haskell-server-sdk/.github/workflows/release-please.yml at main · launchdarkly/haskell-server-sdk · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
name: Run Release Please

on:
  push:
    branches:
      - main

jobs:
  release-package:
    runs-on: ubuntu-latest

    permissions:
      id-token: write # Needed if using OIDC to get release secrets.
      contents: write # Contents and pull-requests are for release-please to make releases.
      pull-requests: write
      attestations: write

    steps:
      - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0
        id: release

      - uses: actions/checkout@v4
        with:
          fetch-depth: 0 # Full history is required for proper changelog generation

      #
      # This step runs and updates an existing PR
      #
      - uses: ./.github/actions/update-cabal
        if: ${{ steps.release.outputs.pr != '' }}
        with:
          branch: ${{ fromJSON(steps.release.outputs.pr).headBranchName }}

      - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
        name: "Get Hackage token"
        if: ${{ steps.release.outputs.releases_created == 'true' }}
        with:
          aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
          ssm_parameter_pairs: "/production/common/releasing/hackage/password = HACKAGE_TOKEN"

      - name: Install PCRE development libraries
        if: ${{ steps.release.outputs.releases_created == 'true' }}
        run: sudo apt-get update && sudo apt-get install -y libpcre3-dev

      - uses: ./.github/actions/setup-cache
        if: ${{ steps.release.outputs.releases_created == 'true' }}

      - uses: ./.github/actions/ci
        id: ci
        if: ${{ steps.release.outputs.releases_created == 'true' }}
        with:
          token: ${{secrets.GITHUB_TOKEN}}

      - uses: ./.github/actions/build-docs
        if: ${{ steps.release.outputs.releases_created == 'true' }}

      - uses: ./.github/actions/publish
        if: ${{ steps.release.outputs.releases_created == 'true' }}
        with:
          token: ${{ env.HACKAGE_TOKEN }}
          dry_run: "false"

      - uses: ./.github/actions/publish-docs
        if: ${{ steps.release.outputs.releases_created == 'true' }}
        with:
          # If publishing somewhere else, then get the token from SSM. If you need both github,
          # and another token, then add more tokens to the composite action.
          token: ${{secrets.GITHUB_TOKEN}}

      - name: Attest build provenance
        if: ${{ steps.release.outputs.releases_created == 'true' }}
        uses: actions/attest@v4
        with:
          subject-path: '${{ steps.ci.outputs.dist-dir }}/*tar.gz'