github-action/.github/workflows/release.yaml at 34b405b770137b81e4e53208705f5f3a74b0fd8e · ethiack/github-action · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
name: Release
run-name: "Release `${{ github.ref_name }}` (SHA: ${{ github.sha }})"

on:
  push:
    branches:
      - main
      - staging

permissions:
  contents: read

jobs:
  checks:
    name: Run Checks
    uses: ./.github/workflows/checks.base.yaml
  release:
    name: Release
    needs: checks
    runs-on: ubuntu-latest
    permissions:
      contents: write
      issues: write
      pull-requests: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Generate GitHub App token
        id: app-token
        if: ${{ secrets.ETHIACK_RELEASE_BOT_APP_ID != '' && secrets.ETHIACK_RELEASE_BOT_APP_PRIVATE_KEY != '' }}
        uses: actions/create-github-app-token@v1
        with:
          app-id: ${{ secrets.ETHIACK_RELEASE_BOT_APP_ID }}
          private-key: ${{ secrets.ETHIACK_RELEASE_BOT_APP_PRIVATE_KEY }}
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "lts/*"
      - name: Install plugins
        run: >
          npm install -D
          @semantic-release/git
          @semantic-release/changelog
          conventional-changelog-conventionalcommits
          @saithodev/semantic-release-backmerge
      - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
        run: npm audit signatures
      - name: Release
        env:
          GITHUB_TOKEN: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
        run: npx semantic-release