From c331a633abef5502cfb5b1538b43b1f1a109a558 Mon Sep 17 00:00:00 2001 From: Peter Somogyvari Date: Wed, 2 Oct 2024 14:38:47 -0700 Subject: [PATCH] ci(github): enable manual publishing of custom git tags via input args The `all-nodejs-packages-publish.yaml` workflow now has an input parameter where one can specify an arbitrary release git tag (such as v2.0.0-rc.5) to be the one to be published. This will help us in scenarios where the release automation script failed to run on GitHub and we have no way of publishing the given release manually from a local machine (since we do not have access to the npm/ghcr) tokens of the foundation (which is good security posture that we are happy to have) In the scenario described above, in the future this will (should) allow us to fix bugs in the release automation script in commits that come **after** the failed release and then manually trigger the updated (now functional) publish job for the older release version. This will (hopefully) grant us the ability to ensure that releases are not missing from the registries despite sometimes the automation breaking down. Signed-off-by: Peter Somogyvari --- .../all-nodejs-packages-publish.yaml | 42 +++++++++++++++++-- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/.github/workflows/all-nodejs-packages-publish.yaml b/.github/workflows/all-nodejs-packages-publish.yaml index e702a209cf..62375735b5 100644 --- a/.github/workflows/all-nodejs-packages-publish.yaml +++ b/.github/workflows/all-nodejs-packages-publish.yaml @@ -7,6 +7,12 @@ on: push: tags: - v* + workflow_dispatch: + inputs: + GIT_TAG_TO_PUBLISH: + description: 'The specific git tag to publish' + required: false + default: '' concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} @@ -16,9 +22,18 @@ jobs: build-and-publish-packages: runs-on: ubuntu-22.04 steps: + - name: Print Workflow inputs.GIT_TAG_TO_PUBLISH + run: | + echo "inputs.GIT_TAG_TO_PUBLISH=${{ inputs.GIT_TAG_TO_PUBLISH }}" + - uses: actions/checkout@v4.1.7 + with: + ref: ${{ inputs.GIT_TAG_TO_PUBLISH }} + - run: git fetch --unshallow --prune + - run: git status --long --verbose + - uses: actions/setup-node@v4.0.3 with: always-auth: true @@ -36,6 +51,10 @@ jobs: JEST_TEST_RUNNER_DISABLED: true TAPE_TEST_RUNNER_DISABLED: true + - name: Check npm whoami with --registry set to npmjs + continue-on-error: true + run: npm whoami --registry=https://registry.npmjs.org/ + - name: lerna-publish-npm env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} @@ -60,14 +79,29 @@ jobs: scope: "@hyperledger" - run: cat /home/runner/work/_temp/.npmrc - + + # Re-initialize the registries so that the @iroha2 scope gets configured in .npmrc + - run: yarn run init-registries + + - run: cat /home/runner/work/_temp/.npmrc + + - name: Check npm whoami with no --registry parameter. + continue-on-error: true + run: npm whoami + + - name: Check npm whoami with --registry set to GHCR + continue-on-error: true + run: npm whoami --registry=https://npm.pkg.github.com/ + + - name: Configure git user and email + run: | + git config --global user.email "npm-ci@hyperledger.org" + git config --global user.name "hyperledger-ghci" + # We run the publish script a second time after having reconfigured the registry to be GHCR # instead of npmjs.org so that we can publish the packages everywhere. - name: lerna-publish-ghcr env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - git config --global user.email "npm-ci@hyperledger.org" - git config --global user.name "hyperledger-ghci" - npm whoami yarn lerna publish from-git --yes --loglevel=debug --ignore-scripts