-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d292a0f
commit 3a653a6
Showing
3 changed files
with
165 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| name: CI | ||
|
|
||
| on: | ||
| push: | ||
| branches: [main] | ||
| pull_request: | ||
|
|
||
| jobs: | ||
| validate: | ||
| name: Validate | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Check out source | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Deno | ||
| uses: denoland/setup-deno@v1 | ||
| with: | ||
| deno-version: v1.x | ||
|
|
||
| - name: Typecheck | ||
| run: deno check mod.ts | ||
|
|
||
| - name: Lint | ||
| run: deno lint | ||
|
|
||
| - name: Check formatting | ||
| run: deno check mod.ts |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| name: Publish | ||
|
|
||
| on: | ||
| push: | ||
| tags: | ||
| - v* | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| publish: | ||
| name: Publish to JSR | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| id-token: write # The OIDC ID token is used for authentication with JSR. | ||
|
|
||
| steps: | ||
| - name: Check out source | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Deno | ||
| uses: denoland/setup-deno@v1 | ||
| with: | ||
| deno-version: v1.x | ||
|
|
||
| - name: Import GPG key | ||
| uses: crazy-max/ghaction-import-gpg@v6 | ||
| with: | ||
| gpg_private_key: ${{ secrets.RELEASE_SIGNING_KEY_PEM }} | ||
| trust_level: 5 | ||
| git_user_signingkey: true | ||
| git_committer_name: "Kure Releases" | ||
|
|
||
| - name: Validate tag signature | ||
| run: > | ||
| git tag -v "$GITHUB_REF_NAME" | ||
| - name: Publish to JSR | ||
| run: > | ||
| deno publish |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,96 @@ | ||
| name: Tag version | ||
|
|
||
| on: | ||
| push: | ||
| branches: [main] | ||
|
|
||
| jobs: | ||
| tag: | ||
| name: Check and tag | ||
| runs-on: ubuntu-latest | ||
|
|
||
| permissions: | ||
| contents: write | ||
|
|
||
| steps: | ||
| - name: Check out source | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Check for tagged version | ||
| id: check | ||
| uses: silverlyra/[email protected] | ||
| with: | ||
| script: | | ||
| const [owner, repo] = env.GITHUB_REPOSITORY.split("/", 2); | ||
| const { version } = JSON.parse(await fs.readFile("deno.json", "utf-8")); | ||
| const ref = await getRef(); | ||
| if (ref != null) { | ||
| console.log(chalk.cyan(`Current version (${version}) already tagged.`)); | ||
| console.log(`${ref.object.type} ${ref.object.sha}`); | ||
| return { pending: false, version: "" }; | ||
| } | ||
| console.log(chalk.green(`New version: ${version}`)); | ||
| console.log(); | ||
| const { sha, commit, author } = await getCommit(env.GITHUB_SHA); | ||
| const subject = commit.message.split("\n", 1)[0]; | ||
| console.log(chalk.bold(`“${subject}”`), chalk.gray(`[${sha}]`)); | ||
| console.log( | ||
| `committed by ${chalk.bold(author.login)}`, | ||
| `(${commit.author.name})`, | ||
| chalk.gray(commit.author.date) | ||
| ); | ||
| const members = await listMembers(); | ||
| if (!members.has(author.login)) { | ||
| throw new Error(`${author.login} is not a member of ${owner}`); | ||
| } | ||
| if (!commit.verification.verified) { | ||
| const { reason } = commit.verification; | ||
| throw new Error(`Commit is not verified (${JSON.stringify(reason)})`); | ||
| } | ||
| return { pending: true, version }; | ||
| async function getRef() { | ||
| try { | ||
| const { data } = await github.rest.git.getRef({ owner, repo, ref: `tags/v${version}` }); | ||
| return data; | ||
| } catch (err) { | ||
| if (err.status === 404) return null; | ||
| throw err; | ||
| } | ||
| } | ||
| async function getCommit(sha) { | ||
| const { data } = await github.rest.repos.getCommit({ owner, repo, ref: sha }); | ||
| return data; | ||
| } | ||
| async function listMembers() { | ||
| const { data } = await github.rest.orgs.listMembers({ org: "kure-sh" }); | ||
| return new Map(data.map(member => [member.login, member])); | ||
| } | ||
| - name: Import GPG key | ||
| uses: crazy-max/ghaction-import-gpg@v6 | ||
| if: fromJson(steps.check.outputs.result).pending | ||
| with: | ||
| gpg_private_key: ${{ secrets.RELEASE_SIGNING_KEY_PEM }} | ||
| trust_level: 5 | ||
| git_user_signingkey: true | ||
| git_tag_gpgsign: true | ||
| git_committer_name: "Kure Releases" | ||
|
|
||
| - name: Tag commit and push | ||
| if: fromJson(steps.check.outputs.result).pending | ||
| env: | ||
| TAG_NAME: v${{ fromJson(steps.check.outputs.result).version }} | ||
| run: | | ||
| git tag -a -m "$TAG_NAME" "$TAG_NAME" | ||
| git tag -v "$TAG_NAME" | ||
| git push origin "$TAG_NAME" |