clean up the workflows #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Publish Packages" | ||
| on: | ||
| push: | ||
| branches: | ||
| - pkg-release | ||
| - fake-release | ||
| paths-ignore: | ||
| - '**.md' | ||
| - '**.txt' | ||
| - '.**ignore' | ||
| - 'docs/**' | ||
| # TODO: what if package.dependencies, files were updated? | ||
| # this is meant to avoid triggering the on.push event for the version bump | ||
| - '**package*.json' | ||
| workflow_dispatch: | ||
| inputs: | ||
| build_secret: | ||
| type: string | ||
| description: Build secret | ||
| jobs: | ||
| publish: | ||
|
Check failure on line 24 in .github/workflows/CD-publish-packages.yml
|
||
| needs: [unit_test, integration_test] | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| timeout-minutes: 20 | ||
| steps: | ||
| - name: Check secret | ||
| if: github.event_name == 'workflow_dispatch' | ||
| run: | | ||
| if [ "${{ github.event.inputs.build_secret }}" != "${{ secrets.BUILD_SECRET }}" ]; then | ||
| echo "Wrong build secret." | ||
| exit 1 | ||
| fi | ||
| - name: Check user permission | ||
| if: github.event_name == 'workflow_dispatch' | ||
| id: check | ||
| uses: scherermichael-oss/action-has-permission@master | ||
| with: | ||
| required-permission: write | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Exit if user doesn't have write permission | ||
| if: github.event_name == 'workflow_dispatch' | ||
| run: | | ||
| if [ "${{ steps.check.outputs.has-permission }}" = "false" ]; then | ||
| echo "Only users with write permission are allowed to execute this workflow." | ||
| exit 1 | ||
| fi | ||
| - uses: actions/checkout@v3 | ||
| with: | ||
| token: ${{ secrets.PAT }} | ||
| - name: Fetch All Tags | ||
| run: git fetch --all --tags | ||
| # Setup .npmrc file to publish to GitHub Packages | ||
| - uses: actions/setup-node@v3 | ||
| with: | ||
| cache: 'npm' | ||
| node-version: '16' | ||
| registry-url: 'https://registry.npmjs.org' | ||
| scope: '@sjcrh' | ||
| - name: ⚡ Cache | ||
| uses: actions/cache@v2 | ||
| with: | ||
| path: ~/.npm | ||
| key: ${{ runner.OS }}-npm-cache-${{ hashFiles('**/package-lock.json') }} | ||
| restore-keys: ${{ runner.OS }}-npm-cache- | ||
| - name: Install dependencies | ||
| run: npm ci | ||
| - name: Run version bump | ||
| run: | | ||
| VERTYPE=prerelease # default | ||
| NOTES=$(node ./build/changeLogGenerator.js -u) | ||
| if [[ "$NOTES" == *"Features:"* ]]; then | ||
| VERTYPE=minor | ||
| elif [[ "$NOTES" == *"Fixes:"* ]]; then | ||
| VERTYPE=patch | ||
| fi | ||
| . ./build/ci-version-update.sh $VERTYPE -w -x=container | ||
| - name: Publish packages | ||
| run: | | ||
| BRANCH=$(git rev-parse --abbrev-ref HEAD) | ||
| if [[ "$BRANCH" != "pkg-release" && "$BRANCH" != "master" ]]; then | ||
| echo "skipping publishing" | ||
| else | ||
| # ./build/bump.js is called from within `ci-version-update.sh`, | ||
| # get the same updated workspaces but don't edit the package.json's (no -w option) | ||
| UPDATED=$(./build/bump.js prerelease) | ||
| ./build/ci-npm-publish.sh "$UPDATED" | ||
| if [[ "$BRANCH" != "master" ]]; then | ||
| echo "merging to master" | ||
| git fetch --depth=10 origin master:master | ||
| git switch master | ||
| git merge $BRANCH | ||
| git push | ||
| fi | ||
| fi | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.NPMJS_TOKEN }} | ||
