Skip to content

release-npm-packages #120

release-npm-packages

release-npm-packages #120

name: release-npm-packages
on:
workflow_dispatch: # on button click
jobs:
release:
name: Release TypeScript packages to NPM
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
steps:
- uses: actions/checkout@v4
with:
token: ${{secrets.PUSH_TOKEN}}
- uses: actions/setup-node@v4
with:
node-version: 18
cache: "yarn"
- name: Install dependencies
run: yarn install
- name: Version
id: version
run: |
yarn changeset version
echo "porcelain=$(git status --porcelain | wc -l)" >> $GITHUB_OUTPUT
- name: Configure AWS Credentials
id: credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
role-session-name: SmithyTypeScriptGitHubRelease
audience: sts.amazonaws.com
- name: Commit
id: commit
if: steps.version.outputs.porcelain != '0'
run: |
git config --global user.email "[email protected]"
git config --global user.name "Smithy Automation"
git add .
git commit -m 'Version NPM packages'
git push
- name: Fetch NPM token
id: token
if: steps.commit.outcome == 'success'
run: |
aws configure --profile token set role_arn ${{ secrets.TOKEN_ROLE }}
aws configure --profile token set credential_source Environment
npm_token=$(aws secretsmanager get-secret-value --region us-west-2 --secret-id=SMITHY_PUBLISH_npmToken --query SecretString --output text --profile token)
echo "::add-mask::$npm_token"
echo "NPM_TOKEN=$npm_token" >> $GITHUB_ENV
- name: Stage Release
id: stage
if: steps.token.outcome == 'success'
run: |
yarn stage-release --concurrency=1
- name: Release
id: release
uses: changesets/action@v1
if: steps.stage.outcome == 'success'
with:
publish: yarn release
env:
NPM_TOKEN: ${{ env.NPM_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Failure Nofitication
if: ${{ failure() }}
run: aws cloudwatch put-metric-data --namespace SmithyTypeScriptPublish --metric-name NpmPackagePublishFailure --value 1