Skip to content

Merge remote-tracking branch 'origin/develop' into release/ledger #129

Merge remote-tracking branch 'origin/develop' into release/ledger

Merge remote-tracking branch 'origin/develop' into release/ledger #129

Workflow file for this run

name: Release
on:
push:
branches:
- develop
- release/**
- main
workflow_dispatch:
jobs:
release:
runs-on: ubuntu-latest
permissions: write-all
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: '20.x'
- name: Install dependencies
run: npm pkg delete scripts.prepare && npm ci
- name: Build rcnet extension
run: npm run build:rcnet
- name: Github PreRelease
if: github.ref == 'refs/heads/develop'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_CLIENT_ID: ${{ secrets.CLIENT_ID }}
GOOGLE_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
GOOGLE_REFRESH_TOKEN: ${{ secrets.REFRESH_TOKEN }}
GOOGLE_EXTENSION_ID: ${{ secrets.EXTENSION_ID }}
TARGET_RELEASE: local
run: |
sed -i "s/\${EXTENSION_ID}/$GOOGLE_EXTENSION_ID/g" release.config.cjs
sed -i "s/\${TARGET}/$TARGET_RELEASE/g" release.config.cjs
npx semantic-release --verifyConditions | tee out
echo "RELEASE_VERSION=$(grep 'Created tag ' out | awk -F 'Created tag ' '{print $2}')" >> $GITHUB_ENV
- name: Github Release & Upload to webstore
if: github.ref == 'refs/heads/main'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_CLIENT_ID: ${{ secrets.CLIENT_ID }}
GOOGLE_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
GOOGLE_REFRESH_TOKEN: ${{ secrets.REFRESH_TOKEN }}
GOOGLE_EXTENSION_ID: ${{ secrets.EXTENSION_ID }}
TARGET_RELEASE: trustedTesters
run: |
sed -i "s/\${EXTENSION_ID}/$GOOGLE_EXTENSION_ID/g" release.config.cjs
sed -i "s/\${TARGET}/$TARGET_RELEASE/g" release.config.cjs
npx semantic-release --verifyConditions | tee out
echo "RELEASE_VERSION=$(grep 'Created tag ' out | awk -F 'Created tag ' '{print $2}')" >> $GITHUB_ENV
# Snyk SBOM
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
app_name: 'connector-extension'
step_name: 'snyk-sbom'
secret_prefix: 'SNYK'
secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
parse_json: true
- name: Generate SBOM
uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
with:
args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --format=cyclonedx1.4+json --json-file-output sbom.json
command: sbom
- name: Upload SBOM
uses: AButler/upload-release-assets@c94805dc72e4b20745f543da0f62eaee7722df7a # v2.0.2
with:
files: sbom.json
repo-token: ${{ secrets.GITHUB_TOKEN }}
release-tag: ${{ env.RELEASE_VERSION }}