chore: update #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release (Candidate) | ||
| permissions: read-all | ||
| on: | ||
| workflow_dispatch: # can be triggered via UI | ||
| workflow_call: # can be triggered by other workflows | ||
| jobs: | ||
| # - name: upload image tar artifact | ||
| # uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | ||
| # with: | ||
| # name: pepr-img.tar | ||
| # path: pepr-img.tar | ||
| # retention-days: 1 | ||
| # - name: dowload image tar artifact | ||
| # uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | ||
| # with: | ||
| # name: pepr-img.tar | ||
| # path: ${{ github.workspace }} | ||
| check: | ||
| name: Check for Releasable Updates | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| steps: | ||
| - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | ||
| with: | ||
| egress-policy: audit | ||
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | ||
| - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 | ||
| with: | ||
| node-version: 20 | ||
| registry-url: "https://registry.npmjs.org" | ||
| cache: npm | ||
| - name: check | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| npm ci | ||
| npm run sem-rel -- --dry-run | grep --invert-match --quiet \ | ||
| "There are no relevant changes, so no new version is released." | ||
| build: | ||
| needs: [check] | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| steps: | ||
| - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | ||
| with: | ||
| egress-policy: audit | ||
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | ||
| - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 | ||
| with: | ||
| node-version: 20 | ||
| registry-url: "https://registry.npmjs.org" | ||
| cache: npm | ||
| - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 | ||
| - name: semantic-release | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| # NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
| run: | | ||
| npm ci | ||
| npm run sem-rel -- --dry-run | ||
| # build: | ||
| # runs-on: ubuntu-latest | ||
| # permissions: | ||
| # contents: read | ||
| # packages: write | ||
| # id-token: write | ||
| # steps: | ||
| # - name: Harden Runner | ||
| # uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | ||
| # with: | ||
| # egress-policy: audit | ||
| # - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | ||
| # - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 | ||
| # - name: Use Node.js 20 | ||
| # uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 | ||
| # with: | ||
| # node-version: 20 | ||
| # registry-url: "https://registry.npmjs.org" | ||
| # cache: "npm" | ||
| # - name: "Pepr Controller: Login to GHCR" | ||
| # uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | ||
| # with: | ||
| # registry: ghcr.io | ||
| # username: dummy | ||
| # password: ${{ github.token }} | ||
| # - name: Publish to GHCR | ||
| # env: | ||
| # NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
| # run: | | ||
| # #!/bin/bash | ||
| # npm install -g npm | ||
| # npm run version | ||
| # # Build Controller Image | ||
| # docker buildx build --push --platform linux/arm64/v8,linux/amd64 --tag ghcr.io/defenseunicorns/pepr/controller:${{ github.ref_name }} . | ||
| # slsa: | ||
| # permissions: | ||
| # id-token: write | ||
| # contents: read | ||
| # actions: read | ||
| # uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | ||
| # with: | ||
| # run-scripts: "version, ci, build" | ||
| # publish: | ||
| # needs: [slsa] | ||
| # runs-on: ubuntu-latest | ||
| # steps: | ||
| # - name: Set up Node registry authentication | ||
| # uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 | ||
| # with: | ||
| # node-version: 20 | ||
| # registry-url: "https://registry.npmjs.org" | ||
| # - name: Publish package | ||
| # id: publish | ||
| # uses: slsa-framework/slsa-github-generator/actions/nodejs/publish@5a775b367a56d5bd118a224a811bba288150a563 # v2.0.0 | ||
| # with: | ||
| # access: public | ||
| # node-auth-token: ${{ secrets.NPM_TOKEN }} | ||
| # package-name: ${{ needs.slsa.outputs.package-name }} | ||
| # package-download-name: ${{ needs.slsa.outputs.package-download-name }} | ||
| # package-download-sha256: ${{ needs.slsa.outputs.package-download-sha256 }} | ||
| # provenance-name: ${{ needs.slsa.outputs.provenance-name }} | ||
| # provenance-download-name: ${{ needs.slsa.outputs.provenance-download-name }} | ||
| # provenance-download-sha256: ${{ needs.slsa.outputs.provenance-download-sha256 }} | ||
