diff --git a/.github/actions/erlang-publish.yml b/.github/actions/erlang-publish.yml new file mode 100644 index 0000000..00e7561 --- /dev/null +++ b/.github/actions/erlang-publish.yml @@ -0,0 +1,110 @@ +on: + workflow_call: + inputs: + otp-version: + type: string + description: > + OTP version to install on the runner. + See https://github.com/erlef/setup-beam/ + rebar3-version: + type: string + default: "" + description: > + A rebar3 version to install on the runner. + See + version-file: + type: string + default: "" + description: > + A versions file (e.g. as used by `asdf`), which defines inputs + See https://github.com/erlef/setup-beam/ + runs-on: + required: false + type: string + default: "k8s-medium" + description: "T-Shirt dimension of the runner ( k8s-small | k8s-medium | k8s-large )" + mix-env: + required: false + type: string + default: "dev" + description: "Elixir mix environment" + mix-working-directory: + required: false + type: string + default: . + description: "Elixir Mix project directory" + secrets: + GHA_SSH_DEPLOY_KEY: + description: "SSH deploy key with read permissions on private deps repos, passed from the caller workflow" + required: false + HEX_KEY: + description: "API Key for hex package publish on hex.pm" + required: false + +env: + MIX_ENV: ${{ inputs.mix-env }} + HEX_HOME: ./_build/.hex + +jobs: + secrets_check: + name: Secrets Check + runs-on: ${{ inputs.runs-on }} + outputs: + gha_ssh_deploy_key_available: ${{ steps.secrets_check.outputs.gha_ssh_deploy_key_available }} + steps: + - name: Check for Secret availability + id: secrets_check + # secrets are not available as if condition on GHA + # perform secret check & put boolean result as an output + shell: bash + run: | + if [ "${{ secrets.GHA_SSH_DEPLOY_KEY }}" != '' ]; then + echo "gha_ssh_deploy_key_available=true" >> $GITHUB_OUTPUT; + else + echo "gha_ssh_deploy_key_available=false" >> $GITHUB_OUTPUT; + fi + + erlang_publish: + name: Erlang library publish to Hex + defaults: + run: + working-directory: ${{ inputs.mix-working-directory }} + runs-on: ${{ inputs.runs-on }} + permissions: + id-token: write + contents: read + steps: + - name: Checkout project source + uses: actions/checkout@v4 + - name: Install Beam/OTP/Elixir + uses: erlef/setup-beam@v1 + id: setup-erlang + with: + otp-version: ${{inputs.otp-version}} + rebar3-version: ${{inputs.rebar3-version}} + version-file: ${{inputs.version-file}} + version-type: ${{inputs.version-file && 'strict' || 'loose'}} + - name: Configure known_hosts for github.com + run: | + # $HOME directory is /home/runner but the user may not be runner + # if it's root /home should not be there + # since it's impossible to know if we are running in a container or not we configure known_hosts always + [ "$(id -u)" -eq 0 ] && SSH_HOME=/root/.ssh || SSH_HOME="/home/$(id -un)/.ssh" + mkdir "$SSH_HOME" || : + cat > "$SSH_HOME/known_hosts" << EOF || : + ${{ vars.KNOWN_HOSTS_GITHUB }} + EOF + - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 + if: ${{ needs.secrets_check.outputs.gha_ssh_deploy_key_available == 'true' }} + with: + ssh-private-key: ${{ secrets.GHA_SSH_DEPLOY_KEY }} + - name: Login to hex.pm + run: rebar3 hex organization auth prima --key ${{ secrets.HEX_KEY }} + - name: Install dependencies + run: rebar3 update; rebar3 deps + - name: Publish to Hex.pm + run: rebar3 hex publish -r hexpm:${{ inputs.hex-organization }} + env: + HEX_API_KEY: ${{ secrets.HEX_KEY }} + needs: + - secrets_check \ No newline at end of file diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..8843fbe --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,14 @@ +name: Publish to Hex + +on: + release: + types: [published] + +jobs: + elixir-ci: + uses: ./.github/actions/erlang-publish.yml + with: + rebar3-version: 3.24.0 + otp-version: 26.0 + secrets: + HEX_KEY: ${{ secrets.HEX_KEY }} \ No newline at end of file diff --git a/rebar.config b/rebar.config index caeb986..17ff027 100644 --- a/rebar.config +++ b/rebar.config @@ -1,4 +1,5 @@ {deps, [{erlsom, "1.4.2"}]}. +{plugins, [rebar3_hex]}. {erl_opts, [debug_info]}.