wuespace · pklaschka · Dec 11, 2024 · Dec 11, 2024
diff --git a/.github/release.yml b/.github/release.yml
@@ -0,0 +1,16 @@
+# .github/release.yml
+
+changelog:
+  exclude:
+    authors:
+      - octocat
+  categories:
+    - title: Breaking Changes 💥
+      labels:
+        - ":boom: breaking"
+    - title: Exciting New Features 🎉
+      labels:
+        - ":tulip: enhancement"
+    - title: Other Changes
+      labels:
+        - "*"
diff --git a/.github/workflows/jsr-publish.yml b/.github/workflows/jsr-publish.yml
diff --git a/.github/workflows/docker-publish.yml → .github/workflows/release.yml b/.github/workflows/docker-publish.yml → .github/workflows/release.yml
@@ -1,46 +1,62 @@
-name: Docker
-
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
+name: Publish Stable Release
 
 on:
-  schedule:
-    - cron: '20 2 * * *'
   push:
-    branches: [ "main" ]
-    # Publish semver tags as releases.
-    tags: [ 'v*.*.*' ]
-  pull_request:
-    branches: [ "main" ]
-
-env:
-  # Use docker.io for Docker Hub if empty
-  REGISTRY: ghcr.io
-  # github.repository as <account>/<repo>
-  IMAGE_NAME: ${{ github.repository }}
-
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
 
 jobs:
-  build:
-
+  validate-asn-generator:
+    name: Test the application
     runs-on: ubuntu-latest
+    steps:
+      - name: Setup repo
+        uses: actions/checkout@v4
+      - name: Setup Deno
+        uses: denoland/setup-deno@v1
+        with:
+          deno-version: v2.x
+      - name: Run type checking
+        run: deno task check
+      - name: Run tests
+        run: deno task test
+
+  publish-asn-generator:
+    name: Publish release artifacts
+    needs: validate-asn-generator
+    env:
+      # Use docker.io for Docker Hub if empty
+      REGISTRY: ghcr.io
+      # github.repository as <account>/<repo>
+      IMAGE_NAME: ${{ github.repository }}
     permissions:
       contents: read
       packages: write
       # This is used to complete the identity challenge
       # with sigstore/fulcio when running outside of PRs.
       id-token: write
-
+    runs-on: ubuntu-latest
     steps:
-      - name: Checkout repository
+      - name: Setup repo
         uses: actions/checkout@v4
+      - name: Setup Deno
+        uses: denoland/setup-deno@v1
+        with:
+          deno-version: v2.x
+      - name: Update version in `deno.json`
+        run: |
+          tag=${GITHUB_REF#refs/tags/}
+          version=${tag#v}
+          jq --arg version "$version" '.version = $version' deno.json > tmp.$$.json
+          mv tmp.$$.json deno.json
+      # JSR Publishing
+      - name: Publish release
+        run: deno publish --allow-dirty
+      # Docker publishing
 
       # Install the cosign tool except on PR
       # https://github.com/sigstore/cosign-installer
       - name: Install cosign
-        if: github.event_name != 'pull_request'
         uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
         with:
           cosign-release: 'v2.2.4'
@@ -54,7 +70,6 @@ jobs:
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
-        if: github.event_name != 'pull_request'
         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
         with:
           registry: ${{ env.REGISTRY }}
@@ -68,16 +83,24 @@ jobs:
         uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern=v{{version}}
+            type=semver,pattern=v{{major}}
+            type=semver,pattern=v{{major}}.{{minor}}
+            type=raw,value=latest
 
-      # Build and push Docker image with Buildx (don't push on PR)
+      # Build and push Docker image with Buildx
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
         uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
+          push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
@@ -89,7 +112,6 @@ jobs:
       # transparency data even for private images, pass --force to cosign below.
       # https://github.com/sigstore/cosign
       - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
         env:
           # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
           TAGS: ${{ steps.meta.outputs.tags }}

diff --git a/deno.json b/deno.json
@@ -1,6 +1,6 @@
 {
   "name": "@wuespace/asn-generator",
-  "version": "0.3.1",
+  "version": "0.0.0-replaced-by-ci",
   "exports": {
     ".": "./main.ts",
     "./cli": "./lib/cli/mod.ts",
@@ -13,8 +13,7 @@
     "test": "DATA_DIR=data-test ASN_PREFIX=ASN ASN_NAMESPACE_RANGE=50 ASN_ENABLE_NAMESPACE_EXTANSION=1 deno test -A",
     "docs": "deno doc --reload --html main.ts",
     "lint": "DENO_FUTURE=1 deno lint && deno doc --lint main.ts lib/*/mod.ts",
-    "check": "deno check main.ts lib/**/*.ts",
-    "version": "deno run --allow-read=. --allow-write=. --allow-run=git jsr:@utility/version"
+    "check": "deno check main.ts lib/**/*.ts"
   },
   "imports": {
     "$/": "./",

diff --git a/version.json b/version.json