release-npm-packages #109
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release-npm-packages | |
| on: | |
| workflow_dispatch: # on button click | |
| jobs: | |
| release: | |
| name: Release TypeScript packages to NPM | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{secrets.PUSH_TOKEN}} | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 18 | |
| cache: "yarn" | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Version | |
| id: version | |
| run: | | |
| yarn changeset version | |
| echo "porcelain=$(git status --porcelain | wc -l)" >> $GITHUB_OUTPUT | |
| - name: Configure AWS Credentials | |
| id: credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: ${{ secrets.ROLE_TO_ASSUME }} | |
| role-session-name: SmithyTypeScriptGitHubRelease | |
| audience: sts.amazonaws.com | |
| - name: Commit | |
| id: commit | |
| if: steps.version.outputs.porcelain != '0' | |
| run: | | |
| git config --global user.email "github-aws-smithy-automation@amazon.com" | |
| git config --global user.name "Smithy Automation" | |
| git add . | |
| git commit -m 'Version NPM packages' | |
| git push | |
| - name: Fetch NPM token | |
| id: token | |
| if: steps.commit.outcome == 'success' | |
| run: | | |
| aws configure --profile token set role_arn ${{ secrets.TOKEN_ROLE }} | |
| aws configure --profile token set credential_source Environment | |
| npm_token=$(aws secretsmanager get-secret-value --region us-west-2 --secret-id=SMITHY_PUBLISH_npmToken --query SecretString --output text --profile token) | |
| echo "::add-mask::$npm_token" | |
| echo "NPM_TOKEN=$npm_token" >> $GITHUB_ENV | |
| - name: Stage Release | |
| id: stage | |
| if: steps.token.outcome == 'success' | |
| run: | | |
| yarn stage-release --concurrency=1 | |
| - name: Release | |
| id: release | |
| uses: changesets/action@v1 | |
| if: steps.stage.outcome == 'success' | |
| with: | |
| publish: yarn release | |
| env: | |
| NPM_TOKEN: ${{ env.NPM_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Failure Nofitication | |
| if: ${{ failure() }} | |
| run: aws cloudwatch put-metric-data --namespace SmithyTypeScriptPublish --metric-name NpmPackagePublishFailure --value 1 |