-
Notifications
You must be signed in to change notification settings - Fork 9
92 lines (82 loc) · 3.02 KB
/
release_authenticator.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
name: Release Authenticator
on:
push:
branches: [ ruisebas/main ]
permissions:
id-token: write
contents: write
jobs:
print-author:
runs-on: ubuntu-latest
steps:
- name: Dump Author context
env:
AUTHOR: ${{ toJson(github.event.head_commit.author) }}
run: echo "$AUTHOR"
determine-next-version:
name: Determine the next release version
runs-on: ubuntu-latest
outputs:
version: ${{ steps.extract-release-version.outputs.result }}
if: "${{ github.event.head_commit.author.username == 'github-actions' && startsWith(github.event.head_commit.message, 'chore: Release ') }}"
steps:
- name: Extract release version
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
id: extract-release-version
with:
result-encoding: string
script: |
const matches = `${{ github.event.head_commit.message }}`.match(/[0-9]+\.[0-9]+\.[0-9]+/) ?? []
return matches.length > 0 ? matches[0] : ""
validate-version-format:
name: Validate Version Format
needs: [determine-next-version]
if: ${{ needs.determine-next-version.outputs.version != '' }}
runs-on: ubuntu-latest
steps:
- run: echo "Releasing new version ${{ needs.determine-next-version.outputs.version }}"
unit-tests:
name: Run Unit Tests
needs: [validate-version-format]
uses: ./.github/workflows/unit_tests.yml
with:
identifier: 'workflow-call-unit-test'
release:
environment: Release
name: Release new Authenticator version
needs: [unit-tests, determine-next-version]
runs-on: macos-latest
env:
GITHUB_EMAIL: [email protected]
GITHUB_USER: aws-amplify-ops
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 #v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-session-name: ${{ format('{0}.release', github.run_id) }}
aws-region: ${{ secrets.AWS_REGION }}
mask-aws-account-id: true
- id: retrieve-token
name: Retrieve Token
env:
DEPLOY_SECRET_ARN: ${{ secrets.DEPLOY_SECRET_ARN }}
run: |
PAT=$(aws secretsmanager get-secret-value \
--secret-id "$DEPLOY_SECRET_ARN" \
| jq -r ".SecretString | fromjson | .Credential")
echo "token=$PAT" >> $GITHUB_OUTPUT
- name: Checkout repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
fetch-depth: 10
token: ${{steps.retrieve-token.outputs.token}}
- name: Setup Ruby
uses: ruby/setup-ruby@22fdc77bf4148f810455b226c90fb81b5cbc00a7 # v1.171.0
with:
ruby-version: '3.2.1'
bundler-cache: true
- name: Release Authenticator
env:
GH_TOKEN: ${{ github.token }}
run: bundle exec fastlane perform_release version:${{ needs.determine-next-version.outputs.version }}