Bump version to 1.7.4 (#374) #127
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release libhalo.js | |
| on: | |
| push: | |
| tags: | |
| - 'libhalo-v*' | |
| jobs: | |
| create_release: | |
| name: Create libhalo release | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Prepare version number | |
| id: parse_version | |
| run: | | |
| ( echo -n "version=" && ( echo "$GITHUB_REF" | cut -f2 -d- | tr -d '\n' ) ) >> "$GITHUB_OUTPUT" | |
| - name: Draft release | |
| id: create_release | |
| uses: softprops/action-gh-release@v2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ github.ref }} | |
| name: LibHaLo ${{ steps.parse_version.outputs.version }} | |
| draft: true | |
| prerelease: false | |
| body: | | |
| Standalone JavaScript library for usage with classic HTML applications. | |
| Release contents: | |
| * `libhalo.js` - standalone JavaScript library for inclusion in classic HTML applications; | |
| * `libhalo.js.LICENSE` - license information; | |
| **Note:** The files `*-keyless.sig` and `*-keyless.pem` constitute a part of [build audit trail](https://github.com/arx-research/libhalo/blob/master/docs/build-audit-trail.md). | |
| - name: Store release upload URL | |
| run: | | |
| echo -n "${{ steps.create_release.outputs.upload_url }}" > release-upload-url.txt | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: release-upload-url | |
| path: release-upload-url.txt | |
| build_js_lib: | |
| name: Build libhalo and release | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: write | |
| id-token: write | |
| needs: create_release | |
| steps: | |
| - name: Checkout the repository | |
| uses: actions/checkout@v4 | |
| - name: Install Node.JS | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Install dependencies (root) | |
| run: | | |
| cd core | |
| yarn install --frozen-lockfile --production=false | |
| - name: Run webpack | |
| run: | | |
| cd core | |
| webpack | |
| - name: Download release upload URL | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: release-upload-url | |
| - name: Store release upload URL output | |
| id: out_store | |
| run: | | |
| echo "release_upload_url=$(cat release-upload-url.txt)" >> "$GITHUB_OUTPUT" | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@v3.5.0 | |
| - name: Sign libhalo.js with cosign | |
| run: | | |
| cd ./core/dist | |
| echo y | cosign sign-blob ./libhalo.js --output-certificate ./libhalo.js-keyless.pem --output-signature ./libhalo.js-keyless.sig | |
| cosign verify-blob --cert ./libhalo.js-keyless.pem --signature ./libhalo.js-keyless.sig --certificate-identity "https://github.com/arx-research/libhalo/.github/workflows/prod_build_lib.yml@${GITHUB_REF}" --certificate-oidc-issuer https://token.actions.githubusercontent.com ./libhalo.js | |
| - name: Upload release asset (JS bundle) | |
| id: upload-release-asset | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ steps.out_store.outputs.release_upload_url }} | |
| asset_path: ./core/dist/libhalo.js | |
| asset_name: libhalo.js | |
| asset_content_type: text/javascript | |
| - name: Upload release asset (LICENSE file) | |
| id: upload-release-asset-license | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ steps.out_store.outputs.release_upload_url }} | |
| asset_path: ./core/dist/libhalo.js.LICENSE.txt | |
| asset_name: libhalo.js.LICENSE.txt | |
| asset_content_type: text/plain | |
| - name: Upload release asset (cosign pem) | |
| id: upload-release-asset-cosign-pem | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ steps.out_store.outputs.release_upload_url }} | |
| asset_path: ./core/dist/libhalo.js-keyless.pem | |
| asset_name: libhalo.js-keyless.pem | |
| asset_content_type: application/octet-stream | |
| - name: Upload release asset (cosign sig) | |
| id: upload-release-asset-cosign-sig | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ steps.out_store.outputs.release_upload_url }} | |
| asset_path: ./core/dist/libhalo.js-keyless.sig | |
| asset_name: libhalo.js-keyless.sig | |
| asset_content_type: application/octet-stream | |
| publish_npm: | |
| name: Publish libhalo package | |
| environment: prod-npm | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| needs: create_release | |
| steps: | |
| - name: Download release upload URL | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: release-upload-url | |
| - name: Store release upload URL output | |
| id: out_store | |
| run: | | |
| echo "release_upload_url=$(cat release-upload-url.txt)" >> "$GITHUB_OUTPUT" | |
| - name: Checkout the repository | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.JS | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Run npm ci | |
| run: | | |
| cd core | |
| yarn install --frozen-lockfile --production=false | |
| ./node_modules/.bin/tsc | |
| ./node_modules/.bin/tsc -p tsconfig.commonjs.json | |
| - name: Publish package to npmjs | |
| run: cd core && yarn publish | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.RELEASE_NPM_TOKEN }} | |
| - name: Re-setup Node.JS with GitHub pkg | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| registry-url: https://npm.pkg.github.com/ | |
| - name: Publish package to GitHub | |
| run: cd core && yarn publish | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |