|
|
uses: actions/upload-release-asset@v1
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
upload_url: ${{ steps.out_store.outputs.release_upload_url }}
|
|
asset_path: ./core/dist/libhalo.js-keyless.pem
|
|
asset_name: libhalo.js-keyless.pem
|
|
asset_content_type: application/octet-stream
|
|
- name: Upload release asset (cosign sig)
|
|
id: upload-release-asset-cosign-sig
|
|
uses: actions/upload-release-asset@v1
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
upload_url: ${{ steps.out_store.outputs.release_upload_url }}
|
|
asset_path: ./core/dist/libhalo.js-keyless.sig
|
|
asset_name: libhalo.js-keyless.sig
|
|
asset_content_type: application/octet-stream
|
|
|
|
publish_npm:
|
|
name: Publish libhalo package
|
|
environment: prod-npm
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
contents: write
|
|
packages: write
|
|
id-token: write
|
|
needs: create_release
|
|
steps:
|
|
- name: Download release upload URL
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: release-upload-url
|
|
- name: Store release upload URL output
|
|
id: out_store
|
|
run: |
|
|
echo "release_upload_url=$(cat release-upload-url.txt)" >> "$GITHUB_OUTPUT"
|
|
- name: Checkout the repository
|
|
uses: actions/checkout@v4
|
|
- name: Setup Node.JS
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
registry-url: 'https://registry.npmjs.org'
|
|
- name: Run npm ci
|
|
run: |
|
|
cd core
|
|
yarn install --frozen-lockfile --production=false
|
|
./node_modules/.bin/tsc
|
|
- name: Publish package to npmjs
|
|
run: yarn publish
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.RELEASE_NPM_TOKEN }}
|
|
- name: Re-setup Node.JS with GitHub pkg
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
registry-url: https://npm.pkg.github.com/
|
|
- name: Publish package to GitHub
|
|
run: yarn publish
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|