-
Notifications
You must be signed in to change notification settings - Fork 228
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: add publish pipeline [INS-3792]
- Loading branch information
Showing
1 changed file
with
56 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| name: Publish httpsnippet | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| version: | ||
| description: 'Tag version to release' | ||
| required: true | ||
|
|
||
| jobs: | ||
| publish: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 20.9.0 | ||
| registry-url: 'https://registry.npmjs.org' | ||
|
|
||
| - name: Configure Git user | ||
| uses: Homebrew/actions/git-user-config@master | ||
| with: | ||
| username: ${{ (github.event_name == 'workflow_dispatch' && github.actor) || 'insomnia-infra' }} | ||
|
|
||
| - name: Tag the Repository | ||
| run: | | ||
| git tag ${{ github.event.inputs.version }} | ||
| git push origin ${{ github.event.inputs.version }} | ||
|
Check failure Code scanning / Semgrep OSS Semgrep Finding: yaml.github-actions.security.run-shell-injection.run-shell-injection Error
Using variable interpolation ${...} with github context data in a run: step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. github context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with env: to store the data and use the environment variable in the run: script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".
|
||
| - name: Create Tag and Release | ||
| uses: ncipollo/release-action@v1 | ||
| id: core_tag_and_release | ||
| with: | ||
| tag: ${{ github.event.inputs.version }} | ||
| name: "httpsnippet ${{ github.event.inputs.version }} 📦" | ||
| generateReleaseNotes: true | ||
| prerelease: false | ||
| draft: false | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Install | ||
| run: npm ci | ||
|
|
||
| - name: Build | ||
| run: npm run build | ||
|
|
||
| - name: Publish to NPM | ||
| run: npm publish | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||