ci: setup basic CI

codegouvfr · Jun 20, 2024 · eb80bdc · eb80bdc
1 parent 17bd376
commit eb80bdc
Show file tree

Hide file tree

Showing 4 changed files with 126 additions and 0 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,31 @@
+name: Build, check lint and format
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          cache: yarn
+
+      - name: Install dependencies
+        run: yarn install --immutable
+
+      - name: Lint
+        run: yarn run lint
+
+      - name: Format
+        run: npm run format:check
+
+      - name: Build
+        run: npm run build
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -0,0 +1,88 @@
+name: Publish
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  check_if_version_upgraded:
+    name: Check if version upgrade
+    # When someone forks the repo and opens a PR we want to enables the tests to be run (the previous jobs)
+    # but obviously only us should be allowed to release.
+    # In the following check we make sure that we own the branch this CI workflow is running on before continuing.
+    # Without this check, trying to release would fail anyway because only us have the correct secret.NPM_TOKEN but
+    # it's cleaner to stop the execution instead of letting the CI crash.
+    if: |
+      github.event_name == 'push' ||
+      github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
+    runs-on: ubuntu-latest
+    outputs:
+      from_version: ${{ steps.step1.outputs.from_version }}
+      to_version: ${{ steps.step1.outputs.to_version }}
+      is_upgraded_version: ${{ steps.step1.outputs.is_upgraded_version }}
+      is_pre_release: ${{steps.step1.outputs.is_pre_release }}
+    steps:
+      - uses: garronej/[email protected]
+        id: step1
+        with:
+          action_name: is_package_json_version_upgraded
+          branch: ${{ github.head_ref || github.ref }}
+
+  create_github_release:
+    runs-on: ubuntu-latest
+    # We create release only if the version in the package.json have been upgraded and this CI is running against the main branch.
+    # We allow branches with a PR open on main to publish pre-release (x.y.z-rc.u) but not actual releases.
+    if: |
+      needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' &&
+      (
+        github.event_name == 'push' ||
+        needs.check_if_version_upgraded.outputs.is_pre_release == 'true'
+      )
+    needs:
+      - check_if_version_upgraded
+    steps:
+      - uses: softprops/action-gh-release@v2
+        with:
+          name: Release v${{ needs.check_if_version_upgraded.outputs.to_version }}
+          tag_name: v${{ needs.check_if_version_upgraded.outputs.to_version }}
+          target_commitish: ${{ github.head_ref || github.ref }}
+          generate_release_notes: true
+          draft: false
+          prerelease: ${{ needs.check_if_version_upgraded.outputs.is_pre_release == 'true' }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  publish_on_npm:
+    runs-on: ubuntu-latest
+    needs:
+      - create_github_release
+      - check_if_version_upgraded
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+      - uses: actions/setup-node@v4
+        with:
+          registry-url: https://registry.npmjs.org/
+      - uses: bahmutov/npm-install@v1
+      - run: yarn build
+      - name: Publishing on NPM
+        run: |
+          if [ "$(npm show . version)" = "$VERSION" ]; then
+            echo "This version is already published"
+            exit 0
+          fi
+          if [ "$NODE_AUTH_TOKEN" = "" ]; then
+            echo "Can't publish on NPM, You must first create a secret called NPM_TOKEN that contains your NPM auth token. https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets"
+            false
+          fi
+          EXTRA_ARGS=""
+          if [ "$IS_PRE_RELEASE" = "true" ]; then
+              EXTRA_ARGS="--tag next"
+          fi
+          npm publish $EXTRA_ARGS
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
+          VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
+          IS_PRE_RELEASE: ${{ needs.check_if_version_upgraded.outputs.is_pre_release }}
diff --git a/package.json b/package.json
@@ -29,12 +29,14 @@
   "scripts": {
     "build": "tsup",
     "dev": "tsup --watch",
+    "lint": "tsc --noEmit --strict",
     "format:check": "prettier --check .",
     "format": "prettier --write ."
   },
   "devDependencies": {
     "@types/react": "^18.3.3",
     "prettier": "^3.3.2",
+    "tsc": "^2.0.4",
     "tsup": "^8.1.0",
     "typescript": "^5.4.5"
   },

diff --git a/yarn.lock b/yarn.lock
@@ -1133,6 +1133,11 @@ tsafe@^1.6.3:
   resolved "https://registry.yarnpkg.com/tsafe/-/tsafe-1.7.2.tgz#0f63d414876287ad01b135f832722f93e22da374"
   integrity sha512-dAPfQLhCfCRre5qs+Z5Q2a7s2CV7RxffZUmvj7puGaePYjECzWREJFd3w4XSFe/T5tbxgowfItA/JSSZ6Ma3dA==
 
+tsc@^2.0.4:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/tsc/-/tsc-2.0.4.tgz#5f6499146abea5dca4420b451fa4f2f9345238f5"
+  integrity sha512-fzoSieZI5KKJVBYGvwbVZs/J5za84f2lSTLPYf6AGiIf43tZ3GNrI1QzTLcjtyDDP4aLxd46RTZq1nQxe7+k5Q==
+
 tsup@^8.1.0:
   version "8.1.0"
   resolved "https://registry.yarnpkg.com/tsup/-/tsup-8.1.0.tgz#354ce9def1721f5029564382ea2a42dc67fbb489"