feat(GH-38): Sign tags (#39) #24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Release' | |
on: | |
push: | |
branches: | |
- main | |
concurrency: | |
cancel-in-progress: false | |
group: release-${{ github.ref_name }} | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
outputs: | |
sem-ver: ${{ steps.get-version.outputs.semVer }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
fetch-tags: true | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: .node-version | |
- name: Install GitVersion | |
uses: gittools/actions/gitversion/setup@v1.1.1 | |
with: | |
versionSpec: '5.x' | |
- name: Get version | |
id: get-version | |
uses: gittools/actions/gitversion/execute@v1.1.1 | |
with: | |
targetPath: ./ | |
disableCache: true | |
useConfigFile: true | |
configFilePath: GitVersion.yml | |
env: | |
BUILD_NUMBER: ${{ github.run_number }} | |
- name: Restore dependencies | |
run: npm ci | |
- name: Lint | |
run: npm run lint | |
- name: Test | |
run: npm run test | |
- name: Publish test results | |
uses: EnricoMi/publish-unit-test-result-action@v2 | |
if: always() | |
with: | |
files: | | |
./test-results/junit.xml | |
- name: Package | |
run: npm run package | |
- name: Verify changed files | |
uses: tj-actions/verify-changed-files@v20 | |
id: verify-changed-files | |
with: | |
fail-if-changed: true | |
fail-message: Files in the dist folder are not up-to-date. Please run 'npm run package' locally and commit the changes. | |
files: | | |
dist | |
- name: Qodana Scan | |
uses: JetBrains/qodana-action@v2024.1 | |
env: | |
QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }} | |
use-annotations: true | |
test-action: | |
name: Test Action | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
fetch-tags: true | |
- name: Restore | |
run: dotnet restore --no-cache ./sample/WebApplication/WebApplication.sln | |
- name: Test Action | |
id: test-action | |
uses: ./ | |
with: | |
add-pr-comment: true | |
add-check-run: true | |
target: ./sample/WebApplication/WebApplication.sln | |
fail-check-run-if-contains-outdated: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
release: | |
name: Release | |
runs-on: ubuntu-latest | |
needs: | |
- test-action | |
- build | |
env: | |
tag: v${{ needs.build.outputs.sem-ver }} | |
environment: Production | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
fetch-tags: true | |
- name: Import GPG key | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
gpg_private_key: ${{ secrets.GH_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GH_GPG_PRIVATE_KEY_PASSWORD }} | |
git_user_signingkey: true | |
git_tag_gpgsign: true | |
- name: Create and push tag | |
run: | | |
git tag -s ${{ env.tag }} -m "${{ env.tag }}}" | |
git push origin tag ${{ env.tag }} | |
- name: Generate changelog | |
id: changelog | |
uses: requarks/changelog-action@v1 | |
with: | |
token: ${{ github.token }} | |
tag: ${{ env.tag }} | |
writeToFile: false | |
includeInvalidCommits: true | |
- name: Create release | |
uses: softprops/action-gh-release@v2 | |
with: | |
body: "${{ steps.changelog.outputs.changes }}" | |
tag_name: ${{ env.tag }} | |
make_latest: true |