-
-
Notifications
You must be signed in to change notification settings - Fork 398
114 lines (97 loc) · 3.14 KB
/
Copy pathpublish.yml
File metadata and controls
114 lines (97 loc) · 3.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
name: Publish
on:
push:
branches:
- main
- next
- "maintenance/v*" # branch rulesets don't support v[0-9]+
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
queue: max
permissions: {} # each job should define its own permission explicitly
jobs:
select-mode:
name: Select mode
runs-on: ubuntu-latest
timeout-minutes: 20
outputs:
mode: ${{ steps.select-mode.outputs.mode }}
permissions:
contents: read # to check out repo (actions/checkout)
steps:
- name: Check out repo
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
- uses: ./.github/actions/ci-setup
with:
skip-cache: true # avoid cache poisoning attacks
- name: Build
run: pnpm build
- name: Select mode
id: select-mode
uses: ./select-mode
version:
name: Version
if: needs.select-mode.outputs.mode == 'version'
needs: select-mode
runs-on: ubuntu-latest
environment: version
timeout-minutes: 20
permissions:
contents: read # to check out repo (actions/checkout)
steps:
- name: Check out repo
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
- uses: ./.github/actions/ci-setup
with:
skip-cache: true # avoid cache poisoning attacks
- name: Build
run: pnpm build
- uses: ./.github/actions/setup-bot-auth
id: bot-auth
with:
client-id: ${{ vars.APP_CLIENT_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
permission-contents: write # to create version commits (changesets/action)
permission-pull-requests: write # to create pull request (changesets/action)
- name: Create or update release pull request
id: changesets
uses: ./version
with:
github-token: ${{ steps.bot-auth.outputs.token }}
setup-git-user: false
script: pnpm bump
publish:
name: Publish
if: needs.select-mode.outputs.mode == 'publish'
needs: select-mode
runs-on: ubuntu-latest
environment: marketplace
timeout-minutes: 20
permissions:
contents: write # to create release and have it authored by github-actions (changesets/action)
steps:
- name: Check out repo
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
- uses: ./.github/actions/ci-setup
with:
skip-cache: true # avoid cache poisoning attacks
- name: Build
run: pnpm build
- uses: ./.github/actions/setup-bot-auth
id: bot-auth
with:
client-id: ${{ vars.APP_CLIENT_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
permission-contents: write # to bypass branch and tag protection rules (release.ts)
- name: Publish to marketplace
uses: ./publish
with:
github-token: ${{ steps.bot-auth.outputs.token }}
script: pnpm release