chore: prepare releases via semantic-release package

dash0hq · Jun 24, 2024 · c8fb5b5 · c8fb5b5
1 parent 853dc18
commit c8fb5b5
Show file tree

Hide file tree

Showing 3 changed files with 6,558 additions and 330 deletions.
diff --git a/.github/workflows/verify.yaml b/.github/workflows/verify.yaml
@@ -9,14 +9,13 @@ on:
 
 jobs:
   verify:
-
+    name: Lint & Test Node.js ${{ matrix.node-version }}
     runs-on: ubuntu-latest
 
     strategy:
       matrix:
         node-version: [ '18.x',  '20.x', '21.x', '22.x' ]
 
-    name: Lint & Test Node.js ${{ matrix.node-version }}
 
     steps:
       - uses: actions/checkout@v4
@@ -43,15 +42,13 @@ jobs:
           npm test
 
   verify-minimum-version-check:
-
+    name: Verify Minimum Version Check (Node.js ${{ matrix.node-version }})
     runs-on: ubuntu-latest
 
     strategy:
       matrix:
         node-version: [ '16.x' ]
 
-    name: Verify Minimum Version Check (Node.js ${{ matrix.node-version }})
-
     steps:
       - uses: actions/checkout@v4
         with:
@@ -71,3 +68,40 @@ jobs:
       - name: integration test
         run: |
           npm run test:integration
+
+  publish-release:
+    name: Publish Release
+    runs-on: ubuntu-latest
+
+    # only release from the main branch
+    # actually, semantic-release does this check on its own anyway, but by adding a github ref check the job does not
+    # even get triggered, saving some GH action minutes.
+    if: github.ref == 'refs/heads/main'
+
+    permissions:
+      contents: write # for publishing GitHub releases
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for npm provenance
+
+    needs:
+      - verify
+      - verify-minimum-version-check
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "lts/*"
+          cache: 'npm'
+      - run: npm ci
+      - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
+        run: npm audit signatures
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npx semantic-release --dry-run
+