Skip to content

Commit

Permalink
Update release scripts to user trusted publisher (#768)
Browse files Browse the repository at this point in the history
  • Loading branch information
krassowski authored Sep 5, 2024
1 parent b4f786b commit cafe00c
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 13 deletions.
14 changes: 10 additions & 4 deletions .github/workflows/prep-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@ on:
post_version_spec:
description: "Post Version Specifier"
required: false
silent:
description: "Set a placeholder in the changelog and don't publish the release."
required: false
type: boolean
since:
description: "Use PRs with activity since this date or git reference"
required: false
Expand All @@ -22,18 +26,20 @@ on:
jobs:
prep_release:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1

- name: Prep Release
id: prep-release
uses: fcollonval/jupyter_releaser/.github/actions/prep-release@1e5300b94b842e61d4f10bed0db8e855c8fe9108
env:
RH_TAG_FORMAT: "{version}"
uses: jupyter-server/jupyter_releaser/.github/actions/prep-release@v2
with:
token: ${{ secrets.ADMIN_GITHUB_TOKEN }}
token: ${{ secrets.GITHUB_TOKEN }}
version_spec: ${{ github.event.inputs.version_spec }}
silent: ${{ github.event.inputs.silent }}
post_version_spec: ${{ github.event.inputs.post_version_spec }}
target: ${{ github.event.inputs.target }}
branch: ${{ github.event.inputs.branch }}
since: ${{ github.event.inputs.since }}
since_last_stable: ${{ github.event.inputs.since_last_stable }}
Expand Down
20 changes: 11 additions & 9 deletions .github/workflows/publish-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,20 +15,23 @@ on:
jobs:
publish_release:
runs-on: ubuntu-latest
environment: release
permissions:
# This is useful if you want to use PyPI trusted publisher
# and NPM provenance
id-token: write
steps:
- uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1

- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}

- name: Populate Release
id: populate-release
uses: fcollonval/jupyter_releaser/.github/actions/populate-release@1e5300b94b842e61d4f10bed0db8e855c8fe9108
env:
RH_TAG_FORMAT: "{version}"
uses: jupyter-server/jupyter_releaser/.github/actions/populate-release@v2
with:
token: ${{ secrets.ADMIN_GITHUB_TOKEN }}
token: ${{ steps.app-token.outputs.token }}
branch: ${{ github.event.inputs.branch }}
release_url: ${{ github.event.inputs.release_url }}
steps_to_skip: ${{ github.event.inputs.steps_to_skip }}
Expand All @@ -37,10 +40,9 @@ jobs:
id: finalize-release
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
RH_TAG_FORMAT: "{version}"
uses: fcollonval/jupyter_releaser/.github/actions/finalize-release@1e5300b94b842e61d4f10bed0db8e855c8fe9108
uses: jupyter-server/jupyter_releaser/.github/actions/finalize-release@v2
with:
token: ${{ secrets.ADMIN_GITHUB_TOKEN }}
token: ${{ steps.app-token.outputs.token }}
release_url: ${{ steps.populate-release.outputs.release_url }}

- name: "** Next Step **"
Expand Down

0 comments on commit cafe00c

Please sign in to comment.