[Release] Snapshot Release #1107
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "[Release] Snapshot Release" | |
| on: | |
| schedule: | |
| - cron: "0 0 * * *" | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: The base branch to publish a snapshot release from | |
| required: false | |
| default: "develop" | |
| tag: | |
| description: Snapshot version name | |
| required: false | |
| default: "develop" | |
| env: | |
| FORCE_COLOR: "1" | |
| REF: ${{ inputs.ref || 'develop' }} | |
| TAG: ${{ inputs.tag || 'develop' }} | |
| NPM_REGISTRY: ${{ vars.NPM_REGISTRY }} | |
| permissions: | |
| id-token: write | |
| contents: write | |
| pull-requests: write | |
| # Need to attest artifacts | |
| attestations: write | |
| jobs: | |
| public-runner: | |
| name: Build and Attest Snapshot Packages | |
| # npmjs requires attestation to be generated on a public runner | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ env.REF }} | |
| - uses: LedgerHQ/device-sdk-ts/.github/actions/setup-with-cache-composite@develop | |
| - name: Update workspace syntax to use fixed version | |
| run: git ls-files | grep 'package\.json$' | xargs sed -i 's/workspace:\^/workspace:*/g' | |
| - name: Bump snapshot versions for all packages | |
| run: pnpm ldmk-tool bump-snapshot --tag ${{ env.TAG }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Canonicalize package.json | |
| run: pnpm ldmk-tool canonicalize | |
| - name: Build libraries | |
| run: pnpm build:libs | |
| - name: Prepare dist directory | |
| run: pnpm ldmk-tool pack | |
| - name: Attest for npmjs.com | |
| uses: LedgerHQ/actions-security/actions/attest-for-npmsjs-com@attest-npm-dir-support | |
| with: | |
| subject-path: ./dist | |
| # The action currently doesn't support pushing the blob to the registry | |
| - name: Sign tarball | |
| uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1 | |
| with: | |
| path: ./dist | |
| - name: Upload packages to GitHub Artifacts | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: npm-snapshot-packages | |
| path: dist/*.tgz | |
| retention-days: 7 | |
| if-no-files-found: error | |
| ledger-runner: | |
| name: Publish Snapshot to JFrog | |
| needs: public-runner | |
| # JFrog is accessible only from a ledger private runner | |
| runs-on: ledgerhq-device-sdk | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ env.REF }} | |
| - uses: LedgerHQ/device-sdk-ts/.github/actions/setup-with-cache-composite@develop | |
| - name: Download packages from GitHub Artifacts | |
| uses: actions/download-artifact@v7 | |
| with: | |
| name: npm-snapshot-packages | |
| path: dist | |
| - name: Publish snapshot packages to JFrog | |
| uses: LedgerHQ/device-sdk-ts/.github/actions/publish-to-jfrog-composite@develop | |
| with: | |
| npm-registry: ${{ env.NPM_REGISTRY }} | |
| dist-path: dist | |
| npm-tag: ${{ env.TAG }} |