Release CLI Assets #26

Workflow file for this run

.github/workflows/release-cli-assets.yml at 6cb6f7b

	name: Release CLI Assets

	on:
	workflow_call:
	inputs:
	publishedPackages:
	description: 'Published packages'
	required: true
	type: string
	commitSha:
	description: 'Commit SHA'
	required: true
	type: string
	channel:
	description: 'Channel'
	required: true
	type: string
	default: 'latest'
	workflow_dispatch:
	inputs:
	publishedPackages:
	description: 'Published packages'
	required: true
	default: '[{"name": "@xata.io/cli", "version": "1.2.0"}]'
	type: string
	commitSha:
	description: 'Commit SHA'
	required: true
	type: string
	channel:
	description: 'Channel'
	required: true
	type: string
	default: 'latest'

	jobs:
	release-cli-assets:
	name: Release CLI assets
	strategy:
	matrix:
	os: [ubuntu-latest, macos-latest]
	runs-on: ${{ matrix.os }}
	steps:
	- uses: actions/checkout@v3
	with:
	# This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits
	fetch-depth: 0
	# This makes the PR pushed to use GITHUB_TOKEN and trigger the checks
	persist-credentials: false

	- name: Configure
	run: \|
	echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_OUTPUT
	id: config

	- name: Install pnpm
	uses: pnpm/action-setup@v4

	- name: Use Node.js ${{ steps.config.outputs.NVMRC }}
	uses: actions/setup-node@v3
	with:
	node-version: ${{ steps.config.outputs.NVMRC }}
	cache: 'pnpm'

	- name: Install the Apple certificate
	if: matrix.os == 'macos-latest'
	env:
	BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_DEVELOPER_ID_CERT_P12 }}
	P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_CERT_SECRET }}
	KEYCHAIN_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_CERT_SECRET }}
	run: \|
	# create variables
	CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

	# import certificate from secrets
	echo -n "$BUILD_CERTIFICATE_BASE64" \| base64 --decode -o $CERTIFICATE_PATH

	# create temporary keychain
	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

	# import certificate to keychain
	security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Build
	run: pnpm build

	- name: Install windows dependencies
	if: matrix.os == 'ubuntu-latest'
	run: \|
	sudo apt-get update
	sudo apt-get install -y nsis
	sudo apt-get install -y p7zip

	- name: Release CLI Assets
	run: pnpm run release:cli
	env:
	PUBLISHED_PACKAGES: ${{ inputs.publishedPackages }}
	MATRIX_OS: ${{ matrix.os }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Upload & Promote CLI Assets to S3
	run: pnpm run release:cli:upload
	env:
	PUBLISHED_PACKAGES: ${{ inputs.publishedPackages }}
	MATRIX_OS: ${{ matrix.os }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_EC2_METADATA_DISABLED: true
	COMMIT_SHA: ${{ inputs.commitSha }}
	CHANNEL: ${{ inputs.channel }}
	AWS_ROLE_ARN: ${{ secrets.CLI_ASSETS_UPLOAD_ROLE }}

	- name: Clean up keychain
	if: matrix.os == 'macos-latest'
	run: \|
	security delete-keychain $RUNNER_TEMP/app-signing.keychain-db

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release CLI Assets #26

Workflow file

Release CLI Assets #26

Jobs

Run details

Workflow file for this run