-
Notifications
You must be signed in to change notification settings - Fork 28
215 lines (184 loc) · 8.32 KB
/
publish.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
name: Publish to NPM
on:
workflow_dispatch:
inputs:
release_type:
type: choice
description: Release Type
options:
- alpha
- release
required: true
default: alpha
upgrade_type:
type: choice
description: Upgrade Type
options:
- none
- patch
- minor
# - major
required: false
default: none
dry_run:
type: boolean
description: "(Optional) Dry run"
required: false
default: false
push:
branches:
- main
env:
RELEASE_TYPE: ${{ github.event.inputs.release_type || 'alpha' }}
UPGRADE_TYPE: ${{ github.event.inputs.upgrade_type || 'none' }}
DRY_RUN: ${{ github.event.inputs.dry_run || 'false' }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event.inputs.release_type || 'alpha' }}-${{ github.event.inputs.upgrade_type || 'none' }}
cancel-in-progress: false
jobs:
Publish:
name: Publish Workflow
runs-on: ubuntu-latest-4-cores
env:
GH_TOKEN: ${{ secrets.TS_IMMUTABLE_SDK_GITHUB_TOKEN }}
NODE_OPTIONS: --max-old-space-size=14366
SDK_PUBLISH_SLACK_WEBHOOK: ${{ secrets.SDK_PUBLISH_SLACK_WEBHOOK }}
permissions:
id-token: write # ! Required for GitHub Attestations, removing will create a Sev 0 incident !
attestations: write # ! Required for GitHub Attestations, removing will create a Sev 0 incident !
steps:
- name: Check Public Release Branch
if: contains(env.RELEASE_TYPE , 'release') && (github.ref != 'refs/heads/main')
run: failure("Public releases should be only done from main branch, current branch ${{ github.ref }}")
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.TS_IMMUTABLE_SDK_GITHUB_TOKEN }}
- name: Setup
uses: ./.github/actions/setup
- name: Setup Github
run: |
git config user.name "platform-sa"
git config user.email "[email protected]"
- name: Get tags
run: git fetch --tags
- name: Workout next version string
run: |
upgrade_type=${{ env.UPGRADE_TYPE }}
if [ ${{ contains(env.UPGRADE_TYPE, 'none') }} == true ]
then
upgrade_type=""
revision_upgrade=$( ${{ contains(env.RELEASE_TYPE, 'alpha') }} && echo '--revision' || echo '')
else
upgrade_type="--$upgrade_type"
fi
echo upgrade_type=$upgrade_type
echo revision_upgrade=$revision_upgrade
./.github/scripts/version-up.sh --${{ env.RELEASE_TYPE }} $upgrade_type --apply $revision_upgrade
shell: bash
- name: Lint
run: yarn lint
- name: Get next version string
id: version
run: |
echo "NEXT_VERSION=$(git describe --tags --abbrev=0)" >> $GITHUB_OUTPUT
- name: Typecheck
run: yarn typecheck
- name: Test
run: yarn test
- name: Update package.json version for build
run: |
tmp=$(mktemp)
jq '.version = "${{steps.version.outputs.NEXT_VERSION}}"' ./sdk/package.json > "$tmp" && mv "$tmp" ./sdk/package.json
# WARNING: build step should be after typecheck and test steps. This is to make sure build artifacts are overwritten by the lint and tests steps.
- name: Build
run: |
export NODE_OPTIONS=--max-old-space-size=6144 && RELEASE_TYPE=${{ env.RELEASE_TYPE }} yarn build
ls -l ./sdk/dist/browser/checkout || echo 1
[ -d "./sdk/dist/browser/checkout" ] || { echo "Error: Directory does not exist." && exit 1; }
- name: Generate version.json
if: (env.DRY_RUN) == 'false'
run: |
echo '{ "version": "${{ steps.version.outputs.NEXT_VERSION }}" }' > ./sdk/version.json
cp ./sdk/version.json ./sdk/dist/
- name: Push tags
# Boolean inputs are not actually booleans, see https://github.com/actions/runner/issues/1483
if: (env.DRY_RUN) == 'false'
run: |
echo "$(git push --tags)"
- name: Pre Release Step
if: contains(env.RELEASE_TYPE, 'alpha')
id: pre_release
uses: JS-DevTools/npm-publish@19c28f1ef146469e409470805ea4279d47c3d35c
with:
token: ${{ secrets.TS_IMMUTABLE_SDK_NPM_TOKEN }}
access: public
package: ./sdk/package.json
tag: ${{ contains(env.RELEASE_TYPE, 'alpha') && 'alpha' }}
dry-run: ${{ env.DRY_RUN }}
# ! Do NOT remove - this will cause a Sev 0 incident !
- name: Generate SDK attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: './sdk'
- name: Authenticate NPM
if: contains(env.RELEASE_TYPE, 'release')
run: npm config set //registry.npmjs.org/:_authToken ${{ secrets.TS_IMMUTABLE_SDK_NPM_TOKEN }}
- name: Release
id: npm_release
if: contains(env.RELEASE_TYPE, 'release')
run: yarn release --ci --no-increment -c .release-it.json $( ${{ env.DRY_RUN }} && echo "--dry-run" || echo "") --github.tokenRef=${{ secrets.TS_IMMUTABLE_SDK_GITHUB_TOKEN }}
- name: Warm up CDN
id: warm_up_cdn
if: contains(env.RELEASE_TYPE, 'release')
run: |
wget https://cdn.jsdelivr.net/npm/@imtbl/sdk/dist/browser/checkout/widgets.js
wget https://cdn.jsdelivr.net/npm/@imtbl/sdk/dist/browser/checkout/sdk.js
# Wait for 30 seconds to make sure the tag is available on GitHub
- uses: GuillaumeFalourd/wait-sleep-action@v1
with:
time: "30"
- name: Create GitHub Release
id: gh_release
if: contains(env.RELEASE_TYPE, 'release') && env.DRY_RUN == 'false'
run: gh release create ${{ steps.version.outputs.NEXT_VERSION }} --title ${{ steps.version.outputs.NEXT_VERSION }} --draft=false --prerelease=false --generate-notes --repo immutable/ts-immutable-sdk --target main
- name: Get GitHub Release Name and URL
if: contains(env.RELEASE_TYPE, 'release') && env.DRY_RUN == 'false'
id: release
run: |
echo "RELEASE_NAME=$(gh release view --json name | jq -r .name)" >> $GITHUB_OUTPUT
echo "RELEASE_URL=$(gh release view --json url | jq -r .url)" >> $GITHUB_OUTPUT
- name: Notify SDK Slack Publish Success
if: ${{ success() && (steps.npm_release.conclusion == 'success' || steps.pre_release.conclusion == 'success') && env.DRY_RUN == 'false' }}
uses: ./.github/actions/notify-slack-publish-status
with:
message: "✅ ${{ github.triggering_actor }} successfully published SDK version ${{steps.version.outputs.NEXT_VERSION}} to NPM.\n\nhttps://www.npmjs.com/package/@imtbl/sdk/v/${{steps.version.outputs.NEXT_VERSION}}"
- name: Notify SDK Slack Publish Failure
if: ${{ failure() && (steps.npm_release.conclusion == 'failure' || steps.pre_release.conclusion == 'failure' || steps.gh_release.conclusion == 'failure') && env.DRY_RUN == 'false' }}
uses: ./.github/actions/notify-slack-publish-status
with:
message: "❌ Failed to publish SDK version ${{steps.version.outputs.NEXT_VERSION}} to NPM. ${{ github.triggering_actor }} please check the logs for more details."
- name: Wait for NPM @latest Update
id: wait_for_npm_update
if: contains(env.RELEASE_TYPE, 'release') && env.DRY_RUN == 'false'
run: |
VERSION="${{ steps.version.outputs.NEXT_VERSION }}"
echo "Waiting for NPM registry to reflect version: $VERSION"
for i in {1..20}; do
LATEST_VERSION=$(npm view @imtbl/sdk@latest version)
if [[ "$LATEST_VERSION" == "$VERSION" ]]; then
echo "NPM registry updated to version: $LATEST_VERSION"
exit 0
fi
echo "NPM registry not updated yet, retrying in 15 seconds..."
sleep 15
done
echo "NPM registry failed to update after 5 minutes."
exit 1
- name: Purge CDN Cache for version.json
id: purge_cdn
if: contains(env.RELEASE_TYPE, 'release') && env.DRY_RUN == 'false'
run: |
curl -X GET https://purge.jsdelivr.net/npm/@imtbl/sdk@latest/dist/version.json
echo "CDN cache purged for https://cdn.jsdelivr.net/npm/@imtbl/sdk@latest/dist/version.json"