-
Notifications
You must be signed in to change notification settings - Fork 0
125 lines (111 loc) · 3.53 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
---
name: Build Screenly Browser Extensions
on:
pull_request:
branches:
- master
push:
branches:
- master
tags:
- v*.*
jobs:
build:
runs-on: ubuntu-latest
name: Build and Generate Artifact
permissions:
id-token: write
contents: write
attestations: write
strategy:
matrix:
platform: ['chrome', 'firefox']
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Prepare manifest.json
run: |
if [[ $GITHUB_REF == refs/tags/v* ]]; then
export SCREENLY_CE_VERSION=${GITHUB_REF#refs/tags/v}
else
export SCREENLY_CE_VERSION="0.0.0"
fi
cat src/manifest-${{ matrix.platform }}.json \
| jq --arg version "$SCREENLY_CE_VERSION" '.version = $version' \
> src/manifest.json
- name: Build Docker images
run: |
docker compose build
- name: Run Unit Tests
run: |
docker run \
--rm \
-v $(pwd):/app:delegated \
-v /app/node_modules \
sce_webpack:latest \
/bin/bash -c "npx webpack --config webpack.dev.js && npm run test"
- name: Build and Package the Extension
run: |
mkdir artifacts
docker run \
--rm \
-v $(pwd)/artifacts:/app/artifacts:delegated \
-v /app/artifacts/node_modules \
sce_webpack:latest \
/bin/bash -c "npm run build && cp -r dist/ artifacts/"
- name: Compress
run: |
cd artifacts/dist/
zip -r ${{ github.workspace }}/screenly-${{ matrix.platform }}-extension.zip .
- name: Attest
uses: actions/attest-build-provenance@v1
with:
subject-path: '${{ github.workspace }}/screenly-${{ matrix.platform }}-extension.zip'
- name: Upload Archive as Artifact
uses: actions/upload-artifact@v4
with:
name: screenly-${{ matrix.platform }}-extension
path: artifacts/dist
- name: Prepare Release
if: startsWith(github.ref, 'refs/tags/')
run: |
cp \
${{ github.workspace }}/screenly-${{ matrix.platform }}-extension.zip \
${{ github.workspace }}/screenly-${{ matrix.platform }}-extension-${{ github.ref_name }}.zip
- name: Create Release
if: startsWith(github.ref, 'refs/tags/')
uses: ncipollo/[email protected]
with:
allowUpdates: true
prerelease: true
artifacts: "screenly-${{ matrix.platform }}-extension-${{ github.ref_name }}.zip"
generate-sbom:
runs-on: ubuntu-latest
name: Generate SBOM
permissions:
id-token: write
contents: read
attestations: write
needs: build
strategy:
matrix:
platform: ['chrome', 'firefox']
if: startsWith(github.ref, 'refs/tags/')
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Upload SBOM
uses: sbomify/github-action@master
env:
TOKEN: ${{ secrets.SBOMIFY_TOKEN }}
COMPONENT_ID: 'NwxGnn8u8K'
OVERRIDE_SBOM_METADATA: true
SBOM_VERSION: ${{ github.ref_name }}
LOCK_FILE: 'package-lock.json'
OUTPUT_FILE: '${{ matrix.platform }}-extension.cdx.json'
AUGMENT: true
ENRICH: true
- name: Attest build
uses: actions/attest-build-provenance@v1
with:
subject-path: '${{ github.workspace }}/${{ matrix.platform }}-extension.cdx.json'