diff --git a/.gitattributes b/.gitattributes index 37b2a51a..acac7707 100644 --- a/.gitattributes +++ b/.gitattributes @@ -6,6 +6,7 @@ /.github/pull_request_template.md linguist-generated /.github/workflows/build.yml linguist-generated /.github/workflows/pull-request-lint.yml linguist-generated +/.github/workflows/release.yml linguist-generated /.github/workflows/upgrade-main.yml linguist-generated /.gitignore linguist-generated /.mergify.yml linguist-generated diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..f8956ca2 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,217 @@ +# ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". + +name: release +on: + push: + branches: + - main + workflow_dispatch: {} +jobs: + release: + runs-on: ubuntu-latest + permissions: + contents: write + outputs: + latest_commit: ${{ steps.git_remote.outputs.latest_commit }} + env: + CI: "true" + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set git identity + run: |- + git config user.name "github-actions" + git config user.email "github-actions@github.com" + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version: 16.x + - name: Install dependencies + run: yarn install --check-files --frozen-lockfile + - name: release + run: npx projen release + - name: Check for new commits + id: git_remote + run: echo "latest_commit=$(git ls-remote origin -h ${{ github.ref }} | cut -f1)" >> $GITHUB_OUTPUT + - name: Backup artifact permissions + if: ${{ steps.git_remote.outputs.latest_commit == github.sha }} + run: cd dist && getfacl -R . > permissions-backup.acl + continue-on-error: true + - name: Upload artifact + if: ${{ steps.git_remote.outputs.latest_commit == github.sha }} + uses: actions/upload-artifact@v3 + with: + name: build-artifact + path: dist + release_github: + name: Publish to GitHub Releases + needs: release + runs-on: ubuntu-latest + permissions: + contents: write + if: needs.release.outputs.latest_commit == github.sha + steps: + - uses: actions/setup-node@v3 + with: + node-version: 16.x + - name: Download build artifacts + uses: actions/download-artifact@v3 + with: + name: build-artifact + path: dist + - name: Restore build artifact permissions + run: cd dist && setfacl --restore=permissions-backup.acl + continue-on-error: true + - name: Prepare Repository + run: mv dist .repo + - name: Collect GitHub Metadata + run: mv .repo/dist dist + - name: Release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_REPOSITORY: ${{ github.repository }} + GITHUB_REF: ${{ github.ref }} + run: errout=$(mktemp); gh release create $(cat dist/releasetag.txt) -R $GITHUB_REPOSITORY -F dist/changelog.md -t $(cat dist/releasetag.txt) --target $GITHUB_REF 2> $errout && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" $errout; then cat $errout; exit $exitcode; fi + release_npm: + name: Publish to npm + needs: release + runs-on: ubuntu-latest + permissions: + contents: read + if: needs.release.outputs.latest_commit == github.sha + steps: + - uses: actions/setup-node@v3 + with: + node-version: 16.x + - name: Download build artifacts + uses: actions/download-artifact@v3 + with: + name: build-artifact + path: dist + - name: Restore build artifact permissions + run: cd dist && setfacl --restore=permissions-backup.acl + continue-on-error: true + - name: Prepare Repository + run: mv dist .repo + - name: Install Dependencies + run: cd .repo && yarn install --check-files --frozen-lockfile + - name: Create js artifact + run: cd .repo && npx projen package:js + - name: Collect js Artifact + run: mv .repo/dist dist + - name: Release + env: + NPM_DIST_TAG: latest + NPM_REGISTRY: registry.npmjs.org + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + run: npx -p publib@latest publib-npm + release_maven: + name: Publish to Maven Central + needs: release + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + if: needs.release.outputs.latest_commit == github.sha + steps: + - uses: actions/setup-java@v3 + with: + distribution: temurin + java-version: 11.x + - uses: actions/setup-node@v3 + with: + node-version: 16.x + - name: Download build artifacts + uses: actions/download-artifact@v3 + with: + name: build-artifact + path: dist + - name: Restore build artifact permissions + run: cd dist && setfacl --restore=permissions-backup.acl + continue-on-error: true + - name: Prepare Repository + run: mv dist .repo + - name: Install Dependencies + run: cd .repo && yarn install --check-files --frozen-lockfile + - name: Create java artifact + run: cd .repo && npx projen package:java + - name: Collect java Artifact + run: mv .repo/dist dist + - name: Release + env: + MAVEN_SERVER_ID: github + MAVEN_REPOSITORY_URL: https://maven.pkg.github.com/${{ github.repository }} + MAVEN_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + MAVEN_USERNAME: ${{ github.actor }} + run: npx -p publib@latest publib-maven + release_pypi: + name: Publish to PyPI + needs: release + runs-on: ubuntu-latest + permissions: + contents: read + if: needs.release.outputs.latest_commit == github.sha + steps: + - uses: actions/setup-node@v3 + with: + node-version: 16.x + - uses: actions/setup-python@v4 + with: + python-version: 3.x + - name: Download build artifacts + uses: actions/download-artifact@v3 + with: + name: build-artifact + path: dist + - name: Restore build artifact permissions + run: cd dist && setfacl --restore=permissions-backup.acl + continue-on-error: true + - name: Prepare Repository + run: mv dist .repo + - name: Install Dependencies + run: cd .repo && yarn install --check-files --frozen-lockfile + - name: Create python artifact + run: cd .repo && npx projen package:python + - name: Collect python Artifact + run: mv .repo/dist dist + - name: Release + env: + TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} + TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }} + run: npx -p publib@latest publib-pypi + release_nuget: + name: Publish to NuGet Gallery + needs: release + runs-on: ubuntu-latest + permissions: + contents: read + if: needs.release.outputs.latest_commit == github.sha + steps: + - uses: actions/setup-node@v3 + with: + node-version: 16.x + - uses: actions/setup-dotnet@v3 + with: + dotnet-version: 3.x + - name: Download build artifacts + uses: actions/download-artifact@v3 + with: + name: build-artifact + path: dist + - name: Restore build artifact permissions + run: cd dist && setfacl --restore=permissions-backup.acl + continue-on-error: true + - name: Prepare Repository + run: mv dist .repo + - name: Install Dependencies + run: cd .repo && yarn install --check-files --frozen-lockfile + - name: Create dotnet artifact + run: cd .repo && npx projen package:dotnet + - name: Collect dotnet Artifact + run: mv .repo/dist dist + - name: Release + env: + NUGET_API_KEY: ${{ secrets.NUGET_TOKEN }} + run: npx -p publib@latest publib-nuget diff --git a/.gitignore b/.gitignore index 16191b9f..2372a806 100644 --- a/.gitignore +++ b/.gitignore @@ -37,6 +37,7 @@ junit.xml !/.github/workflows/build.yml /dist/changelog.md /dist/version.txt +!/.github/workflows/release.yml !/.mergify.yml !/.github/workflows/upgrade-main.yml !/.github/pull_request_template.md diff --git a/.projen/files.json b/.projen/files.json index ac9eec0d..bfa245ff 100644 --- a/.projen/files.json +++ b/.projen/files.json @@ -5,6 +5,7 @@ ".github/pull_request_template.md", ".github/workflows/build.yml", ".github/workflows/pull-request-lint.yml", + ".github/workflows/release.yml", ".github/workflows/upgrade-main.yml", ".gitignore", ".mergify.yml", diff --git a/.projen/tasks.json b/.projen/tasks.json index 8954322b..d0b1671c 100644 --- a/.projen/tasks.json +++ b/.projen/tasks.json @@ -228,28 +228,6 @@ "name": "pre-compile", "description": "Prepare the project for compilation" }, - "publish:git": { - "name": "publish:git", - "description": "Prepends the release changelog onto the project changelog, creates a release commit, and tags the release", - "env": { - "CHANGELOG": "dist/changelog.md", - "RELEASE_TAG_FILE": "dist/releasetag.txt", - "PROJECT_CHANGELOG_FILE": "CHANGELOG.md", - "VERSION_FILE": "dist/version.txt" - }, - "steps": [ - { - "builtin": "release/update-changelog" - }, - { - "builtin": "release/tag-version" - }, - { - "exec": "git push --follow-tags origin main" - } - ], - "condition": "! git log --oneline -1 | grep -q \"chore(release):\"" - }, "release": { "name": "release", "description": "Prepare a release from \"main\" branch", @@ -272,9 +250,6 @@ }, { "exec": "git diff --ignore-space-at-eol --exit-code" - }, - { - "spawn": "publish:git" } ] }, diff --git a/.projenrc.js b/.projenrc.js index a648af90..3d5085a8 100644 --- a/.projenrc.js +++ b/.projenrc.js @@ -19,7 +19,6 @@ const project = new awscdk.AwsCdkConstructLibrary({ docgen: true, release: true, - releaseTrigger: ReleaseTrigger.manual(), releaseToNpm: true, npmTokenSecret: 'NPM_TOKEN', publishToNuget: { diff --git a/package.json b/package.json index 4622e74d..32edea3f 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,6 @@ "post-compile": "npx projen post-compile", "post-upgrade": "npx projen post-upgrade", "pre-compile": "npx projen pre-compile", - "publish:git": "npx projen publish:git", "release": "npx projen release", "test": "npx projen test", "test:watch": "npx projen test:watch",