Use workload identity federation for publishing. #81
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| pull_request: | |
| branches: | |
| - '*' | |
| push: | |
| branches: | |
| - '*' | |
| tags: | |
| - '*' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install dependencies | |
| run: npm install | |
| - name: Compile | |
| run: npm run compile | |
| - name: Lint | |
| run: npm run lint | |
| - name: Server unit tests | |
| run: npm run test | |
| - name: Package | |
| run: npx vsce package | |
| - name: Package LSP server | |
| run: cp server/out/main.js "fstar-language-server-$(jq -r .version package.json).js" | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: fstar-vscode-assistant | |
| path: | | |
| *.vsix | |
| fstar-language-server-*.js | |
| if-no-files-found: error | |
| deploy: | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| needs: build | |
| runs-on: ubuntu-latest | |
| environment: vsm-deploy | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install dependencies | |
| run: npm install | |
| # We could also rebuild here, since esbuild is super fast. | |
| - name: Download artifact from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: fstar-vscode-assistant | |
| - name: Azure workload identity federation login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| allow-no-subscriptions: true | |
| - name: Upload extension to github release | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: | | |
| *.vsix | |
| fstar-language-server-*.js | |
| fail_on_unmatched_files: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Publish packaged extension | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| npx vsce publish --azure-credential -i *.vsix |