-
Notifications
You must be signed in to change notification settings - Fork 11
119 lines (108 loc) · 4.2 KB
/
Copy pathdeploy-package.yml
File metadata and controls
119 lines (108 loc) · 4.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
name: Deploy to NPM
on:
workflow_dispatch:
schedule:
- cron: '0 12 * * MON'
permissions:
contents: write
id-token: write
jobs:
deploy:
runs-on: ubuntu-24.04
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: '0'
persist-credentials: false
token: ${{ secrets.GH_TOKEN }}
- run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
- name: Configure SSH signing
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_SIGNING_PRIVATE_KEY }}" > ~/.ssh/signing_key
chmod 600 ~/.ssh/signing_key
git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/signing_key
git config --global commit.gpgsign true
git config --global tag.gpgsign true
- name: Git Identity
run: |
git config --global user.name 'scaleway-bot'
git config --global user.email 'github@scaleway.com'
git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/$GITHUB_REPOSITORY
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
- uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
- name: Use Node.js
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
registry-url: 'https://registry.npmjs.org/'
node-version: 20.20.2
check-latest: true
- run: pnpm install
# need to build tools and install to make tools bin(s) available
- run: pnpm turbo build "--filter=./tools/*"
- run: pnpm install
- run: pnpm run build:packages
- name: Ensure working tree is clean before release
run: |
if [ -n "$(git status --porcelain --untracked-files=normal)" ]; then
echo "Release must run from a clean working tree."
git status --short
exit 1
fi
- name: Version package with lerna
run: pnpm lerna version -y --no-private --force-git-tag --create-release github
env:
HUSKY: 0
GH_TOKEN: ${{ secrets.GH_TOKEN }}
# https://docs.github.com/en/actions/use-cases-and-examples/publishing-packages/publishing-nodejs-packages#publishing-packages-to-the-npm-registry
# npm may auto-enable provenance in GHA (OIDC); without Trusted Publishing configured on
# npmjs.com for this repo, publish can fail with a misleading 404 on PUT. Use the classic token.
- name: Publish to npm
run: pnpm -r publish --access public --tag latest
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_CONFIG_PROVENANCE: 'false'
- name: Notify Slack on success
if: success()
continue-on-error: true
run: |
curl -fsS -X POST -H 'Content-type: application/json' \
--data '{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "'"${SUCCESS_MESSAGE}"'"
}
}
]
}' \
"${SLACK_WEBHOOK_SDK_DEPLOY}"
env:
SLACK_WEBHOOK_SDK_DEPLOY: ${{ secrets.SLACK_WEBHOOK_SDK_DEPLOY }}
SUCCESS_MESSAGE: ':white_check_mark: scaleway-sdk-js released to npm: <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|view run>'
- name: Notify Slack on failure
if: failure()
continue-on-error: true
run: |
curl -fsS -X POST -H 'Content-type: application/json' \
--data '{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "'"${FAILURE_MESSAGE}"'"
}
}
]
}' \
"${SLACK_WEBHOOK_SDK_DEPLOY}"
env:
SLACK_WEBHOOK_SDK_DEPLOY: ${{ secrets.SLACK_WEBHOOK_SDK_DEPLOY }}
FAILURE_MESSAGE: ':x: scaleway-sdk-js npm deploy failed: <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|view run>'