lumen/.github/workflows/release-all.yml at main · LedgerHQ/lumen · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
name: Release All

concurrency:
  group: release-all-${{ github.ref }}
  cancel-in-progress: false # release action, we shouldn't cancel in-progress actions.

on:
  workflow_dispatch:
    inputs:
      dry-run:
        description: 'Trigger the release in dry-run mode (nx release --dry-run)'
        required: true
        type: boolean

env:
  NX_NO_CLOUD: true
  NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/lumen-npm-prod-public

permissions:
  contents: read

jobs:
  release:
    name: Release and Publish
    runs-on: public-ledgerhq-shared-small
    permissions:
      contents: write # Required for creating Git tags, version commits, and GitHub releases
      id-token: write # Required for OIDC token generation to authenticate with JFrog Artifactory registry
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
          persist-credentials: true # required to create commits and tags

      - name: Setup git user
        uses: LedgerHQ/ledger-live/tools/actions/composites/setup-git-user@develop # internal action. branch is fine.

      - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0
        with:
          node-version: '22.14.0'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'

      - name: Install dependencies
        id: install-dependencies
        run: |
          npm ci --legacy-peer-deps
          npm audit signatures

      - name: Release
        id: release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: npx nx release --verbose --skip-publish

      - name: Print Environment Info
        run: npx nx report

      - name: Login to internal JFrog registry
        id: jfrog-login
        uses: LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1 # internal action. branch is fine

      - name: Setup npm config for JFrog
        env:
          NPM_REGISTRY_TOKEN: ${{ steps.jfrog-login.outputs.oidc-token }}
        run: |
          cat << EOF | tee .npmrc
          enable-pre-post-scripts=true
          registry=https://${NPM_REGISTRY}/
          //${NPM_REGISTRY}/:_authToken=${NPM_REGISTRY_TOKEN}
          EOF

      - name: Publish
        id: publish
        run: npx nx release publish --verbose