Publish @bitgo-beta #2367
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish @bitgo-beta | |
| on: | |
| workflow_dispatch: | |
| # push: | |
| # branches: | |
| # - master | |
| permissions: | |
| contents: write | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| env: | |
| SOCKET_SECURITY_MODE: monitor # Options: monitor (non-blocking) or block (fails on vulnerabilities) | |
| jobs: | |
| publish: | |
| name: Publish Release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: socketdev/action@v1 | |
| with: | |
| mode: firewall-free | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Setup Node | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| node-version-file: .nvmrc | |
| - name: Install BitGoJS | |
| run: sfw yarn install --with-frozen-lockfile | |
| - name: Audit Dependencies | |
| run: yarn run improved-yarn-audit --min-severity high | |
| - name: Set Environment Variable for Alpha | |
| if: github.ref != 'refs/heads/master' # only publish changes if on feature branches | |
| run: | | |
| echo "preid=alpha" >> $GITHUB_ENV | |
| - name: Set Environment Variable for Beta | |
| if: github.ref == 'refs/heads/master' # only publish changes if on master branches | |
| run: | | |
| echo "preid=beta" >> $GITHUB_ENV | |
| - name: Configure Git & NPM | |
| run: | | |
| git config --global user.name 'Git bot' | |
| git config --global user.email 'bot@noreply.github.com' | |
| git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }} | |
| git checkout -b ${{ env.preid }}-$(git rev-parse --short HEAD) | |
| echo "email=${{ secrets.BETA_EMAIL }}" > .npmrc | |
| echo "@bitgo-beta:registry=https://registry.npmjs.org" >> .npmrc | |
| echo "//registry.npmjs.org/:_authToken=${{ secrets.BITGO_BETA_PUBLISH_TOKEN }}" >> .npmrc | |
| echo "//registry.npmjs.org/:always-auth=true" >> .npmrc | |
| - name: Prepare Release | |
| run: | | |
| rm -rfd ./modules/web-demo | |
| rm -rfd ./modules/express | |
| npx tsx ./scripts/prepare-release.ts ${{ env.preid }} | |
| - name: Rebuild packages | |
| run: sfw yarn | |
| - name: Commit Local Changes | |
| run: git commit -am "Auto updated ${{ env.preid }} branch" --no-verify || echo "No changes to commit" | |
| - name: Lerna Publish | |
| run: yarn lerna publish from-package --preid ${{ env.preid }} --dist-tag ${{ env.preid }} --force-publish --yes --loglevel silly | |
| - name: Verify Publish | |
| run: npx tsx ./scripts/verify-release.ts ${{ env.preid }} |