Skip to content

Fix format of the author #11

Fix format of the author

Fix format of the author #11

name: Publish rc test
on:
push:
branches:
- fix-bugs
# Declare default permissions as read only.
permissions: read-all
jobs:
check_author:
runs-on: ubuntu-22.04
outputs:
latest_commit_author: ${{ steps.commit.outputs.author }}
commit_message: ${{ steps.commit.outputs.message }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
egress-policy: audit
- name: Checkout Repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Install yq
run: |
sudo apt-get update &&\
sudo apt-get install wget -y &&\
sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/bin/yq &&\
sudo chmod +x /usr/bin/yq
- name: Get last commit details
id: commit
run: |
COMMIT_SHA="$(git rev-parse HEAD)"
AUTHOR=$(git show -s --format='%an' $COMMIT_SHA)
MESSAGE=$(git show -s --format='%s' $COMMIT_SHA)
echo "author=$AUTHOR" >> $GITHUB_OUTPUT
echo "message=$MESSAGE" >> $GITHUB_OUTPUT
echo "Author of the commit is $AUTHOR"
echo "Message of the commit is $MESSAGE"
prepare:
needs: check_author
runs-on: ubuntu-22.04
if: ${{ needs.check_author.outputs.latest_commit_author == 'github-actions[bot]' && contains(needs.check_author.outputs.commit_message, 'rc') }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
egress-policy: audit
- name: Checkout Repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Prepare pre-requisites
uses: ./.github/actions/prepare
# Deterministic Build & tests
provenance:
permissions:
id-token: write
contents: read
actions: read
needs: prepare
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
run-scripts: "install-deps, style, nx-build-skip-cache, nx-test-skip-cache"
node-version: "16.20.0"
tag:
name: Tag RC candidate for all packages
permissions:
id-token: write
contents: write
actions: read
runs-on: ubuntu-22.04
needs: provenance
outputs:
rc_version: ${{ steps.get_version.outputs.rc_version }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
token: ${{ secrets.SAI_PAT }}
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
with:
gpg_private_key: ${{ secrets.SVC_GPG_KEY }}
passphrase: ${{ secrets.SVC_GPG_PASSPHRASE }}
git_config_global: true
git_tag_gpgsign: true
git_user_signingkey: true
git_commit_gpgsign: true
- name: Use node@16
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
node-version: 16.20.0
- name: Create temp dir
id: temp-dir
run: |
set -euo pipefail
temp_dir=$(mktemp -d)
echo "path=${temp_dir}" >>"${GITHUB_OUTPUT}"
- name: Download tarball
uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@934435652996c02a6317092984312602dfaf2a21 # main
with:
name: ${{ needs.provenance.outputs.package-download-name }}
path: "${{ steps.temp-dir.outputs.path }}/${{ needs.provenance.outputs.package-name }}"
sha256: ${{ needs.provenance.outputs.package-download-sha256 }}
- name: Download provenance
uses: slsa-framework/slsa-github-generator/actions/nodejs/secure-attestations-download@0779f7bec68e2bf54a7b0a32bf4763f25ab29702 # v1.6.0
with:
name: ${{ needs.provenance.outputs.provenance-download-name }}
path: "${{ steps.temp-dir.outputs.path }}"
sha256: ${{ needs.provenance.outputs.provenance-download-sha256 }}
- name: Authenticate NPM
run: |
echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc
echo "@openzeppelin:registry https://registry.npmjs.org" >> ~/.npmrc
- name: Enable NPM PROVENANCE
run: echo "NPM_CONFIG_PROVENANCE=true" >> $GITHUB_ENV
- name: Get version info
id: get_version
run: |
TAG_NAME=$(node -p "require('./lerna.json').version")
echo "rc_version=v$TAG_NAME" >> $GITHUB_OUTPUT
- name: Unpack the zipped artifact and publish
run: |
set -euo pipefail
cd "${{ steps.temp-dir.outputs.path }}"
tar -xzvf "${{ needs.provenance.outputs.package-name }}"
cd package/; git init
git add .
git commit -m "Add the untracked files"
tag_ref=${{ steps.get_version.outputs.rc_version }}
tag_version=${tag_ref#refs/tags/v}
lerna_options="--no-git-tag-version --no-push --ignore-scripts --yes --exact --no-changelog"
cd ../../
- name: Create and push tag
run: |
git tag -a ${{ steps.get_version.outputs.rc_version }} -m "${{ steps.get_version.outputs.rc_version }}"
git push origin ${{ steps.get_version.outputs.rc_version }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
create-release:
permissions:
contents: write
name: Create Release
needs: tag
uses: ./.github/workflows/release.yml
with:
tag: ${{ needs.tag.outputs.rc_version }}
prerelease: true