v0.3.0 #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Extension | |
on: | |
release: | |
# This limits the workflow to releases that are not pre-releases. | |
# From the docs: A release was published, or a pre-release was changed to a release. | |
types: [released] | |
# Button for publishing main branch in case there's a failure on the release. | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: Tag to be published | |
type: string | |
required: true | |
jobs: | |
validate-release-environment: | |
runs-on: ubuntu-latest | |
# The `publish` environment is inherited from the org level, and means the job | |
# can't proceed until someone with appropriate permissions approves it. | |
environment: publish | |
steps: | |
# Check out the main branch and get its head commit as output for later. | |
- uses: actions/checkout@v3 | |
with: | |
ref: 'main' | |
- id: get-main-head | |
run: echo "COMMIT_ID=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
# Check out the tag to be released and get its head commit as output for later. | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.release.tag_name || inputs.tag }} | |
- id: get-tag-head | |
run: echo "COMMIT_ID=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
# If the two commits aren't identical, the tag isn't eligible for release. | |
- name: Fail non-matching commits | |
if: ${{ steps.get-main-head.outputs.COMMIT_ID != steps.get-tag-head.outputs.COMMIT_ID }} | |
run: | | |
echo "Tag commit must match latest commit in main branch. Branch head is ${{ steps.get-main-head.outputs.COMMIT_ID }}. Tag head is ${{ steps.get-tag-head.outputs.COMMIT_ID }}." | |
exit 1 | |
# Get the `version` property from `package.json` as output for later. | |
- name: Get package.json version property | |
id: get-package-version | |
run: | | |
echo "PACKAGE_VERSION=$(cat package.json | jq '.version' | xargs)" >> $GITHUB_OUTPUT | |
- run: echo "Package Version is ${{ steps.get-package-version.outputs.PACKAGE_VERSION }}" | |
# Verify that the tag is of the format "vX.Y.Z", exactly matching the corresponding values in the `package.json` version property. | |
- name: Compare tag to package.json | |
run: | | |
TAG=${{ github.event.release.tag_name || inputs.tag }} | |
PACKAGE_VERSION=v${{ steps.get-package-version.outputs.PACKAGE_VERSION }} | |
[[ ${TAG} == ${PACKAGE_VERSION} ]] || (echo "Tag name must match package.json version, prefixed by lowercase v" && exit 1) | |
# Set other miscellaneous environment variables as outputs for later. | |
run-tests: | |
name: 'Test against production scanner' | |
needs: [ 'validate-release-environment' ] | |
uses: ./.github/workflows/run-tests.yml | |
with: | |
# Before publishing, we want to test the extension against whatever | |
# version of the scanner is currently live. | |
use-scanner-tarball: false | |
publish-vscode: | |
name: 'Publish to VSCode Marketplace' | |
needs: [ 'run-tests' ] | |
runs-on: ubuntu-latest | |
env: | |
VSCE_PERSONAL_ACCESS_TOKEN: ${{ secrets.VSCE_PERSONAL_ACCESS_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }} | |
steps: | |
- name: Checkout the release tag | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.release.tag_name || inputs.tag }} | |
token: ${{ env.GITHUB_TOKEN }} | |
# Set up node and install dependencies. | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 'lts/*' | |
- run: yarn install --frozen-lockfile | |
# Download the .vsix attached to the release. | |
- name: Download Extension From Release | |
run: | | |
mkdir ./extensions | |
gh release download ${{ github.event.release.tag_name || inputs.tag }} -D ./extensions | |
- name: Display downloaded VSIX | |
run: ls -R ./extensions | |
- name: Publish the VSIX | |
run: find ./extensions -type f -name "*.vsix" -exec npx vsce publish --pat ${{ env.VSCE_PERSONAL_ACCESS_TOKEN }} --packagePath {} \; | |
- run: echo "SUCCESSFULLY PUBLISHED" | |
publish-openvsx: | |
name: 'Publish to OpenVSX marketplace' | |
needs: [ 'run-tests' ] | |
runs-on: ubuntu-latest | |
env: | |
IDEE_OVSX_PAT: ${{ secrets.IDEE_OVSX_PAT }} | |
GITHUB_TOKEN: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }} | |
steps: | |
- name: Checkout the release tag | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.release.tag_name || inputs.tag }} | |
token: ${{ env.GITHUB_TOKEN }} | |
# Set up node and install dependencies. | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 'lts/*' | |
- run: yarn install --frozen-lockfile | |
# Download the .vsix attached to the release. | |
- name: Download Extension From Release | |
run: | | |
mkdir ./extensions | |
gh release download ${{ github.event.release.tag_name || inputs.tag }} -D ./extensions | |
- name: Display downloaded VSIX | |
run: ls -R ./extensions | |
- name: Publish the VSIX | |
run: find ./extensions -type f -name "*.vsix" -exec npx osvx publish {} -p ${{ env.IDEE_OVSX_PAT }} \; | |
- run: echo "SUCCESSFULLY PUBLISHED" | |