π Release + Publish #91
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: π Release + Publish | |
| on: [workflow_dispatch] | |
| permissions: | |
| id-token: write | |
| contents: write | |
| attestations: write | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: β Use App Token for the Bot which is allowed to create releases | |
| uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.BOT_APP_ID }} | |
| private-key: ${{ secrets.BOT_PRIVATE_KEY }} | |
| - name: π₯ Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| # Required for fetching tags and generating release notes | |
| fetch-depth: 0 | |
| token: ${{ steps.app-token.outputs.token }} | |
| - name: π§ Setup Bun | |
| uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2 | |
| with: | |
| bun-version-file: ".bun-version" | |
| - name: π¦ Install dependencies | |
| run: | | |
| bun install --frozen-lockfile | |
| - name: π§ Configure Git | |
| run: | | |
| git config user.name 'github-actions[bot]' | |
| git config user.email 'github-actions[bot]@users.noreply.github.com' | |
| git config --global push.followTags true | |
| - name: π Prepare release | |
| run: bun run preversion | |
| - name: π Generate changelog and release notes | |
| env: | |
| # Don't run husky on `git commit` | |
| HUSKY: 0 | |
| run: | | |
| bunx changelogen --hideAuthorEmail --release --push | |
| bunx changelogen github release --token ${{ secrets.GITHUB_TOKEN }} | |
| - name: π Get metadata | |
| run: | | |
| VERSION=$(jq -r '.version' package.json) | |
| NAME=$(jq -r '.name' package.json) | |
| EXTENSION_FILE="${NAME}-${VERSION}.vsix" | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| echo "EXTENSION_FILE=$EXTENSION_FILE" >> $GITHUB_ENV | |
| - name: π οΈ Build extension | |
| run: bunx @vscode/vsce package | |
| - name: π Attest artifacts | |
| uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0 | |
| # Read: https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds | |
| with: | |
| subject-path: ${{ env.EXTENSION_FILE }} | |
| - name: π Publish to Open VSX Registry | |
| uses: HaaLeo/publish-vscode-extension@ca5561daa085dee804bf9f37fe0165785a9b14db # v2.0.0 | |
| with: | |
| pat: ${{ secrets.OPEN_VSX_TOKEN }} | |
| extensionFile: ${{ env.EXTENSION_FILE }} | |
| - name: π Publish to Visual Studio Marketplace | |
| uses: HaaLeo/publish-vscode-extension@ca5561daa085dee804bf9f37fe0165785a9b14db # v2.0.0 | |
| with: | |
| pat: ${{ secrets.VS_MARKETPLACE_TOKEN }} | |
| registryUrl: https://marketplace.visualstudio.com | |
| extensionFile: ${{ env.EXTENSION_FILE }} | |
| - name: π¦ Publish to NPM Registry | |
| run: | | |
| npm set "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" | |
| npm publish --provenance --access public | |
| - name: β¬οΈ Upload VSIX to GitHub release | |
| run: | | |
| gh release upload v$VERSION $EXTENSION_FILE | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |