Release v5.4.4-dev.10 #807

Workflow file for this run

.github/workflows/release.yml at d8bf985

	# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".

	name: release
	run-name: Release ${{ github.ref_name }}
	on:
	push:
	tags:
	- v..*
	jobs:
	build:
	name: Build release package
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	outputs:
	dist-tag: ${{ steps.publish-target.outputs.dist-tag }}
	latest: ${{ steps.publish-target.outputs.latest }}
	github-release: ${{ steps.publish-target.outputs.github-release }}
	prerelease: ${{ steps.publish-target.outputs.prerelease }}
	env:
	CI: "true"
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	with:
	repository: ${{ github.repository }}
	ref: ${{ github.ref }}
	- name: Setup Node.js
	uses: actions/setup-node@v3
	with:
	cache: yarn
	node-version: 18.12.0
	- name: Install dependencies
	run: yarn install --frozen-lockfile
	- name: Prepare Release
	run: yarn release ${{ github.ref_name }}
	- name: Determine Target
	id: publish-target
	env:
	GITHUB_TOKEN: ${{ github.token }}
	run: yarn ts-node projenrc/publish-target.ts ${{ github.ref_name }}
	- name: Federate to AWS
	if: fromJSON(steps.publish-target.outputs.github-release)
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-region: us-east-1
	role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
	role-session-name: GHA-aws-jsii-compiler@${{ github.ref_name }}
	- name: Sign Tarball
	if: fromJSON(steps.publish-target.outputs.github-release)
	run: \|-
	set -eo pipefail
	export GNUPGHOME=$(mktemp -d)
	echo "charset utf-8" > ${GNUPGHOME}/gpg.conf
	echo "no-comments" >> ${GNUPGHOME}/gpg.conf
	echo "no-emit-version" >> ${GNUPGHOME}/gpg.conf
	echo "no-greeting" >> ${GNUPGHOME}/gpg.conf
	secret=$(aws secretsmanager get-secret-value --secret-id=${{ secrets.OPEN_PGP_KEY_ARN }} --query=SecretString --output=text)
	privatekey=$(node -p "(${secret}).PrivateKey")
	passphrase=$(node -p "(${secret}).Passphrase")
	echo "::add-mask::${passphrase}"
	unset secret
	echo ${passphrase} \| gpg --batch --yes --import --armor --passphrase-fd=0 <(echo "${privatekey}")
	unset privatekey
	for file in $(find dist -type f -not -iname "*.asc"); do
	echo ${passphrase} \| gpg --batch --yes --local-user="aws-jsii@amazon.com" --detach-sign --armor --pinentry-mode=loopback --passphrase-fd=0 ${file}
	done
	unset passphrase
	find ${GNUPGHOME} -type f -exec shred --remove {} \;
	- name: Upload artifact
	uses: actions/upload-artifact@v3
	with:
	name: release-package
	path: ${{ github.workspace }}/dist
	release-to-github:
	name: Create GitHub Release
	needs: build
	runs-on: ubuntu-latest
	permissions:
	contents: write
	env:
	CI: "true"
	if: fromJSON(needs.build.outputs.github-release)
	steps:
	- name: Download artifact
	uses: actions/download-artifact@v3
	with:
	name: release-package
	- name: Verify if release exists
	id: release-exists
	env:
	GH_TOKEN: ${{ github.token }}
	run: \|-
	if gh release view ${{ github.ref_name }} --repo=${{ github.repository }} &>/dev/null
	then
	echo "result=true" >> $GITHUB_OUTPUT
	else
	echo "result=false" >> $GITHUB_OUTPUT
	fi
	- name: Create PreRelease
	if: "!fromJSON(steps.release-exists.outputs.result) && fromJSON(needs.build.outputs.prerelease)"
	env:
	GH_TOKEN: ${{ github.token }}
	run: gh release create ${{ github.ref_name }} --repo=${{ github.repository }} --generate-notes --title=${{ github.ref_name }} --verify-tag --prerelease --latest=${{ needs.build.outputs.latest }}
	- name: Create Release
	if: "!fromJSON(steps.release-exists.outputs.result) && !fromJSON(needs.build.outputs.prerelease)"
	env:
	GH_TOKEN: ${{ github.token }}
	run: gh release create ${{ github.ref_name }} --repo=${{ github.repository }} --generate-notes --title=${{ github.ref_name }} --verify-tag --latest=${{ needs.build.outputs.latest }}
	- name: Attach assets
	env:
	GH_TOKEN: ${{ github.token }}
	run: gh release upload ${{ github.ref_name }} --repo=${{ github.repository }} --clobber ${{ github.workspace }}/*/
	release-npm-package:
	name: Release to registry.npmjs.org
	needs: build
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	env:
	CI: "true"
	steps:
	- name: Download artifact
	uses: actions/download-artifact@v3
	with:
	name: release-package
	- name: Setup Node.js
	uses: actions/setup-node@v3
	with:
	always-auth: true
	node-version: 18.12.0
	registry-url: https://registry.npmjs.org/
	- name: Federate to AWS
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-region: us-east-1
	role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
	role-session-name: GHA-aws-jsii-compiler@${{ github.ref_name }}
	- name: Set NODE_AUTH_TOKEN
	run: \|-
	secret=$(aws secretsmanager get-secret-value --secret-id=${{ secrets.NPM_TOKEN_ARN }} --query=SecretString --output=text)
	token=$(node -p "(${secret}).token")
	unset secret
	echo "::add-mask::${token}"
	echo "NODE_AUTH_TOKEN=${token}" >> $GITHUB_ENV
	unset token
	- name: Publish
	run: npm publish ${{ github.workspace }}/js/jsii-*.tgz --access=public --tag=${{ needs.build.outputs.dist-tag }}
	- name: Tag "latest"
	if: fromJSON(needs.build.outputs.latest)
	run: npm dist-tag add jsii@${{ github.ref_name }} latest

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release v5.4.4-dev.10 #807

Workflow file

Release v5.4.4-dev.10 #807

Jobs

Run details

Workflow file for this run