ci(INFRAPRJ-6604): add attest and sign process

LedgerHQ · Sep 18, 2024 · 50685a7 · 50685a7
1 parent c8ad97f
commit 50685a7
Showing 1 changed file with 24 additions and 11 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,22 +1,28 @@
 name: Release crypto-icons package
 
 on:
- push:
- branches:
- - main
- paths: 
- - "lib/**"
+ pull_request:
+# on:
+# push:
+# branches:
+# - main
+# paths: 
+# - "lib/**"
+
+permissions:
+ id-token: write
+ packages: write
+ contents: read
+
+env:
+ NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ledgerlive-npm-prod-public
 
 jobs:
  publish:
  runs-on: ledgerhq-shared-medium
  defaults:
  run:
  working-directory: ./lib/
- permissions:
- id-token: write
- packages: write
- contents: read
  steps:
  - uses: actions/checkout@v4
  - uses: pnpm/action-setup@v2
@@ -30,19 +36,26 @@ jobs:
  - name: Install dependencies
  run: pnpm install --frozen-lockfile
 
+ - name: pnpm build
+ run: pnpm run build
+
+ - name: Attest
+ uses: LedgerHQ/actions-security/actions/attest@actions/attest-1
+ with:
+ subject-path: dist/*
+
  - name: Login to JFrog Ledger
  id: jfrog-login
  uses: LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1
 
  - name: Setup npm config for JFrog
  env:
- NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ledgerlive-npm-prod-public
  NPM_REGISTRY_TOKEN: ${{ steps.jfrog-login.outputs.oidc-token }}
  run: |
  cat << EOF | tee .npmrc
  registry=https://${NPM_REGISTRY}/
  //${NPM_REGISTRY}/:_authToken=${NPM_REGISTRY_TOKEN}
  EOF
- 
+
  - name: Publish package 
  run: pnpm publish