From a3ecc7411ad63ac9d836acb0fa35a4d8b5c6cb4f Mon Sep 17 00:00:00 2001 From: Andrii Bodnar Date: Mon, 15 Sep 2025 16:46:40 +0300 Subject: [PATCH] ci: trusted publishing --- .github/workflows/release.yml | 36 ++++--------------- .github/workflows/version-bump.yml | 55 ++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 29 deletions(-) create mode 100644 .github/workflows/version-bump.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a464566c7..4b8d1c984 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,9 +3,9 @@ name: release on: workflow_dispatch: inputs: - npmTag: + versionType: type: choice - description: 'NPM tag to release' + description: 'Version type to publish' options: - latest - next @@ -13,8 +13,11 @@ on: default: "latest" jobs: - release: + publish: runs-on: ubuntu-latest + permissions: + id-token: write + contents: read steps: - uses: actions/checkout@v4 @@ -35,32 +38,7 @@ jobs: - name: Build packages run: yarn release:build - - name: Unit Testing - run: yarn test:ci - - - name: Linting & Types - run: yarn lint:all - - - name: Creates local .npmrc - run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc - - - name: Prepare Lingui-Bot git account - uses: oleksiyrudenko/gha-git-credentials@v2-latest - with: - name: 'Lingui Bot' - email: 'linguibot@gmail.com' - actor: 'lingui-bot' - token: '${{ secrets.GH_TOKEN }}' - - - name: Versioning packages - env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} - run: yarn version:${{github.event.inputs.npmTag}} - - - name: Packaging packages with newer version - run: yarn release:build - - name: Publishing packages env: GH_TOKEN: ${{ secrets.GH_TOKEN }} - run: yarn release:${{github.event.inputs.npmTag}} + run: yarn release:${{github.event.inputs.versionType}} diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml new file mode 100644 index 000000000..0ef1f31ac --- /dev/null +++ b/.github/workflows/version-bump.yml @@ -0,0 +1,55 @@ +name: version-bump + +on: + workflow_dispatch: + inputs: + versionType: + type: choice + description: 'Version type to bump' + options: + - latest + - next + required: true + default: "latest" + +jobs: + version-bump: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup node + uses: actions/setup-node@v4 + with: + always-auth: true + node-version: 20 + cache: 'yarn' + scope: '@lingui' + + - name: Install dependencies if needed + run: yarn install + + - name: Build packages + run: yarn release:build + + - name: Unit Testing + run: yarn test:ci + + - name: Linting & Types + run: yarn lint:all + + - name: Prepare Lingui-Bot git account + uses: oleksiyrudenko/gha-git-credentials@v2-latest + with: + name: 'Lingui Bot' + email: 'linguibot@gmail.com' + actor: 'lingui-bot' + token: '${{ secrets.GH_TOKEN }}' + + - name: Versioning packages + env: + GH_TOKEN: ${{ secrets.GH_TOKEN }} + run: yarn version:${{github.event.inputs.versionType}}