Merge pull request #99 from stytchauth/release/1.0.7 #21
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| on: | |
| push: | |
| tags: | |
| - '[0-9]*.[0-9]*.[0-9]*' | |
| workflow_dispatch: | |
| inputs: | |
| dry_run: | |
| description: 'Dry run — build and package only, skip publishing' | |
| type: boolean | |
| default: true | |
| permissions: | |
| id-token: write | |
| contents: write | |
| jobs: | |
| build-shared: | |
| uses: ./.github/workflows/_build-shared.yml | |
| secrets: inherit | |
| generate-sbom: | |
| uses: ./.github/workflows/_generate-sbom.yml | |
| publish-kmp: | |
| name: Publish Multiplatform Artifacts | |
| runs-on: macos-latest | |
| needs: build-shared | |
| env: | |
| DRY_RUN: ${{ github.event_name == 'workflow_dispatch' && inputs.dry_run == true }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 | |
| with: | |
| distribution: zulu | |
| java-version: 17 | |
| cache: gradle | |
| - name: Download SwiftUtils interop artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: swift-utils-interop | |
| path: source/shared/sdk/shared/src/iosMain/interop/ | |
| - name: Download StytchSharedSDK xcframework | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: shared-xcframework | |
| path: source/shared/sdk/shared/build/XCFrameworks/release/StytchSharedSDK.xcframework | |
| - name: Restore shared mavenLocal artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: shared-maven-local | |
| path: ~/.m2/repository/com/stytch/sdk/ | |
| - name: Publish SDKs to mavenLocal | |
| working-directory: source/sdks | |
| run: > | |
| ./gradlew | |
| :sdk:consumer-headless:publishToMavenLocal | |
| :sdk:b2b-headless:publishToMavenLocal | |
| :sdk:consumer-headless-extensions:publishToMavenLocal | |
| :sdk:b2b-headless-extensions:publishToMavenLocal | |
| - name: Publish shared to Maven Central | |
| if: env.DRY_RUN != 'true' | |
| working-directory: source/shared | |
| env: | |
| ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.MAVEN_CENTRAL_USERNAME }} | |
| ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} | |
| ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.SIGNING_KEY }} | |
| ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.SIGNING_KEY_ID }} | |
| ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SIGNING_KEY_PASSWORD }} | |
| run: ./gradlew :sdk:shared:publishAllPublicationsToMavenCentralRepository | |
| - name: Publish SDKs to Maven Central | |
| if: env.DRY_RUN != 'true' | |
| working-directory: source/sdks | |
| env: | |
| ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.MAVEN_CENTRAL_USERNAME }} | |
| ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} | |
| ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.SIGNING_KEY }} | |
| ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.SIGNING_KEY_ID }} | |
| ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SIGNING_KEY_PASSWORD }} | |
| run: > | |
| ./gradlew | |
| :sdk:consumer-headless:publishAllPublicationsToMavenCentralRepository | |
| :sdk:b2b-headless:publishAllPublicationsToMavenCentralRepository | |
| :sdk:consumer-headless-extensions:publishAllPublicationsToMavenCentralRepository | |
| :sdk:b2b-headless-extensions:publishAllPublicationsToMavenCentralRepository | |
| publish-ios: | |
| name: Publish iOS | |
| runs-on: macos-latest | |
| needs: build-shared | |
| env: | |
| DRY_RUN: ${{ github.event_name == 'workflow_dispatch' && inputs.dry_run == true }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 | |
| with: | |
| distribution: zulu | |
| java-version: 17 | |
| cache: gradle | |
| - name: Download SwiftUtils interop artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: swift-utils-interop | |
| path: source/shared/sdk/shared/src/iosMain/interop/ | |
| - name: Download StytchSharedSDK xcframework | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: shared-xcframework | |
| path: source/shared/sdk/shared/build/XCFrameworks/release/StytchSharedSDK.xcframework | |
| - name: Restore shared mavenLocal artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: shared-maven-local | |
| path: ~/.m2/repository/com/stytch/sdk/ | |
| - uses: ./.github/actions/import-apple-certificate | |
| with: | |
| certificate_base64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }} | |
| certificate_password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| keychain_password: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| - name: Build consumer and B2B xcframeworks | |
| working-directory: source/sdks | |
| run: ./gradlew assembleStytchConsumerSDKXCFramework assembleStytchB2BSDKXCFramework | |
| - name: Copy xcframeworks to source/ios for SPM resolution | |
| run: | | |
| cp -r source/sdks/sdk/consumer-headless/build/XCFrameworks/release/StytchConsumerSDK.xcframework source/ios/ | |
| cp -r source/sdks/sdk/b2b-headless/build/XCFrameworks/release/StytchB2BSDK.xcframework source/ios/ | |
| cp -r source/shared/sdk/shared/build/XCFrameworks/release/StytchSharedSDK.xcframework source/ios/ | |
| cp -r source/shared/sdk/shared/src/iosMain/interop/StytchSwiftUtils.xcframework source/ios/ | |
| - name: Generate iOS SPM SBOM | |
| working-directory: source/ios | |
| run: swift package show-dependencies --format json > sbom-ios-spm.json | |
| - name: Upload iOS SPM SBOM | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: sbom-ios-spm | |
| path: source/ios/sbom-ios-spm.json | |
| - name: Zip xcframeworks | |
| run: | | |
| ARTIFACTS_DIR=$GITHUB_WORKSPACE/xcframework-artifacts | |
| mkdir -p "$ARTIFACTS_DIR" | |
| cd source/sdks/sdk/consumer-headless/build/XCFrameworks/release | |
| zip -r "$ARTIFACTS_DIR/StytchConsumerSDK.xcframework.zip" StytchConsumerSDK.xcframework | |
| cd $GITHUB_WORKSPACE/source/sdks/sdk/b2b-headless/build/XCFrameworks/release | |
| zip -r "$ARTIFACTS_DIR/StytchB2BSDK.xcframework.zip" StytchB2BSDK.xcframework | |
| cd $GITHUB_WORKSPACE/source/shared/sdk/shared/build/XCFrameworks/release | |
| zip -r "$ARTIFACTS_DIR/StytchSharedSDK.xcframework.zip" StytchSharedSDK.xcframework | |
| cd $GITHUB_WORKSPACE/source/shared/sdk/shared/src/iosMain/interop | |
| zip -r "$ARTIFACTS_DIR/StytchSwiftUtils.xcframework.zip" StytchSwiftUtils.xcframework | |
| - name: Compute checksums and update Package.swift | |
| run: | | |
| VERSION=$(cat version.txt) | |
| ARTIFACTS_DIR=$GITHUB_WORKSPACE/xcframework-artifacts | |
| BASE_URL="https://github.com/stytchauth/stytch-ios-sdk/releases/download/${VERSION}" | |
| CONSUMER_URL="${BASE_URL}/StytchConsumerSDK.xcframework.zip" | |
| B2B_URL="${BASE_URL}/StytchB2BSDK.xcframework.zip" | |
| SHARED_URL="${BASE_URL}/StytchSharedSDK.xcframework.zip" | |
| SWIFTUTILS_URL="${BASE_URL}/StytchSwiftUtils.xcframework.zip" | |
| CONSUMER_CHECKSUM=$(shasum -a 256 "$ARTIFACTS_DIR/StytchConsumerSDK.xcframework.zip" | awk '{print $1}') | |
| B2B_CHECKSUM=$(shasum -a 256 "$ARTIFACTS_DIR/StytchB2BSDK.xcframework.zip" | awk '{print $1}') | |
| SHARED_CHECKSUM=$(shasum -a 256 "$ARTIFACTS_DIR/StytchSharedSDK.xcframework.zip" | awk '{print $1}') | |
| SWIFTUTILS_CHECKSUM=$(shasum -a 256 "$ARTIFACTS_DIR/StytchSwiftUtils.xcframework.zip" | awk '{print $1}') | |
| sed \ | |
| -e "s|__CONSUMER_URL__|${CONSUMER_URL}|g" \ | |
| -e "s|__CONSUMER_CHECKSUM__|${CONSUMER_CHECKSUM}|g" \ | |
| -e "s|__B2B_URL__|${B2B_URL}|g" \ | |
| -e "s|__B2B_CHECKSUM__|${B2B_CHECKSUM}|g" \ | |
| -e "s|__SHARED_URL__|${SHARED_URL}|g" \ | |
| -e "s|__SHARED_CHECKSUM__|${SHARED_CHECKSUM}|g" \ | |
| -e "s|__SWIFTUTILS_URL__|${SWIFTUTILS_URL}|g" \ | |
| -e "s|__SWIFTUTILS_CHECKSUM__|${SWIFTUTILS_CHECKSUM}|g" \ | |
| source/ios/Package.swift.template > source/ios/Package.swift | |
| cat source/ios/Package.swift | |
| - name: Upload xcframework zips | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: xcframework-zips | |
| path: xcframework-artifacts/ | |
| - name: Upload Package.swift and Sources | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: ios-spm-package | |
| path: | | |
| source/ios/Package.swift | |
| source/ios/README.md | |
| source/ios/Sources | |
| - name: Publish to SPM repo and create GitHub release | |
| if: env.DRY_RUN != 'true' | |
| env: | |
| GH_TOKEN: ${{ secrets.SPM_REPO_TOKEN }} | |
| run: | | |
| VERSION=$(cat version.txt) | |
| SPM_REPO="stytchauth/stytch-ios-sdk" | |
| ARTIFACTS_DIR=$GITHUB_WORKSPACE/xcframework-artifacts | |
| git clone "https://x-access-token:${GH_TOKEN}@github.com/${SPM_REPO}.git" spm-repo | |
| cd spm-repo | |
| cp $GITHUB_WORKSPACE/source/ios/Package.swift Package.swift | |
| cp $GITHUB_WORKSPACE/source/ios/README.md README.md | |
| cp -r $GITHUB_WORKSPACE/source/ios/Sources Sources | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add Package.swift README.md Sources | |
| git commit -m "Release ${VERSION}" | |
| git tag "${VERSION}" | |
| git push origin HEAD --tags | |
| gh release create "${VERSION}" \ | |
| --repo "${SPM_REPO}" \ | |
| --title "${VERSION}" \ | |
| --notes "Release ${VERSION}" \ | |
| "$ARTIFACTS_DIR/StytchConsumerSDK.xcframework.zip" \ | |
| "$ARTIFACTS_DIR/StytchB2BSDK.xcframework.zip" \ | |
| "$ARTIFACTS_DIR/StytchSharedSDK.xcframework.zip" \ | |
| "$ARTIFACTS_DIR/StytchSwiftUtils.xcframework.zip" | |
| publish-rn: | |
| name: Publish React Native | |
| runs-on: macos-latest | |
| needs: [publish-kmp, publish-ios] | |
| env: | |
| DRY_RUN: ${{ github.event_name == 'workflow_dispatch' && inputs.dry_run == true }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 | |
| with: | |
| distribution: zulu | |
| java-version: 17 | |
| cache: gradle | |
| - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: '24' | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Install yarn | |
| run: npm install -g yarn | |
| - name: Download SwiftUtils interop artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: swift-utils-interop | |
| path: source/shared/sdk/shared/src/iosMain/interop/ | |
| - name: Download StytchSharedSDK xcframework | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: shared-xcframework | |
| path: source/shared/sdk/shared/build/XCFrameworks/release/StytchSharedSDK.xcframework | |
| - name: Restore shared mavenLocal artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: shared-maven-local | |
| path: ~/.m2/repository/com/stytch/sdk/ | |
| - name: Download xcframework zips | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: xcframework-zips | |
| path: /tmp/xcframework-zips | |
| - name: Download StytchDFP xcframework | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| DFP_VERSION=$(gh release view --repo stytchauth/stytch-ios-dfp --json tagName -q '.tagName') | |
| gh release download "$DFP_VERSION" \ | |
| --repo stytchauth/stytch-ios-dfp \ | |
| --pattern "*.zip" \ | |
| --dir /tmp/xcframework-zips | |
| - name: Download RecaptchaEnterprise xcframework | |
| run: | | |
| curl -fsSL \ | |
| "https://dl.google.com/recaptchaenterprise/v18.8.1/RecaptchaEnterprise_iOS_xcframework/recaptcha-xcframework.xcframework.zip" \ | |
| -o /tmp/xcframework-zips/RecaptchaEnterprise.xcframework.zip | |
| - name: Unzip xcframeworks into shared ios/Frameworks | |
| run: | | |
| FRAMEWORKS_DIR=$GITHUB_WORKSPACE/source/react-native/shared/ios/Frameworks | |
| mkdir -p "$FRAMEWORKS_DIR" | |
| unzip -q /tmp/xcframework-zips/StytchConsumerSDK.xcframework.zip -d "$FRAMEWORKS_DIR" | |
| unzip -q /tmp/xcframework-zips/StytchSharedSDK.xcframework.zip -d "$FRAMEWORKS_DIR" | |
| unzip -q /tmp/xcframework-zips/StytchSwiftUtils.xcframework.zip -d "$FRAMEWORKS_DIR" | |
| unzip -q "$(ls /tmp/xcframework-zips/StytchDFP-*.xcframework.zip)" -d "$FRAMEWORKS_DIR" | |
| unzip -q /tmp/xcframework-zips/RecaptchaEnterprise.xcframework.zip -d "$FRAMEWORKS_DIR" | |
| - name: Build consumer JS output | |
| working-directory: source/sdks | |
| run: | | |
| ./gradlew :sdk:consumer-headless:jsBrowserProductionLibraryDistribution | |
| mkdir -p $GITHUB_WORKSPACE/source/react-native/consumer/lib | |
| cp -r sdk/consumer-headless/build/dist/js/productionLibrary/consumer-headless* $GITHUB_WORKSPACE/source/react-native/consumer/lib | |
| - name: Build B2B JS output | |
| working-directory: source/sdks | |
| run: | | |
| ./gradlew :sdk:b2b-headless:jsBrowserProductionLibraryDistribution | |
| mkdir -p $GITHUB_WORKSPACE/source/react-native/b2b/lib | |
| cp -r sdk/b2b-headless/build/dist/js/productionLibrary/b2b-headless* $GITHUB_WORKSPACE/source/react-native/b2b/lib | |
| - name: Stamp version into package.json files | |
| run: | | |
| VERSION=$(cat version.txt) | |
| npm version "$VERSION" --no-git-tag-version --prefix source/react-native/consumer || true | |
| npm version "$VERSION" --no-git-tag-version --prefix source/react-native/b2b || true | |
| - name: Install dependencies and build consumer RN package | |
| working-directory: source/react-native/consumer | |
| run: yarn install --frozen-lockfile && yarn build | |
| - name: Install dependencies and build B2B RN package | |
| working-directory: source/react-native/b2b | |
| run: yarn install --frozen-lockfile && yarn build | |
| - name: Pack consumer RN package | |
| working-directory: source/react-native/consumer | |
| run: npm pack | |
| - name: Upload consumer npm pack | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: rn-consumer-pack | |
| path: source/react-native/consumer/*.tgz | |
| - name: Pack B2B RN package | |
| working-directory: source/react-native/b2b | |
| run: npm pack | |
| - name: Upload B2B npm pack | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: rn-b2b-pack | |
| path: source/react-native/b2b/*.tgz | |
| - name: Publish to npm | |
| if: env.DRY_RUN != 'true' | |
| run: | | |
| npm publish source/react-native/consumer --access public | |
| npm publish source/react-native/b2b --access public | |
| create-github-release: | |
| name: Create GitHub Release | |
| runs-on: ubuntu-latest | |
| needs: [publish-kmp, publish-ios, publish-rn, generate-sbom] | |
| env: | |
| DRY_RUN: ${{ github.event_name == 'workflow_dispatch' && inputs.dry_run == true }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Extract release notes from CHANGELOG.md | |
| run: | | |
| # Pull the section for the current version: everything after the first | |
| # '## [...]' header up to (but not including) the next one. | |
| awk '/^## \[/{if(p)exit; p=1; next} p{print}' CHANGELOG.md \ | |
| | sed '/./,$!d' \ | |
| > /tmp/changelog-entry.md | |
| - name: Build release notes with install coordinates | |
| run: | | |
| VERSION=$(cat version.txt | tr -d '[:space:]') | |
| cat > /tmp/release-notes.md << EOF | |
| ## Install | |
| **Kotlin Multiplatform / Android / JVM** | |
| \`\`\`kotlin | |
| // Consumer | |
| implementation("com.stytch.sdk:consumer-headless:${VERSION}") | |
| // B2B | |
| implementation("com.stytch.sdk:b2b-headless:${VERSION}") | |
| // Callback extensions (optional) | |
| implementation("com.stytch.sdk:consumer-headless-extensions:${VERSION}") | |
| implementation("com.stytch.sdk:b2b-headless-extensions:${VERSION}") | |
| \`\`\` | |
| **React Native** | |
| \`\`\`bash | |
| npm install @stytch/react-native-consumer@${VERSION} | |
| npm install @stytch/react-native-b2b@${VERSION} | |
| \`\`\` | |
| **iOS (Swift Package Manager)** | |
| Add \`https://github.com/stytchauth/stytch-ios-sdk\` at version \`${VERSION}\`. | |
| --- | |
| EOF | |
| cat /tmp/changelog-entry.md >> /tmp/release-notes.md | |
| - name: Download SBOM artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: sbom | |
| path: /tmp/sbom/ | |
| - name: Download iOS SPM SBOM | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: sbom-ios-spm | |
| path: /tmp/sbom/ | |
| - name: Create GitHub release | |
| if: env.DRY_RUN != 'true' | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| VERSION=$(cat version.txt | tr -d '[:space:]') | |
| gh release create "$VERSION" \ | |
| --title "$VERSION" \ | |
| --notes-file /tmp/release-notes.md \ | |
| /tmp/sbom/sbom-shared.json \ | |
| /tmp/sbom/sbom-consumer.json \ | |
| /tmp/sbom/sbom-b2b.json \ | |
| /tmp/sbom/sbom-ios-spm.json \ | |
| /tmp/sbom/sbom-rn-consumer.json \ | |
| /tmp/sbom/sbom-rn-b2b.json |