-
-
Notifications
You must be signed in to change notification settings - Fork 2
155 lines (125 loc) · 4.83 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# https://help.github.com/en/categories/automating-your-workflow-with-github-actions
# See: https://github.com/JulianCataldo/gh-actions
name: Release
on:
workflow_dispatch:
push:
branches:
- '([0-9])?(.{+([0-9]),x}).x'
- main
- next
- next-major
- alpha
- beta
# - to-integrate
# - to-integrate-next
permissions:
contents: read # for checkout
jobs:
release:
name: Release
runs-on: ubuntu-latest
permissions:
contents: write # to be able to publish a GitHub release
issues: write # to be able to comment on released issues
pull-requests: write # to be able to comment on released pull requests
id-token: write # to enable use of OIDC for npm provenance
steps:
# MARK: Setup GH Action
- name: 'Harden Runner'
uses: 'step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142' # v2.7.0
with:
egress-policy: 'audit'
- name: Git checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
# run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
with:
fetch-depth: 0
# - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
# persist-credentials: false
# env:
# GIT_COMMITTER_NAME: "GitHub Actions Shell"
# GIT_AUTHOR_NAME: "GitHub Actions Shell"
# EMAIL: "github-actions[bot]@users.noreply.github.com"
# MARK: Setup Node env.
- name: Setup PNPM
uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0
with:
run_install: false
- name: Use Node.js 21.7.2
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
# registry-url: "https://registry.npmjs.org"
node-version: 21.7.2
cache: pnpm
- name: Install packages
shell: bash
run: pnpm install --frozen-lockfile
- name: 'Verify the integrity of provenance attestations and registry signatures for installed dependencies'
run: 'pnpm audit signatures'
# MARK: Lint/Checks pre-build
- name: Lint last commit — Commitlint
shell: bash
run: pnpm run lint:commit
# - name: Lint CSS — Stylelint
# shell: bash
# run: pnpm run lint:css
- name: Check all formatting — Prettier
shell: bash
run: pnpm run format
# MARK: Build packages
- name: Setup Turbo cache
uses: dtinth/setup-github-actions-caching-for-turbo@a0e976d970c2a94366a26984efcef3030e2c0115 # v1.2.0
- name: Build all packages
shell: bash
run: pnpm build
# MARK: Lint/Checks post-build
- name: Lint JS/TS — ESLint
shell: bash
run: pnpm run lint:js
# MARK:Tests
- name: Tests — Integration
shell: bash
run: pnpm run test
# MARK: Publish packages
- name: Create temporary NPM identity # + Enable Provenance
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
# run: |
# echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN\nprovenance=true" > .npmrc
# echo "provenance=true" > .npmrc
run: |
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > .npmrc
- name: Git user configuration
run: |
git config --global user.name "${{ github.actor }}"
git config --global user.email "${{ github.actor }}@users.noreply.github.com"
# MARK: [MAIN]
- name: 'Lerna publish [main]'
# if: github.ref == 'refs/heads/to-integrate'
if: github.ref == 'refs/heads/main'
# https://github.com/lerna/lerna/issues/2532
id: graduateRelease
continue-on-error: true
env:
GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
NPM_TOKEN: '${{ secrets.NPM_TOKEN }}' # Not really needed (already global)
run: |
pnpm lerna publish --conventional-commits --exact --conventional-graduate --create-release=github --yes
- name: Bump Prod Version Fallback
if: ${{ always() && steps.graduateRelease.outcome == 'failure' }}
env:
GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
NPM_TOKEN: '${{ secrets.NPM_TOKEN }}'
run: |
echo Falling back to non-graduate release due to https://github.com/lerna/lerna/issues/2532
git stash
pnpm lerna publish --conventional-commits --exact --create-release=github --yes
# MARK: [NEXT]
- name: 'Lerna publish [next]'
if: github.ref == 'refs/heads/next'
# if: github.ref == 'refs/heads/to-integrate-next'
env:
NPM_TOKEN: '${{ secrets.NPM_TOKEN }}' # Not really needed (already global)
run: |
pnpm lerna publish --conventional-commits --exact --conventional-prerelease --canary --dist-tag=next --preid=next --yes