Build & Publish V2 #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Publish V2 | |
| on: [workflow_dispatch] | |
| permissions: | |
| contents: read | |
| jobs: | |
| JobBuild: | |
| name: release | |
| runs-on: [self-hosted, "1ES.Pool=1es-vscode-aks-tools-pool"] | |
| # Expose step outputs as job outputs | |
| outputs: | |
| currentversion: ${{ steps.package_version.outputs.current-version }} | |
| changelog_reader_changes: ${{ steps.changelog_reader.outputs.changes }} | |
| permissions: | |
| actions: read | |
| contents: read | |
| deployments: read | |
| packages: none | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: audit | |
| disable-sudo: true | |
| disable-telemetry: true | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Use Node.js | |
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
| with: | |
| node-version: 20 | |
| # Run install dependencies | |
| - name: Install dependencies | |
| run: npm run install:all | |
| # Ensure project builds successfully before creating release | |
| - name: Build | |
| run: npm run webpack | |
| - name: Get current version from package.json | |
| id: package_version | |
| run: | | |
| VERSION=$(jq -r '.version' package.json) | |
| echo "current-version=$VERSION" >> $GITHUB_OUTPUT | |
| - name: Check version is mentioned in Changelog | |
| id: changelog_reader | |
| uses: mindsers/changelog-reader-action@32aa5b4c155d76c94e4ec883a223c947b2f02656 # v2.2.3 | |
| with: | |
| validation_depth: 10 | |
| version: ${{ steps.package_version.outputs.current-version }} | |
| path: 'CHANGELOG.md' | |
| JobsPublish: | |
| name: publish | |
| runs-on: [self-hosted, "1ES.Pool=1es-vscode-aks-tools-pool"] | |
| needs: JobBuild | |
| permissions: | |
| actions: read | |
| contents: write | |
| deployments: read | |
| packages: none | |
| id-token: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: audit | |
| disable-sudo: true | |
| disable-telemetry: true | |
| # Checkout the code again for release | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Use Node.js | |
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
| with: | |
| node-version: 20 | |
| # Run install dependencies | |
| - name: Install dependencies | |
| run: npm run install:all | |
| - name: Build | |
| run: npm run webpack | |
| - name: Package | |
| run: npx vsce package | |
| - name: Set vsix location | |
| id: find-vsix | |
| run: | | |
| asset_path='./vscode-aks-tools-${{needs.JobBuild.outputs.currentversion}}.vsix' | |
| asset_name='vscode-aks-tools-${{needs.JobBuild.outputs.currentversion}}.vsix' | |
| echo "vsix_path=$asset_path" >> $GITHUB_OUTPUT | |
| echo "vsix_name=$asset_name" >> $GITHUB_OUTPUT | |
| - name: Output name and path of vsix | |
| id: output-vsix-name | |
| run: | | |
| echo "vsix name:" ${{ steps.find-vsix.outputs.vsix_name }} | |
| echo "vsix path:" ${{ steps.find-vsix.outputs.vsix_path }} | |
| - name: Create a Release | |
| id: create_release | |
| uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name : ${{ needs.JobBuild.outputs.currentversion }} | |
| release_name: ${{ needs.JobBuild.outputs.currentversion}} | |
| body: Publish ${{ needs.JobBuild.outputs.changelog_reader_changes }} | |
| - name: federated login | |
| uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 | |
| with: | |
| auth-type: IDENTITY | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Publish packaged extension | |
| run: | | |
| npx vsce publish --azure-credential --packagePath ${{ steps.find-vsix.outputs.vsix_path }} | |
| - name: Attach vsix to release | |
| uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| asset_path: ${{ steps.find-vsix.outputs.vsix_path }} | |
| asset_name: ${{ steps.find-vsix.outputs.vsix_name }} | |
| asset_content_type: application/vsix |