Skip to content

Commit

Permalink
Add an end-to-end workflow for scheduled updates
Browse files Browse the repository at this point in the history
* Use GH API when performing actions which could be signed
  Docs indicate that this might allow for signed tags in CI (as "github-actions[bot]")
  For details, see https://github.blog/engineering/commit-signing-support-for-bots-and-other-github-apps/

* Fix release.yaml (add -npmjs to publish-npm-registry for publish-webjar-test-echo)

* Update package URLs
  • Loading branch information
tsmock committed Aug 21, 2024
1 parent 7384458 commit e5f4004
Show file tree
Hide file tree
Showing 4 changed files with 88 additions and 17 deletions.
19 changes: 13 additions & 6 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,14 @@ name: NPM CI release
on:
release:
types: [created]
workflow_call:

jobs:
build:
name: build
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
Expand All @@ -26,8 +29,9 @@ jobs:
needs: build
runs-on: ubuntu-latest
permissions:
id-token: write
attestations: write
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
Expand All @@ -41,23 +45,26 @@ jobs:
needs: build
runs-on: ubuntu-latest
permissions:
id-token: write
attestations: write
contents: read
id-token: write
packages: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
registry-url: 'https://npm.pkg.github.com'
- run: npm publish --provenance
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

publish-webjar-test-echo:
needs: publish-npm-registry
publish-webjar:
needs: publish-npm-registry-npmjs
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- run: echo curl "https://www.webjars.org/deploy?webJarType=npm&nameOrUrlish=tag2link&version=$(jq -r '.version' package.json)"
- run: curl "https://www.webjars.org/deploy?webJarType=npm&nameOrUrlish=tag2link&version=$(jq -r '.version' package.json)"

80 changes: 72 additions & 8 deletions .github/workflows/scheduled_update.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ jobs:
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
sha: ${{ steps.git-push.outputs.sha }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
Expand All @@ -24,17 +26,79 @@ jobs:
- run: python3 osm_wikidata.py
- run: npm install
- run: npm run build
- run: |
git config --global user.name 'Github tag2link Action'
git config --global user.email 'tsmock@users.noreply.github.com'
git commit -am "Automated update"
git push
- id: git-push
run: |
set -ex
git diff --name-only
if [ $(git diff --name-only | wc -l) -gt 0 ]; then
tag=$(jq -r '.version' package.json)
# The GH api only allows for single file commits right now
for file in $(git diff --name-only); do
gh api --method PUT -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \
"/repos/${{ github.repository }}/contents/$file" \
--field "message=Automatic update for ${tag}: ${file}" \
--field "encoding=base64" \
--field "branch=${{ github.ref_name }}" \
--field "content=$(base64 -i "${file}")" \
--field "sha=$(git rev-parse "${{ github.ref_name }}:${file}")" | \
jq -r '.commit.sha' | sed '1s@^@sha=@' >> "$GITHUB_OUTPUT"
done
fi
env:
GH_TOKEN: ${{ github.token }}
tag:
runs-on: ubuntu-latest
permissions:
contents: write
needs: update
env:
GH_TOKEN: ${{ github.token }}
outputs:
release_needed: ${{ steps.tag.outputs.release_needed }}
steps:
- uses: actions/checkout@v4
- run: git tag $(jq -r '.version' package.json) -sm $(jq -r '.version' package.json)
- run: git push -u origin
- run: gh release create $(jq -r '.version' package.json) --generate-notes
with:
fetch-depth: 0
- id: tag
run: |
gh repo sync
tag=$(git describe --tags --abbrev=0) || release_needed="true"
sha=${{ needs.update.outputs.sha }}
if [ -z "${sha}" ]; then sha="HEAD"; fi
for file in $(git diff ${tag}..${sha} --name-only); do
if [ $file == "taginfo.json" ] || [ $file == "index.json" ] || [ $file == "package.json"] ; then
release_needed="true"
break
fi
done
if [ $release_needed == "true" ]; then
tag=$(jq -r '.version' package.json)
object=$(git rev-parse --verify ${sha})
gh api --method POST -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \
/repos/${{ github.repository }}/git/tags \
--field "tag=${tag}" \
--field "message=${tag}" \
--field "object=${object}" \
--field "type=commit" \
--field "tagger[name]=github-actions[bot]" \
--field "tagger[email]=41898282+github-actions[bot]@users.noreply.github.com" \
--field "tagger[date]=$(date --iso-8601=seconds)"
gh api --method POST -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \
/repos/${{ github.repository }}/git/refs \
--field "ref=refs/tags/${tag}" \
--field "sha=${object}"
gh release create ${tag} --generate-notes
echo "release_needed=true" >> "$GITHUB_OUTPUT"
else
echo "release_needed=false" >> "$GITHUB_OUTPUT"
fi
publish:
needs: tag
if: needs.tag.outputs.release_needed
uses: ./.github/workflows/release.yaml
secrets: inherit
permissions:
attestations: write
contents: read
id-token: write
packages: write
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,10 @@
"scripts": {
"build": "npx ts-node build.ts"
},
"homepage": "https://github.com/osmlab/tag2link",
"homepage": "https://github.com/JOSM/tag2link",
"repository": {
"type": "git",
"url": "git+https://github.com/osmlab/tag2link.git"
"url": "https://github.com/JOSM/tag2link"
},
"author": "Simon Legner <Simon.Legner@gmail.com>",
"license": "ISC",
Expand Down
2 changes: 1 addition & 1 deletion taginfo.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"data_format": 1,
"data_updated": "20240821T080000Z",
"data_updated": "20240821T160000Z",
"project": {
"name": "tag2link",
"description": "Formatter URLs for OpenStreetMap tags",
Expand Down

0 comments on commit e5f4004

Please sign in to comment.