sonar-scanner-npm/.github/workflows/release.yml at f82ba38caecd9f1ba537b10052f98a42ebbbfbe9 · SonarSource/sonar-scanner-npm · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
on:
  release:
    types:
      - published

jobs:
  publish:
    permissions:
      contents: read
      id-token: write # required for SonarSource/vault-action-wrapper
    runs-on: github-ubuntu-latest-s
    env:
      RELEASE_TAG: ${{ github.event.release.tag_name }}
      RELEASE_NAME: ${{ github.event.release.name }}
      BUILD_NAME: 'sonar-scanner-npm'
      ARTIFACTORY_REPOSITORY_NAME: 'sonarsource-npm-public-releases'
    steps:
      - name: Fetch the secrets
        id: secrets
        uses: SonarSource/vault-action-wrapper@v3
        with:
          secrets:
            development/artifactory/token/SonarSource-sonar-scanner-npm-promoter access_token  | promoter_access_token;
            development/kv/data/npmjs sonartech_npm_token  | npm_token;

      - uses: actions/checkout@v6
      - uses: actions/setup-node@v6
        with:
          node-version: 24

      - name: Setup the registries
        run: |
          npm config set //registry.npmjs.org/:_authToken=${{ fromJSON(steps.secrets.outputs.vault).npm_token }}
          npm config set //repox.jfrog.io/artifactory/api/npm/:_authToken=${{ fromJSON(steps.secrets.outputs.vault).promoter_access_token }}

      - name: Build the package
        run: |
          npm ci
          VERSION=${RELEASE_TAG} npm run build
          cp LICENSE build
          cp README.md build

      - name: Validate build output
        run: |
          if [ ! -d "build/bin" ] || [ ! -d "build/src" ]; then
            echo "ERROR: build/bin or build/src folder is missing!"
            echo "Build output contents:"
            ls -la build/
            exit 1
          fi
          echo "Build validation passed: bin and src folders present"

      - name: Install JFrog CLI
        uses: SonarSource/jfrog-setup-wrapper@v3

      - name: Publish the package to Artifactory
        run: |
          jfrog config add repox --url https://repox.jfrog.io --access-token ${{ fromJSON(steps.secrets.outputs.vault).promoter_access_token }}
          jfrog config use repox
          jfrog npm-config --repo-resolve npm --repo-deploy $ARTIFACTORY_REPOSITORY_NAME
          cd build
          jfrog npm publish --build-name $BUILD_NAME --build-number $RELEASE_TAG
          jfrog rt build-add-git $BUILD_NAME $RELEASE_TAG
          jfrog rt build-publish $BUILD_NAME $RELEASE_TAG
          jfrog rt build-promote --status released $BUILD_NAME $RELEASE_TAG $ARTIFACTORY_REPOSITORY_NAME

      - name: Publish the package to npm
        run: |
          cd build
          [ ${{ github.event.release.prerelease }} == true ] && TAG="next" || TAG="latest"
          npm publish --tag=$TAG --access=public
          echo $(jq '.name = "sonarqube-scanner"' package.json) > package.json
          npm publish --tag=$TAG --access=public