From 16dc98fff514f14dd54c5fa18c72b7de6aec6852 Mon Sep 17 00:00:00 2001 From: Kien Nguyen Date: Mon, 23 Sep 2024 17:49:45 +0200 Subject: [PATCH] =?UTF-8?q?=E2=9A=99=EF=B8=8F=20(jfrog):=20Add=20postpack?= =?UTF-8?q?=20step?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/release.yml | 61 +++++---------------- package.json | 3 +- packages/core/package.json | 1 + packages/signer/context-module/package.json | 1 + packages/signer/keyring-btc/package.json | 1 + packages/signer/keyring-eth/package.json | 1 + packages/trusted-apps/package.json | 1 + packages/ui/package.json | 1 + 8 files changed, 22 insertions(+), 48 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 35fd2fc06..aa6de75c7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -36,10 +36,11 @@ jobs: id: jfrog-login uses: LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1 - - name: Setup npm config for JFrog + - name: Setup npm config for JFrog and prepare dist folder env: NPM_REGISTRY_TOKEN: ${{ steps.jfrog-login.outputs.oidc-token }} run: | + mkdir -p dist cat << EOF | tee .npmrc registry=https://${NPM_REGISTRY}/ //${NPM_REGISTRY}/:_authToken=${NPM_REGISTRY_TOKEN} @@ -49,55 +50,21 @@ jobs: id: changesets uses: changesets/action@v1 with: - # publish: pnpm release + publish: pnpm release branch: fix/no-issue-jfrog-attest-sign-package createGithubReleases: false env: GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }} - - name: Publish - if: steps.changesets.outputs.hasChangesets == 'false' - run: | - mkdir -p dist - pnpm recursive exec -- pnpm pack --pack-destination dist - ls -al dist - pnpm publish -r - - # - name: Download published packages to attest and sign - # if: steps.changesets.outputs.published == 'true' - # env: - # PUBLISHED_PACKAGE_JSON: published-packages.json - # run: | - # # Extract packages name - # # output will be in the form of: [{"name":"@ledgerhq/package-name","version":"X.X.X"}] - # cat << EOF | tee $PUBLISHED_PACKAGE_JSON - # ${{ steps.changesets.outputs.publishedPackages }} - # EOF - - # # Create dist directory - # mkdir -p dist - - # # Loop over package names and download the tarball into dist directory - # for row in $(cat $PUBLISHED_PACKAGE_JSON | jq -r '.[] | @text'); do - # PACKAGE_NAME=$(echo $row| jq -r '.name') - # PACKAGE_VERSION=$(echo $row | jq -r '.version') - # PACKAGE_NAME_BASENAME=$(basename ${PACKAGE_NAME}) - - # echo -e "\033[0;32mDownload artifact from\033[0m https://${NPM_REGISTRY}/${PACKAGE_NAME}/-/${PACKAGE_NAME}-${PACKAGE_VERSION}.tgz" - # curl -H "Authorization: Bearer ${{ steps.jfrog-login.outputs.oidc-token }}" \ - # -o dist/${PACKAGE_NAME_BASENAME}-${PACKAGE_VERSION}.tgz \ - # https://${NPM_REGISTRY}/${PACKAGE_NAME}/-/${PACKAGE_NAME}-${PACKAGE_VERSION}.tgz - # done - - # - name: Attest tarball - # if: steps.changesets.outputs.published == 'true' - # uses: LedgerHQ/actions-security/actions/attest@actions/attest-1 - # with: - # subject-path: ./dist + - name: Attest tarball + if: steps.changesets.outputs.published == 'true' + uses: LedgerHQ/actions-security/actions/attest@actions/attest-1 + with: + subject-path: ./dist - # # The action currently doesn't support pushing the blob to the registry - # - name: Sign tarball - # if: steps.changesets.outputs.published == 'true' - # uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1 - # with: - # path: ./dist + # The action currently doesn't support pushing the blob to the registry + - name: Sign tarball + if: steps.changesets.outputs.published == 'true' + uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1 + with: + path: ./dist diff --git a/package.json b/package.json index 36bb65531..7f3b71645 100644 --- a/package.json +++ b/package.json @@ -8,6 +8,7 @@ "dev": "turbo run dev", "lint": "turbo run lint", "lint:fix": "turbo run lint:fix", + "postpack": "find . -name '*.tgz' -exec mv {} dist/ \\; 2> /dev/null", "prettier": "turbo run prettier", "prettier:fix": "turbo run prettier:fix", "test": "turbo run test", @@ -22,7 +23,7 @@ "ui": "pnpm --filter @ledgerhq/device-sdk-ui", "sample": "pnpm --filter @ledgerhq/device-sdk-sample", "bump": "changeset version", - "release": "changeset publish", + "release": "pnpm recursive exec -- pnpm pack && changeset publish", "changelog": "changeset add", "commit": "gitmoji -c", "commitcl": "pnpm changelog && git add .changeset && pnpm commit", diff --git a/packages/core/package.json b/packages/core/package.json index 274cbc5fd..e204d453a 100644 --- a/packages/core/package.json +++ b/packages/core/package.json @@ -32,6 +32,7 @@ "dev:cjs": "concurrently \"tsc --watch -p tsconfig.cjs.json\" \"tsc-alias --watch -p tsconfig.cjs.json\"", "lint": "eslint", "lint:fix": "pnpm lint --fix", + "postpack": "find . -name '*.tgz' -exec mv {} ../../dist/ \\; 2> /dev/null", "prettier": "prettier . --check", "prettier:fix": "prettier . --write", "test": "jest", diff --git a/packages/signer/context-module/package.json b/packages/signer/context-module/package.json index 007784465..264fc2207 100644 --- a/packages/signer/context-module/package.json +++ b/packages/signer/context-module/package.json @@ -33,6 +33,7 @@ "dev:cjs": "concurrently \"tsc --watch -p tsconfig.cjs.json\" \"tsc-alias --watch -p tsconfig.cjs.json\"", "lint": "eslint", "lint:fix": "pnpm lint --fix", + "postpack": "find . -name '*.tgz' -exec mv {} ../../../dist/ \\; 2> /dev/null", "prettier": "prettier . --check", "prettier:fix": "prettier . --write", "test": "jest", diff --git a/packages/signer/keyring-btc/package.json b/packages/signer/keyring-btc/package.json index 28975c5ba..29532f540 100644 --- a/packages/signer/keyring-btc/package.json +++ b/packages/signer/keyring-btc/package.json @@ -35,6 +35,7 @@ "dev:cjs": "concurrently \"tsc --watch -p tsconfig.cjs.json\" \"tsc-alias --watch -p tsconfig.cjs.json\"", "lint": "eslint", "lint:fix": "pnpm lint --fix", + "postpack": "find . -name '*.tgz' -exec mv {} ../../../dist/ \\; 2> /dev/null", "prettier": "prettier . --check", "prettier:fix": "prettier . --write", "typecheck": "tsc --noEmit", diff --git a/packages/signer/keyring-eth/package.json b/packages/signer/keyring-eth/package.json index 4d12a4d33..86dc1ce29 100644 --- a/packages/signer/keyring-eth/package.json +++ b/packages/signer/keyring-eth/package.json @@ -35,6 +35,7 @@ "dev:cjs": "concurrently \"tsc --watch -p tsconfig.cjs.json\" \"tsc-alias --watch -p tsconfig.cjs.json\"", "lint": "eslint", "lint:fix": "pnpm lint --fix", + "postpack": "find . -name '*.tgz' -exec mv {} ../../../dist/ \\; 2> /dev/null", "prettier": "prettier . --check", "prettier:fix": "prettier . --write", "typecheck": "tsc --noEmit", diff --git a/packages/trusted-apps/package.json b/packages/trusted-apps/package.json index 5ff4f9b1a..90fd540b2 100644 --- a/packages/trusted-apps/package.json +++ b/packages/trusted-apps/package.json @@ -35,6 +35,7 @@ "dev:cjs": "concurrently \"tsc --watch -p tsconfig.cjs.json\" \"tsc-alias --watch -p tsconfig.cjs.json\"", "lint": "eslint", "lint:fix": "pnpm lint --fix", + "postpack": "find . -name '*.tgz' -exec mv {} ../../dist/ \\; 2> /dev/null", "prettier": "prettier . --check", "prettier:fix": "prettier . --write", "typecheck": "tsc --noEmit", diff --git a/packages/ui/package.json b/packages/ui/package.json index ffc3e92fe..30e6de6da 100644 --- a/packages/ui/package.json +++ b/packages/ui/package.json @@ -35,6 +35,7 @@ "dev:cjs": "concurrently \"tsc --watch -p tsconfig.cjs.json\" \"tsc-alias --watch -p tsconfig.cjs.json\"", "lint": "eslint", "lint:fix": "pnpm lint --fix", + "postpack": "find . -name '*.tgz' -exec mv {} ../../dist/ \\; 2> /dev/null", "prettier": "prettier . --check", "prettier:fix": "prettier . --write", "typecheck": "tsc --noEmit",