-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
57 lines (54 loc) · 1.91 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
name: 'Continuous Auth Publish Action'
description: 'Publish a semantic release npm package via CFA'
inputs:
project-id:
description: 'CFA_PROJECT_ID secret value'
required: true
secret:
description: 'CFA_SECRET secret value'
required: true
npm-token:
description: 'NPM_TOKEN secret value'
required: true
runs:
using: "composite"
steps:
- name: Set up publishing environment
run: |
DIR=/tmp/semantic-release-packages
mkdir $DIR
cp ${{ github.action_path }}/package.json $DIR/package.json
cp ${{ github.action_path }}/package-lock.json $DIR/package-lock.json
cd $DIR
npm ci
echo "$DIR/node_modules/.bin" >> "$GITHUB_PATH"
shell: bash
- name: Obtain OIDC token
id: oidc
run: |
token=$(curl --fail -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=continuousauth.dev" | jq -r '.value')
echo "::add-mask::${token}"
echo "token=${token}" >> $GITHUB_OUTPUT
shell: bash
- name: Obtain GitHub credentials
id: github_creds
run: |
token=$(curl --fail "https://continuousauth.dev/api/request/${{ inputs.project-id }}/github/credentials" \
-X POST \
-H "Content-Type: application/json" \
-H "Authorization: bearer ${{ inputs.secret }}" \
--data "{\"token\":\"${{ steps.oidc.outputs.token }}\"}" | jq -r '.GITHUB_TOKEN')
echo "::add-mask::${token}"
echo "token=${token}" >> $GITHUB_OUTPUT
shell: bash
- name: Run semantic release
run: semantic-release
shell: bash
env:
GITHUB_ACTION: 1
GITHUB_TOKEN: ${{ steps.github_creds.outputs.token }}
GITHUB_OIDC_TOKEN: ${{ steps.oidc.outputs.token }}
CFA_PROJECT_ID: ${{ inputs.project-id }}
CFA_SECRET: ${{ inputs.secret }}
NPM_TOKEN: ${{ inputs.npm-token }}