CI ➤ Release #4263
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
run-name: >- | |
${{ | |
inputs.release && inputs.test && 'CI ➤ Test ➤ Release' || | |
inputs.test && 'CI ➤ Test' || | |
inputs.release && 'CI ➤ Release' || | |
'' | |
}} | |
on: | |
pull_request: | |
types: [opened, synchronize] | |
push: | |
branches: [main] | |
workflow_dispatch: | |
inputs: | |
test: | |
description: Test | |
required: true | |
default: true | |
type: boolean | |
release: | |
description: Release | |
required: true | |
default: false | |
type: boolean | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
permissions: | |
contents: read # for checkout | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
env: | |
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} | |
TURBO_TEAM: ${{ vars.TURBO_TEAM }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: pnpm/action-setup@v3 | |
- uses: actions/setup-node@v4 | |
with: | |
cache: pnpm | |
node-version: lts/* | |
- run: corepack enable && pnpm --version | |
- run: pnpm install | |
- run: pnpm lint | |
if: github.event.inputs.test != 'false' | |
- run: pnpm build --summarize -vvv | |
# if: github.event.inputs.test != 'false' | |
test: | |
needs: build | |
# The test matrix can be skipped, in case a new release needs to be fast-tracked and tests are already passing on main | |
if: github.event.inputs.test != 'false' | |
timeout-minutes: 15 | |
strategy: | |
# A test failing on windows doesn't mean it'll fail on macos. It's useful to let all tests run to its completion to get the full picture | |
fail-fast: false | |
matrix: | |
# https://nodejs.org/en/about/releases/ | |
# https://pnpm.io/installation#compatibility | |
# Includes the lowest version supported by preview-kit (defined in pkg.engines.node) | |
node: [lts/-1, lts/*] | |
os: [ubuntu-latest] | |
# Also test the LTS on mac and windows | |
include: | |
- os: macos-latest | |
node: lts/* | |
- os: windows-latest | |
node: lts/* | |
# We want to know ASAP if an upcoming breaking changes in the next LTS will affect us, but since "current" are unstable, | |
# it sometimes might fail until a new nightly comes out and we don't want to be blocked from merging PRs when this happens. | |
continue-on-error: ${{ matrix.node == 'current' }} | |
runs-on: ${{ matrix.os }} | |
env: | |
NODE_VERSION: ${{ matrix.node }} | |
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} | |
TURBO_TEAM: ${{ vars.TURBO_TEAM }} | |
steps: | |
# It's only necessary to do this for windows, as mac and ubuntu are sane OS's that already use LF | |
- if: matrix.os == 'windows-latest' | |
run: | | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
- uses: actions/checkout@v4 | |
- uses: pnpm/action-setup@v3 | |
- uses: actions/setup-node@v4 | |
with: | |
cache: pnpm | |
node-version: ${{ matrix.node }} | |
- run: corepack enable && pnpm --version | |
- run: pnpm install --loglevel=error | |
- run: pnpm test | |
release: | |
permissions: | |
id-token: write # to enable use of OIDC for npm provenance | |
needs: [build, test] | |
# only run if opt-in during workflow_dispatch | |
if: always() && github.event.inputs.release == 'true' && needs.build.result != 'failure' && needs.test.result != 'failure' && needs.test.result != 'cancelled' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ secrets.ECOSPARK_APP_ID }} | |
private-key: ${{ secrets.ECOSPARK_APP_PRIVATE_KEY }} | |
- uses: actions/checkout@v4 | |
with: | |
# Need to fetch entire commit history to | |
# analyze every commit since last release | |
fetch-depth: 0 | |
# Uses generated token to allow pushing commits back | |
token: ${{ steps.app-token.outputs.token }} | |
# Make sure the value of GITHUB_TOKEN will not be persisted in repo's config | |
persist-credentials: false | |
- uses: pnpm/action-setup@v3 | |
- uses: actions/setup-node@v4 | |
with: | |
cache: pnpm | |
node-version: lts/* | |
- run: corepack enable && pnpm --version | |
- run: pnpm install --loglevel=error | |
- run: pnpm run -r release | |
# Don't allow interrupting the release step if the job is cancelled, as it can lead to an inconsistent state | |
# e.g. git tags were pushed but it exited before `npm publish` | |
if: always() | |
env: | |
NPM_CONFIG_PROVENANCE: true | |
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} | |
NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} |