ci: use publib instead of jsii-publish (#80)

.github/workflows/publish.yml

@@ -8,47 +8,56 @@ on:
   workflow_dispatch:
 
 jobs:
-  build:
+  publish:
     runs-on: ubuntu-latest
 
-    steps:
-      - name: Get the version
-        id: get_version
-        run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\/v/}
+    defaults:
+      run:
+        shell: bash
+
+    container:
+      image: public.ecr.aws/jsii/superchain:1-bookworm-slim-node20
 
+    steps:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
           fetch-depth: 1
 
-      - name: Build source
-        uses: udondan/jsii-publish@v0.15.0
-        with:
-          VERSION: ${{ steps.get_version.outputs.VERSION }}
-          BUILD_SOURCE: true
+      - name: Install dependencies
+        run: |
+          make install
+          sudo apt-get update
+          sudo apt-get install -y tree
 
-      - name: Build packages
-        uses: udondan/jsii-publish@v0.15.0
-        with:
-          BUILD_PACKAGES: true
+      - name: Build source w/ jsii
+        run: npx jsii
+
+      - name: Build packages w/ jsii-pacmak
+        run: |
+          npx jsii-pacmak --verbose
+          tree dist
 
       - name: Publish to npm
-        uses: udondan/jsii-publish@v0.15.0
-        with:
+        run: npx publib-npm
+        env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
 
       - name: Publish to PyPI
-        uses: udondan/jsii-publish@v0.15.0
-        with:
-          PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
+        run: |
+          export PIP_BREAK_SYSTEM_PACKAGES=1
+          npx publib-pypi
+        env:
+          TWINE_USERNAME: __token__
+          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
 #
 #      - name: Publish to NuGet
-#        uses: udondan/jsii-publish@v0.13.0
+#        run: npx publib-npm
 #        with:
-#          NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}
+#          NUGET_API_KEY: ${{ secrets.NUGET_TOKEN }}
 #
 #      - name: Publish to Maven GitHub
-#        uses: udondan/jsii-publish@v0.13.0
-#        with:
+#        run: npx publib-maven
+#        env:
 #          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 #          GITHUB_REPOSITORY: ${{ github.repository }}

.github/workflows/test.yml

@@ -12,9 +12,16 @@ on:
   workflow_dispatch:
 
 jobs:
-  deploy:
+  test:
     runs-on: ubuntu-latest
 
+    defaults:
+      run:
+        shell: bash
+
+    container:
+      image: public.ecr.aws/jsii/superchain:1-bookworm-slim-node20
+
     steps:
       - name: Setup node
         uses: actions/setup-node@v3
@@ -26,23 +33,38 @@ jobs:
         with:
           fetch-depth: 1
 
-      - name: Set Build Permissions
+      - name: Cache node modules
+        id: cache-npm
+        uses: actions/cache@v4
+        env:
+          cache-name: cache-node-modules
+        with:
+          path: .npm
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      - name: Install dependencies
         run: |
-          mkdir $GITHUB_WORKSPACE/test/cdk.out
-          chmod 777 $GITHUB_WORKSPACE/test/cdk.out --recursive
-          chmod 777 $GITHUB_WORKSPACE/lambda --recursive
+          set -euo pipefail
+          make install
+          (cd test && make install)
+          sudo apt-get update
+          sudo apt-get install -y tree
 
       - name: Deploy & Destroy
         run: cd test && make deploy DESTROY
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
-  report-status:
-    name: success
-    runs-on: ubuntu-latest
-    needs:
-      - deploy
-    steps:
-      - name: Report success
-        run: echo 'Success'
+      - name: Build source w/ jsii
+        run: npx jsii
+
+      - name: Build packages w/ jsii-pacmak
+        run: |
+          set -euo pipefail
+          npx jsii-pacmak --verbose
+          tree dist