@@ -2,6 +2,9 @@ name: release
22
33on :
44 workflow_call :
5+ secrets :
6+ VAULT_URL :
7+ required : true
58
69jobs :
710 release :
1114 id-token : write # Required for OIDC trusted publishing
1215 runs-on : ubuntu-latest
1316 steps :
17+ - name : ' Retrieve Secrets from Vault'
18+ id : vault
19+ uses : hashicorp/vault-action@v3.4.0
20+ with :
21+ url : ${{ secrets.VAULT_URL }}
22+ role : ${{ github.event.repository.name }}-github-action
23+ method : jwt
24+ path : github-actions
25+ exportEnv : false
26+ secrets : |
27+ github/token/${{ github.event.repository.name }}-semantic-release token | GITHUB_TOKEN ;
28+
29+ name : Get Automation Bot User ID
30+ id : get-user-id
31+ run : echo "user-id=$(gh api "/users/contentful-automation[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
32+ env :
33+ GITHUB_TOKEN : ${{ steps.vault.outputs.GITHUB_TOKEN }}
34+
35+ - name : Setting up Git User Credentials
36+ run : |
37+ git config --global user.name 'contentful-automation[bot]'
38+ git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+contentful-automation[bot]@users.noreply.github.com'
39+
1440name : Checkout code
1541 uses : actions/checkout@v5
1642 with :
@@ -29,17 +55,11 @@ jobs:
2955 - name : Install dependencies
3056 run : npm ci
3157
32- - name : Restore the build folders
33- uses : actions/cache/restore@v4
34- with :
35- path : |
36- dist
37- key : build-cache-${{ github.run_id }}-${{ github.run_attempt }}
38-
39- - name : Setup Chrome
40- uses : browser-actions/setup-chrome@v2
41- with :
42- install-chromedriver : true
58+ - name : Ensure on latest commit
59+ run : |
60+ git fetch origin
61+ git checkout master
62+ git pull origin master
4363
4464name : Run semantic release
4565 run : npm run semantic-release
0 commit comments