release.yml

name: Release
on:
  push:
    branches:
      - main
    paths:
      - '**/*.ts'
      - '**/*.js'
      - 'package.json'
      - 'package-lock.json'
      - '.github/workflows/release.yml'

permissions:
  contents: read # for checkout

jobs:
  release:
    name: Release
    runs-on: macos-latest
    permissions:
      contents: write # to be able to publish a GitHub release
      issues: write # to be able to comment on released issues
      pull-requests: write # to be able to comment on released pull requests
      id-token: write # to enable use of OIDC for npm provenance
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 'lts/*'

      - name: Install pnpm
        run: npm install -g pnpm

      - name: Install dependencies
        run: pnpm install

      - name: Rebuild native modules for Electron
        run: pnpm build:mac

      - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
        run: pnpm audit signatures

      - name: Semantic Release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: npx semantic-release

      # This step will retrieve the latest created tag
      - name: Set Release Tag
        id: set_tag
        run: echo "RELEASE_TAG=$(git describe --tags $(git rev-list --tags --max-count=1))" >> $GITHUB_ENV

      # Now, upload the DMG to the GitHub release
      - name: Upload DMG to GitHub Release
        uses: softprops/action-gh-release@v2.0.8
        with:
          tag_name: ${{ env.RELEASE_TAG }}
          name: ${{ env.RELEASE_TAG }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}