-
Notifications
You must be signed in to change notification settings - Fork 15
184 lines (171 loc) · 5.69 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
name: release
on:
workflow_dispatch:
jobs:
check-author:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Check if user is in CODEOWNERS
id: check_user
run: |
CODEOWNERS_PATH="CODEOWNERS"
if [ ! -f "$CODEOWNERS_PATH" ]; then
echo "CODEOWNERS file not found."
exit 1
fi
# Extract GitHub usernames from CODEOWNERS file (assumes usernames, not emails or teams)
USERS=$(grep '@' $CODEOWNERS_PATH | sed -E 's/.*@([^ ]+).*/\1/' | sed 's/://g' | tr '\n' ' ')
# Check if the actor is in the list of users
if [[ ! " $USERS " =~ " ${{ github.actor }} " ]]; then
echo "Error: Actor ${{ github.actor }} is not listed in CODEOWNERS."
exit 1
else
echo "Actor ${{ github.actor }} is listed in CODEOWNERS."
fi
# we can add an approval stage with the environment so it can only be run when accepted by two authorized users.
build:
needs: check-author
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: false
- uses: pnpm/action-setup@v3
with:
version: 9
- run: pnpm add -g pnpm
- name: 'Setup Node.js with pnpm cache'
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'pnpm'
- run: pnpm install
- run: pnpm build
- name: 'Save build output'
uses: actions/cache/save@v4
with:
path: ${{ github.workspace }}
key: ${{ runner.os }}-build-${{ github.sha }}-${{ github.run_id }}
test:
needs: build
runs-on: ubuntu-latest
strategy:
matrix:
node-version: ['18.x', '20.x']
steps:
- uses: pnpm/action-setup@v3
with:
version: 9
- run: pnpm add -g pnpm
- name: 'Restore build output'
uses: actions/cache/restore@v4
with:
path: ${{ github.workspace }}
key: ${{ runner.os }}-build-${{ github.sha }}-${{ github.run_id }}
restore-keys: ${{ runner.os }}-build-${{ github.sha }}
fail-on-cache-miss: true
- name: 'Setup Node.js with pnpm cache'
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'pnpm'
- name: 'Run node'
run: pnpm test
- uses: actions/upload-artifact@v4
# we are only uploading the 20 coverage report so we do not have to merge them in the next step.
if: matrix.node-version == '20.x'
with:
name: coverage-artifacts
path: coverage/
report-coverage:
runs-on: ubuntu-latest
needs: [test]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: false
- uses: actions/download-artifact@v4
with:
name: coverage-artifacts
path: coverage
- uses: codecov/codecov-action@v4
with:
fail_ci_if_error: true
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
lint:
needs: build
runs-on: ubuntu-latest
steps:
- uses: pnpm/action-setup@v3
with:
version: 9
- run: pnpm add -g pnpm
- name: 'Restore build output'
uses: actions/cache/restore@v4
with:
path: ${{ github.workspace }}
key: ${{ runner.os }}-build-${{ github.sha }}-${{ github.run_id }}
restore-keys: ${{ runner.os }}-build-${{ github.sha }}
fail-on-cache-miss: true
- name: 'Setup Node.js with pnpm cache'
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'pnpm'
# we are not using the github action for biome, but the package.json script. this makes sure we are using the same versions.
- name: Run Biome
run: pnpm run biome:ci
publish:
# needs permissions to write tags to the repository
permissions:
contents: write
needs:
- build
- test
- lint
env:
NPM_TOKEN: ${{secrets.NPM_TOKEN }}
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN }}
GH_TOKEN: ${{secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN }}
GH_USER: github-actions
GH_EMAIL: github-actions@github.com
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{secrets.GITHUB_TOKEN }}
- uses: pnpm/action-setup@v3
with:
version: 9
- run: pnpm add -g pnpm
- name: 'Setup Node.js with pnpm cache'
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'pnpm'
- name: 'Restore build output'
uses: actions/cache/restore@v4
with:
path: ${{ github.workspace }}
key: ${{ runner.os }}-build-${{ github.sha }}-${{ github.run_id }}
restore-keys: ${{ runner.os }}-build-${{ github.sha }}
fail-on-cache-miss: true
- name: 'Setup git coordinates'
run: |
git remote set-url origin https://${{github.actor}}:${{secrets.TOKEN}}@github.com/${{ github.repository }}.git
git config user.name $GH_USER
git config user.email $GH_EMAIL
- name: 'Setup npm registry'
run: |
echo "@sd-jwt:registry=https://registry.npmjs.org/" > .npmrc
echo "registry=https://registry.npmjs.org/" >> .npmrc
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> .npmrc
- name: 'Publish latest version'
run: pnpm publish:latest