[Release] Snapshot Release #165
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "[Release] Snapshot Release" | |
| on: | |
| schedule: | |
| - cron: "0 0 * * *" | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: The base branch to publish a snapshot release from | |
| required: false | |
| default: "develop" | |
| tag: | |
| description: Snapshot version name | |
| required: false | |
| default: "develop" | |
| env: | |
| FORCE_COLOR: "1" | |
| REF: ${{ inputs.ref || 'develop' }} | |
| TAG: ${{ inputs.tag || 'develop' }} | |
| NPM_REGISTRY: ${{ vars.NPM_REGISTRY }} | |
| jobs: | |
| public-runner: | |
| name: Build and Attest Snapshot Packages | |
| # npmjs requires attestation to be generated on a public runner | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write # OIDC for npmjs attestation and keyless signing | |
| attestations: write # Needed to attest artifacts | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ env.REF }} | |
| - uses: ./.github/actions/setup-action-composite | |
| with: | |
| playwright: false | |
| - name: Update workspace syntax to use fixed version | |
| run: git ls-files | grep 'package\.json$' | xargs sed -i 's/workspace:\^/workspace:*/g' | |
| - name: Bump snapshot versions for all packages | |
| run: pnpm nx run ldb-tools:run -- bump-snapshot --tag ${{ env.TAG }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Canonicalize package.json | |
| run: pnpm nx run ldb-tools:canonicalize | |
| - name: Build libraries | |
| run: pnpm nx run-many -t build --projects=ledger-wallet-provider,ledger-wallet-provider-core | |
| - name: Prepare dist directory | |
| run: pnpm nx run ldb-tools:pack | |
| - name: Attest for npmjs.com | |
| uses: LedgerHQ/actions-security/actions/attest-for-npmsjs-com@attest-npm-dir-support | |
| with: | |
| subject-path: ./dist | |
| # The action currently doesn't support pushing the blob to the registry | |
| - name: Sign tarball | |
| uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1 | |
| with: | |
| path: ./dist | |
| - name: Upload packages to GitHub Artifacts | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: npm-snapshot-packages | |
| path: dist/*.tgz | |
| retention-days: 1 | |
| if-no-files-found: error | |
| ledger-runner: | |
| name: Publish Snapshot to JFrog | |
| needs: public-runner | |
| runs-on: public-ledgerhq-shared-medium | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ env.REF }} | |
| - uses: ./.github/actions/setup-action-composite | |
| with: | |
| playwright: false | |
| - name: Download packages from GitHub Artifacts | |
| uses: actions/download-artifact@v7 | |
| with: | |
| name: npm-snapshot-packages | |
| path: dist | |
| - name: Publish snapshot packages to JFrog | |
| uses: ./.github/actions/publish-to-jfrog-composite | |
| with: | |
| npm-registry: ${{ env.NPM_REGISTRY }} | |
| dist-path: dist | |
| npm-tag: ${{ env.TAG }} |