-
Notifications
You must be signed in to change notification settings - Fork 51
143 lines (142 loc) · 6.66 KB
/
publish-to-npm.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: publish-to-npm
on:
release:
types: [released]
# Support manual releases in case something goes wrong, or we need to do a test.
workflow_dispatch:
inputs:
tag:
description: Tag to be published
type: string
required: true
jobs:
# Step 1: Verify that the tag we're trying to release is a valid candidate for publishing.
verify-candidate-tag:
runs-on: ubuntu-latest
steps:
# Check out the main branch, and get its head commit as output for later.
- uses: actions/checkout@v4
with:
ref: 'main'
- run: echo "COMMIT_ID=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
id: get-branch-commit
# Checkout the tag we want to release, and get its head commit as output for later.
- uses: actions/checkout@v4
with:
ref: ${{ github.event.release.tag_name || inputs.tag }}
- run: echo "COMMIT_ID=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
id: get-tag-commit
# If the two commits aren't identical, the tag isn't eligible for release.
- name: Fail non-matching commits
if: ${{ steps.get-branch-commit.outputs.COMMIT_ID != steps.get-tag-commit.outputs.COMMIT_ID }}
run: |
echo "Tag commit must match latest commit in main. Branch is ${{ steps.get-branch-commit.outputs.COMMIT_ID }}. Tag is ${{ steps.get-tag-commit.outputs.COMMIT_ID }}"
exit 1
# Verify that the `package.json`'s version property is 4.Y.Z, as we want to restrict the `dev` and `release`
# branches to publishing v4.x.
- name: Verify major version
run: |
MAJOR_VERSION=`cat package.json | jq '.version | split(".") | .[0]' | xargs`
[[ ${MAJOR_VERSION} == 4 ]] || (echo "package.json version must be 4.x" && exit 1)
# Verify that the tag is of the format "vX.Y.Z", where the X, Y, and Z exactly match the corresponding values in
# `package.json`'s version property.
- name: Compare tag to package.json
run: |
TAG=${{ github.event.release.tag_name || inputs.tag }}
PACKAGE_VERSION=v`cat package.json | jq '.version' | xargs`
[[ ${TAG} == ${PACKAGE_VERSION} ]] || (echo "Tag name must match package.json version, prefixed by lowercase v" && exit 1)
# Step 2: Publish the tag as a release candidate.
publish-rc:
needs: verify-candidate-tag
uses: salesforcecli/github-workflows/.github/workflows/npmPublish.yml@main
with:
ctc: false # We've been told we don't have to care about this until someone makes us care.
sign: true
tag: latest-rc # Publish as a release candidate, so we can do our validations against it.
githubTag: ${{ github.event.release.tag_name || inputs.tag }}
secrets: inherit
# Step 3: Run smoke tests against the release candidate.
rc-test:
needs: publish-rc
strategy:
# By default, if any job in a matrix fails, all other jobs are immediately cancelled. This option makes the jobs
# run to completion instead.
fail-fast: false
matrix:
os: [{vm: ubuntu-latest, exe: .sh}, {vm: macos-latest, exe: .sh}, {vm: windows-2019, exe: .cmd}]
runs-on: ${{ matrix.os.vm }}
steps:
# We need to checkout the tag to get the smoke tests
- uses: actions/checkout@v4
with:
ref: ${{ github.event.release.tag_name || inputs.tag }}
# We need Node LTS and Java v11
- uses: actions/setup-node@v4
with:
node-version: 'lts/*'
- uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '11' # For now, Java version is hardcoded.
# Install SF, and the release candidate version.
- run: npm install -g @salesforce/cli
- run: sf plugins install @salesforce/sfdx-scanner@latest-rc
# Log the installed plugins for easier debugging.
- run: sf plugins
# Attempt to run the smoke tests.
- run: smoke-tests/smoke-test${{ matrix.os.exe }} sf
# Upload the smoke test result as an artifact, so it's visible for later.
- uses: actions/upload-artifact@v4
if: ${{ always() }}
with:
name: ${{ runner.os }}-smoke-test-results
path: smoke-test-results
# Step 4: Promote the release candidate to latest.
promote-to-latest:
needs: rc-test
runs-on: ubuntu-latest
steps:
- uses: actions/setup-node@v4
with:
node-version: 'lts/*'
- run: |
echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc
npm dist-tag add @salesforce/sfdx-scanner@${{ github.event.release.tag_name || inputs.tag }} latest
# Step 5: Create a Pull Request for merging `main` into `dev`
create-main2dev-pull-request:
needs: promote-to-latest
runs-on: macos-latest
env:
GH_TOKEN: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }}
permissions:
contents: write
pull-requests: write
steps:
# Check out `main`
- uses: actions/checkout@v4
with:
ref: 'main'
# Create a new branch based on `main`, so that merge conflicts can be manually resolved if need be.
- run: |
NEW_VERSION=$(jq -r ".version" package.json)
git checkout -b m2d/v$NEW_VERSION
git push --set-upstream origin m2d/v$NEW_VERSION
# Create a Pull Request from the new branch into `dev`.
- run: |
NEW_VERSION=$(jq -r ".version" package.json)
# For whatever reason, the version of 'echo' on GHAs doesn't process backspace by default.
# The non-POSIX-standard -e flag causes it to do that.
echo -e "This branch and PR were automatically created following the successful release of v$NEW_VERSION.\n\
It must be MERGED into dev, NOT SQUASHED OR REBASED. Squashing or rebasing this branch onto dev can cause potentially irreconcilable merge conflicts later.\n\
As an additional safeguard and reminder, the title of this PR MUST include the word 'merging' in the description portion of the PR title, e.g., 'Main2Dev @W-XXXXXXX@ Merging main to dev after vX.Y.Z'.\n\
If there are conflicts between dev and this branch, you should do the following locally:\n\
- $ git checkout dev\n\
- $ git pull\n\
- $ git fetch --all\n\
- $ git checkout m2d/v$NEW_VERSION\n\
- $ git pull origin dev --no-rebase # You MUST include this flag, or someone's day will be ruined.\n\
- Resolve the merge conflicts manually. When in doubt, ask the code's author for help.\n\
- $ git commit\n\
- $ git push" > body.txt
# Create the pull request.
gh pr create -B dev -H m2d/v$NEW_VERSION --title "Filler title. Read description and rename." -F body.txt