name: Package Release on: workflow_dispatch concurrency: group: release cancel-in-progress: false jobs: release: runs-on: ubuntu-latest permissions: contents: write issues: write pull-requests: write id-token: write steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 token: ${{ secrets.GALILEO_AUTOMATION_GITHUB_TOKEN }} - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: 24 - name: Ensure npm >= 11.5.1 (Trusted Publishing support) run: npm install -g npm@latest - name: Install dependencies run: npm ci - name: Sanity-check Trusted Publishing prerequisites run: | echo "node: $(node --version)" echo "npm: $(npm --version)" echo "id-token avail: ${ACTIONS_ID_TOKEN_REQUEST_TOKEN:+yes}" npm ls @semantic-release/npm || true - name: Configure Git for SSH signing run: | mkdir -p ~/.ssh chmod 700 ~/.ssh # Save the private key from GitHub secret to a file echo "${{ secrets.GALILEO_AUTOMATION_SSH_PRIVATE_KEY }}" > ~/.ssh/galileo_signing_key chmod 600 ~/.ssh/galileo_signing_key # Configure Git to use the SSH key file git config --global gpg.format ssh git config --global user.signingKey ~/.ssh/galileo_signing_key git config --global commit.gpgsign true git config --global user.email ci@rungalileo.io git config --global user.name "galileo-automation" - name: Semantic Release (bump version + npm publish + Github release) uses: cycjimmy/semantic-release-action@v4 with: ci: false semantic_version: 25 extra_plugins: | @semantic-release/changelog @semantic-release/git env: GITHUB_TOKEN: ${{ secrets.GALILEO_AUTOMATION_GITHUB_TOKEN }} GIT_AUTHOR_NAME: galileo-automation GIT_AUTHOR_EMAIL: ci@rungalileo.io GIT_COMMITTER_NAME: galileo-automation GIT_COMMITTER_EMAIL: ci@rungalileo.io