Release #16
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Triggered by: python scripts/release.py --push | |
| # (tags vX.Y.Z and pushes, which triggers this workflow) | |
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*.*.*' | |
| permissions: | |
| contents: write | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: npm | |
| - run: npm ci | |
| - run: npm test | |
| - run: npm run build | |
| - name: Check dist is up to date | |
| run: git diff --exit-code -- dist/ ':!dist/**/*.d.ts.map' | |
| # --- Artifact signing (dogfood: sign dist/index.js using auths-dev/sign@v1) --- | |
| - name: Sign and verify dist/index.js | |
| uses: auths-dev/sign@v1 | |
| with: | |
| token: ${{ secrets.AUTHS_CI_TOKEN }} | |
| files: 'dist/index.js' | |
| verify: true | |
| note: 'GitHub Actions release — ${{ github.ref_name }}' | |
| - name: Generate SHA256 checksums | |
| run: | | |
| cd dist | |
| sha256sum index.js > index.js.sha256 | |
| if [ -f index.js.auths.json ]; then | |
| sha256sum index.js.auths.json >> index.js.sha256 | |
| fi | |
| cat index.js.sha256 | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| generate_release_notes: true | |
| make_latest: true | |
| files: | | |
| dist/index.js.auths.json | |
| dist/index.js.sha256 | |
| body: | | |
| ## Auths Verify GitHub Action | |
| Verify commit signatures and artifact attestations in your CI pipeline using [Auths](https://github.com/auths-dev/auths) identity keys. | |
| ### Usage | |
| ```yaml | |
| - uses: auths-dev/verify@v1 | |
| with: | |
| token: '.auths/allowed_signers' | |
| ``` | |
| **New: Artifact verification** | |
| ```yaml | |
| - uses: auths-dev/verify@v1 | |
| with: | |
| token: $\{{ secrets.AUTHS_CI_TOKEN }} | |
| files: 'dist/*.tar.gz' | |
| ``` | |
| See the [README](https://github.com/auths-dev/verify#readme) for full configuration options. | |
| - name: Update floating major tag | |
| run: | | |
| TAG="${GITHUB_REF_NAME}" | |
| MAJOR="${TAG%%.*}" | |
| git tag -f "$MAJOR" "$TAG" | |
| git push origin "$MAJOR" --force |