feat: Add additional login ids param to the patch (#709) #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| # Always publish to next tag on push to main | |
| publish-next: | |
| name: 📢 Publish Next | |
| permissions: | |
| contents: read | |
| id-token: write # Required for trusted publishing with provenance | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version-file: package.json | |
| registry-url: https://registry.npmjs.org/ | |
| - name: Get Short SHA | |
| run: echo "SHORT_SHA=`echo ${{ github.sha }} | cut -c1-8`" >> $GITHUB_ENV | |
| - name: Get Next Version | |
| run: | | |
| current_date=$(date +'%Y%m%d') | |
| echo "NEW_VERSION=0.0.0-next-${SHORT_SHA}-${current_date}" >> $GITHUB_ENV | |
| - name: Use Next Version | |
| run: | | |
| git config --global user.email "info@descope.com" | |
| git config --global user.name "Descope" | |
| yarn version --new-version ${NEW_VERSION} | |
| cat package.json | |
| - name: Install dependencies | |
| run: npm ci --ignore-scripts | |
| # `npm rebuild` will run all those post-install scripts for us. | |
| - run: npm rebuild && npm run prepare --if-present | |
| - name: Publish to NPM Package Registry | |
| run: npm publish --access=public --tag next --provenance | |
| # Run release-please to create releases and manage changelog | |
| release-please: | |
| name: 📦 Release Please | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| runs-on: ubuntu-latest | |
| outputs: | |
| release_created: ${{ steps.release.outputs.release_created }} | |
| tag_name: ${{ steps.release.outputs.tag_name }} | |
| steps: | |
| - name: Generate GitHub App Token | |
| id: app-token | |
| uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 | |
| with: | |
| app-id: ${{ secrets.RELEASE_APP_ID }} | |
| private-key: ${{ secrets.RELEASE_APP_PEM }} | |
| - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0 | |
| id: release | |
| with: | |
| token: ${{ steps.app-token.outputs.token }} | |
| # Node.js release type for package.json versioning | |
| release-type: node | |
| # Publish stable version (only when release is created) | |
| publish-release: | |
| name: 📦 Publish Release | |
| permissions: | |
| contents: read | |
| id-token: write # Required for trusted publishing with provenance | |
| runs-on: ubuntu-latest | |
| needs: release-please | |
| if: ${{ needs.release-please.outputs.release_created }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version-file: package.json | |
| registry-url: 'https://registry.npmjs.org/' | |
| # Skip post-install scripts here, as a malicious | |
| # script could steal NODE_AUTH_TOKEN. | |
| - name: Install dependencies | |
| run: npm ci --ignore-scripts | |
| # `npm rebuild` will run all those post-install scripts for us. | |
| - run: npm rebuild && npm run prepare --if-present | |
| - name: Publish to NPM Package Registry | |
| run: npm publish --access=public --provenance |