Release 0.5.0 #20
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "[0-9]+.[0-9]+.[0-9]+*" | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| packages: write | |
| jobs: | |
| build: | |
| uses: ./.github/workflows/build.yml | |
| build-pypi: | |
| uses: ./.github/workflows/build-pypi.yml | |
| build-npm: | |
| needs: build | |
| uses: ./.github/workflows/build-npm.yml | |
| sbom: | |
| uses: ./.github/workflows/build-sbom.yml | |
| attest: | |
| name: Attest ${{ matrix.crate }} | |
| needs: [build, sbom] | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| strategy: | |
| matrix: | |
| include: | |
| - crate: act-cli | |
| artifact-pattern: "act-!(build-*)" | |
| - crate: act-build | |
| artifact-pattern: "act-build-*" | |
| steps: | |
| - uses: actions/download-artifact@v8 | |
| with: | |
| path: artifacts | |
| pattern: ${{ matrix.artifact-pattern }} | |
| merge-multiple: true | |
| - uses: actions/download-artifact@v8 | |
| with: | |
| name: sbom | |
| path: sbom | |
| - name: Attest build provenance | |
| uses: actions/attest@v4 | |
| with: | |
| subject-path: "artifacts/*" | |
| - name: Attest SBOM | |
| uses: actions/attest@v4 | |
| with: | |
| subject-path: "artifacts/*" | |
| sbom-path: "sbom/${{ matrix.crate }}/${{ matrix.crate }}.cdx.json" | |
| pypi-publish: | |
| name: Publish to PyPI | |
| needs: [build, build-pypi] | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| environment: pypi | |
| permissions: | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - uses: actions/download-artifact@v8 | |
| with: | |
| pattern: wheels-* | |
| merge-multiple: true | |
| path: dist | |
| - name: Attest PyPI artifacts | |
| uses: actions/attest@v4 | |
| with: | |
| subject-path: dist/* | |
| - uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| skip-existing: true | |
| verbose: true | |
| npm-publish: | |
| name: Publish to npm | |
| needs: build-npm | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| environment: npm | |
| permissions: | |
| id-token: write | |
| steps: | |
| - uses: actions/download-artifact@v8 | |
| with: | |
| name: npm-packages | |
| path: packed | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: "24" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Publish all packages with provenance | |
| run: | | |
| # Platform packages first (no cross-deps), then wrappers last | |
| for tgz in packed/*.tgz; do | |
| case "$(basename "$tgz")" in | |
| actcore-act-cli-*|actcore-act-build-[a-z]*) npm publish "./$tgz" --provenance --access public || true ;; | |
| esac | |
| done | |
| for tgz in packed/*.tgz; do | |
| case "$(basename "$tgz")" in | |
| actcore-act-cli-*|actcore-act-build-[a-z]*) ;; # already published | |
| *) npm publish "./$tgz" --provenance --access public || true ;; | |
| esac | |
| done | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| crates-publish: | |
| name: Publish to crates.io | |
| needs: build | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| environment: crates-io | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: taiki-e/cache-cargo-install-action@v3 | |
| with: | |
| tool: wit-deps-cli | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - run: wit-deps | |
| working-directory: act-cli | |
| - name: Authenticate with crates.io | |
| id: auth | |
| uses: rust-lang/crates-io-auth-action@v1 | |
| - name: Publish to crates.io | |
| continue-on-error: true | |
| run: cargo publish -p act-cli -p act-build --allow-dirty | |
| env: | |
| CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }} | |
| docker-publish: | |
| needs: build | |
| uses: ./.github/workflows/build-docker.yml | |
| with: | |
| push: true | |
| secrets: inherit | |
| release: | |
| name: GitHub Release | |
| needs: [attest, pypi-publish, npm-publish, crates-publish, docker-publish] | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/download-artifact@v8 | |
| with: | |
| path: artifacts | |
| pattern: "{act,act-build}-*" | |
| merge-multiple: true | |
| - uses: actions/download-artifact@v8 | |
| with: | |
| name: sbom | |
| path: sbom | |
| - name: Extract release notes from CHANGELOG | |
| shell: bash | |
| run: | | |
| VERSION="${{ github.ref_name }}" | |
| awk -v ver="$VERSION" '$0 ~ "^## \\[" ver "\\]"{flag=1;next}/^## \[/{flag=0}flag' CHANGELOG.md > /tmp/notes.md | |
| if [ ! -s /tmp/notes.md ]; then | |
| echo "No release notes found for $VERSION in CHANGELOG.md" >&2 | |
| exit 1 | |
| fi | |
| cat /tmp/notes.md | |
| - name: Create or update GitHub Release | |
| run: | | |
| if gh release view "${{ github.ref_name }}" >/dev/null 2>&1; then | |
| gh release upload "${{ github.ref_name }}" artifacts/* sbom/*/*.cdx.json --clobber | |
| else | |
| gh release create "${{ github.ref_name }}" \ | |
| artifacts/* sbom/*/*.cdx.json \ | |
| --title "${{ github.ref_name }}" \ | |
| --notes-file /tmp/notes.md | |
| fi | |
| env: | |
| GH_TOKEN: ${{ github.token }} |