vscode-material-icon-theme/.github/workflows/release.yml at 5850e40ded16e3dd893c4e4a41051312bf03a770 · material-extensions/vscode-material-icon-theme · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
name: 🚀 Release + Publish

on: [workflow_dispatch]

permissions:
  id-token: write
  contents: write
  attestations: write

jobs:
  release:
    runs-on: ubuntu-latest

    steps:
      - name: ✅ Use App Token for the Bot which is allowed to create releases
        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
        id: app-token
        with:
          app-id: ${{ vars.BOT_APP_ID }}
          private-key: ${{ secrets.BOT_PRIVATE_KEY }}

      - name: 📥 Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          # Required for fetching tags and generating release notes
          fetch-depth: 0
          token: ${{ steps.app-token.outputs.token }}

      - name: 🔧 Setup Bun
        uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2
        with:
          bun-version-file: ".bun-version"

      - name: 📦 Install dependencies
        run: |
          bun install --frozen-lockfile

      - name: 🔧 Configure Git
        run: |
          git config user.name 'github-actions[bot]'
          git config user.email 'github-actions[bot]@users.noreply.github.com'
          git config --global push.followTags true

      - name: 🚀 Prepare release
        run: bun run preversion

      - name: 📜 Generate changelog and release notes
        env:
          # Don't run husky on `git commit`
          HUSKY: 0
        run: |
          bunx changelogen --hideAuthorEmail --release --push
          bunx changelogen github release --token ${{ secrets.GITHUB_TOKEN }}

      - name: 📝 Get metadata
        run: |
          VERSION=$(jq -r '.version' package.json)
          NAME=$(jq -r '.name' package.json)

          EXTENSION_FILE="${NAME}-${VERSION}.vsix"

          echo "VERSION=$VERSION"                  >> $GITHUB_ENV
          echo "EXTENSION_FILE=$EXTENSION_FILE"    >> $GITHUB_ENV

      - name: 🛠️ Build extension
        run: bunx @vscode/vsce package

      - name: 🔒 Attest artifacts
        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
        # Read: https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds
        with:
          subject-path: ${{ env.EXTENSION_FILE }}

      - name: 🌐 Publish to Open VSX Registry
        uses: HaaLeo/publish-vscode-extension@ca5561daa085dee804bf9f37fe0165785a9b14db # v2.0.0
        with:
          pat: ${{ secrets.OPEN_VSX_TOKEN }}
          extensionFile: ${{ env.EXTENSION_FILE }}

      - name: 🌐 Publish to Visual Studio Marketplace
        uses: HaaLeo/publish-vscode-extension@ca5561daa085dee804bf9f37fe0165785a9b14db # v2.0.0
        with:
          pat: ${{ secrets.VS_MARKETPLACE_TOKEN }}
          registryUrl: https://marketplace.visualstudio.com
          extensionFile: ${{ env.EXTENSION_FILE }}

      - name: 📦 Publish to NPM Registry
        run: |
          npm set "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}"
          npm publish --provenance --access public

      - name: ⬆️ Upload VSIX to GitHub release
        run: |
          gh release upload v$VERSION $EXTENSION_FILE
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}