infisical/.github/workflows/release_build_infisical_cli.yml

name: Build and release CLI

on:
    workflow_dispatch:

    push:
        # run only against tags
        tags:
            - "infisical-cli/v*.*.*"

permissions:
    contents: write

jobs:
    cli-integration-tests:
        name: Run tests before deployment
        uses: ./.github/workflows/run-cli-tests.yml
        secrets:
            CLI_TESTS_UA_CLIENT_ID: ${{ secrets.CLI_TESTS_UA_CLIENT_ID }}
            CLI_TESTS_UA_CLIENT_SECRET: ${{ secrets.CLI_TESTS_UA_CLIENT_SECRET }}
            CLI_TESTS_SERVICE_TOKEN: ${{ secrets.CLI_TESTS_SERVICE_TOKEN }}
            CLI_TESTS_PROJECT_ID: ${{ secrets.CLI_TESTS_PROJECT_ID }}
            CLI_TESTS_ENV_SLUG: ${{ secrets.CLI_TESTS_ENV_SLUG }}
            CLI_TESTS_USER_EMAIL: ${{ secrets.CLI_TESTS_USER_EMAIL }}
            CLI_TESTS_USER_PASSWORD: ${{ secrets.CLI_TESTS_USER_PASSWORD }}
            CLI_TESTS_INFISICAL_VAULT_FILE_PASSPHRASE: ${{ secrets.CLI_TESTS_INFISICAL_VAULT_FILE_PASSPHRASE }}

    npm-release:
        runs-on: ubuntu-20.04
        env:
            working-directory: ./npm
        needs:
            - cli-integration-tests
            - goreleaser
        steps:
            - uses: actions/checkout@v3
              with:
                  fetch-depth: 0

            - name: Extract version
              run: |
                  VERSION=$(echo ${{ github.ref_name }} | sed 's/infisical-cli\/v//')
                  echo "Version extracted: $VERSION"
                  echo "CLI_VERSION=$VERSION" >> $GITHUB_ENV

            - name: Print version
              run: echo ${{ env.CLI_VERSION }}

            - name: Setup Node
              uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
              with:
                  node-version: 20
                  cache: "npm"
                  cache-dependency-path: ./npm/package-lock.json
            - name: Install dependencies
              working-directory: ${{ env.working-directory }}
              run: npm install --ignore-scripts

            - name: Set NPM version
              working-directory: ${{ env.working-directory }}
              run: npm version ${{ env.CLI_VERSION }} --allow-same-version --no-git-tag-version

            - name: Setup NPM
              working-directory: ${{ env.working-directory }}
              run: |
                  echo 'registry="https://registry.npmjs.org/"' > ./.npmrc
                  echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc

                  echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc
                  echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc
              env:
                  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

            - name: Pack NPM
              working-directory: ${{ env.working-directory }}
              run: npm pack

            - name: Publish NPM
              working-directory: ${{ env.working-directory }}
              run: npm publish --tarball=./infisical-sdk-${{github.ref_name}} --access public --registry=https://registry.npmjs.org/
              env:
                  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
                  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

    goreleaser:
        runs-on: ubuntu-20.04
        needs: [cli-integration-tests]
        steps:
            - uses: actions/checkout@v3
              with:
                  fetch-depth: 0
            - name: 🐋 Login to Docker Hub
              uses: docker/login-action@v2
              with:
                  username: ${{ secrets.DOCKERHUB_USERNAME }}
                  password: ${{ secrets.DOCKERHUB_TOKEN }}
            - name: 🔧 Set up Docker Buildx
              uses: docker/setup-buildx-action@v2
            - run: git fetch --force --tags
            - run: echo "Ref name ${{github.ref_name}}"
            - uses: actions/setup-go@v3
              with:
                  go-version: ">=1.19.3"
                  cache: true
                  cache-dependency-path: cli/go.sum
            - name: libssl1.1 => libssl1.0-dev for OSXCross
              run: |
                  echo 'deb http://security.ubuntu.com/ubuntu bionic-security main' | sudo tee -a /etc/apt/sources.list
                  sudo apt update && apt-cache policy libssl1.0-dev
                  sudo apt-get install libssl1.0-dev
            - name: OSXCross for CGO Support
              run: |
                  mkdir ../../osxcross
                  git clone https://github.com/plentico/osxcross-target.git ../../osxcross/target
            - uses: goreleaser/goreleaser-action@v4
              with:
                  distribution: goreleaser-pro
                  version: v1.26.2-pro
                  args: release --clean
              env:
                  GITHUB_TOKEN: ${{ secrets.GO_RELEASER_GITHUB_TOKEN }}
                  POSTHOG_API_KEY_FOR_CLI: ${{ secrets.POSTHOG_API_KEY_FOR_CLI }}
                  FURY_TOKEN: ${{ secrets.FURYPUSHTOKEN }}
                  AUR_KEY: ${{ secrets.AUR_KEY }}
                  GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
            - uses: actions/setup-python@v4
            - run: pip install --upgrade cloudsmith-cli
            - name: Publish to CloudSmith
              run: sh cli/upload_to_cloudsmith.sh
              env:
                  CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}