fix: auth after checkout #52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| issues: write | |
| id-token: write | |
| jobs: | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: "google-github-actions/auth@v2" | |
| with: | |
| project_id: "web-prover-circuits-fa4cf3" | |
| workload_identity_provider: "projects/530011589985/locations/global/workloadIdentityPools/github/providers/web-prover-circuits" | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "lts/*" | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Get package version | |
| id: package_version | |
| run: | | |
| VERSION=$(node -p "require('./package.json').version") | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| - name: Get Latest Successful build-circuits Run ID | |
| id: get_run_id | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| # Fetch the latest successful run of the build-artifacts workflow on main | |
| response=$(gh api -X GET /repos/${{ github.repository }}/actions/workflows/artifacts.yaml/runs \ | |
| -f status=success -q '.workflow_runs | map(select(.name == "build-artifacts")) | .[0].id') | |
| echo "run_id=${response}" >> $GITHUB_ENV | |
| - name: Download Build Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: circom-artifacts-v${{ env.VERSION }} | |
| path: ./artifacts | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| run-id: ${{ env.run_id }} | |
| - name: Prepare Release Notes | |
| run: | | |
| echo "Automated release of compiled Circom circuits" > release_notes.md | |
| echo "Version: ${{ env.VERSION }}" >> release_notes.md | |
| echo "Commit: ${{ github.sha }}" >> release_notes.md | |
| echo "Artifacts included:" >> release_notes.md | |
| for zip in artifacts/circom-artifacts-*-v${{ env.VERSION }}.zip; do | |
| basename "$zip" >> release_notes.md | |
| done | |
| # Create release with all artifact files | |
| - name: Upload Release Assets | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: artifacts/circom-artifacts-*-v${{ env.VERSION }}.zip | |
| tag_name: v${{ env.VERSION }} | |
| body_path: release_notes.md | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Prepare artifacts for Google Cloud Storage Bucket | |
| run: | | |
| # Unzip, then gzip each individual file (but remove .gz suffix), delete zip files | |
| for zip_file in artifacts/circom-artifacts-*-v${{ env.VERSION }}.zip; do | |
| unzip "$zip_file" -d "${zip_file%.zip}" | |
| (cd "${zip_file%.zip}" && gzip -7 * && for file in *.gz; do mv "$file" "${file%.gz}"; done) | |
| done | |
| rm artifacts/*.zip | |
| - uses: "google-github-actions/upload-cloud-storage@v2" | |
| with: | |
| path: "artifacts" | |
| destination: "web-prover-circuits.pluto.xyz/${{ github.sha }}" | |
| parent: false | |
| gzip: false # already gzipped | |
| headers: |- | |
| content-type: 'application/octet-stream' | |
| content-encoding: 'gzip' |