fix(pdk-nag): remove deprecated rules (#884) #728
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
on: | |
push: | |
branches: | |
- mainline | |
workflow_dispatch: {} | |
env: | |
NX_BRANCH: mainline | |
NX_RUN_GROUP: ${{ github.run_id }} | |
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} | |
jobs: | |
release: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
outputs: | |
latest_commit: ${{ steps.git_remote.outputs.latest_commit }} | |
skip_release: ${{ steps.should_skip_release.outputs.skip_release }} | |
env: | |
CI: "true" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Derive appropriate SHAs for base and head for `nx affected` commands | |
uses: nrwl/nx-set-shas@v2 | |
with: | |
main-branch-name: "mainline" | |
- name: Set git identity | |
run: |- | |
git config user.name "github-actions" | |
git config user.email "[email protected]" | |
- name: PDK Init | |
uses: ./.github/actions/pdk-init | |
- name: Build | |
run: NX_CLOUD_NO_TIMEOUTS=true pnpm build | |
- name: Release | |
run: pnpm run-many --target=release:mainline --all --parallel=4 --output-style stream --nx-bail | |
- name: Check for mutations | |
run: git diff --ignore-space-at-eol --exit-code | |
- name: Check for new commits | |
id: git_remote | |
run: echo "latest_commit=$(git ls-remote origin -h ${{ github.ref }} | cut -f1)" >> $GITHUB_OUTPUT | |
- name: Should skip release | |
id: should_skip_release | |
run: echo "skip_release=$(git log --oneline -1 | grep -qE 'build\(?.*\)?:|docs\(?.*\)?:|chore\(?.*\)?:|refactor\(?.*\)?:|test\(?.*\)?:' && echo true || echo false)" >> $GITHUB_OUTPUT | |
- name: Extract Dists | |
run: rsync -a . ./dist --include="*/" --include="/docs/dist/**" --include="/packages/pdk/dist/**" --exclude="*" --prune-empty-dirs | |
- name: Upload artifact | |
if: ${{ steps.git_remote.outputs.latest_commit == github.sha }} | |
uses: actions/[email protected] | |
with: | |
name: build-artifact | |
path: dist | |
release_github: | |
name: Publish to GitHub Releases | |
needs: release | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
if: needs.release.outputs.latest_commit == github.sha | |
steps: | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 14.x | |
- name: Download build artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: build-artifact | |
path: dist | |
- name: Release | |
if: needs.release.outputs.skip_release != 'true' | |
run: errout=$(mktemp); gh release create $(cat dist/releasetag.txt) -R $GITHUB_REPOSITORY -F dist/changelog.md -t $(cat dist/releasetag.txt) --target $GITHUB_REF 2> $errout && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" $errout; then cat $errout; exit $exitcode; fi | |
working-directory: dist/packages/pdk | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_REPOSITORY: ${{ github.repository }} | |
GITHUB_REF: ${{ github.ref }} | |
release_npm: | |
name: Publish to npm | |
needs: release | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
issues: write | |
contents: read | |
if: needs.release.outputs.latest_commit == github.sha && needs.release.outputs.skip_release != 'true' | |
steps: | |
- name: Install Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Install pnpm | |
run: npm install -g pnpm | |
- name: Download build artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: build-artifact | |
path: dist | |
- name: Release | |
working-directory: dist/packages/pdk | |
run: pnpm --package publib@latest dlx publib-npm | |
env: | |
NPM_CONFIG_PROVENANCE: "true" | |
NPM_DIST_TAG: latest | |
NPM_REGISTRY: registry.npmjs.org | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
- name: Extract Version | |
id: extract-version | |
working-directory: dist/packages/pdk | |
if: ${{ failure() }} | |
run: echo "VERSION=$(cat dist/releasetag.txt)" >> $GITHUB_OUTPUT | |
- name: Create Issue | |
if: ${{ failure() }} | |
uses: imjohnbo/issue-bot@v3 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
labels: failed-release | |
title: Publishing v${{ steps.extract-version.outputs.VERSION }} to npm failed | |
body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
release_maven: | |
name: Publish to Maven Central | |
needs: release | |
runs-on: ubuntu-latest | |
permissions: | |
issues: write | |
contents: read | |
if: needs.release.outputs.latest_commit == github.sha && needs.release.outputs.skip_release != 'true' | |
steps: | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 11.x | |
- name: Install Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Install pnpm | |
run: npm install -g pnpm | |
- name: Download build artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: build-artifact | |
path: dist | |
- name: Release | |
working-directory: dist/packages/pdk | |
run: pnpm --package publib@latest dlx publib-maven | |
env: | |
MAVEN_ENDPOINT: https://aws.oss.sonatype.org | |
MAVEN_GPG_PRIVATE_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
MAVEN_GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.MAVEN_GPG_PRIVATE_KEY_PASSPHRASE }} | |
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} | |
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} | |
MAVEN_STAGING_PROFILE_ID: ${{ secrets.MAVEN_STAGING_PROFILE_ID }} | |
- name: Extract Version | |
id: extract-version | |
working-directory: dist/packages/pdk | |
if: ${{ failure() }} | |
run: echo "VERSION=$(cat dist/releasetag.txt)" >> $GITHUB_OUTPUT | |
- name: Create Issue | |
if: ${{ failure() }} | |
uses: imjohnbo/issue-bot@v3 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
labels: failed-release | |
title: Publishing v${{ steps.extract-version.outputs.VERSION }} to maven failed | |
body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
release_pypi: | |
name: Publish to PyPI | |
needs: release | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
issues: write | |
if: needs.release.outputs.latest_commit == github.sha && needs.release.outputs.skip_release != 'true' | |
steps: | |
- name: Install Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Install pnpm | |
run: npm install -g pnpm | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: 3.x | |
- name: Download build artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: build-artifact | |
path: dist | |
- name: Release | |
working-directory: dist/packages/pdk | |
run: pnpm --package publib@latest dlx publib-pypi | |
env: | |
TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} | |
TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} | |
- name: Extract Version | |
id: extract-version | |
working-directory: dist/packages/pdk | |
if: ${{ failure() }} | |
run: echo "VERSION=$(cat dist/releasetag.txt)" >> $GITHUB_OUTPUT | |
- name: Create Issue | |
if: ${{ failure() }} | |
uses: imjohnbo/issue-bot@v3 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
labels: failed-release | |
title: Publishing v${{ steps.extract-version.outputs.VERSION }} to pypi failed | |
body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
release_docs: | |
needs: [release, release_github] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
if: needs.release.outputs.latest_commit == github.sha | |
steps: | |
- name: Check out | |
uses: actions/checkout@v4 | |
with: | |
ref: gh-pages | |
fetch-depth: 0 | |
- name: Download build artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: build-artifact | |
path: dist | |
- name: Configure Git | |
run: |- | |
git config user.name "AWS PDK Automation" | |
git config user.email "[email protected]" | |
- name: Upload docs to Github | |
if: needs.release.outputs.skip_release != 'true' | |
run: zip -r docs.zip dist/docs/dist/docs/* && gh release upload $(cat dist/packages/pdk/dist/releasetag.txt) -R $GITHUB_REPOSITORY docs.zip && rm docs.zip | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_REPOSITORY: ${{ github.repository }} | |
- name: Prepare Commit | |
run: |- | |
mv dist/docs/dist ${{ runner.temp }}/dist | |
rsync --delete --exclude=.git --recursive ${{ runner.temp }}/dist/docs/ . | |
touch .nojekyll | |
git add . | |
git diff --cached --exit-code >/dev/null || (git commit -am 'docs: publish from ${{ github.sha }}') | |
- name: Push | |
run: git push origin gh-pages:gh-pages |