ghatemplates/.github/workflows/release-please-oidc.yml at main · voxpelli/ghatemplates · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: release-please oidc

on:
  workflow_call:
    secrets:
      APP_PEM:
        description: 'The private key of the GitHub App to use for the PR creation.'
        required: false

    inputs:
      app-id:
        description: 'ID of the GitHub App that should be used to create the PR'
        required: true
        type: string
      config-file:
        description: 'The path to the release-please config file'
        required: false
        default: '.github/release-please/config.json'
        type: string
      manifest-file:
        description: 'The path to the release-please manifest file'
        required: false
        default: '.github/release-please/manifest.json'
        type: string
      lockfile:
        description: 'Whether to expect a lockfile or not'
        required: false
        default: false
        type: boolean
      npm-tag:
        description: 'The distribution tag to publish to on npm'
        required: false
        default: 'latest'
        type: string
      force-release:
        description: 'Force a release no matter if release-please thinks it should be a release'
        required: false
        default: false
        type: boolean

jobs:
  release_please:
    uses: ./.github/workflows/reusable-release-please-bot.yml
    with:
      app-id: ${{ inputs.app-id }}
      config-file: ${{ inputs.config-file }}
      manifest-file: ${{ inputs.manifest-file }}
    secrets: inherit

  npm_publish:
    uses: ./.github/workflows/reusable-npm-publish-oidc.yml
    needs: release_please
    if: needs.release_please.outputs.releaseCreated || inputs.force-release
    permissions:
      contents: read
      id-token: write
    with:
      lockfile: ${{ inputs.lockfile }}
      npm-tag: ${{ inputs.npm-tag }}