Service account signing added #360
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Tag and release" | ||
| on: | ||
| push: | ||
| branches: | ||
| - 'main' | ||
| jobs: | ||
| deploy-to-prod: | ||
| runs-on: ubuntu-lates | ||
| permissions: | ||
| contents: write | ||
| steps: | ||
| - uses: bullfrogsec/bullfrog@dcde5841b19b7ef693224207a7fdec67fce604db # v0.8.3 | ||
| with: | ||
| # List of IPs to allow outbound connections to. | ||
| # By default, only localhost and IPs required for the essential operations of Github Actions are allowed. | ||
| # allowed-ips:| | ||
| # List of domains to allow outbound connections to. | ||
| # Wildcards are accepted. For example, if allowing `*.google.com`, this will allow `www.google.com`, `console.cloud.google.com` but not `google.com`. | ||
| # By default, only domains required for essential operations of Github Actions and uploading job summaries are allowed. | ||
| # Refer to https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#communication-requirements-for-github-hosted-runners-and-github for additional domains that should be allowed for additional Github Actions features. | ||
| #allowed-domains: | | ||
| # The egress policy to enforce. Valid values are `audit` and `block`. | ||
| # Default: audit | ||
| egress-policy: audit | ||
| # NEW: Import GPG key for commit signing SA | ||
| - name: Import GPG key | ||
| uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec | ||
| with: | ||
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | ||
| git_user_signingkey: true | ||
| git_commit_gpgsign: true | ||
| git_tag_gpgsign: true | ||
| git_config_global: true | ||
| # NEW: Configure Git identity | ||
| - name: Configure Git | ||
| run: | | ||
| git config user.name "Uniswap Labs Service Account" | ||
| git config user.email "[email protected]" | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | ||
| - name: 🧷️ Get version | ||
| uses: juliangruber/read-file-action@02bbba9876a8f870efd4ad64e3b9088d3fb94d4b | ||
| id: version | ||
| with: | ||
| path: VERSION | ||
| - name: 🧾️ Get release notes | ||
| uses: juliangruber/read-file-action@02bbba9876a8f870efd4ad64e3b9088d3fb94d4b | ||
| id: release-notes | ||
| with: | ||
| path: RELEASE | ||
| - name: 🏷️ Tag | ||
| id: github-tag-action | ||
| uses: uniswap/github-tag-action@7bddacd4864a0f5671e836721db60174d8a9c399 | ||
| with: | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| custom_tag: ${{ steps.version.outputs.content }} | ||
| tag_prefix: "" | ||
| - name: 🪽 Release | ||
| uses: actions/create-release@c9ba6969f07ed90fae07e2e66100dd03f9b1a50e | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| with: | ||
| tag_name: ${{ steps.github-tag-action.outputs.new_tag }} | ||
| release_name: Release ${{ steps.github-tag-action.outputs.new_tag }} | ||
| body: ${{ steps.release-notes.outputs.content }} | ||
