rspack-resolver/.github/workflows/release-npm.yml at ed71f41f5d7024c8281d81fdf6a1f5fb068947ab · rstackjs/rspack-resolver · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: Release Full

on:
  workflow_dispatch:
    inputs:
      commit:
        required: true
        type: string
        description: "Full Commit SHA to release"
      tag:
        type: choice
        description: "Release Npm Tag"
        required: false
        default: "latest"
        options:
          - canary
          - nightly
          - latest
          - beta
          - alpha
      test:
        type: boolean
        description: "Run tests before release"
        required: false
        default: false
      dry_run:
        type: boolean
        description: "DryRun release"
        required: false
        default: false
      push_tags:
        type: boolean
        description: "push tags to github"
        required: false
        default: true

permissions:
  # To publish packages with provenance
  id-token: write
  # Allow commenting on issues for `reusable-build.yml`
  issues: write

jobs:
  build:
    strategy:
      fail-fast: false # Build and test everything so we can look at all the errors
      matrix:
        array:
          - target: x86_64-unknown-linux-gnu
            runner: "ubuntu-22.04"
          - target: aarch64-unknown-linux-gnu
            runner: "ubuntu-22.04"
          - target: x86_64-unknown-linux-musl
            runner: "ubuntu-22.04"
          - target: aarch64-unknown-linux-musl
            runner: "ubuntu-22.04"
          - target: i686-pc-windows-msvc
            runner: "windows-latest"
          - target: x86_64-pc-windows-msvc
            runner: "windows-latest"
          - target: aarch64-pc-windows-msvc
            runner: "windows-latest"
          - target: x86_64-apple-darwin
            runner: "macos-latest"
          - target: aarch64-apple-darwin
            runner: "macos-latest"

    uses: ./.github/workflows/reusable-build.yml
    with:
      target: ${{ matrix.array.target }}
      runner: ${{ matrix.array.runner }}
      test: false
      profile: "release"
      ref: ${{ inputs.commit }}

  release:
    name: Release
    environment: npm
    permissions:
      contents: write
      # To publish packages with provenance
      id-token: write
    runs-on: ubuntu-latest
    needs: build
    #    if: ${{ github.event_name == 'workflow_dispatch' }}
    steps:
      - name: Checkout Repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          # This makes Actions fetch only one branch to release
          fetch-depth: 1
          ref: ${{ inputs.commit }}

      - name: Pnpm Setup
        uses: ./.github/actions/pnpm

      - name: Download artifacts
        uses: actions/download-artifact@v4.1.7
        with:
          path: artifacts

      - name: ls
        run: ls -R artifacts

      - name: Move artifacts
        run: |
          pnpm napi create-npm-dirs --package-json-path npm/package.json --npm-dir bindings
          pnpm napi artifacts       --package-json-path npm/package.json --npm-dir bindings --build-output-dir napi

      - name: Show binding packages
        run: ls -R bindings

      - name: Obtain OIDC token
        id: oidc
        run: |
          token=$(curl --fail -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
            "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=cfa.rspack.dev" | jq -r '.value')
          echo "::add-mask::${token}"
          echo "token=${token}" >> $GITHUB_OUTPUT
        shell: bash

      - name: Obtain GitHub credentials
        id: github_creds
        run: |
          token=$(curl --fail "https://cfa.rspack.dev/api/request/${{ secrets.CFA_PROJECT_ID }}/github/credentials" \
            -X POST \
            -H "Content-Type: application/json" \
            -H "Authorization: bearer ${{ secrets.CFA_SECRET }}" \
            --data "{\"token\":\"${{ steps.oidc.outputs.token }}\"}" | jq -r '.GITHUB_TOKEN')
          echo "::add-mask::${token}"
          echo "token=${token}" >> $GITHUB_OUTPUT
        shell: bash

      - name: Update npm
        run: npm install -g npm@latest

      - name: Release Full
        run: |
          git status
          cp napi/{index,browser}.js  npm
          cp napi/index.d.ts          npm
          pnpm node scripts/x.mjs prepublish
          pnpm node scripts/x.mjs    publish --tag ${{inputs.tag}} ${{inputs.dry_run && '--dry-run' || '--no-dry-run'}} ${{inputs.push_tags && '--push-tags' || '--no-push-tags'}}
        env:
          REPOSITORY: ${{ github.repository }}
          REF: ${{ github.ref }}
          ONLY_RELEASE_TAG: true