|
19 | 19 | contents: write |
20 | 20 | id-token: write |
21 | 21 | actions: read |
| 22 | + packages: write |
22 | 23 |
|
23 | 24 | steps: |
24 | 25 | - name: Retrieve Secrets from Vault |
|
31 | 32 | path: github-actions |
32 | 33 | exportEnv: false |
33 | 34 | secrets: | |
34 | | - github/token/${{ github.event.repository.name }}-semantic-release token | GITHUB_TOKEN; |
| 35 | + secret/data/github/github_packages_write GITHUB_PACKAGES_WRITE_TOKEN | GITHUB_PACKAGES_WRITE_TOKEN; |
| 36 | + github/token/${{ github.event.repository.name }}-semantic-release token | GITHUB_TOKEN ; |
35 | 37 | secret/data/github/automation-app-user GH_USER_NAME | GIT_COMMITTER_NAME ; |
36 | 38 | secret/data/github/automation-app-user GH_USER_EMAIL | GIT_COMMITTER_EMAIL ; |
37 | 39 |
|
@@ -81,27 +83,51 @@ jobs: |
81 | 83 | env: |
82 | 84 | GITHUB_TOKEN: ${{ steps.vault.outputs.GITHUB_TOKEN }} |
83 | 85 | GH_TOKEN: ${{ steps.vault.outputs.GITHUB_TOKEN }} |
| 86 | + NPM_TOKEN: ${{ steps.vault.outputs.GITHUB_PACKAGES_WRITE_TOKEN }} |
| 87 | + NODE_AUTH_TOKEN: ${{ steps.vault.outputs.GITHUB_PACKAGES_WRITE_TOKEN }} |
| 88 | + GIT_AUTHOR_NAME: ${{ steps.vault.outputs.GIT_COMMITTER_NAME }} |
| 89 | + GIT_AUTHOR_EMAIL: ${{ steps.vault.outputs.GIT_COMMITTER_EMAIL }} |
| 90 | + GIT_COMMITTER_NAME: ${{ steps.vault.outputs.GIT_COMMITTER_NAME }} |
| 91 | + GIT_COMMITTER_EMAIL: ${{ steps.vault.outputs.GIT_COMMITTER_EMAIL }} |
84 | 92 |
|
85 | 93 | - name: Publish (main branch) |
86 | 94 | if: (github.event.workflow_run.head_branch || github.ref_name) == 'main' |
87 | 95 | run: npm run publish-packages |
88 | 96 | env: |
89 | 97 | GITHUB_TOKEN: ${{ steps.vault.outputs.GITHUB_TOKEN }} |
90 | 98 | GH_TOKEN: ${{ steps.vault.outputs.GITHUB_TOKEN }} |
| 99 | + NPM_TOKEN: ${{ steps.vault.outputs.GITHUB_PACKAGES_WRITE_TOKEN }} |
| 100 | + NODE_AUTH_TOKEN: ${{ steps.vault.outputs.GITHUB_PACKAGES_WRITE_TOKEN }} |
| 101 | + GIT_AUTHOR_NAME: ${{ steps.vault.outputs.GIT_COMMITTER_NAME }} |
| 102 | + GIT_AUTHOR_EMAIL: ${{ steps.vault.outputs.GIT_COMMITTER_EMAIL }} |
| 103 | + GIT_COMMITTER_NAME: ${{ steps.vault.outputs.GIT_COMMITTER_NAME }} |
| 104 | + GIT_COMMITTER_EMAIL: ${{ steps.vault.outputs.GIT_COMMITTER_EMAIL }} |
91 | 105 |
|
92 | 106 | - name: Version (canary branch) |
93 | 107 | if: (github.event.workflow_run.head_branch || github.ref_name) == 'canary' |
94 | 108 | run: npm run version:canary |
95 | 109 | env: |
96 | 110 | GITHUB_TOKEN: ${{ steps.vault.outputs.GITHUB_TOKEN }} |
97 | 111 | GH_TOKEN: ${{ steps.vault.outputs.GITHUB_TOKEN }} |
| 112 | + NPM_TOKEN: ${{ steps.vault.outputs.GITHUB_PACKAGES_WRITE_TOKEN }} |
| 113 | + NODE_AUTH_TOKEN: ${{ steps.vault.outputs.GITHUB_PACKAGES_WRITE_TOKEN }} |
| 114 | + GIT_AUTHOR_NAME: ${{ steps.vault.outputs.GIT_COMMITTER_NAME }} |
| 115 | + GIT_AUTHOR_EMAIL: ${{ steps.vault.outputs.GIT_COMMITTER_EMAIL }} |
| 116 | + GIT_COMMITTER_NAME: ${{ steps.vault.outputs.GIT_COMMITTER_NAME }} |
| 117 | + GIT_COMMITTER_EMAIL: ${{ steps.vault.outputs.GIT_COMMITTER_EMAIL }} |
98 | 118 |
|
99 | 119 | - name: Publish (canary branch) |
100 | 120 | if: (github.event.workflow_run.head_branch || github.ref_name) == 'canary' |
101 | 121 | run: npm run publish-packages:canary |
102 | 122 | env: |
103 | 123 | GITHUB_TOKEN: ${{ steps.vault.outputs.GITHUB_TOKEN }} |
104 | 124 | GH_TOKEN: ${{ steps.vault.outputs.GITHUB_TOKEN }} |
| 125 | + NPM_TOKEN: ${{ steps.vault.outputs.GITHUB_PACKAGES_WRITE_TOKEN }} |
| 126 | + NODE_AUTH_TOKEN: ${{ steps.vault.outputs.GITHUB_PACKAGES_WRITE_TOKEN }} |
| 127 | + GIT_AUTHOR_NAME: ${{ steps.vault.outputs.GIT_COMMITTER_NAME }} |
| 128 | + GIT_AUTHOR_EMAIL: ${{ steps.vault.outputs.GIT_COMMITTER_EMAIL }} |
| 129 | + GIT_COMMITTER_NAME: ${{ steps.vault.outputs.GIT_COMMITTER_NAME }} |
| 130 | + GIT_COMMITTER_EMAIL: ${{ steps.vault.outputs.GIT_COMMITTER_EMAIL }} |
105 | 131 |
|
106 | 132 | - name: Print lerna debug log |
107 | 133 | if: always() |
|
0 commit comments