chore: Migrate CodeBuild release to GHA (without publishing step) #7
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| # TODO: remove pull_request once tested in PR | |
| pull_request: | |
| workflow_dispatch: | |
| inputs: | |
| version_bump: | |
| required: false | |
| description: '[Optional] Override semantic versioning with explict version (allowed values: "patch", "minor", "major", or explicit version)' | |
| default: '' | |
| dist_tag: | |
| description: 'NPM distribution tag' | |
| required: false | |
| default: 'latest' | |
| branch: | |
| description: 'The branch to release from' | |
| required: false | |
| default: 'master' | |
| env: | |
| NODE_OPTIONS: "--max-old-space-size=4096" | |
| NPM_CONFIG_UNSAFE_PERM: true | |
| jobs: | |
| compliance: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - name: Setup Node.js 18 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci --unsafe-perm | |
| - name: Run compliance checks | |
| run: | | |
| npm run lint | |
| npm run test_conditions | |
| test-nodejs20: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - name: Setup Node.js 20 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Configure AWS Credentials for Tests | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-MPL-Dafny-Role-us-west-2 | |
| role-session-name: JavaScriptTests | |
| - name: Install dependencies and build | |
| run: | | |
| npm ci --unsafe-perm | |
| npm run build | |
| - name: Run Node.js tests | |
| run: npm run coverage-node | |
| test-browser18: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - name: Setup Node.js 18 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| cache: 'npm' | |
| - name: Configure AWS Credentials for Tests | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-MPL-Dafny-Role-us-west-2 | |
| role-session-name: JavaScriptTests | |
| - name: Install dependencies and build | |
| run: | | |
| npm ci --unsafe-perm | |
| npm run build | |
| - name: Run browser tests | |
| run: npm run coverage-browser | |
| test-vectors-nodejs20: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - name: Setup Node.js 20 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Configure AWS Credentials for Tests | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-MPL-Dafny-Role-us-west-2 | |
| role-session-name: JavaScriptTests | |
| - name: Install dependencies and build | |
| run: | | |
| npm ci --unsafe-perm | |
| npm run build | |
| - name: Run integration tests with local publish | |
| env: | |
| PUBLISH_LOCAL: "true" | |
| run: | | |
| npm run verdaccio-publish | |
| npm run verdaccio-node-decrypt | |
| npm run verdaccio-node-encrypt | |
| test-vectors-browser18: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - name: Setup Node.js 18 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| cache: 'npm' | |
| - name: Configure AWS Credentials for Tests | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-MPL-Dafny-Role-us-west-2 | |
| role-session-name: JavaScriptTests | |
| - name: Install dependencies and build | |
| run: | | |
| npm ci --unsafe-perm | |
| npm run build | |
| - name: Run integration tests with local publish | |
| env: | |
| PUBLISH_LOCAL: "true" | |
| run: | | |
| npm run verdaccio-publish | |
| npm run verdaccio-browser-decrypt | |
| npm run verdaccio-browser-encrypt | |
| # Once all tests have passed, run semantic versioning | |
| version: | |
| runs-on: ubuntu-latest | |
| needs: [compliance, test-nodejs20, test-browser18, test-vectors-nodejs20, test-vectors-browser18] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - name: Setup Node.js 16 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '16' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci --unsafe-perm | |
| - name: Configure git | |
| env: | |
| BRANCH: ${{ github.event.inputs.branch }} | |
| VERSION_BUMP: ${{ github.event.inputs.version_bump }} | |
| run: | | |
| git config --global user.name "aws-crypto-tools-ci-bot" | |
| git config --global user.email "no-reply@noemail.local" | |
| # TODO: Uncomment when adding publish step | |
| # git checkout $BRANCH # Commented out to test on current branch | |
| - name: Version packages (dry run - no push) | |
| run: | | |
| # For testing: no push to avoid modifying master branch | |
| npx lerna version --conventional-commits --no-push --yes ${VERSION_BUMP:+$VERSION_BUMP --force-publish} | |
| # TODO: uncomment line below and remove line above when adding publish step | |
| # npx lerna version --conventional-commits --git-remote origin --yes ${VERSION_BUMP:+$VERSION_BUMP --force-publish} | |
| git log -n 1 | |
| # Once semantic versioning has run and bumped versions, publish to npm | |
| # TODO: Publish step that doesn't use OTP but instead follows | |
| # https://docs.npmjs.com/trusted-publishers | |
| # Once publishing is complete, validate that the published packages are useable | |
| validate-nodejs: | |
| runs-on: ubuntu-latest | |
| # TODO: Uncomment when adding publish step | |
| # needs: [publish] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - name: Setup Node.js 20 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Configure AWS Credentials for Tests | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-MPL-Dafny-Role-us-west-2 | |
| role-session-name: JavaScriptTests | |
| - name: Install dependencies | |
| run: npm ci --unsafe-perm | |
| - name: Validate published packages - Node.js | |
| env: | |
| PUBLISH_LOCAL: "false" | |
| run: | | |
| npm run verdaccio-node-decrypt | |
| npm run verdaccio-node-encrypt | |
| validate-browser: | |
| runs-on: ubuntu-latest | |
| # TODO: Uncomment when adding publish step | |
| # needs: [publish] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - name: Setup Node.js 18 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| cache: 'npm' | |
| - name: Configure AWS Credentials for Tests | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-MPL-Dafny-Role-us-west-2 | |
| role-session-name: JavaScriptTests | |
| - name: Install dependencies | |
| run: npm ci --unsafe-perm | |
| - name: Validate published packages - Browser | |
| env: | |
| PUBLISH_LOCAL: "false" | |
| run: | | |
| npm run verdaccio-browser-decrypt | |
| npm run verdaccio-browser-encrypt |