cdk-log-parser/.github/workflows/release.yml at main · time-loop/cdk-log-parser · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".

name: release
on:
  push:
    branches:
      - main
  workflow_dispatch: {}
concurrency:
  group: ${{ github.workflow }}
  cancel-in-progress: false
jobs:
  release:
    runs-on: ubuntu-latest
    permissions:
      contents: write
    outputs:
      latest_commit: ${{ steps.git_remote.outputs.latest_commit }}
      tag_exists: ${{ steps.check_tag_exists.outputs.exists }}
    env:
      CI: "true"
    steps:
      - name: Checkout
        uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Set git identity
        run: |-
          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
      - name: GitHub Packages authorization
        env:
          NPM_TOKEN: ${{ secrets.ALL_PACKAGE_READ_TOKEN }}
        run: |-
          cat > ~/.npmrc <<EOF
          //npm.pkg.github.com/:_authToken=${NPM_TOKEN}
          @time-loop:registry=https://npm.pkg.github.com/
          EOF
      - name: Make cdk-ecr-deployment sane
        run: export FORCE_PREBUILT_LAMBDA=1
      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: 10.22.0
      - name: Setup Node.js
        uses: actions/setup-node@v5
        with:
          node-version: 24.13.1
      - name: Install dependencies
        run: pnpm i --frozen-lockfile
      - name: release
        run: npx projen release
      - name: Check if version has already been tagged
        id: check_tag_exists
        run: |-
          TAG=$(cat dist/releasetag.txt)
          ([ ! -z "$TAG" ] && git ls-remote -q --exit-code --tags origin $TAG && (echo "exists=true" >> $GITHUB_OUTPUT)) || (echo "exists=false" >> $GITHUB_OUTPUT)
          cat $GITHUB_OUTPUT
      - name: Check for new commits
        id: git_remote
        run: |-
          echo "latest_commit=$(git ls-remote origin -h ${{ github.ref }} | cut -f1)" >> $GITHUB_OUTPUT
          cat $GITHUB_OUTPUT
        shell: bash
      - name: Backup artifact permissions
        if: ${{ steps.git_remote.outputs.latest_commit == github.sha }}
        run: cd dist && getfacl -R . > permissions-backup.acl
        continue-on-error: true
      - name: Upload artifact
        if: ${{ steps.git_remote.outputs.latest_commit == github.sha }}
        uses: actions/upload-artifact@v7
        with:
          name: build-artifact
          path: dist
          overwrite: true
  release_github:
    name: Publish to GitHub Releases
    needs:
      - release
      - release_npm
    runs-on: ubuntu-latest
    permissions:
      contents: write
    if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
    steps:
      - uses: actions/setup-node@v5
        with:
          node-version: 24.13.1
      - name: Download build artifacts
        uses: actions/download-artifact@v8
        with:
          name: build-artifact
          path: dist
      - name: Restore build artifact permissions
        run: cd dist && setfacl --restore=permissions-backup.acl
        continue-on-error: true
      - name: Release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: errout=$(mktemp); gh release create $(cat dist/releasetag.txt) -R $GITHUB_REPOSITORY -F dist/changelog.md -t $(cat dist/releasetag.txt) --target $GITHUB_SHA 2> $errout && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" $errout; then cat $errout; exit $exitcode; fi
  release_npm:
    name: Publish to npm
    needs: release
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
    steps:
      - uses: actions/setup-node@v5
        with:
          node-version: 24.13.1
      - name: Download build artifacts
        uses: actions/download-artifact@v8
        with:
          name: build-artifact
          path: dist
      - name: Restore build artifact permissions
        run: cd dist && setfacl --restore=permissions-backup.acl
        continue-on-error: true
      - name: Release
        env:
          NPM_DIST_TAG: latest
          NPM_REGISTRY: npm.pkg.github.com
          NPM_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: npx -p publib@latest publib-npm
  send_release_event_to_slack:
    name: Send Release Alert to Slack
    needs: release
    runs-on: ubuntu-latest
    permissions:
      contents: read
    if: needs.release.outputs.latest_commit == github.sha
    steps:
      - name: Download build artifacts
        uses: actions/download-artifact@v8
        with:
          name: build-artifact
          path: dist
      - name: Get version
        id: event_metadata
        run: echo "release_tag=$(cat dist/releasetag.txt)" >> $GITHUB_OUTPUT
      - name: Send Slack webhook event
        uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
        env:
          SLACK_TITLE: ${{ github.repository }}@${{ steps.event_metadata.outputs.release_tag }} released!
          SLACK_MESSAGE: "View the release notes here: https://github.com/${{ github.repository }}/releases/tag/${{ steps.event_metadata.outputs.release_tag }}"
          SLACK_WEBHOOK: ${{ secrets.PROJEN_RELEASE_SLACK_WEBHOOK }}
          SLACK_FOOTER: ""
          SLACK_COLOR: success
          MSG_MINIMAL: "true"