Assemble full release #180
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SDK CI | |
| on: | |
| pull_request: | |
| branches: [main, develop] | |
| push: | |
| branches: [main, develop] | |
| tags: | |
| - 'v*' | |
| jobs: | |
| lint: | |
| name: Lint & type-check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| registry-url: 'https://registry.npmjs.org' | |
| - run: npm ci | |
| - run: npm run lint | |
| - run: npm run type-check | |
| unit-tests: | |
| name: Unit tests | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| registry-url: 'https://registry.npmjs.org' | |
| - run: npm ci | |
| - name: Run unit tests with coverage | |
| run: npm run test:cov | |
| env: | |
| STELLAR_NETWORK: testnet | |
| MASTER_SECRET_KEY: ${{ secrets.TESTNET_MASTER_SECRET_KEY }} | |
| MASTER_PUBLIC_KEY: ${{ secrets.TESTNET_MASTER_PUBLIC_KEY }} | |
| - name: Upload coverage report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sdk-coverage | |
| path: coverage/ | |
| retention-days: 14 | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| needs: unit-tests | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| registry-url: 'https://registry.npmjs.org' | |
| - run: npm ci | |
| - run: npm run build | |
| - name: Verify dist outputs | |
| run: | | |
| test -f dist/index.js || (echo "FAIL: dist/index.js missing" && exit 1) | |
| test -f dist/index.d.ts || (echo "FAIL: dist/index.d.ts missing" && exit 1) | |
| echo "dist/ OK" | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: sdk-dist | |
| path: dist/ | |
| retention-days: 5 | |
| security: | |
| name: Security audit | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| registry-url: 'https://registry.npmjs.org' | |
| - run: npm ci | |
| - run: npm audit --audit-level=high | |
| - name: Scan src/ for raw Stellar secret keys | |
| run: | | |
| if grep -rn --include="*.ts" --exclude-dir=tests --exclude-dir=node_modules \ | |
| 'S[A-Z2-7]\{55,56\}' src/ 2>/dev/null; then | |
| echo "FAIL: Possible Stellar secret key found in src/" | |
| exit 1 | |
| fi | |
| echo "OK: No secret key patterns detected" | |
| integration-tests: | |
| name: Integration tests (Stellar testnet) | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: github.event_name == 'pull_request' && github.base_ref == 'main' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| registry-url: 'https://registry.npmjs.org' | |
| - run: npm ci | |
| - run: npm run build | |
| - name: Run integration tests | |
| run: npm run test:integration | |
| timeout-minutes: 12 | |
| env: | |
| STELLAR_NETWORK: testnet | |
| STELLAR_HORIZON_URL: https://horizon-testnet.stellar.org | |
| STELLAR_NETWORK_PASSPHRASE: 'Test SDF Network ; September 2015' | |
| MASTER_SECRET_KEY: ${{ secrets.TESTNET_MASTER_SECRET_KEY }} | |
| MASTER_PUBLIC_KEY: ${{ secrets.TESTNET_MASTER_PUBLIC_KEY }} | |
| ci-passed: | |
| name: All checks passed | |
| runs-on: ubuntu-latest | |
| needs: [lint, unit-tests, build, security] | |
| if: always() | |
| steps: | |
| - name: Gate | |
| run: | | |
| FAILED=0 | |
| check() { [ "$1" = "success" ] || { echo "FAIL: $2"; FAILED=1; }; } | |
| check "${{ needs.lint.result }}" "Lint & type-check" | |
| check "${{ needs.unit-tests.result }}" "Unit tests" | |
| check "${{ needs.build.result }}" "Build" | |
| check "${{ needs.security.result }}" "Security audit" | |
| [ $FAILED -eq 0 ] || exit 1 | |
| echo "All required checks passed" | |
| publish: | |
| name: Publish to npm | |
| runs-on: ubuntu-latest | |
| needs: [lint, unit-tests, build, security] | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| permissions: | |
| contents: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| registry-url: 'https://registry.npmjs.org' | |
| - run: npm ci | |
| - run: npm run build | |
| - name: Run integration tests before publish | |
| run: npm run test:integration | |
| timeout-minutes: 12 | |
| env: | |
| STELLAR_NETWORK: testnet | |
| STELLAR_HORIZON_URL: https://horizon-testnet.stellar.org | |
| STELLAR_NETWORK_PASSPHRASE: 'Test SDF Network ; September 2015' | |
| MASTER_SECRET_KEY: ${{ secrets.TESTNET_MASTER_SECRET_KEY }} | |
| MASTER_PUBLIC_KEY: ${{ secrets.TESTNET_MASTER_PUBLIC_KEY }} | |
| - name: Verify package.json version matches git tag | |
| run: | | |
| PKG=$(node -p "require('./package.json').version") | |
| TAG=${GITHUB_REF_NAME#v} | |
| [ "$PKG" = "$TAG" ] || (echo "FAIL: package.json $PKG != tag $TAG" && exit 1) | |
| echo "Version OK: $PKG" | |
| - name: Publish to npm | |
| run: npm publish --provenance --access public | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: '@petad/stellar-sdk ${{ github.ref_name }}' | |
| generate_release_notes: true | |
| prerelease: ${{ contains(github.ref_name, '-') }} | |
| - name: Notify backend of new SDK version | |
| uses: peter-evans/repository-dispatch@v3 | |
| with: | |
| token: ${{ secrets.BACKEND_DISPATCH_TOKEN }} | |
| repository: amina69/PetAd-backend | |
| event-type: sdk-new-version | |
| client-payload: '{"version":"${{ github.ref_name }}","sha":"${{ github.sha }}"}' |