diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 43381af..743bfd6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,6 +11,11 @@ on: description: "Allowed repository for workflow to run in. Example `ctfpilot/hello-world`." required: true type: string + plugins: + description: "Additional plugins to install. Example `@semantic-release/changelog @semantic-release/git`." + required: false + type: string + default: "" ENVIRONMENT: description: "The environment to deploy to." required: false @@ -21,6 +26,10 @@ on: required: false BUILD_GH_TOKEN: description: "GitHub Token. Used to authenticate with GitHub at build step. This will overwrite the use of the default GitHub token." + required: false + PYPI_TOKEN: + description: "PyPI Token. Used to authenticate with PyPI at release step if present." + required: false outputs: version: description: "The version of the release. Will be empty if no release was made." @@ -71,7 +80,7 @@ jobs: with: node-version: "lts/*" - name: Install dependencies - run: npm install semantic-release @semantic-release/exec @semantic-release/commit-analyzer @semantic-release/git @semantic-release/github @semantic-release/release-notes-generator conventional-changelog-conventionalcommits -D + run: npm install semantic-release @semantic-release/exec @semantic-release/commit-analyzer @semantic-release/git @semantic-release/github @semantic-release/release-notes-generator conventional-changelog-conventionalcommits ${{ inputs.plugins }} -D - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies run: npm audit signatures - name: Detect if configuration file is available for semantic-release @@ -85,55 +94,56 @@ jobs: - name: Set default configuration file for semantic-release if: steps.check-config.outputs.config_exists == 'false' run: | - cat << 'EOF' > .releaserc.json - { - "branches": [ - "main", - { - "name": "develop", - "prerelease": "r" - } - ], - "plugins": [ - [ - "@semantic-release/commit-analyzer", - { - "preset": "conventionalcommits" - } - ], - [ - "@semantic-release/release-notes-generator", - { - "preset": "conventionalcommits" - } - ], - [ - "@semantic-release/github", - { - "successComment": false - } - ], - [ - "@semantic-release/exec", - { - "prepareCmd": "echo ${nextRelease.version} > version.txt", - "publishCmd": "echo 'Published version ${nextRelease.version}'" - } - ], - [ - "@semantic-release/git", - { - "assets": [], - "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}" - } - ] - ] - } - EOF + cat << 'EOF' > .releaserc.json + { + "branches": [ + "main", + { + "name": "develop", + "prerelease": "r" + } + ], + "plugins": [ + [ + "@semantic-release/commit-analyzer", + { + "preset": "conventionalcommits" + } + ], + [ + "@semantic-release/release-notes-generator", + { + "preset": "conventionalcommits" + } + ], + [ + "@semantic-release/exec", + { + "prepareCmd": "echo ${nextRelease.version} > version.txt", + "publishCmd": "echo 'Published version ${nextRelease.version}'" + } + ], + [ + "@semantic-release/git", + { + "assets": [], + "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}" + } + ], + [ + "@semantic-release/github", + { + "successComment": false + } + ] + ] + } + EOF - name: Release env: GITHUB_TOKEN: ${{ secrets.RELEASE_GH_TOKEN || secrets.GITHUB_TOKEN }} NPM_TOKEN: ${{ secrets.RELEASE_GH_TOKEN || secrets.GITHUB_TOKEN }} + PYPI_TOKEN: ${{ secrets.PYPI_TOKEN || '' }} run: | npx semantic-release 2>&1 | tee semantic-release.log status=${PIPESTATUS[0]} diff --git a/README.md b/README.md index d06c770..b531029 100644 --- a/README.md +++ b/README.md @@ -86,12 +86,14 @@ When the workflow runs on a push to `develop`, it will fail if `main` is ahead o #### Inputs - `repository`: Allowed repository for workflow to run in. Example `ctfpilot/hello-world`. +- `plugins`: Additional plugins to install. Example `@semantic-release/changelog @semantic-release/git` - `ENVIRONMENT`: The environment to deploy to. #### Secrets - `RELEASE_GH_TOKEN`: GitHub Token. Used to authenticate with GitHub at release step. This will overwrite the use of the default GitHub token. - `BUILD_GH_TOKEN`: GitHub Token. Used to authenticate with GitHub at build step. This will overwrite the use of the default GitHub token. +- `PYPI_TOKEN`: PyPI Token. Used to authenticate with PyPI at release step if present. #### Outputs