-
Notifications
You must be signed in to change notification settings - Fork 0
135 lines (128 loc) · 5.52 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
---
name: CI & Release
# Workflow name based on selected inputs. Fallback to default Github naming when expression evaluates to empty string
run-name: >-
${{
inputs.release && inputs.test && format('Build {0} ➤ Test ➤ Publish to NPM', github.ref_name) ||
inputs.release && !inputs.test && format('Build {0} ➤ Skip Tests ➤ Publish to NPM', github.ref_name) ||
github.event_name == 'workflow_dispatch' && inputs.test && format('Build {0} ➤ Test', github.ref_name) ||
github.event_name == 'workflow_dispatch' && !inputs.test && format('Build {0} ➤ Skip Tests', github.ref_name) ||
''
}}
on:
# Build on pushes branches that have a PR (including drafts)
pull_request:
# Build on commits pushed to branches without a PR if it's in the allowlist
push:
branches: [main]
# https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow
workflow_dispatch:
inputs:
# test:
# description: Run tests
# required: true
# default: true
# type: boolean
release:
description: Release new version
required: true
default: false
type: boolean
concurrency:
# On PRs builds will cancel if new pushes happen before the CI completes, as it defines `github.head_ref` and gives it the name of the branch the PR wants to merge into
# Otherwise `github.run_id` ensures that you can quickly merge a queue of PRs without causing tests to auto cancel on any of the commits pushed to main.
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read # for checkout
jobs:
build:
runs-on: ubuntu-latest
name: Lint & Build
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
cache: npm
node-version: lts/*
- run: yarn install --frozen-lockfile
# Linting can be skipped
- run: yarn lint
# if: github.event.inputs.test != 'false'
# But not the build script, as semantic-release will crash if this command fails so it makes sense to test it early
- run: yarn prepublishOnly --if-present
# Will add when I add tests
# test:
# needs: build
# # The test matrix can be skipped, in case a new release needs to be fast-tracked and tests are already passing on main
# if: github.event.inputs.test != 'false'
# runs-on: ${{ matrix.os }}
# name: Node.js ${{ matrix.node }} / ${{ matrix.os }}
# strategy:
# # A test failing on windows doesn't mean it'll fail on macos. It's useful to let all tests run to its completion to get the full picture
# fail-fast: false
# matrix:
# # Run the testing suite on each major OS with the latest LTS release of Node.js
# os: [macos-latest, ubuntu-latest, windows-latest]
# node: [lts/*]
# # It makes sense to also test the oldest, and latest, versions of Node.js, on ubuntu-only since it's the fastest CI runner
# include:
# - os: ubuntu-latest
# # Test the oldest LTS release of Node that's still receiving bugfixes and security patches, versions older than that have reached End-of-Life
# node: lts/-1
# - os: ubuntu-latest
# # Test the actively developed version that will become the latest LTS release next October
# node: current
# steps:
# # It's only necessary to do this for windows, as mac and ubuntu are sane OS's that already use LF
# - name: Set git to use LF
# if: matrix.os == 'windows-latest'
# run: |
# git config --global core.autocrlf false
# git config --global core.eol lf
# - uses: actions/checkout@v4
# - uses: actions/setup-node@v4
# with:
# cache: npm
# node-version: ${{ matrix.node }}
# - run: yarn install
# - run: npm test --if-present
release:
permissions:
id-token: write # to enable use of OIDC for npm provenance
needs: [build]
# only run if opt-in during workflow_dispatch
# add back in && needs.test.result != 'failure' && needs.test.result != 'cancelled'
if: always() && github.event.inputs.release == 'true' && needs.build.result != 'failure'
runs-on: ubuntu-latest
name: Semantic release
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.ECOSPARK_APP_ID }}
private-key: ${{ secrets.ECOSPARK_APP_PRIVATE_KEY }}
- uses: actions/checkout@v4
with:
# Need to fetch entire commit history to
# analyze every commit since last release
fetch-depth: 0
# Uses generated token to allow pushing commits back
token: ${{ steps.app-token.outputs.token }}
# Make sure the value of GITHUB_TOKEN will not be persisted in repo's config
persist-credentials: false
- uses: actions/setup-node@v4
with:
cache: npm
node-version: lts/*
- run: yarn install --frozen-lockfile
- run: npm audit signatures
# Branches that will release new versions are defined in .releaserc.json
- run: npx semantic-release
# Don't allow interrupting the release step if the job is cancelled, as it can lead to an inconsistent state
# e.g. git tags were pushed but it exited before `npm publish`
if: always()
env:
NPM_CONFIG_PROVENANCE: true
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}