Release Upgradeable #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Upgradeable | |
| on: | |
| workflow_dispatch: {} | |
| jobs: | |
| state: | |
| name: Check state | |
| permissions: | |
| pull-requests: read | |
| if: ${{ !endsWith(github.repository, '-upgradeable') }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| repository: ${{ github.repository }}-upgradeable | |
| ref: ${{ github.ref }} | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.ref }} | |
| path: lib/openzeppelin-contracts | |
| - name: Set up environment | |
| uses: ./.github/actions/setup | |
| - name: Check upgradeable | |
| id: check-upgradeable | |
| run: bash scripts/release/workflow/check-upgradeable.sh | |
| outputs: | |
| publish: ${{ steps.check-upgradeable.outcome }} | |
| is_prerelease: ${{ steps.check-upgradeable.outputs.is_prerelease }} | |
| # copied from release-cycle.yml | |
| publish: | |
| needs: state | |
| name: Publish to npm | |
| environment: push-upgradeable | |
| permissions: | |
| id-token: write | |
| if: needs.state.outputs.publish == 'success' # Note: changed from 'true' to 'success' to support the way publish is computed | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| repository: ${{ github.repository }}-upgradeable | |
| ref: ${{ github.ref }} | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.ref }} | |
| path: lib/openzeppelin-contracts | |
| - name: Set up environment | |
| uses: ./.github/actions/setup | |
| - id: pack | |
| name: Pack | |
| run: bash scripts/release/workflow/pack.sh | |
| env: | |
| PRERELEASE: ${{ needs.state.outputs.is_prerelease }} | |
| - name: Upload tarball artifact | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: ${{ github.ref_name }}-upgradeable | |
| path: ${{ steps.pack.outputs.tarball }} | |
| - name: Publish | |
| run: bash scripts/release/workflow/publish.sh | |
| env: | |
| TARBALL: ${{ steps.pack.outputs.tarball }} | |
| TAG: ${{ steps.pack.outputs.tag }} | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| NPM_CONFIG_PROVENANCE: false | |
| - name: Create Github Release | |
| uses: actions/github-script@v8 | |
| env: | |
| PRERELEASE: ${{ needs.state.outputs.is_prerelease }} | |
| TARGET_COMMIT: ${{ github.ref }} | |
| REPO_SUFFIX: -upgradeable | |
| with: | |
| github-token: ${{ secrets.GH_TOKEN_UPGRADEABLE }} | |
| script: await require('./scripts/release/workflow/github-release.js')({ github, context }) | |
| outputs: | |
| tarball_name: ${{ steps.pack.outputs.tarball_name }} | |
| integrity_check: | |
| needs: publish | |
| name: Tarball Integrity Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| repository: ${{ github.repository }}-upgradeable | |
| ref: ${{ github.ref }} | |
| - name: Download tarball artifact | |
| id: artifact | |
| uses: actions/download-artifact@v6 | |
| with: | |
| name: ${{ github.ref_name }}-upgradeable | |
| - name: Check integrity | |
| run: bash scripts/release/workflow/integrity-check.sh | |
| env: | |
| TARBALL: ${{ steps.artifact.outputs.download-path }}/${{ needs.publish.outputs.tarball_name }} |