Skip to content

ci: add phylum analysis job [DO-2511] (#207) #357

ci: add phylum analysis job [DO-2511] (#207)

ci: add phylum analysis job [DO-2511] (#207) #357

Workflow file for this run

name: Release
on:
push:
branches:
- main
- develop
- release/**
workflow_dispatch:
jobs:
release:
name: Release
runs-on: ubuntu-latest
permissions: write-all
steps:
- name: Checkout
uses: RDXWorks-actions/checkout@main
with:
fetch-depth: 0
- name: Setup Node.js
uses: RDXWorks-actions/setup-node@main
with:
node-version: '18.x'
- name: Authenticate with private NPM package
run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPMJS_TOKEN }}" > ~/.npmrc
- name: Install dependencies
run: npm ci
- name: Prepare
run: npm run build
- name: Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPMJS_TOKEN }}
run: |
npx semantic-release | tee out
echo "RELEASE_VERSION=$(grep 'Created tag ' out | awk -F 'Created tag ' '{print $2}')" >> $GITHUB_ENV
# Snyk SBOM
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
app_name: 'radix-dapp-toolkit'
step_name: 'snyk-sbom'
secret_prefix: 'SNYK'
secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
parse_json: true
- name: Generate SBOM
uses: RDXWorks-actions/snyk-actions/node@master
with:
args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --format=cyclonedx1.4+json > sbom.json
command: sbom
- name: Upload SBOM
uses: RDXWorks-actions/upload-release-assets@c94805dc72e4b20745f543da0f62eaee7722df7a
with:
files: sbom.json
repo-token: ${{ secrets.GITHUB_TOKEN }}
release-tag: ${{ env.RELEASE_VERSION }}