Merge branch 'main' into add-security-to-codeowners-dot-github #1631
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish to NPM | ||
on: | ||
workflow_dispatch: | ||
inputs: | ||
release_type: | ||
type: choice | ||
description: Release Type | ||
options: | ||
- alpha | ||
- release | ||
required: true | ||
default: alpha | ||
upgrade_type: | ||
type: choice | ||
description: Upgrade Type | ||
options: | ||
- none | ||
- patch | ||
- minor | ||
# - major | ||
required: false | ||
default: none | ||
dry_run: | ||
type: boolean | ||
description: "(Optional) Dry run" | ||
required: false | ||
default: false | ||
push: | ||
branches: | ||
- main | ||
env: | ||
RELEASE_TYPE: ${{ github.event.inputs.release_type || 'alpha' }} | ||
UPGRADE_TYPE: ${{ github.event.inputs.upgrade_type || 'none' }} | ||
DRY_RUN: ${{ github.event.inputs.dry_run || 'false' }} | ||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event.inputs.release_type || 'alpha' }}-${{ github.event.inputs.upgrade_type || 'none' }} | ||
cancel-in-progress: false | ||
jobs: | ||
Publish: | ||
name: Publish Workflow | ||
runs-on: ubuntu-latest-4-cores | ||
env: | ||
GH_TOKEN: ${{ secrets.TS_IMMUTABLE_SDK_GITHUB_TOKEN }} | ||
NODE_OPTIONS: --max-old-space-size=14366 | ||
SDK_PUBLISH_SLACK_WEBHOOK: ${{ secrets.SDK_PUBLISH_SLACK_WEBHOOK }} | ||
permissions: | ||
id-token: write # ! Required for GitHub Attestations, removing will create a Sev 0 incident ! | ||
attestations: write # ! Required for GitHub Attestations, removing will create a Sev 0 incident ! | ||
steps: | ||
- name: Check Public Release Branch | ||
if: contains(env.RELEASE_TYPE , 'release') && (github.ref != 'refs/heads/main') | ||
run: failure("Public releases should be only done from main branch, current branch ${{ github.ref }}") | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
token: ${{ secrets.TS_IMMUTABLE_SDK_GITHUB_TOKEN }} | ||
- name: Setup | ||
uses: ./.github/actions/setup | ||
- name: Setup Github | ||
run: | | ||
git config user.name "platform-sa" | ||
git config user.email "[email protected]" | ||
- name: Get tags | ||
run: git fetch --tags | ||
- name: Workout next version string | ||
run: | | ||
upgrade_type=${{ env.UPGRADE_TYPE }} | ||
if [ ${{ contains(env.UPGRADE_TYPE, 'none') }} == true ] | ||
then | ||
upgrade_type="" | ||
revision_upgrade=$( ${{ contains(env.RELEASE_TYPE, 'alpha') }} && echo '--revision' || echo '') | ||
else | ||
upgrade_type="--$upgrade_type" | ||
fi | ||
echo upgrade_type=$upgrade_type | ||
echo revision_upgrade=$revision_upgrade | ||
./.github/scripts/version-up.sh --${{ env.RELEASE_TYPE }} $upgrade_type --apply $revision_upgrade | ||
shell: bash | ||
- name: Lint | ||
run: yarn lint | ||
- name: Get next version string | ||
id: version | ||
run: | | ||
echo "NEXT_VERSION=$(git describe --tags --abbrev=0)" >> $GITHUB_OUTPUT | ||
- name: Generate version.json | ||
run: | | ||
echo '{ "version": "${{ steps.version.outputs.NEXT_VERSION }}" }' > ./sdk/version.json | ||
cp ./sdk/version.json ./sdk/dist/ | ||
- name: Typecheck | ||
run: yarn typecheck | ||
- name: Test | ||
run: yarn test | ||
- name: Update package.json version for build | ||
run: | | ||
tmp=$(mktemp) | ||
jq '.version = "${{steps.version.outputs.NEXT_VERSION}}"' ./sdk/package.json > "$tmp" && mv "$tmp" ./sdk/package.json | ||
# WARNING: build step should be after typecheck and test steps. This is to make sure build artifacts are overwritten by the lint and tests steps. | ||
- name: Build | ||
run: | | ||
export NODE_OPTIONS=--max-old-space-size=6144 && RELEASE_TYPE=${{ env.RELEASE_TYPE }} yarn build | ||
ls -l ./sdk/dist/browser/checkout || echo 1 | ||
[ -d "./sdk/dist/browser/checkout" ] || { echo "Error: Directory does not exist." && exit 1; } | ||
- name: Push tags | ||
# Boolean inputs are not actually booleans, see https://github.com/actions/runner/issues/1483 | ||
if: (env.DRY_RUN) == 'false' | ||
run: | | ||
echo "$(git push --tags)" | ||
- name: Pre Release Step | ||
if: contains(env.RELEASE_TYPE, 'alpha') | ||
id: pre_release | ||
uses: JS-DevTools/npm-publish@v3 | ||
with: | ||
token: ${{ secrets.TS_IMMUTABLE_SDK_NPM_TOKEN }} | ||
access: public | ||
package: ./sdk/package.json | ||
tag: ${{ contains(env.RELEASE_TYPE, 'alpha') && 'alpha' }} | ||
dry-run: ${{ env.DRY_RUN }} | ||
# ! Do NOT remove - this will cause a Sev 0 incident ! | ||
- name: Generate SDK attestation | ||
uses: actions/attest-build-provenance@v1 | ||
with: | ||
subject-path: './sdk' | ||
- name: Authenticate NPM | ||
if: contains(env.RELEASE_TYPE, 'release') | ||
run: npm config set //registry.npmjs.org/:_authToken ${{ secrets.TS_IMMUTABLE_SDK_NPM_TOKEN }} | ||
- name: Release | ||
id: npm_release | ||
if: contains(env.RELEASE_TYPE, 'release') | ||
run: yarn release --ci --no-increment -c .release-it.json $( ${{ env.DRY_RUN }} && echo "--dry-run" || echo "") --github.tokenRef=${{ secrets.TS_IMMUTABLE_SDK_GITHUB_TOKEN }} | ||
- name: Warm up CDN | ||
id: warm_up_cdn | ||
if: contains(env.RELEASE_TYPE, 'release') | ||
run: | | ||
wget https://cdn.jsdelivr.net/npm/@imtbl/sdk/dist/browser/checkout/widgets.js | ||
wget https://cdn.jsdelivr.net/npm/@imtbl/sdk/dist/browser/checkout/sdk.js | ||
# Wait for 30 seconds to make sure the tag is available on GitHub | ||
- uses: GuillaumeFalourd/wait-sleep-action@v1 | ||
with: | ||
time: "30" | ||
- name: Create GitHub Release | ||
id: gh_release | ||
if: contains(env.RELEASE_TYPE, 'release') && env.DRY_RUN == 'false' | ||
run: gh release create ${{ steps.version.outputs.NEXT_VERSION }} --title ${{ steps.version.outputs.NEXT_VERSION }} --draft=false --prerelease=false --generate-notes --repo immutable/ts-immutable-sdk --target main | ||
- name: Get GitHub Release Name and URL | ||
if: contains(env.RELEASE_TYPE, 'release') && env.DRY_RUN == 'false' | ||
id: release | ||
run: | | ||
echo "RELEASE_NAME=$(gh release view --json name | jq -r .name)" >> $GITHUB_OUTPUT | ||
echo "RELEASE_URL=$(gh release view --json url | jq -r .url)" >> $GITHUB_OUTPUT | ||
- name: Notify SDK Slack Publish Success | ||
if: ${{ success() && (steps.npm_release.conclusion == 'success' || steps.pre_release.conclusion == 'success') && env.DRY_RUN == 'false' }} | ||
uses: ./.github/actions/notify-slack-publish-status | ||
with: | ||
message: "✅ ${{ github.triggering_actor }} successfully published SDK version ${{steps.version.outputs.NEXT_VERSION}} to NPM.\n\nhttps://www.npmjs.com/package/@imtbl/sdk/v/${{steps.version.outputs.NEXT_VERSION}}" | ||
- name: Notify SDK Slack Publish Failure | ||
if: ${{ failure() && (steps.npm_release.conclusion == 'failure' || steps.pre_release.conclusion == 'failure' || steps.gh_release.conclusion == 'failure') && env.DRY_RUN == 'false' }} | ||
uses: ./.github/actions/notify-slack-publish-status | ||
with: | ||
message: "❌ Failed to publish SDK version ${{steps.version.outputs.NEXT_VERSION}} to NPM. ${{ github.triggering_actor }} please check the logs for more details." | ||
- name: Wait for NPM @latest Update | ||
id: wait_for_npm_update | ||
if: contains(env.RELEASE_TYPE, 'release') && env.DRY_RUN == 'false' | ||
run: | | ||
VERSION="${{ steps.version.outputs.NEXT_VERSION }}" | ||
echo "Waiting for NPM registry to reflect version: $VERSION" | ||
for i in {1..20}; do | ||
LATEST_VERSION=$(npm view @imtbl/sdk@latest version) | ||
if [[ "$LATEST_VERSION" == "$VERSION" ]]; then | ||
echo "NPM registry updated to version: $LATEST_VERSION" | ||
exit 0 | ||
fi | ||
echo "NPM registry not updated yet, retrying in 15 seconds..." | ||
sleep 15 | ||
done | ||
echo "NPM registry failed to update after 5 minutes." | ||
exit 1 | ||
- name: Purge CDN Cache for version.json | ||
id: purge_cdn | ||
if: contains(env.RELEASE_TYPE, 'release') && env.DRY_RUN == 'false' | ||
run: | | ||
curl -X GET https://purge.jsdelivr.net/npm/@imtbl/sdk@latest/dist/version.json | ||
echo "CDN cache purged for https://cdn.jsdelivr.net/npm/@imtbl/sdk@latest/dist/version.json" |