diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml deleted file mode 100644 index eade300a8f..0000000000 --- a/.github/workflows/automerge.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: Dependabot Automerge - -on: - workflow_run: - types: - - completed - workflows: - - 'Build & Test' - branches: - - 'dependabot/**' - -jobs: - Test_visual_regression: - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'dependabot[bot]' }} - steps: - - name: Git clone repository - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Cache Node modules - uses: actions/cache@v2 - with: - path: '**/node_modules' - key: ${{ runner.os }}-modules-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/yarn.lock') }} - - name: Build icon-library - run: | - yarn install --frozen-lockfile - yarn --cwd packages/icon-library build - - name: Build design-tokens - run: | - yarn --cwd packages/design-tokens build - - name: Run visual regression tests - run: | - yarn --cwd packages/react-component-library chromatic --project-token=${{secrets.CHROMATIC_TOKEN}} - Automerge: - name: Merge Dependabot PR's - runs-on: ubuntu-latest - needs: [Test_visual_regression] - steps: - - name: Auto merge Dependabot minor and patch version bumps - uses: defencedigital/design-system-mergeme-action@master - with: - GITHUB_TOKEN: ${{ secrets.MERGE_BOT }} - PRESET: DEPENDABOT_MINOR diff --git a/.github/workflows/branch_deploy.yml b/.github/workflows/branch_deploy.yml index 03d40f040d..5ecbc78250 100644 --- a/.github/workflows/branch_deploy.yml +++ b/.github/workflows/branch_deploy.yml @@ -13,42 +13,42 @@ jobs: env: PREVIEW_URL: https://deploy-preview--infallible-goldstine-0b7659.netlify.app steps: - - name: Git clone repository - uses: actions/checkout@v2 - - - name: Fetch all commits - run: git fetch --all - - - name: Remove deploy preview branch if it exists - run: | - result=$((git branch --all) 2>&1) - if [[ `echo $result` == *"deploy/preview"* ]]; - then - git push origin --delete deploy/preview; - else - echo "deploy/preview branch does not exist"; - fi - - - name: Checkout preview branch - run: | - git checkout ${{ github.event.inputs.preview_branch }} - git fetch - git checkout -b deploy/preview - git fetch - - - name: Merge into deploy/preview branch - run: | - git merge ${{ github.event.inputs.preview_branch }} - - - name: Push deploy_preview branch - run: | - git push origin deploy/preview - - - name: Deploy preview branch - run: | - curl -X POST -d {} ${{ secrets.BRANCH_DEPLOY_TOKEN }} - - - name: Check deployment - run: | - timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' ${PREVIEW_URL})" != "200" ]]; do sleep 30; done' || false - echo "The branch is deployed & ready to preview - ${PREVIEW_URL}" + - name: Git clone repository + uses: actions/checkout@v3 + + - name: Fetch all commits + run: git fetch --all + + - name: Remove deploy preview branch if it exists + run: | + result=$((git branch --all) 2>&1) + if [[ `echo $result` == *"deploy/preview"* ]]; + then + git push origin --delete deploy/preview; + else + echo "deploy/preview branch does not exist"; + fi + + - name: Checkout preview branch + run: | + git checkout ${{ github.event.inputs.preview_branch }} + git fetch + git checkout -b deploy/preview + git fetch + + - name: Merge into deploy/preview branch + run: | + git merge ${{ github.event.inputs.preview_branch }} + + - name: Push deploy_preview branch + run: | + git push origin deploy/preview + + - name: Deploy preview branch + run: | + curl -X POST -d {} ${{ secrets.BRANCH_DEPLOY_TOKEN }} + + - name: Check deployment + run: | + timeout 900 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' ${PREVIEW_URL})" != "200" ]]; do sleep 30; done' || false + echo "The branch is deployed & ready to preview - ${PREVIEW_URL}" diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index 4e11f0a1f4..f84350853c 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -12,16 +12,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Git clone repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Cache Node modules - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: '**/node_modules' - key: ${{ runner.os }}-modules-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/yarn.lock') }} + key: ${{ runner.os }}-node-modules-${{ hashFiles('**/yarn.lock') }} - name: Cache Cypress binary - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ~/.cache/Cypress key: cypress-${{ runner.os }}-cypress-${{ hashFiles('**/yarn.lock') }} @@ -43,7 +43,7 @@ jobs: tar -czvf dist.tar.gz distil distdt - name: Persist artifacts - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: dist path: ./dist.tar.gz @@ -52,7 +52,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Git clone repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Run audit run: yarn run audit @@ -63,13 +63,13 @@ jobs: if: ${{ github.event_name == 'pull_request' }} steps: - name: Git clone repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Cache Node modules - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: '**/node_modules' - key: ${{ runner.os }}-modules-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/yarn.lock') }} + key: ${{ runner.os }}-node-modules-${{ hashFiles('**/yarn.lock') }} - name: check commits run: | @@ -80,13 +80,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Git clone repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Cache Node modules - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: '**/node_modules' - key: ${{ runner.os }}-modules-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/yarn.lock') }} + key: ${{ runner.os }}-node-modules-${{ hashFiles('**/yarn.lock') }} - name: Get dependencies & run lint run: | @@ -98,16 +98,16 @@ jobs: needs: [Build_icon_library, Lint_react-component-library] steps: - name: Git clone repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Cache Node modules - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: '**/node_modules' - key: ${{ runner.os }}-modules-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/yarn.lock') }} + key: ${{ runner.os }}-node-modules-${{ hashFiles('**/yarn.lock') }} - name: Attach workspace - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 with: name: dist @@ -121,7 +121,7 @@ jobs: - name: SonarCloud Scan uses: defencedigital/design-system-sonarcloud-action@master - if: ${{ github.actor != 'dependabot[bot]' }} + if: (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} @@ -134,16 +134,16 @@ jobs: browser: ['chrome', 'firefox'] steps: - name: Git clone repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Cache Node modules - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: '**/node_modules' - key: ${{ runner.os }}-modules-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/yarn.lock') }} + key: ${{ runner.os }}-node-modules-${{ hashFiles('**/yarn.lock') }} - name: Cache Cypress binary - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ~/.cache/Cypress key: cypress-${{ runner.os }}-cypress-${{ hashFiles('**/yarn.lock') }} @@ -151,7 +151,7 @@ jobs: cypress-${{ runner.os }}-cypress- - name: Attach workspace - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 with: name: dist @@ -183,16 +183,16 @@ jobs: needs: [Build_icon_library, Lint_react-component-library] steps: - name: Git clone repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Cache Node modules - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: '**/node_modules' - key: ${{ runner.os }}-modules-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/yarn.lock') }} + key: ${{ runner.os }}-node-modules-${{ hashFiles('**/yarn.lock') }} - name: Attach workspace - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 with: name: dist @@ -206,42 +206,54 @@ jobs: needs: [Build_icon_library] steps: - name: Git clone repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Cache Node modules - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: '**/node_modules' - key: ${{ runner.os }}-modules-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/yarn.lock') }} + key: ${{ runner.os }}-node-modules-${{ hashFiles('**/yarn.lock') }} - name: Jest design-tokens run: | yarn --cwd packages/design-tokens build yarn --cwd packages/design-tokens test - Test_visual_regression: + # See post_built_and_test.yml for details about how this is used + Build_storybook: runs-on: ubuntu-latest - needs: [Build_icon_library, Test_react-component-library] - # https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ - if: ${{ github.actor != 'dependabot[bot]' }} + needs: [Build_icon_library] steps: - name: Git clone repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Cache Node modules - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: '**/node_modules' - key: ${{ runner.os }}-modules-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/yarn.lock') }} + key: ${{ runner.os }}-node-modules-${{ hashFiles('**/yarn.lock') }} - name: Attach workspace - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 with: name: dist - - name: Run visual regression tests + - name: Build Storybook + env: + CHROMATIC_SHA: ${{ github.event.pull_request.head.sha || github.sha }} + CHROMATIC_BRANCH: ${{ github.head_ref || github.ref_name }} + CHROMATIC_SLUG: ${{ github.event.pull_request.head.repo.full_name || github.repository }} run: | tar -xzf dist.tar.gz && mv distil packages/icon-library/dist && mv distdt packages/design-tokens/dist - yarn --cwd packages/react-component-library chromatic --project-token=${{secrets.CHROMATIC_TOKEN}} --ci + yarn --cwd packages/react-component-library storybook:static + echo "$CHROMATIC_SHA" > packages/react-component-library/.static_storybook/sha + echo "$CHROMATIC_BRANCH" > packages/react-component-library/.static_storybook/branch + echo "$CHROMATIC_SLUG" > packages/react-component-library/.static_storybook/slug + + - name: Upload Storybook artefact + uses: actions/upload-artifact@v3 + with: + name: storybook-static + path: packages/react-component-library/.static_storybook diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000000..b923582056 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,38 @@ +name: 'CodeQL security scan' + +on: + push: + branches: [master] + pull_request: + branches: [master] + schedule: + - cron: '16 9 * * 5' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ['typescript'] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/manual_release.yml b/.github/workflows/manual_release.yml index 4afb3582e4..9e4f071f6b 100644 --- a/.github/workflows/manual_release.yml +++ b/.github/workflows/manual_release.yml @@ -8,18 +8,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: - # pulls all commits (needed for lerna / semantic release to correctly version) - fetch-depth: 0 - token: ${{ secrets.GH_TOKEN }} + # pulls all commits (needed for lerna / semantic release to correctly version) + fetch-depth: 0 + token: ${{ secrets.GH_TOKEN }} - - name: Pull all tags + - name: Pull all tags # pulls all tags (needed for lerna / semantic release to correctly version) run: git fetch --all --tags - name: Setup Node.js - uses: actions/setup-node@v1 + uses: actions/setup-node@v3 with: node-version: 16 registry-url: 'https://registry.npmjs.org' @@ -47,7 +47,7 @@ jobs: GIT_COMMITTER_NAME: ${{ secrets.GH_NAME }} GIT_COMMITTER_EMAIL: ${{ secrets.GH_EMAIL }} if: contains(steps.changes.outputs.changed, 'ready to publish') - run: "yarn lerna:run-version --yes --create-release github -m \"chore(Release): %v [skip ci]\" --conventional-commits" + run: 'yarn lerna:run-version --yes --create-release github -m "chore(Release): %v [skip ci]" --conventional-commits' - name: Get version from package.json after release step id: extractver diff --git a/.github/workflows/npmsmoketest.yml b/.github/workflows/npmsmoketest.yml index acfb32cbbc..e5feea1387 100644 --- a/.github/workflows/npmsmoketest.yml +++ b/.github/workflows/npmsmoketest.yml @@ -12,13 +12,13 @@ jobs: steps: - name: Git clone repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Cache Node modules - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: '**/node_modules' - key: ${{ runner.os }}-modules-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/yarn.lock') }} + key: ${{ runner.os }}-node-modules-${{ hashFiles('**/yarn.lock') }} - name: Install Dependencies run: | diff --git a/.github/workflows/post_build_and_test.yml b/.github/workflows/post_build_and_test.yml new file mode 100644 index 0000000000..a5f1b1ec0c --- /dev/null +++ b/.github/workflows/post_build_and_test.yml @@ -0,0 +1,69 @@ +name: Post Build & Test + +on: + workflow_run: + types: + - completed + workflows: + - 'Build & Test' + +jobs: + # This runs Chromatic visual regression tests without exposing secrets to untrusted code from + # third-party PRs. + # + # For more details, see: + # https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ + # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ + Test_visual_regression: + runs-on: ubuntu-latest + if: github.event.workflow_run.conclusion == 'success' + steps: + - name: Git clone repository + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Cache Node modules + uses: actions/cache@v3 + with: + path: '**/node_modules' + key: ${{ runner.os }}-node-modules-${{ hashFiles('**/yarn.lock') }} + + - name: Install dependencies + run: | + yarn install --frozen-lockfile + + - name: Download pre-built Storybook + uses: actions/github-script@v6 + with: + script: | + const { downloadStorybookArtifact } = await import('${{ github.workspace }}/scripts/github-actions/downloadStorybookArtifact.mjs') + await downloadStorybookArtifact({ github, context }) + + - name: Unzip pre-built Storybook + run: | + unzip storybook-static.zip -d packages/react-component-library/.static_storybook + echo "CHROMATIC_SHA=$(> $GITHUB_ENV + echo "CHROMATIC_BRANCH=$(> $GITHUB_ENV + echo "CHROMATIC_SLUG=$(> $GITHUB_ENV + + - name: Fetch original ref + run: | + git fetch origin "+$CHROMATIC_SHA" + + - name: Run visual regression tests + run: | + cd packages/react-component-library + npm exec --no -- chromatic --project-token=${{secrets.CHROMATIC_TOKEN}} --storybook-build-dir=.static_storybook + + Automerge: + name: Merge Dependabot PR's + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + needs: [Test_visual_regression] + steps: + - name: Auto merge Dependabot minor and patch version bumps + uses: defencedigital/design-system-mergeme-action@master + with: + GITHUB_TOKEN: ${{ secrets.MERGE_BOT }} + PRESET: DEPENDABOT_MINOR diff --git a/.github/workflows/project_issues.yml b/.github/workflows/project_issues.yml index bf20229bf2..88cbeaab14 100644 --- a/.github/workflows/project_issues.yml +++ b/.github/workflows/project_issues.yml @@ -8,11 +8,11 @@ jobs: Move_labelled_issues: runs-on: ubuntu-latest steps: - - name: Move small/med labeled issues to Candidates column - uses: defencedigital/design-system-moveissue-action@master - with: - action-token: "${{ secrets.GHA_ISSUES_TOKEN }}" - project-url: "https://github.com/defencedigital/mod-uk-design-system/projects/6" - column-name: "Candidates for Ready" - label-name: "Size: Small,Size: Medium" - columns-to-ignore: "Ready,In Progress,In Review,Done" + - name: Move small/med labeled issues to Candidates column + uses: defencedigital/design-system-moveissue-action@master + with: + action-token: '${{ secrets.GHA_ISSUES_TOKEN }}' + project-url: 'https://github.com/defencedigital/mod-uk-design-system/projects/6' + column-name: 'Candidates for Ready' + label-name: 'Size: Small,Size: Medium' + columns-to-ignore: 'Ready,In Progress,In Review,Done' diff --git a/.github/workflows/project_notify.yml b/.github/workflows/project_notify.yml index 2e140bf3e9..ee95d7c887 100644 --- a/.github/workflows/project_notify.yml +++ b/.github/workflows/project_notify.yml @@ -5,39 +5,39 @@ on: - cron: '0 8 * * 1-5' jobs: - Notify: - runs-on: ubuntu-latest - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - steps: - - name: Send slack message for triage issues - env: - TRIAGE_URL: https://github.com/defencedigital/mod-uk-design-system/issues?q=is%3Aissue+is%3Aopen+label%3A%22Status%3A+Awaiting+triage%22 - run: | - - result=$(( gh issue list --repo defencedigital/mod-uk-design-system -l 'Status: Awaiting triage' ) 2>&1) - - slack_triage () { - curl -X POST -H 'Content-type: application/json' --data '{"text":"There are <'$TRIAGE_URL'|Triage issues> to review this morning"}' ${{ secrets.SLACK_WEBHOOK }} - } - slack_notriage () { - curl -X POST -H 'Content-type: application/json' --data '{"text":"There are no issues to Triage this morning"}' ${{ secrets.SLACK_WEBHOOK }} - } - - if [[ `echo $result` == *"Awaiting triage"* ]]; then slack_triage ; else slack_notriage; fi - - - name: Send slack message for stale issues - env: - STALE_URL: https://github.com/defencedigital/mod-uk-design-system/issues?q=is%3Aissue+is%3Aopen+label%3A%22Status%3A+Stale%22 - run: | - - result=$(( gh issue list --repo defencedigital/mod-uk-design-system -l 'Status: Stale' ) 2>&1) - - slack_stale () { - curl -X POST -H 'Content-type: application/json' --data '{"text":"There are <'$STALE_URL'|Stale issues> to review this morning"}' ${{ secrets.SLACK_WEBHOOK }} - } - slack_nostale () { - curl -X POST -H 'Content-type: application/json' --data '{"text":"There are no Stale issues to review this morning"}' ${{ secrets.SLACK_WEBHOOK }} - } - - if [[ `echo $result` == *"Status: Stale"* ]]; then slack_stale ; else slack_nostale; fi + Notify: + runs-on: ubuntu-latest + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - name: Send slack message for triage issues + env: + TRIAGE_URL: https://github.com/defencedigital/mod-uk-design-system/issues?q=is%3Aissue+is%3Aopen+label%3A%22Status%3A+Awaiting+triage%22 + run: | + + result=$(( gh issue list --repo defencedigital/mod-uk-design-system -l 'Status: Awaiting triage' ) 2>&1) + + slack_triage () { + curl -X POST -H 'Content-type: application/json' --data '{"text":"There are <'$TRIAGE_URL'|Triage issues> to review this morning"}' ${{ secrets.SLACK_WEBHOOK }} + } + slack_notriage () { + curl -X POST -H 'Content-type: application/json' --data '{"text":"There are no issues to Triage this morning"}' ${{ secrets.SLACK_WEBHOOK }} + } + + if [[ `echo $result` == *"Awaiting triage"* ]]; then slack_triage ; else slack_notriage; fi + + - name: Send slack message for stale issues + env: + STALE_URL: https://github.com/defencedigital/mod-uk-design-system/issues?q=is%3Aissue+is%3Aopen+label%3A%22Status%3A+Stale%22 + run: | + + result=$(( gh issue list --repo defencedigital/mod-uk-design-system -l 'Status: Stale' ) 2>&1) + + slack_stale () { + curl -X POST -H 'Content-type: application/json' --data '{"text":"There are <'$STALE_URL'|Stale issues> to review this morning"}' ${{ secrets.SLACK_WEBHOOK }} + } + slack_nostale () { + curl -X POST -H 'Content-type: application/json' --data '{"text":"There are no Stale issues to review this morning"}' ${{ secrets.SLACK_WEBHOOK }} + } + + if [[ `echo $result` == *"Status: Stale"* ]]; then slack_stale ; else slack_nostale; fi diff --git a/.github/workflows/project_stale_issues.yml b/.github/workflows/project_stale_issues.yml index b0afd0b5b0..96166be410 100644 --- a/.github/workflows/project_stale_issues.yml +++ b/.github/workflows/project_stale_issues.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Add label & comment to stale issues - uses: actions/stale@v3 + uses: actions/stale@v5 with: stale-issue-message: 'This issue has been marked as stale because it has been open for 60 days with no activity' days-before-stale: 60 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1792ee13df..d5efe93406 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,18 +10,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: - # pulls all commits (needed for lerna / semantic release to correctly version) - fetch-depth: 0 - token: ${{ secrets.GH_TOKEN }} + # pulls all commits (needed for lerna / semantic release to correctly version) + fetch-depth: 0 + token: ${{ secrets.GH_TOKEN }} - - name: Pull all tags + - name: Pull all tags # pulls all tags (needed for lerna / semantic release to correctly version) run: git fetch --all --tags - name: Setup Node.js - uses: actions/setup-node@v1 + uses: actions/setup-node@v3 with: node-version: 16 registry-url: 'https://registry.npmjs.org' @@ -49,7 +49,7 @@ jobs: GIT_COMMITTER_NAME: ${{ secrets.GH_NAME }} GIT_COMMITTER_EMAIL: ${{ secrets.GH_EMAIL }} if: contains(steps.changes.outputs.changed, 'ready to publish') - run: "yarn lerna:run-version --yes --create-release github -m \"chore(Release): %v [skip ci]\" --conventional-commits" + run: 'yarn lerna:run-version --yes --create-release github -m "chore(Release): %v [skip ci]" --conventional-commits' - name: Get version from package.json after release step id: extractver diff --git a/scripts/github-actions/downloadStorybookArtifact.mjs b/scripts/github-actions/downloadStorybookArtifact.mjs new file mode 100644 index 0000000000..59c62e3102 --- /dev/null +++ b/scripts/github-actions/downloadStorybookArtifact.mjs @@ -0,0 +1,31 @@ +import fs from 'fs' + +/** + * Used by .github/workflows/post_build_and_test.yml + * + * Based on + * https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow + */ +export const downloadStorybookArtifact = async ({ github, context }) => { + const allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: context.payload.workflow_run.id, + }) + + const matchArtifact = allArtifacts.data.artifacts.filter((artifact) => { + return artifact.name === 'storybook-static' + })[0] + + const download = await github.rest.actions.downloadArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: matchArtifact.id, + archive_format: 'zip', + }) + + fs.writeFileSync( + `${process.env.GITHUB_WORKSPACE}/storybook-static.zip`, + Buffer.from(download.data) + ) +}