-
Notifications
You must be signed in to change notification settings - Fork 179
204 lines (163 loc) · 6.34 KB
/
npm-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
# npm packages release automation
name: npm Release
on:
workflow_dispatch:
schedule:
- cron: '0 12 1 * *'
permissions:
contents: read
# Cancels all previous workflow runs for pull requests that have not completed.
concurrency:
# The concurrency group contains the workflow name and the (target) branch name.
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true
env:
PRODUCTION_REGISTRY_URL: https://wombat-dressing-room.appspot.com
LOCAL_REGISTRY_URL: http://localhost:4873
GIT_AUTHOR_EMAIL: [email protected]
GIT_AUTHOR_NAME: googleforcreators-bot
GIT_COMMITTER_EMAIL: [email protected]
GIT_COMMITTER_NAME: googleforcreators-bot
jobs:
dry-run:
name: Dry-run release
runs-on: ubuntu-latest
timeout-minutes: 30
# This step requires additional review
# See https://docs.github.com/en/actions/reference/environments
environment: Production
steps:
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
with:
node-version-file: '.nvmrc'
cache: npm
- name: Install dependencies
run: npm ci
env:
PUPPETEER_SKIP_DOWNLOAD: true
- name: Setup Bun
uses: oven-sh/setup-bun@8f24390df009a496891208e5e36b8a1de1f45135
with:
bun-version: latest
- name: Bundle packages
run: bun run workflow:bundle-packages
env:
NODE_OPTIONS: '--max_old_space_size=4096'
# Exact format here doesn't matter for the dry-run, it's gonna be done properly later on.
- name: Version bumps
id: version_bumps
run: npm version --no-git-tag-version --workspaces "0.1.$(date -u +%Y%m%d%H%M)"
# Set up a local npm registry with Verdaccio.
- name: Set up local registry
run: bun run local-registry:start
# Using Verdaccio
- name: Publish packages locally
run: npm --registry=$LOCAL_REGISTRY_URL --workspaces publish
# Undo the version bumps in Git. We only needed them for testing.
- name: Clean up local changes
run: git checkout .
# Verifies that packages can be installed without issues.
- name: Install published packages
run: |
PUBLIC_PACKAGES=$(jq -r 'select(.private == false) | .name' $(find packages -maxdepth 2 -name "package.json"))
TMPDIR=${TMPDIR-/tmp}
TMPDIR=$(echo $TMPDIR | sed -e "s/\/$//")
TEST_DIR=${TEST_DIR-$TMPDIR/packages-test}
mkdir $TEST_DIR
cd $TEST_DIR
npm init --yes
npm --registry=$LOCAL_REGISTRY_URL install $PUBLIC_PACKAGES
npm ls --depth 0
- name: Stop local registry
run: bun run local-registry:stop
release:
name: Release
runs-on: ubuntu-latest
permissions:
contents: write # for Git to git push
timeout-minutes: 20
needs: [dry-run]
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
with:
token: ${{ secrets.GOOGLEFORCREATORS_BOT_TOKEN }}
# See go/npm-publish
- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
with:
node-version-file: '.nvmrc'
cache: npm
registry-url: ${{ env.PRODUCTION_REGISTRY_URL }}
scope: '@googleforcreators'
- name: Install dependencies
run: npm ci
env:
PUPPETEER_SKIP_DOWNLOAD: true
- name: Setup Bun
uses: oven-sh/setup-bun@8f24390df009a496891208e5e36b8a1de1f45135
with:
bun-version: latest
- name: Bundle packages
run: bun run workflow:bundle-packages
env:
NODE_OPTIONS: '--max_old_space_size=4096'
# For the time being, using incremental versions like 0.1.202111302140
# `npm version` updates all packages, even the ones we don't intend to publish.
# To address this, we undo the version change for private packages.
# We're doing the commit ourselves since we only need it later on and
# since committing doesn't work properly when using workspaces.
# See https://github.com/npm/cli/issues/4017
- name: Version bumps
id: version_bumps
run: |
NEW_VERSION_RAW="0.1.$(date -u +%Y%m%d%H%M)";
NEW_VERSION="v$NEW_VERSION_RAW"
npm version --no-git-tag-version --workspaces $NEW_VERSION_RAW
# Undo changes to all the private packages.
for package_file in ./packages/*/package.json; do
if [[ $(cat $package_file | jq '.private') == true ]]; then
git checkout --quiet $package_file
fi
done
# Updates the lock file.
npm install
git add packages/*/package.json
git add package-lock.json
echo "Committing version bump"
echo
git commit -m "Bumping npm packages version to $NEW_VERSION"
echo "Adding tags"
echo
# For every public package, this creates a tag in the form "<package>-v1234".
# Example: templates-v1234
for package_file in ./packages/*/package.json; do
if [[ $(cat $package_file | jq '.private') == false ]]; then
package_name=$(basename $(dirname $package_file))
echo "Adding tag: $package_name-$NEW_VERSION"
git tag "$package_name-$NEW_VERSION"
fi
done
echo "Commit details:"
echo
git status
git log -n 1
echo "Added tags:"
echo
git tag --points-at HEAD
echo "Changed files:"
echo
git show --pretty=%gd --stat
git push origin main --tags
# Do the actual publishing to npmjs.com via Wombat Dressing Room.
- name: Publish packages to production
run: npm --registry=$PRODUCTION_REGISTRY_URL --workspaces publish --workspaces
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}