diff --git a/.github/actions/setup-pnpm-with-dependencies/action.yaml b/.github/actions/setup-pnpm-with-dependencies/action.yaml index 095a0e17..bc336341 100644 --- a/.github/actions/setup-pnpm-with-dependencies/action.yaml +++ b/.github/actions/setup-pnpm-with-dependencies/action.yaml @@ -40,6 +40,7 @@ runs: uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: ${{ steps.node-version.outputs.node-version }} + registry-url: https://registry.npmjs.org - name: Install PNPM shell: bash diff --git a/.github/workflows/cleanup-preview-packages.yaml b/.github/workflows/cleanup-preview-packages.yaml deleted file mode 100644 index 9fd4a595..00000000 --- a/.github/workflows/cleanup-preview-packages.yaml +++ /dev/null @@ -1,35 +0,0 @@ -name: Cleanup PR preview packages -on: - workflow_dispatch: - - schedule: - - cron: '0 2/6 * * 6,0' - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - cleanup: - name: Cleanup PR Previews - runs-on: ubuntu-latest - timeout-minutes: 30 - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} - GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - - steps: - - name: Checkout Source Code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Prepare cleanup - id: prepare - run: | - echo "openPRs=$(gh pr list --state open --json number|jq -cM 'map(.number|tostring)')" >> $GITHUB_OUTPUT - echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc - - - name: Cleanup PR preview - uses: Kong/public-shared-actions/pr-previews/cleanup@main - with: - package: "@kong/markdown" - openPRs: ${{ steps.prepare.outputs.openPRs }} diff --git a/.github/workflows/pr-closed.yaml b/.github/workflows/pr-closed.yaml index 081d8f9d..490f44fa 100644 --- a/.github/workflows/pr-closed.yaml +++ b/.github/workflows/pr-closed.yaml @@ -3,13 +3,15 @@ on: pull_request: types: ['closed'] +permissions: + pull-requests: write + contents: read + jobs: remove-pr-preview-comment: name: Remove PR preview comment from PR runs-on: ubuntu-latest timeout-minutes: 5 - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} steps: - name: Checkout Source Code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index e9e57afa..d25edda4 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -5,6 +5,20 @@ on: branches: - main + pull_request: + types: + - opened + - synchronize + - reopened + - labeled + branches: + - main + +permissions: + id-token: write + contents: read + actions: read + jobs: run-tests: name: Tests @@ -16,6 +30,15 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: + + - name: Remove preview consumption comment + if: github.event_name == 'pull_request' + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: pr_preview_consumption + delete: true + GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} + - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: @@ -27,12 +50,6 @@ jobs: git config user.email "konnectx-engineers+kongponents-bot@konghq.com" git config user.name "Kong UI Bot" - - name: Create .npmrc - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} - # Reference the env variable NPM_TOKEN here, not the secret - run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc - - name: Setup PNPM with Dependencies uses: ./.github/actions/setup-pnpm-with-dependencies/ @@ -40,12 +57,72 @@ jobs: # Since we lint in the Tests job, we can just build here run: pnpm run build + + - name: Publish Package Preview + id: package-preview + # Do not run for `alpha` or `beta` branches + if: github.event_name == 'pull_request' && (github.actor != 'renovate[bot]' || contains(github.event.pull_request.labels.*.name, 'create preview package')) && !contains(github.head_ref || github.ref_name, 'alpha') && !contains(github.head_ref || github.ref_name, 'beta') + run: | + git config user.email "konnectx-engineers+kongponents-bot@konghq.com" + git config user.name "Kong UI Bot" + + preid="pr.${{ github.event.pull_request.number }}.$(git rev-parse --short ${{ github.event.pull_request.head.sha }})" + tag="pr-${{ github.event.pull_request.number }}" + echo "preid=${preid}" + + # Use yarn to bump the version for the prerelease + pnpm version prerelease --preid ${preid} --no-git-tag-version --yes --amend + + package_version=$(jq -r ".version" package.json) + package=@kong/markdown@"${package_version}" + + npm show "${package}" >/dev/null 2>&1 && npm_show_status=0 || npm_show_status=1 + if [ $npm_show_status -eq 0 ]; then + echo "Package ${package} is already published. Skipping publishing." + exit 0 + fi + + npm_instructions="" + + pkg=$(pnpm publish --no-git-checks --access public --report-summary --tag "${tag}" | grep "+ "| sed 's/+ //') + + if [[ -z "${pkg}" ]]; then + echo "Error publishing package" + exit -1 + fi + + npm_instructions="@$(echo ${pkg}|cut -d'@' -f2)@${tag}" + + echo "npm_instructions<> $GITHUB_OUTPUT + echo -e "$npm_instructions" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + - name: Provide preview link info + if: ${{ steps.package-preview.outputs.npm_instructions != '' }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: pr_preview_consumption + message: | + ### Install the preview package from this PR + + ```sh + ${{ steps.package-preview.outputs.npm_instructions }} + ``` + GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} + - name: Semantic Release uses: cycjimmy/semantic-release-action@16ca923e6ccbb50770c415a0ccd43709a8c5f7a4 # v4.2.2 + if: github.event_name == 'push' env: # Since branch protections are on (pushing commits) you need to use a bot PAT GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} + + # as of now cycjimmy/semantic-release-action is not publishing to npmjs as + # trusted publishing is not yet supported, so we want to do a publish as separate step + - name: Publish to npm + if: github.event_name == 'push' + run: | + npm publish deploy-github-pages: name: Deploy GitHub Pages diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index c3a55ff6..ff125ba3 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,14 +1,6 @@ name: Tests on: - pull_request: - types: - - opened - - synchronize - - reopened - - labeled - branches: - - main # Allow calling manually from GitHub workflow_dispatch: @@ -22,18 +14,9 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - name: Remove preview consumption comment - if: github.event_name == 'pull_request' - uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 - with: - header: pr_preview_consumption - delete: true - GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - fetch-depth: 0 - name: Setup PNPM with Dependencies uses: ./.github/actions/setup-pnpm-with-dependencies/ @@ -46,64 +29,6 @@ jobs: - name: Lint run: pnpm run lint - - name: Build - run: pnpm run build - - name: Test run: pnpm run test - - name: Publish Package Preview - id: package-preview - # Do not run for `alpha` or `beta` branches - if: github.event_name == 'pull_request' && (github.actor != 'renovate[bot]' || contains(github.event.pull_request.labels.*.name, 'create preview package')) && !contains(github.head_ref || github.ref_name, 'alpha') && !contains(github.head_ref || github.ref_name, 'beta') - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} - run: | - git config user.email "konnectx-engineers+kongponents-bot@konghq.com" - git config user.name "Kong UI Bot" - - preid="pr.${{ github.event.pull_request.number }}.$(git rev-parse --short ${{ github.event.pull_request.head.sha }})" - tag="pr-${{ github.event.pull_request.number }}" - echo "preid=${preid}" - - echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc - - # Use yarn to bump the version for the prerelease - pnpm version prerelease --preid ${preid} --no-git-tag-version --yes --amend - - package_version=$(jq -r ".version" package.json) - package=@kong/markdown@"${package_version}" - - npm show "${package}" >/dev/null 2>&1 && npm_show_status=0 || npm_show_status=1 - if [ $npm_show_status -eq 0 ]; then - echo "Package ${package} is already published. Skipping publishing." - exit 0 - fi - - npm_instructions="" - - pkg=$(pnpm publish --no-git-checks --access public --report-summary --tag "${tag}" | grep "+ "| sed 's/+ //') - - if [[ -z "${pkg}" ]]; then - echo "Error publishing package" - exit -1 - fi - - npm_instructions="@$(echo ${pkg}|cut -d'@' -f2)@${tag}" - - echo "npm_instructions<> $GITHUB_OUTPUT - echo -e "$npm_instructions" >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT - - - name: Provide preview link info - if: ${{ steps.package-preview.outputs.npm_instructions != '' }} - uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 - with: - header: pr_preview_consumption - message: | - ### Install the preview package from this PR - - ```sh - ${{ steps.package-preview.outputs.npm_instructions }} - ``` - GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} diff --git a/.nvmrc b/.nvmrc index 1d9b7831..b5e8f5c1 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -22.12.0 +24.6.0 diff --git a/package.json b/package.json index e2b01d93..7ce9a8c3 100644 --- a/package.json +++ b/package.json @@ -172,7 +172,12 @@ "changelogFile": "CHANGELOG.md" } ], - "@semantic-release/npm", + [ + "@semantic-release/npm", + { + "npmPublish": false + } + ], [ "@semantic-release/git", { @@ -189,7 +194,7 @@ "node": ">=18.17.0" }, "volta": { - "node": "22.12.0", + "node": "24.6.0", "pnpm": "9.14.4" }, "config": {