Skip to content

CI ➤ Release

CI ➤ Release #4229

Workflow file for this run

---
name: CI
run-name: >-
${{
inputs.release && inputs.test && 'CI ➤ Test ➤ Release' ||
inputs.test && 'CI ➤ Test' ||
inputs.release && 'CI ➤ Release' ||
''
}}
on:
pull_request:
types: [opened, synchronize]
push:
branches: [main]
workflow_dispatch:
inputs:
test:
description: Test
required: true
default: true
type: boolean
release:
description: Release
required: true
default: false
type: boolean
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read # for checkout
jobs:
build:
runs-on: ubuntu-latest
env:
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: ${{ vars.TURBO_TEAM }}
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v3
- uses: actions/setup-node@v4
with:
cache: pnpm
node-version: lts/*
- run: corepack enable && pnpm --version
- run: pnpm install
- run: pnpm lint
if: github.event.inputs.test != 'false'
- run: pnpm build --summarize -vvv
# if: github.event.inputs.test != 'false'
test:
needs: build
# The test matrix can be skipped, in case a new release needs to be fast-tracked and tests are already passing on main
if: github.event.inputs.test != 'false'
timeout-minutes: 15
strategy:
# A test failing on windows doesn't mean it'll fail on macos. It's useful to let all tests run to its completion to get the full picture
fail-fast: false
matrix:
# https://nodejs.org/en/about/releases/
# https://pnpm.io/installation#compatibility
# Includes the lowest version supported by preview-kit (defined in pkg.engines.node)
node: [lts/-1, lts/*]
os: [ubuntu-latest]
# Also test the LTS on mac and windows
include:
- os: macos-latest
node: lts/*
- os: windows-latest
node: lts/*
# We want to know ASAP if an upcoming breaking changes in the next LTS will affect us, but since "current" are unstable,
# it sometimes might fail until a new nightly comes out and we don't want to be blocked from merging PRs when this happens.
continue-on-error: ${{ matrix.node == 'current' }}
runs-on: ${{ matrix.os }}
env:
NODE_VERSION: ${{ matrix.node }}
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: ${{ vars.TURBO_TEAM }}
steps:
# It's only necessary to do this for windows, as mac and ubuntu are sane OS's that already use LF
- if: matrix.os == 'windows-latest'
run: |
git config --global core.autocrlf false
git config --global core.eol lf
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v3
- uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ matrix.node }}
- run: corepack enable && pnpm --version
- run: pnpm install --loglevel=error
- run: pnpm test
release:
permissions:
id-token: write # to enable use of OIDC for npm provenance
needs: [build, test]
# only run if opt-in during workflow_dispatch
if: always() && github.event.inputs.release == 'true' && needs.build.result != 'failure' && needs.test.result != 'failure' && needs.test.result != 'cancelled'
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.ECOSPARK_APP_ID }}
private-key: ${{ secrets.ECOSPARK_APP_PRIVATE_KEY }}
- uses: actions/checkout@v4
with:
# Need to fetch entire commit history to
# analyze every commit since last release
fetch-depth: 0
# Uses generated token to allow pushing commits back
token: ${{ steps.app-token.outputs.token }}
# Make sure the value of GITHUB_TOKEN will not be persisted in repo's config
persist-credentials: false
- uses: pnpm/action-setup@v3
- uses: actions/setup-node@v4
with:
cache: pnpm
node-version: lts/*
- run: corepack enable && pnpm --version
- run: pnpm install --loglevel=error
- run: pnpm run -r release
# Don't allow interrupting the release step if the job is cancelled, as it can lead to an inconsistent state
# e.g. git tags were pushed but it exited before `npm publish`
if: always()
env:
NPM_CONFIG_PROVENANCE: true
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}