waveterm/.github/workflows/publish-release.yml
Evan Simkowitz b7d01c0403
Add automated release flow (#394)
## New release workflow

Build Helper will now automatically create a draft GitHub Release after
it finishes its builds. It will upload a copy of the build artifacts to
this release for easy access.

When a version is ready to be published, edit the GitHub Release and
publish it. This will trigger a workflow to publish the artifacts to our
releases feed.

## Moved artifacts scripts to Taskfile

The scripts formerly located at `scripts/artifacts` have been moved to
the Taskfile. They can now be found at `artifacts:*`.

## Moved releases readme to `RELEASES.md`

Updated the releases readme with step-by-step instructions and moved it
from `scripts/artifacts` to `RELEASES.md`

## Created new AWS identities for artifact upload and publishing

This narrows the scopes of the AWS identities used by the workflows to
upload and publish artifacts. The Build Helper workflow now only has
permission to put files into the artifacts bucket. The Publish Release
workflow only has permission to get files from the artifacts bucket and
put them into the releases bucket.
2024-09-18 12:29:47 -07:00

26 lines
918 B
YAML

# Workflow to copy artifacts from the staging bucket to the release bucket when a new GitHub Release is published.
name: Publish Release
run-name: Publish ${{ github.ref_name }}
on:
release:
types: [published]
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Task
uses: arduino/setup-task@v2
with:
version: 3.x
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Publish from staging
if: startsWith(github.ref, 'refs/tags/')
run: "task artifacts:publish:${{ github.ref_name }}"
env:
AWS_ACCESS_KEY_ID: "${{ secrets.PUBLISHER_KEY_ID }}"
AWS_SECRET_ACCESS_KEY: "${{ secrets.PUBLISHER_KEY_SECRET }}"
AWS_DEFAULT_REGION: us-west-2
shell: bash