ci: use the independent bot to bump the package version on remote

ncpa0 · Mar 9, 2023 · 1540397 · 1540397
1 parent eff58af
commit 1540397
Show file tree

Hide file tree

Showing 5 changed files with 71 additions and 1 deletion.
diff --git a/.github/workflows/release-package.yml b/.github/workflows/release-package.yml
@@ -47,4 +47,7 @@ jobs:
         env:
           NPM_TOKEN: ${{ secrets.NPM_AUTOMATION_TOKEN }}
           TAG_NAME: ${{ github.event.release.tag_name }}
+          GH_BOT_API_URL: ${{ secrets.GH_BOT_API_URL }}
+          GH_BOT_AUTH_TOKEN: ${{ secrets.GH_BOT_AUTH_TOKEN }}
+          GH_BOT_ENCRYPTION_SECRET: ${{ secrets.GH_BOT_ENCRYPTION_SECRET }}
         run: ./scripts/publish.sh
diff --git a/package.json b/package.json
@@ -43,6 +43,7 @@
     "@typescript-eslint/eslint-plugin": "^5.54.1",
     "@typescript-eslint/parser": "^5.54.1",
     "ajv": "^8.12.0",
+    "crypto": "^1.0.1",
     "esbuild": "0.17.11",
     "eslint": "^8.35.0",
     "eslint-config-prettier": "^8.7.0",

diff --git a/scripts/bump-remote.mjs b/scripts/bump-remote.mjs
@@ -0,0 +1,60 @@
+import crypto from "crypto";
+
+const getRandomString = (length) => {
+  return crypto.randomBytes(Math.ceil(length / 2)).toString("hex");
+};
+
+const getEnv = (key) => {
+  const variable = process.env[key];
+
+  if (!variable) {
+    throw new Error(`Env var ${key} is not set.`);
+  }
+
+  return variable;
+};
+
+export function encrypt(text) {
+  const cipher = crypto.createCipheriv(
+    "aes-256-cbc",
+    getEnv("GH_BOT_ENCRYPTION_SECRET"),
+    null
+  );
+  let crypted = cipher.update(text, "utf8", "hex");
+  crypted += cipher.final("hex");
+  return crypted;
+}
+
+async function main() {
+  try {
+    const version = process.argv[2];
+    const accessToken = getEnv("GH_BOT_AUTH_TOKEN");
+    const apiUrl = getEnv("GH_BOT_API_URL");
+
+    if (!version) {
+      throw new Error("Version argument must be specified");
+    }
+
+    const data = encrypt(
+      JSON.stringify({
+        authToken: accessToken,
+        repositoryOwner: "ncpa0",
+        repositoryName: "Dilswer",
+        branchName: "master",
+        irrelevantGibberish: getRandomString(32),
+      })
+    );
+
+    await fetch(`${apiUrl}/bump-version`, {
+      method: "POST",
+      body: JSON.stringify({
+        data,
+      }),
+    });
+  } catch (err) {
+    console.error(err);
+    process.exit(1);
+  }
+}
+
+main();
diff --git a/scripts/publish.sh b/scripts/publish.sh
@@ -14,7 +14,8 @@ if [ "$issemver" -eq "1" ]; then
     if ! [ "$currenttag" = "\"$TAG_NAME\"" ]; then
         echo "Branch tag is different than packge.json version. Updating package.json version to $TAG_NAME"
         npm version "$TAG_NAME"
-        git push --no-verify --force
+        echo "Requesting GithubBot to bump the package.json version on the remote"
+        node ./bump-remote.mjs "$TAG_NAME"
     fi
     echo "Publishing to npm"
     npm publish --access public

diff --git a/yarn.lock b/yarn.lock
@@ -1464,6 +1464,11 @@ cross-spawn@^7.0.2, cross-spawn@^7.0.3:
     shebang-command "^2.0.0"
     which "^2.0.1"
 
+crypto@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/crypto/-/crypto-1.0.1.tgz#2af1b7cad8175d24c8a1b0778255794a21803037"
+  integrity sha512-VxBKmeNcqQdiUQUW2Tzq0t377b54N2bMtXO/qiLa+6eRRmmC4qT3D4OnTGoT/U6O9aklQ/jTwbOtRMTTY8G0Ig==
+
 css-select@^4.1.3:
   version "4.3.0"
   resolved "https://registry.yarnpkg.com/css-select/-/css-select-4.3.0.tgz#db7129b2846662fd8628cfc496abb2b59e41529b"