diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e14cc619..73e2bc58 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,30 +5,79 @@ run-name: Release on: workflow_dispatch: +permissions: {} + jobs: build: name: Build runs-on: ubuntu-24.04 + permissions: + contents: read + id-token: write + attestations: write outputs: version: ${{ steps.package-version.outputs.version }} steps: + - name: Reject disallowed branch + if: >- + ${{ !startsWith(github.ref, 'refs/heads/development/') + && !startsWith(github.ref, 'refs/heads/hotfix/') }} + env: + REF_NAME: ${{ github.ref_name }} + run: | + echo "::error::Releases must run from a development/* or" \ + "hotfix/* branch (got $REF_NAME)" + exit 1 + - name: Checkout code uses: actions/checkout@v6 + with: + fetch-depth: 0 + fetch-tags: true - name: Get version from package.json id: package-version run: echo "version=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT + - name: Fail if release already exists + env: + GH_TOKEN: ${{ github.token }} + VERSION: ${{ steps.package-version.outputs.version }} + run: | + if gh release view "$VERSION" --repo "$GITHUB_REPOSITORY" \ + >/dev/null 2>&1; then + echo "::error::Release $VERSION already exists" + exit 1 + fi + + - name: Fail if tag already exists + env: + VERSION: ${{ steps.package-version.outputs.version }} + run: | + if git rev-parse -q --verify "refs/tags/$VERSION" >/dev/null; then + echo "::error::Tag $VERSION already exists (possibly on a" \ + "different commit); refusing to move it" + exit 1 + fi + - name: Setup and Build uses: ./.github/actions/setup-and-build - - name: Upload build artifacts + - name: Pack tarball + run: npm pack --ignore-scripts + + - name: Attest build provenance + uses: actions/attest-build-provenance@v4 + with: + subject-path: '*.tgz' + + - name: Upload package artifact uses: actions/upload-artifact@v6 with: - name: build-artifacts - path: | - dist/ - build/ + name: package + path: '*.tgz' + if-no-files-found: error + retention-days: 7 publish-npm: name: Publish to npm registry @@ -38,27 +87,62 @@ jobs: contents: read id-token: write steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Download build artifacts + - name: Download package artifact uses: actions/download-artifact@v7 with: - name: build-artifacts + name: package - name: Setup Node.js for npm registry uses: actions/setup-node@v6 with: node-version: '24' registry-url: 'https://registry.npmjs.org' + scope: '@scality' - name: Publish to npm with provenance - run: npm publish --provenance --tag latest + env: + VERSION: ${{ needs.build.outputs.version }} + run: | + if [ -n "$(npm view "@scality/cloudserverclient@$VERSION" version 2>/dev/null)" ]; then + echo "::notice::@scality/cloudserverclient@$VERSION already on npm; skipping" + else + npm publish *.tgz --provenance --tag latest + fi + + publish-github: + name: Publish to GitHub Packages + runs-on: ubuntu-24.04 + needs: build + permissions: + packages: write + steps: + - name: Download package artifact + uses: actions/download-artifact@v7 + with: + name: package + + - name: Setup Node.js for GitHub Packages + uses: actions/setup-node@v6 + with: + node-version: '24' + registry-url: 'https://npm.pkg.github.com' + scope: '@scality' + + - name: Publish to GitHub Packages + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + VERSION: ${{ needs.build.outputs.version }} + run: | + if [ -n "$(npm view "@scality/cloudserverclient@$VERSION" version 2>/dev/null)" ]; then + echo "::notice::@scality/cloudserverclient@$VERSION already on GitHub Packages; skipping" + else + npm publish *.tgz --tag latest + fi create-release: name: Create GitHub Release runs-on: ubuntu-24.04 - needs: [build, publish-npm] + needs: [build, publish-npm, publish-github] permissions: contents: write steps: @@ -71,3 +155,7 @@ jobs: name: Release ${{ needs.build.outputs.version }} target_commitish: ${{ github.sha }} generate_release_notes: true + append_body: true + body: | + GitHub Packages: https://github.com/${{ github.repository }}/pkgs/npm/cloudserverclient + npm: https://www.npmjs.com/package/@scality/cloudserverclient diff --git a/package.json b/package.json index bdee3da1..f6a01ed8 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@scality/cloudserverclient", - "version": "1.0.9", + "version": "1.0.10", "engines": { "node": ">=20" }, @@ -24,8 +24,7 @@ "build/smithy/cloudserverProxyBackbeatApis/typescript-codegen" ], "publishConfig": { - "access": "public", - "registry": "https://registry.npmjs.org" + "access": "public" }, "scripts": { "clean:build": "rm -rf build dist",