diff --git a/.github/workflows/manual-release.yml b/.github/workflows/manual-release.yml index 93ed09c6..2dabac69 100644 --- a/.github/workflows/manual-release.yml +++ b/.github/workflows/manual-release.yml @@ -133,11 +133,12 @@ jobs: --targets=linux-x64,win32-x64,darwin-arm64 \ --ignore-missing + npm-publish: runs-on: ubuntu-latest needs: [check-version, test, upload-assets] permissions: - id-token: write + id-token: write # Required for OIDC steps: - uses: actions/checkout@v6 - uses: actions/setup-node@v6 @@ -151,15 +152,11 @@ jobs: # Dry run NPM publish - name: Dry run NPM publish - run: npm publish --tag ${{ needs.check-version.outputs.oclif_channel }} --provenance --access public --dry-run - env: - NODE_AUTH_TOKEN: ${{ secrets.HD_CLI_NPM_TOKEN }} + run: npm publish --tag ${{ needs.check-version.outputs.oclif_channel }} --access public --dry-run # --provenance no longer needed as OIDC uses that by default # NPM Release - name: Create NPM release - run: npm publish --tag ${{ needs.check-version.outputs.oclif_channel }} --provenance --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.HD_CLI_NPM_TOKEN }} + run: npm publish --tag ${{ needs.check-version.outputs.oclif_channel }} --access public # --provenance no longer needed as OIDC uses that by default publish-images: name: Publish Images diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index e9120ecb..00000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,92 +0,0 @@ -name: Release -on: - push: - branches: - - main - workflow_dispatch: - -permissions: - contents: read - -jobs: - release-please: - runs-on: ubuntu-latest - outputs: - release_created: ${{ steps.release.outputs.release_created }} - permissions: - contents: write - pull-requests: write - steps: - - uses: googleapis/release-please-action@v4 - id: release - with: - token: ${{ secrets.GITHUB_TOKEN }} - config-file: release-please-config.json - manifest-file: .release-please-manifest.json - - release: - needs: release-please - if: ${{ needs.release-please.outputs.release_created }} - runs-on: ubuntu-latest - permissions: - contents: write - id-token: write - steps: - - uses: actions/checkout@v6 - - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 - with: - node-version-file: '.nvmrc' - registry-url: 'https://registry.npmjs.org' - - run: npm ci - - run: npm run build - - name: Create NPM release - run: npm publish --provenance --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.HD_CLI_NPM_TOKEN }} - - publish-images: - name: Publish Images - runs-on: ubuntu-latest - permissions: - packages: write - steps: - - uses: actions/checkout@v6 - - name: Parse tag - run: echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV - - - uses: docker/metadata-action@v5 - id: meta - with: - # Enable when we have Docker Hub set up - images: | - name=ghcr.io/herodevs/eol-scan - name=docker.io/herodevs/eol-scan,enable=false - tags: | - type=sha,format=long - type=raw,value=latest - type=raw,value=${{ env.VERSION }} - - - uses: docker/login-action@v4 - # Enable when we have Docker Hub set up - if: ${{ false }} - with: - username: ${{ vars.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - uses: docker/login-action@v4 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - uses: docker/setup-buildx-action@v3 - - uses: docker/build-push-action@v6 - with: - context: . - file: ./ci/image.Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max \ No newline at end of file