Skip to content

Release (Candidate)

Release (Candidate) #3

Workflow file for this run

name: Release (Candidate)
permissions: read-all
on:
workflow_dispatch: # can be triggered via UI
workflow_call: # can be triggered by other workflows
jobs:
todo:
runs-on: ubuntu-latest
steps:
- name: "todo"
run: "echo 'todo'"
shell: bash
version:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Use Node.js 20
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
with:
node-version: 20
registry-url: "https://registry.npmjs.org"
cache: npm
- name: semantic-release
# env:
# NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm run semantic-release
# build:
# runs-on: ubuntu-latest
# permissions:
# contents: read
# packages: write
# id-token: write
# steps:
# - name: Harden Runner
# uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
# with:
# egress-policy: audit
# - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
# - name: Use Node.js 20
# uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
# with:
# node-version: 20
# registry-url: "https://registry.npmjs.org"
# cache: "npm"
# - name: "Pepr Controller: Login to GHCR"
# uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
# with:
# registry: ghcr.io
# username: dummy
# password: ${{ github.token }}
# - name: Publish to GHCR
# env:
# NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
# run: |
# #!/bin/bash
# npm install -g npm
# npm run version
# # Build Controller Image
# docker buildx build --push --platform linux/arm64/v8,linux/amd64 --tag ghcr.io/defenseunicorns/pepr/controller:${{ github.ref_name }} .
# slsa:
# permissions:
# id-token: write
# contents: read
# actions: read
# uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
# with:
# run-scripts: "version, ci, build"
# publish:
# needs: [slsa]
# runs-on: ubuntu-latest
# steps:
# - name: Set up Node registry authentication
# uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
# with:
# node-version: 20
# registry-url: "https://registry.npmjs.org"
# - name: Publish package
# id: publish
# uses: slsa-framework/slsa-github-generator/actions/nodejs/publish@5a775b367a56d5bd118a224a811bba288150a563 # v2.0.0
# with:
# access: public
# node-auth-token: ${{ secrets.NPM_TOKEN }}
# package-name: ${{ needs.slsa.outputs.package-name }}
# package-download-name: ${{ needs.slsa.outputs.package-download-name }}
# package-download-sha256: ${{ needs.slsa.outputs.package-download-sha256 }}
# provenance-name: ${{ needs.slsa.outputs.provenance-name }}
# provenance-download-name: ${{ needs.slsa.outputs.provenance-download-name }}
# provenance-download-sha256: ${{ needs.slsa.outputs.provenance-download-sha256 }}