openzeppelin-contracts/.github/workflows/release-upgradeable.yml at master · Amxx/openzeppelin-contracts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: Release Upgradeable

on:
  workflow_dispatch: {}

jobs:
  state:
    name: Check state
    permissions:
      pull-requests: read
    if: ${{ !endsWith(github.repository, '-upgradeable') }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
        with:
          repository: ${{ github.repository }}-upgradeable
          ref: ${{ github.ref }}
      - uses: actions/checkout@v6
        with:
          ref: ${{ github.ref }}
          path: lib/openzeppelin-contracts
      - name: Set up environment
        uses: ./.github/actions/setup
      - name: Check upgradeable
        id: check-upgradeable
        run: bash scripts/release/workflow/check-upgradeable.sh
    outputs:
      publish: ${{ steps.check-upgradeable.outcome }}
      is_prerelease: ${{ steps.check-upgradeable.outputs.is_prerelease }}

  # copied from release-cycle.yml
  publish:
    needs: state
    name: Publish to npm
    environment: push-upgradeable
    permissions:
      id-token: write
    if: needs.state.outputs.publish == 'success' # Note: changed from 'true' to 'success' to support the way publish is computed
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
        with:
          repository: ${{ github.repository }}-upgradeable
          ref: ${{ github.ref }}
      - uses: actions/checkout@v6
        with:
          ref: ${{ github.ref }}
          path: lib/openzeppelin-contracts
      - name: Set up environment
        uses: ./.github/actions/setup
      - id: pack
        name: Pack
        run: bash scripts/release/workflow/pack.sh
        env:
          PRERELEASE: ${{ needs.state.outputs.is_prerelease }}
      - name: Upload tarball artifact
        uses: actions/upload-artifact@v6
        with:
          name: ${{ github.ref_name }}-upgradeable
          path: ${{ steps.pack.outputs.tarball }}
      - name: Publish
        run: bash scripts/release/workflow/publish.sh
        env:
          TARBALL: ${{ steps.pack.outputs.tarball }}
          TAG: ${{ steps.pack.outputs.tag }}
      - name: Create Github Release
        uses: actions/github-script@v8
        env:
          PRERELEASE: ${{ needs.state.outputs.is_prerelease }}
          TARGET_COMMIT: ${{ github.ref }}
          REPO_SUFFIX: -upgradeable
        with:
          github-token: ${{ secrets.GH_TOKEN_UPGRADEABLE }}
          script: await require('./scripts/release/workflow/github-release.js')({ github, context })
    outputs:
      tarball_name: ${{ steps.pack.outputs.tarball_name }}

  integrity_check:
    needs: publish
    name: Tarball Integrity Check
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
        with:
          repository: ${{ github.repository }}-upgradeable
          ref: ${{ github.ref }}
      - name: Download tarball artifact
        id: artifact
        uses: actions/download-artifact@v7
        with:
          name: ${{ github.ref_name }}-upgradeable
      - name: Check integrity
        run: bash scripts/release/workflow/integrity-check.sh
        env:
          TARBALL: ${{ steps.artifact.outputs.download-path }}/${{ needs.publish.outputs.tarball_name }}