🔖 (release) [NO-ISSUE]: New release incoming: Signer SOL 1.6.1, Signe… #267
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "[Release] Publish Packages" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| FORCE_COLOR: "1" | |
| NPM_REGISTRY: ${{ vars.NPM_REGISTRY }} | |
| permissions: | |
| id-token: write | |
| contents: write | |
| pull-requests: write | |
| # Need to attest artifacts | |
| attestations: write | |
| jobs: | |
| public-runner: | |
| name: Build and Attest Release Packages | |
| # npmjs requires attestation to be generated on a public runner | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: LedgerHQ/device-sdk-ts/.github/actions/setup-with-cache-composite@develop | |
| - name: Canonicalize package.json | |
| run: pnpm ldmk-tool canonicalize | |
| - name: Build libraries | |
| run: pnpm build:libs | |
| - name: Prepare dist directory | |
| run: pnpm ldmk-tool pack | |
| - name: Attest for npmjs.com | |
| uses: LedgerHQ/actions-security/actions/attest-for-npmsjs-com@attest-npm-dir-support | |
| with: | |
| subject-path: ./dist | |
| # The action currently doesn't support pushing the blob to the registry | |
| - name: Sign tarball | |
| uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1 | |
| with: | |
| path: ./dist | |
| - name: Upload packages to GitHub Artifacts | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: npm-release-packages | |
| path: dist/*.tgz | |
| retention-days: 1 | |
| if-no-files-found: error | |
| # This action will publish to github and create tags on main branch | |
| - name: Publish to Github Release | |
| uses: LedgerHQ/actions-security/actions/create-github-release@create-github-release | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| ledger-runner: | |
| name: Publish Release to JFrog | |
| environment: Production | |
| needs: public-runner | |
| # JFrog is accessible only from a ledger private runner | |
| runs-on: ledgerhq-device-sdk | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: LedgerHQ/device-sdk-ts/.github/actions/setup-with-cache-composite@develop | |
| - name: Download packages from GitHub Artifacts | |
| uses: actions/download-artifact@v7 | |
| with: | |
| name: npm-release-packages | |
| path: dist | |
| - name: Publish release packages to JFrog | |
| uses: LedgerHQ/device-sdk-ts/.github/actions/publish-to-jfrog-composite@develop | |
| with: | |
| npm-registry: ${{ env.NPM_REGISTRY }} | |
| dist-path: dist |