chore: plant the seeds for EdgeHog’s journey #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: [main] | |
| concurrency: | |
| group: release-${{ github.ref }} | |
| cancel-in-progress: false | |
| jobs: | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| environment: release | |
| permissions: | |
| contents: write # to commit changelogs / version bumps | |
| pull-requests: write # to open or update the Version PR | |
| id-token: write # for npm provenance (recommended) | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: { fetch-depth: 0 } # changesets needs tags/history to compute versions | |
| - uses: actions/setup-node@v6 | |
| with: { node-version: "lts/*" } | |
| - uses: oven-sh/setup-bun@v2 | |
| with: { bun-version: "latest" } | |
| - run: bun install --frozen-lockfile | |
| - run: bun run build | |
| - run: | | |
| npm config set //registry.npmjs.org/:_authToken=${NPM_TOKEN} | |
| echo "NPM_CONFIG_PROVENANCE=true" >> $GITHUB_ENV | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| env: | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: Import GPG key | |
| run: | | |
| mkdir -p ~/.gnupg | |
| chmod 700 ~/.gnupg | |
| echo "${{ secrets.GPG_PRIVATE_KEY }}" | base64 -d | gpg --batch --pinentry-mode loopback --import | |
| echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf | |
| echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf | |
| cat <<'EOF' > ~/.gnupg/gpg-loopback-wrapper.sh | |
| #!/usr/bin/env bash | |
| exec gpg --batch --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE" "$@" | |
| EOF | |
| chmod 700 ~/.gnupg/gpg-loopback-wrapper.sh | |
| git config user.signingkey ${{ secrets.GPG_KEY_ID }} | |
| git config commit.gpgsign true | |
| git config tag.gpgsign true | |
| git config gpg.program ~/.gnupg/gpg-loopback-wrapper.sh | |
| gpg-connect-agent reloadagent /bye || true | |
| env: | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| - uses: changesets/action@v1 | |
| with: | |
| publish: bun changeset publish | |
| version: bun changeset version | |
| commit: "chore: version and release packages" | |
| title: "chore: version and release packages" | |
| setupGitUser: false | |
| createGithubReleases: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} |