sonar-release #61
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: sonar-release | ||
| # This workflow is triggered when publishing a new github release | ||
| on: | ||
| release: | ||
| types: | ||
| - published | ||
| env: | ||
| PYTHONUNBUFFERED: 1 | ||
| jobs: | ||
| release: | ||
| permissions: | ||
| id-token: write | ||
| contents: write | ||
| uses: SonarSource/gh-action_release/.github/workflows/main.yaml@v5 | ||
| with: | ||
| publishToBinaries: false | ||
| mavenCentralSync: false | ||
| slackChannel: team-sonarlint-vscode | ||
| deploy_to_microsoft_marketplace: | ||
| permissions: | ||
| id-token: write | ||
| contents: write | ||
| runs-on: ubuntu-latest | ||
| name: Deploy to Visual Studio marketplace | ||
| needs: release | ||
| strategy: | ||
| # Deployment jobs are executed sequentially to make sure that the universal package is the last one deployed | ||
| max-parallel: 1 | ||
| matrix: | ||
| platform: ['win32-x64', 'linux-x64', 'darwin-x64', 'darwin-arm64', 'universal'] | ||
| env: | ||
| ARTIFACTORY_URL: https://repox.jfrog.io/artifactory | ||
| steps: | ||
| - name: Checkout custom actions | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| clean: false | ||
| - name: Use Node 18 | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: '18' | ||
| - name: Get vault secrets | ||
| id: secrets | ||
| uses: SonarSource/vault-action-wrapper@dc8fe04652687f7278f3ecd27905967836bab0eb # tag=2.7.4-1 | ||
| with: | ||
| secrets: | | ||
| development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN; | ||
| - name: Install dependencies for vsce-publish | ||
| run: | | ||
| cp .cirrus/npmrc ./.npmrc | ||
| export ARTIFACTORY_ACCESS_TOKEN=${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }} | ||
| npm install | ||
| working-directory: ./.github/actions/vsce-publish | ||
| - name: Extract version, file name and download URL | ||
| id: extract_version | ||
| shell: python | ||
| run: | | ||
| import os | ||
| # | ||
| # Extract version, build file name and download URL from GH ref | ||
| # | ||
| # See https://docs.github.com/en/actions/learn-github-actions/contexts#github-context | ||
| tagName = '${{ github.ref_name }}' | ||
| # tagName = <version>+<buildId> | ||
| version = tagName.split('+')[0] | ||
| platform = '${{ matrix.platform }}' | ||
| artifactoryPublicRepo = 'https://repox.jfrog.io/artifactory/sonarsource-public-releases' | ||
| slvscodeBaseUrl = f'{artifactoryPublicRepo}/org/sonarsource/sonarlint/vscode/sonarlint-vscode' | ||
| if platform == 'universal': | ||
| artifactName = f'sonarlint-vscode-{version}.vsix' | ||
| else: | ||
| artifactName = f'sonarlint-vscode-{platform}-{version}.vsix' | ||
| artifactUrl = f'{slvscodeBaseUrl}/{version}/{artifactName}' | ||
| with open(os.environ['GITHUB_OUTPUT'], 'a') as githubOutput: | ||
| print(f'artifactUrl={artifactUrl}', file=githubOutput) | ||
| print(f'artifactName={artifactName}', file=githubOutput) | ||
| - name: Get vault secrets | ||
| id: secrets | ||
|
Check failure on line 83 in .github/workflows/release.yml
|
||
| uses: SonarSource/vault-action-wrapper@dc8fe04652687f7278f3ecd27905967836bab0eb | ||
| with: | ||
| secrets: | | ||
| development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_PRIVATE_PASSWORD; | ||
| - name: Download promoted file | ||
| id: download_artifact | ||
| run: | | ||
| curl -s -o ${{ steps.extract_version.outputs.artifactName }} -H 'Authorization: Bearer ${{ steps.secrets.outputs.ARTIFACTORY_PRIVATE_PASSWORD }}' ${{ steps.extract_version.outputs.artifactUrl }} | ||
| echo 'artifactFile='$(pwd)/${{ steps.extract_version.outputs.artifactName }} >> ${GITHUB_OUTPUT} | ||
| - name: Publish to Visual Studio Marketplace | ||
| if: success() | ||
| id: vsce_publish | ||
| env: | ||
| ARTIFACT_FILE: ${{ steps.download_artifact.outputs.artifactFile }} | ||
| TARGET_PLATFORM: ${{ matrix.platform }} | ||
| VSCE_TOKEN: ${{ secrets.VISUALSTUDIO_PAT }} | ||
| uses: ./.github/actions/vsce-publish | ||
| deploy_to_openvsx: | ||
| permissions: | ||
| id-token: write | ||
| contents: write | ||
| runs-on: ubuntu-latest | ||
| name: Deploy to OpenVSX | ||
| needs: release | ||
| env: | ||
| ARTIFACTORY_URL: https://repox.jfrog.io/artifactory | ||
| steps: | ||
| - name: Checkout custom actions | ||
| uses: actions/checkout@v3 | ||
| - name: Use Node 18 | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: '18' | ||
| - name: Get vault secrets | ||
| id: secrets | ||
| uses: SonarSource/vault-action-wrapper@dc8fe04652687f7278f3ecd27905967836bab0eb # tag=2.7.4-1 | ||
| with: | ||
| secrets: | | ||
| development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN; | ||
| - name: Install dependencies for ovsx-publish | ||
| run: | | ||
| cp .cirrus/npmrc ./.npmrc | ||
| export ARTIFACTORY_ACCESS_TOKEN=${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }} | ||
| npm install | ||
| working-directory: ./.github/actions/ovsx-publish | ||
| - name: Extract version, file name and download URL | ||
| id: extract_version | ||
| shell: python | ||
| run: | | ||
| import os | ||
| # | ||
| # Extract version, build file name and download URL from GH ref | ||
| # | ||
| # See https://docs.github.com/en/actions/learn-github-actions/contexts#github-context | ||
| tagName = '${{ github.ref_name }}' | ||
| # tagName = <version>+<buildId> | ||
| version = tagName.split('+')[0] | ||
| artifactoryPublicRepo = 'https://repox.jfrog.io/artifactory/sonarsource-public-releases' | ||
| slvscodeBaseUrl = f'{artifactoryPublicRepo}/org/sonarsource/sonarlint/vscode/sonarlint-vscode' | ||
| artifactName = f'sonarlint-vscode-{version}.vsix' | ||
| artifactUrl = f'{slvscodeBaseUrl}/{version}/{artifactName}' | ||
| with open(os.environ['GITHUB_OUTPUT'], 'a') as githubOutput: | ||
| print(f'artifactUrl={artifactUrl}', file=githubOutput) | ||
| print(f'artifactName={artifactName}', file=githubOutput) | ||
| - name: Get vault secrets | ||
| id: secrets | ||
| uses: SonarSource/vault-action-wrapper@dc8fe04652687f7278f3ecd27905967836bab0eb | ||
| with: | ||
| secrets: | | ||
| development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_PRIVATE_PASSWORD; | ||
| - name: Download promoted file | ||
| id: download_artifact | ||
| run: | | ||
| curl -s -o ${{ steps.extract_version.outputs.artifactName }} -H 'Authorization: Bearer ${{ steps.secrets.outputs.ARTIFACTORY_PRIVATE_PASSWORD }}' ${{ steps.extract_version.outputs.artifactUrl }} | ||
| echo 'artifactFile='$(pwd)/${{ steps.extract_version.outputs.artifactName }} >> ${GITHUB_OUTPUT} | ||
| - name: Publish to OpenVSX | ||
| if: success() | ||
| id: ovsx_publish | ||
| env: | ||
| ARTIFACT_FILE: ${{ steps.download_artifact.outputs.artifactFile }} | ||
| OPENVSX_TOKEN: ${{ secrets.OPENVSX_TOKEN }} | ||
| uses: ./.github/actions/ovsx-publish | ||
