Release Full #32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Full | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| commit: | |
| required: true | |
| type: string | |
| description: "Full Commit SHA to release" | |
| tag: | |
| type: choice | |
| description: "Release Npm Tag" | |
| required: false | |
| default: "latest" | |
| options: | |
| - canary | |
| - nightly | |
| - latest | |
| - beta | |
| - alpha | |
| test: | |
| type: boolean | |
| description: "Run tests before release" | |
| required: false | |
| default: false | |
| dry_run: | |
| type: boolean | |
| description: "DryRun release" | |
| required: false | |
| default: false | |
| push_tags: | |
| type: boolean | |
| description: "push tags to github" | |
| required: false | |
| default: true | |
| permissions: | |
| # To publish packages with provenance | |
| id-token: write | |
| # Allow commenting on issues for `reusable-build.yml` | |
| issues: write | |
| jobs: | |
| build: | |
| strategy: | |
| fail-fast: false # Build and test everything so we can look at all the errors | |
| matrix: | |
| array: | |
| - target: x86_64-unknown-linux-gnu | |
| runner: "ubuntu-22.04" | |
| - target: aarch64-unknown-linux-gnu | |
| runner: "ubuntu-22.04" | |
| - target: x86_64-unknown-linux-musl | |
| runner: "ubuntu-22.04" | |
| - target: aarch64-unknown-linux-musl | |
| runner: "ubuntu-22.04" | |
| - target: i686-pc-windows-msvc | |
| runner: "windows-latest" | |
| - target: x86_64-pc-windows-msvc | |
| runner: "windows-latest" | |
| - target: aarch64-pc-windows-msvc | |
| runner: "windows-latest" | |
| - target: x86_64-apple-darwin | |
| runner: "macos-latest" | |
| - target: aarch64-apple-darwin | |
| runner: "macos-latest" | |
| uses: ./.github/workflows/reusable-build.yml | |
| with: | |
| target: ${{ matrix.array.target }} | |
| runner: ${{ matrix.array.runner }} | |
| test: false | |
| profile: "release" | |
| ref: ${{ inputs.commit }} | |
| release: | |
| name: Release | |
| environment: npm | |
| permissions: | |
| contents: write | |
| # To publish packages with provenance | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| needs: build | |
| # if: ${{ github.event_name == 'workflow_dispatch' }} | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| # This makes Actions fetch only one branch to release | |
| fetch-depth: 1 | |
| ref: ${{ inputs.commit }} | |
| - name: Pnpm Setup | |
| uses: ./.github/actions/pnpm | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4.1.7 | |
| with: | |
| path: artifacts | |
| - name: ls | |
| run: ls -R artifacts | |
| - name: Move artifacts | |
| run: | | |
| pnpm napi create-npm-dirs --package-json-path npm/package.json --npm-dir bindings | |
| pnpm napi artifacts --package-json-path npm/package.json --npm-dir bindings --build-output-dir napi | |
| - name: Show binding packages | |
| run: ls -R bindings | |
| - name: Obtain OIDC token | |
| id: oidc | |
| run: | | |
| token=$(curl --fail -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \ | |
| "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=cfa.rspack.dev" | jq -r '.value') | |
| echo "::add-mask::${token}" | |
| echo "token=${token}" >> $GITHUB_OUTPUT | |
| shell: bash | |
| - name: Obtain GitHub credentials | |
| id: github_creds | |
| run: | | |
| token=$(curl --fail "https://cfa.rspack.dev/api/request/${{ secrets.CFA_PROJECT_ID }}/github/credentials" \ | |
| -X POST \ | |
| -H "Content-Type: application/json" \ | |
| -H "Authorization: bearer ${{ secrets.CFA_SECRET }}" \ | |
| --data "{\"token\":\"${{ steps.oidc.outputs.token }}\"}" | jq -r '.GITHUB_TOKEN') | |
| echo "::add-mask::${token}" | |
| echo "token=${token}" >> $GITHUB_OUTPUT | |
| shell: bash | |
| - name: Update npm | |
| run: npm install -g npm@latest | |
| - name: Release Full | |
| run: | | |
| git status | |
| cp napi/{index,browser}.js npm | |
| cp napi/index.d.ts npm | |
| pnpm node scripts/x.mjs prepublish | |
| pnpm node scripts/x.mjs publish --tag ${{inputs.tag}} ${{inputs.dry_run && '--dry-run' || '--no-dry-run'}} ${{inputs.push_tags && '--push-tags' || '--no-push-tags'}} | |
| env: | |
| REPOSITORY: ${{ github.repository }} | |
| REF: ${{ github.ref }} | |
| ONLY_RELEASE_TAG: true |