Publish wasm workflow

.github/workflows/build-wasm.yml

@@ -42,7 +42,7 @@ jobs:
       - name: Cache cargo registry
         uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
         with:
-          key: wasm-cargo-${{ matrix.settings.os }}
+          key: wasm-cargo-cache
 
       - name: Install wasm-bindgen-cli
         run: cargo install wasm-bindgen-cli

.github/workflows/release-wasm.yml

@@ -0,0 +1,143 @@
+---
+name: Release @bitwarden/sdk-wasm
+run-name: Release @bitwarden/sdk-wasm ${{ inputs.release_type }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_type:
+        description: "Release Options"
+        required: true
+        default: "Initial Release"
+        type: choice
+        options:
+          - Initial Release
+          - Redeploy
+          - Dry Run
+      npm_publish:
+        description: "Publish to NPM registry"
+        required: true
+        default: true
+        type: boolean
+
+defaults:
+  run:
+    shell: bash
+    working-directory: languages/js/wasm
+
+jobs:
+  setup:
+    name: Setup
+    runs-on: ubuntu-22.04
+    outputs:
+      release-version: ${{ steps.version.outputs.version }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Branch check
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        run: |
+          if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
+            echo "==================================="
+            echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
+            echo "==================================="
+            exit 1
+          fi
+
+      - name: Check Release Version
+        id: version
+        uses: bitwarden/gh-actions/release-version-check@main
+        with:
+          release-type: ${{ github.event.inputs.release_type }}
+          project-type: ts
+          file: languages/js/wasm/package.json
+          monorepo: false
+
+      - name: Create GitHub deployment
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
+        id: deployment
+        with:
+          token: "${{ secrets.GITHUB_TOKEN }}"
+          initial-status: "in_progress"
+          environment: "Bitwarden SDK WASM - Production"
+          description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}"
+          task: release
+
+      - name: Update deployment status to Success
+        if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }}
+        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
+        with:
+          token: "${{ secrets.GITHUB_TOKEN }}"
+          state: "success"
+          deployment-id: ${{ steps.deployment.outputs.deployment_id }}
+
+      - name: Update deployment status to Failure
+        if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }}
+        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
+        with:
+          token: "${{ secrets.GITHUB_TOKEN }}"
+          state: "failure"
+          deployment-id: ${{ steps.deployment.outputs.deployment_id }}
+
+  npm:
+    name: Publish NPM
+    runs-on: ubuntu-22.04
+    needs: setup
+    if: inputs.npm_publish
+    env:
+      _PKG_VERSION: ${{ needs.setup.outputs.release-version }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Setup Node
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        with:
+          node-version: 18
+          cache: "npm"
+
+      - name: Login to Azure
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "npm-api-key"
+
+      - name: Download artifacts
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build-wasm.yml
+          path: ${{ github.workspace }}/languages/js/wasm
+          workflow_conclusion: success
+          branch: ${{ github.ref_name }}
+
+      - name: Dry Run - Download artifacts
+        if: ${{ github.event.inputs.release_type == 'Dry Run' }}
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build-wasm.yml
+          path: ${{ github.workspace }}/languages/js/wasm
+          workflow_conclusion: success
+          branch: main
+
+      - name: Setup NPM
+        run: |
+          echo 'registry="https://registry.npmjs.org/"' > ./.npmrc
+          echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc
+
+          echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc
+          echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc
+        env:
+          NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }}
+
+      - name: Publish NPM
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        run: npm publish --access public --registry=https://registry.npmjs.org/  --userconfig=./.npmrc

languages/js/wasm/package.json

@@ -15,6 +15,7 @@
   "main": "node/bitwarden_wasm.js",
   "module": "index.js",
   "types": "bitwarden_wasm.d.ts",
+  "scripts": {},
   "sideEffects": [
     "./bitwarden_wasm.js",
     "./snippets/*"