Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use the shared npm publish workflow to deploy #814

Merged
merged 1 commit into from
Oct 17, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file removed .github/OSBotify-private-key.asc.gpg
Binary file not shown.
75 changes: 8 additions & 67 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
@@ -1,77 +1,18 @@
name: Publish package to npmjs

# This workflow runs when code is pushed to `main` (i.e: when a pull request is merged)
on:
push:
branches: [main]

# Ensure that only once instance of this workflow executes at a time.
# Ensure that only one instance of this workflow executes at a time.
# If multiple PRs are merged in quick succession, there will only ever be one publish workflow running and one pending.
concurrency: ${{ github.workflow }}

jobs:
version:
runs-on: ubuntu-latest

# OSBotify will update the version on `main`, so this check is important to prevent an infinite loop
if: ${{ github.actor != 'OSBotify' }}

steps:
- uses: actions/checkout@v4
with:
ref: main
# The OS_BOTIFY_COMMIT_TOKEN is a personal access token tied to osbotify, which allows him to push to protected branches
token: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }}

- name: Decrypt & Import OSBotify GPG key
run: |
cd .github
gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output OSBotify-private-key.asc OSBotify-private-key.asc.gpg
gpg --import OSBotify-private-key.asc
env:
LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}

- name: Set up git for OSBotify
run: |
git config --global user.signingkey AEE1036472A782AB
git config --global commit.gpgsign true
git config --global user.name OSBotify
git config --global user.email infra+osbotify@expensify.com
- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
registry-url: 'https://registry.npmjs.org'

- name: Install npm packages
run: npm ci

- name: Update npm version
run: npm version patch

- name: Set new version in GitHub ENV
run: echo "NEW_VERSION=$(jq '.version' package.json)" >> $GITHUB_ENV

- name: Push branch and publish tags
run: git push origin main && git push --tags

- name: Build package
run: npm run build

- name: Publish to npm
run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

- name: Get merged pull request
id: getMergedPullRequest
run: |
read -r number < <(gh pr list --search ${{ github.sha }} --state merged --json 'number' | jq -r '.[0] | [.number] | join(" ")')
echo "number=$number" >> "$GITHUB_OUTPUT"
env:
GITHUB_TOKEN: ${{ github.token }}

- name: Comment on merged pull request
run: gh pr comment ${{ steps.getMergedPullRequest.outputs.number }} --body "🚀Published to npm in v${{ env.NEW_VERSION }}"
env:
GITHUB_TOKEN: ${{ github.token }}
publish:
# os-botify[bot] will update the version on `main`, so this check is important to prevent an infinite loop
if: ${{ github.actor != 'os-botify[bot]' }}
uses: Expensify/GitHub-Actions/.github/workflows/npmPublish.yml@main
secrets: inherit
with:
should_run_build: true
3 changes: 0 additions & 3 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,5 @@ package.json-e
*.swp
dist

# Decrypted private key we do not want to commit
.github/OSBotify-private-key.asc

# Published package
*.tgz
Loading