From c1834115ed36727367493fea7d0d994f83210eba Mon Sep 17 00:00:00 2001
From: Kien Nguyen <kien.nguyen@ledger.fr>
Date: Mon, 23 Sep 2024 14:55:54 +0200
Subject: [PATCH] =?UTF-8?q?=E2=9A=99=EF=B8=8F=20(jfrog)=20[NO-ISSUE]:=20Ad?=
 =?UTF-8?q?d=20postpack=20step?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/release.yml | 63 +++++++++--------------------------
 package.json                  |  3 +-
 2 files changed, 17 insertions(+), 49 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 35fd2fc06..e5463b6d9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -36,10 +36,11 @@ jobs:
         id: jfrog-login
         uses: LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1
 
-      - name: Setup npm config for JFrog
+      - name: Setup npm config for JFrog and prepare dist folder
         env:
           NPM_REGISTRY_TOKEN: ${{ steps.jfrog-login.outputs.oidc-token }}
         run: |
+          mkdir -p dist
           cat << EOF | tee .npmrc
           registry=https://${NPM_REGISTRY}/
           //${NPM_REGISTRY}/:_authToken=${NPM_REGISTRY_TOKEN}
@@ -49,55 +50,21 @@ jobs:
         id: changesets
         uses: changesets/action@v1
         with:
-          # publish: pnpm release
+          publish: pnpm release
           branch: fix/no-issue-jfrog-attest-sign-package
           createGithubReleases: false
         env:
-          GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }}
-
-      - name: Publish
-        if: steps.changesets.outputs.hasChangesets == 'false'
-        run: |
-          mkdir -p dist
-          pnpm recursive exec -- pnpm pack --pack-destination dist
-          ls -al dist
-          pnpm publish -r
-
-      # - name: Download published packages to attest and sign
-      #   if: steps.changesets.outputs.published == 'true'
-      #   env:
-      #     PUBLISHED_PACKAGE_JSON: published-packages.json
-      #   run: |
-      #     # Extract packages name
-      #     # output will be in the form of: [{"name":"@ledgerhq/package-name","version":"X.X.X"}]
-      #     cat << EOF | tee $PUBLISHED_PACKAGE_JSON
-      #     ${{ steps.changesets.outputs.publishedPackages }}
-      #     EOF
+          GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }}e
 
-      #     # Create dist directory
-      #     mkdir -p dist
-
-      #     # Loop over package names and download the tarball into dist directory
-      #     for row in $(cat $PUBLISHED_PACKAGE_JSON | jq -r '.[] | @text'); do
-      #       PACKAGE_NAME=$(echo $row| jq -r '.name')
-      #       PACKAGE_VERSION=$(echo $row | jq -r '.version')
-      #       PACKAGE_NAME_BASENAME=$(basename ${PACKAGE_NAME})
-
-      #       echo -e "\033[0;32mDownload artifact from\033[0m https://${NPM_REGISTRY}/${PACKAGE_NAME}/-/${PACKAGE_NAME}-${PACKAGE_VERSION}.tgz"
-      #       curl -H "Authorization: Bearer ${{ steps.jfrog-login.outputs.oidc-token }}" \
-      #         -o dist/${PACKAGE_NAME_BASENAME}-${PACKAGE_VERSION}.tgz \
-      #         https://${NPM_REGISTRY}/${PACKAGE_NAME}/-/${PACKAGE_NAME}-${PACKAGE_VERSION}.tgz
-      #     done
-
-      # - name: Attest tarball
-      #   if: steps.changesets.outputs.published == 'true'
-      #   uses: LedgerHQ/actions-security/actions/attest@actions/attest-1
-      #   with:
-      #     subject-path: ./dist
+      - name: Attest tarball
+        if: steps.changesets.outputs.published == 'true'
+        uses: LedgerHQ/actions-security/actions/attest@actions/attest-1
+        with:
+          subject-path: ./dist
       
-      # # The action currently doesn't support pushing the blob to the registry
-      # - name: Sign tarball
-      #   if: steps.changesets.outputs.published == 'true'
-      #   uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
-      #   with:
-      #     path: ./dist
+      # The action currently doesn't support pushing the blob to the registry
+      - name: Sign tarball
+        if: steps.changesets.outputs.published == 'true'
+        uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
+        with:
+          path: ./dist
diff --git a/package.json b/package.json
index 36bb65531..4ff1051cc 100644
--- a/package.json
+++ b/package.json
@@ -22,7 +22,8 @@
     "ui": "pnpm --filter @ledgerhq/device-sdk-ui",
     "sample": "pnpm --filter @ledgerhq/device-sdk-sample",
     "bump": "changeset version",
-    "release": "changeset publish",
+    "release": "pnpm recursive exec -- bash -c 'pnpm pack && pnpm -w run postpack' && changeset publish",
+    "postpack": "find . -name '*.tgz' -exec mv {} dist/ \\; 2> /dev/null",
     "changelog": "changeset add",
     "commit": "gitmoji -c",
     "commitcl": "pnpm changelog && git add .changeset && pnpm commit",