|
8 | 8 | jobs:
|
9 | 9 | release-package:
|
10 | 10 | runs-on: ubuntu-latest
|
| 11 | + |
11 | 12 | permissions:
|
12 |
| - id-token: write # Needed if using OIDC to get release secrets. |
13 | 13 | contents: write # Contents and pull-requests are for release-please to make releases.
|
14 | 14 | pull-requests: write
|
| 15 | + |
15 | 16 | outputs:
|
16 | 17 | release-created: ${{ steps.release.outputs.release_created }}
|
17 | 18 | upload-tag-name: ${{ steps.release.outputs.tag_name }}
|
18 |
| - gem-hash: ${{ steps.publish.outputs.gem-hash}} |
| 19 | + |
19 | 20 | steps:
|
20 | 21 | - uses: googleapis/release-please-action@v4
|
21 | 22 | id: release
|
22 | 23 |
|
23 |
| - - uses: actions/checkout@v4 |
24 |
| - if: ${{ steps.release.outputs.releases_created == 'true' }} |
| 24 | + build-ruby-gem: |
| 25 | + needs: [ 'release-package' ] |
| 26 | + if: ${{ needs.release-package.outputs.release-created == 'true' }} |
| 27 | + uses: ./.github/workflows/build-gem.yml |
| 28 | + with: |
| 29 | + platform: 'ruby' |
| 30 | + |
| 31 | + build-jruby-gem: |
| 32 | + needs: [ 'release-package' ] |
| 33 | + if: ${{ needs.release-package.outputs.release-created == 'true' }} |
| 34 | + uses: ./.github/workflows/build-gem.yml |
| 35 | + with: |
| 36 | + platform: 'jruby' |
| 37 | + |
| 38 | + publish: |
| 39 | + runs-on: ubuntu-latest |
| 40 | + needs: [ 'release-package', 'build-ruby-gem', 'build-jruby-gem' ] |
| 41 | + if: ${{ needs.release-package.outputs.release-created == 'true' }} |
| 42 | + |
| 43 | + outputs: |
| 44 | + gem-hash: ${{ steps.publish.outputs.gem-hash }} |
| 45 | + |
| 46 | + permissions: |
| 47 | + id-token: write # Needed if using OIDC to get release secrets. |
| 48 | + contents: write # Contents and pull-requests are for release-please to make releases. |
| 49 | + |
| 50 | + steps: |
| 51 | + - uses: ./.github/actions/setup |
25 | 52 | with:
|
26 |
| - fetch-depth: 0 # If you only need the current version keep this. |
| 53 | + version: '3.0' |
| 54 | + install-dependencies: false |
27 | 55 |
|
28 | 56 | - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
|
29 |
| - if: ${{ steps.release.outputs.releases_created == 'true' }} |
30 | 57 | name: 'Get rubygems API key'
|
31 | 58 | with:
|
32 | 59 | aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
|
33 | 60 | ssm_parameter_pairs: '/production/common/releasing/rubygems/api_key = GEM_HOST_API_KEY'
|
34 | 61 |
|
35 |
| - - uses: ./.github/actions/ci |
36 |
| - if: ${{ steps.release.outputs.releases_created == 'true' }} |
37 |
| - with: |
38 |
| - ruby-version: 3.0 |
39 |
| - token: ${{ secrets.GITHUB_TOKEN }} |
40 |
| - |
41 | 62 | - uses: ./.github/actions/build-docs
|
42 |
| - if: ${{ steps.release.outputs.releases_created == 'true' }} |
43 | 63 |
|
44 | 64 | - uses: ./.github/actions/publish
|
45 | 65 | id: publish
|
46 |
| - if: ${{ steps.release.outputs.releases_created == 'true' }} |
47 | 66 | with:
|
48 | 67 | dry_run: false
|
49 | 68 |
|
50 | 69 | - uses: ./.github/actions/publish-docs
|
51 |
| - if: ${{ steps.release.outputs.releases_created == 'true' }} |
52 | 70 | with:
|
53 |
| - token: ${{secrets.GITHUB_TOKEN}} |
| 71 | + token: ${{ secrets.GITHUB_TOKEN }} |
54 | 72 |
|
55 | 73 | release-provenance:
|
56 |
| - needs: [ 'release-package' ] |
| 74 | + needs: [ 'release-package', 'publish' ] |
57 | 75 | if: ${{ needs.release-package.outputs.release-created == 'true' }}
|
| 76 | + |
58 | 77 | permissions:
|
59 | 78 | actions: read
|
60 | 79 | id-token: write
|
61 | 80 | contents: write
|
| 81 | + |
62 | 82 | uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
|
63 | 83 | with:
|
64 |
| - base64-subjects: "${{ needs.release-package.outputs.gem-hash }}" |
| 84 | + base64-subjects: "${{ needs.publish.outputs.gem-hash }}" |
65 | 85 | upload-assets: true
|
66 | 86 | upload-tag-name: ${{ needs.release-package.outputs.upload-tag-name }}
|
0 commit comments