ci(github): enable manual publishing of custom git tags via input args

The `all-nodejs-packages-publish.yaml` workflow now has an input parameter where one can specify an arbitrary release git tag (such as v2.0.0-rc.5) to be the one to be published. This will help us in scenarios where the release automation script failed to run on GitHub and we have no way of publishing the given release manually from a local machine (since we do not have access to the npm/ghcr) tokens of the foundation (which is good security posture that we are happy to have) In the scenario described above, in the future this will (should) allow us to fix bugs in the release automation script in commits that come **after** the failed release and then manually trigger the updated (now functional) publish job for the older release version. This will (hopefully) grant us the ability to ensure that releases are not missing from the registries despite sometimes the automation breaking down. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz · Oct 4, 2024 · c331a63 · c331a63
1 parent 466446a
commit c331a63
Showing 1 changed file with 38 additions and 4 deletions.
diff --git a/.github/workflows/all-nodejs-packages-publish.yaml b/.github/workflows/all-nodejs-packages-publish.yaml
@@ -7,6 +7,12 @@ on:
   push:
     tags:
       - v*
+  workflow_dispatch:
+    inputs:
+      GIT_TAG_TO_PUBLISH:
+        description: 'The specific git tag to publish'
+        required: false
+        default: ''
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
@@ -16,9 +22,18 @@ jobs:
   build-and-publish-packages:
     runs-on: ubuntu-22.04
     steps:
+      - name: Print Workflow inputs.GIT_TAG_TO_PUBLISH
+        run: |
+          echo "inputs.GIT_TAG_TO_PUBLISH=${{ inputs.GIT_TAG_TO_PUBLISH }}" 
+
       - uses: actions/checkout@v4.1.7
+        with:
+          ref: ${{ inputs.GIT_TAG_TO_PUBLISH }}
+
       - run: git fetch --unshallow --prune
 
+      - run: git status --long --verbose
+
       - uses: actions/setup-node@v4.0.3
         with:
           always-auth: true
@@ -36,6 +51,10 @@ jobs:
           JEST_TEST_RUNNER_DISABLED: true
           TAPE_TEST_RUNNER_DISABLED: true
 
+      - name: Check npm whoami with --registry set to npmjs
+        continue-on-error: true
+        run: npm whoami --registry=https://registry.npmjs.org/
+
       - name: lerna-publish-npm
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -60,14 +79,29 @@ jobs:
           scope: "@hyperledger"
 
       - run: cat /home/runner/work/_temp/.npmrc
-
+
+      # Re-initialize the registries so that the @iroha2 scope gets configured in .npmrc
+      - run: yarn run init-registries
+
+      - run: cat /home/runner/work/_temp/.npmrc
+
+      - name: Check npm whoami with no --registry parameter.
+        continue-on-error: true
+        run: npm whoami
+
+      - name: Check npm whoami with --registry set to GHCR
+        continue-on-error: true
+        run: npm whoami --registry=https://npm.pkg.github.com/
+
+      - name: Configure git user and email
+        run: |
+          git config --global user.email "npm-ci@hyperledger.org"
+          git config --global user.name "hyperledger-ghci"
+
       # We run the publish script a second time after having reconfigured the registry to be GHCR
       # instead of npmjs.org so that we can publish the packages everywhere.
       - name: lerna-publish-ghcr
         env:
           NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          git config --global user.email "npm-ci@hyperledger.org"
-          git config --global user.name "hyperledger-ghci"
-          npm whoami
           yarn lerna publish from-git --yes --loglevel=debug --ignore-scripts