-
-
Notifications
You must be signed in to change notification settings - Fork 2
185 lines (151 loc) · 5.94 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
# https://help.github.com/en/categories/automating-your-workflow-with-github-actions
# See: https://github.com/JulianCataldo/gh-actions
name: CI / Release
on:
workflow_dispatch:
push:
paths-ignore:
- .github/**
- '!.github/workflows/release.yaml'
- '**/*.md'
branches:
- '([0-9])?(.{+([0-9]),x}).x'
- main
- next
- next-major
- alpha
- beta
- 'feat/*'
- 'fix/*'
# - to-integrate
# - to-integrate-next
permissions:
contents: read # for checkout
jobs:
release:
name: CI / Release
runs-on: ubuntu-latest
permissions:
contents: write # to be able to publish a GitHub release
issues: write # to be able to comment on released issues
pull-requests: write # to be able to comment on released pull requests
id-token: write # to enable use of OIDC for npm provenance
steps:
# MARK: Setup GH Action
- name: 'Harden Runner'
uses: 'step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142' # v2.7.0
with:
egress-policy: 'audit'
- name: Git checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
# run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
with:
fetch-depth: 0
# - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
# persist-credentials: false
# env:
# GIT_COMMITTER_NAME: "GitHub Actions Shell"
# GIT_AUTHOR_NAME: "GitHub Actions Shell"
# EMAIL: "github-actions[bot]@users.noreply.github.com"
# MARK: Setup Node env.
- name: Setup PNPM
uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0
with:
run_install: false
- name: Use Node.js 22.2.0
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
# registry-url: "https://registry.npmjs.org"
node-version: 22.2.0
cache: pnpm
- name: Install packages
shell: bash
run: pnpm install --frozen-lockfile
# TODO: More tests
# - name: Syncpack Lint
# shell: bash
# run: node --run syncpack:lint
- name: 'Verify the integrity of provenance attestations and registry signatures for installed dependencies'
run: 'pnpm audit signatures'
# MARK: Lint/Checks pre-build
- name: Lint last commit — Commitlint
shell: bash
run: node --run lint:commit
# - name: Lint CSS — Stylelint
# shell: bash
# run: node --run lint:css
- name: Check all formatting — Prettier
shell: bash
run: node --run format
# MARK: Build packages
- name: Setup Turbo cache
uses: dtinth/setup-github-actions-caching-for-turbo@a0e976d970c2a94366a26984efcef3030e2c0115 # v1.2.0
- name: Build all packages
shell: bash
run: node --run build
# MARK: Lint/Checks post-build
- name: Lint JS/TS — ESLint
shell: bash
run: node --run lint:es
# MARK:Tests
- name: Tests — Units
shell: bash
run: node --run test:unit
- name: Tests — Integration
shell: bash
run: node --run test:integration
# MARK: Publish packages
- name: Create temporary NPM identity # + Enable Provenance
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
# run: |
# echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN\nprovenance=true" > .npmrc
# echo "provenance=true" > .npmrc
run: |
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > .npmrc
- name: Git user configuration
run: |
git config --global user.name "${{ github.actor }}"
git config --global user.email "${{ github.actor }}@users.noreply.github.com"
# MARK: [MAIN]
- name: 'Lerna publish [main]'
# if: github.ref == 'refs/heads/to-integrate'
if: github.ref == 'refs/heads/main'
# https://github.com/lerna/lerna/issues/2532
id: graduateRelease
continue-on-error: true
env:
GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
NPM_TOKEN: '${{ secrets.NPM_TOKEN }}' # Not really needed (already global)
run: |
pnpm lerna publish --message 'chore: publish [main] release [skip ci]' --create-release=github --conventional-graduate --yes
- name: Bump Prod Version Fallback
if: ${{ always() && steps.graduateRelease.outcome == 'failure' }}
env:
GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
NPM_TOKEN: '${{ secrets.NPM_TOKEN }}'
run: |
echo Falling back to non-graduate release due to https://github.com/lerna/lerna/issues/2532
git stash
pnpm lerna publish --message 'chore: publish [main] release [skip ci]' --create-release=github --yes
# # TRY: https://www.jessesquires.com/blog/2021/10/17/github-actions-workflows-for-automatic-rebasing-and-merging/
# - name: Merge (rebase) back main into next
# env:
# GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
# run: |
# git checkout next
# git rebase main
# git push
# MARK: [NEXT]
- name: 'Lerna publish [next]'
if: github.ref == 'refs/heads/next'
# if: github.ref == 'refs/heads/to-integrate-next'
env:
NPM_TOKEN: '${{ secrets.NPM_TOKEN }}' # Not really needed (already global)
# --canary next
# https://github.com/lerna/lerna/issues/1433
# pnpm lerna publish --conventional-prerelease --dist-tag=next --preid=next --no-changelog --yes
# pnpm lerna publish --conventional-prerelease --pre-dist-tag=next --preid=next --yes
# pnpm lerna publish --force-publish='*' --canary --pre-dist-tag=next --preid=next --yes
run: |
pnpm lerna publish --message 'chore: publish [next] pre-release' --conventional-prerelease --pre-dist-tag=next --preid=next --yes