-
Notifications
You must be signed in to change notification settings - Fork 51
99 lines (98 loc) · 4.17 KB
/
publish-to-npm.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
name: publish-to-npm
on:
release:
types: [released]
# Support manual releases in case something goes wrong, or we need to do a test.
workflow_dispatch:
inputs:
tag:
description: Tag to be published
type: string
required: true
jobs:
# Step 1: Verify that the tag we're trying to release is a valid candidate for publishing.
verify-candidate-tag:
runs-on: ubuntu-latest
steps:
# Check out the release branch, and get its head commit as output for later.
- uses: actions/checkout@v3
with:
ref: 'release'
- run: echo "COMMIT_ID=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
id: get-branch-commit
# Checkout the tag we want to release, and get its head commit as output for later.
- uses: actions/checkout@v3
with:
ref: ${{ github.event.release.tag_name || inputs.tag }}
- run: echo "COMMIT_ID=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
id: get-tag-commit
# If the two commits aren't identical, the tag isn't eligible for release.
- name: Fail non-matching commits
if: ${{ steps.get-branch-commit.outputs.COMMIT_ID != steps.get-tag-commit.outputs.COMMIT_ID }}
run: |
echo "Tag commit must match latest commit in release. Branch is ${{ steps.get-branch-commit.outputs.COMMIT_ID }}. Tag is ${{ steps.get-tag-commit.outputs.COMMIT_ID }}"
exit 1
# Verify that the tag is of the format "vX.Y.Z", where the X, Y, and Z exactly match the corresponding values in
# `package.json`'s version property.
- name: Compare tag to package.json
run: |
TAG=${{ github.event.release.tag_name || inputs.tag }}
PACKAGE_VERSION=v`cat package.json | jq '.version' | xargs`
[[ ${TAG} == ${PACKAGE_VERSION} ]] || (echo "Tag name must match package.json version, prefixed by lowercase v" && exit 1)
# Step 2: Publish the tag as a release candidate.
publish-rc:
needs: verify-candidate-tag
uses: salesforcecli/github-workflows/.github/workflows/npmPublish.yml@main
with:
ctc: false # We've been told we don't have to care about this until someone makes us care.
sign: true
tag: latest-rc # Publish as a release candidate, so we can do our validations against it.
githubTag: ${{ github.event.release.tag_name || inputs.tag }}
secrets: inherit
# Step 3: Run smoke tests against the release candidate.
rc-test:
needs: publish-rc
strategy:
# By default, if any job in a matrix fails, all other jobs are immediately cancelled. This option makes the jobs
# run to completion instead.
fail-fast: false
matrix:
os: [{vm: ubuntu-latest, exe: .sh}, {vm: windows-2019, exe: .cmd}]
runs-on: ${{ matrix.os.vm }}
steps:
# We need to checkout the tag to get the smoke tests
- uses: actions/checkout@v3
with:
ref: ${{ github.event.release.tag_name || inputs.tag }}
# We need Node LTS and Java v11
- uses: actions/setup-node@v3
with:
node-version: 'lts/*'
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '11' # For now, Java version is hardcoded.
# Install SF, and the release candidate version.
- run: npm install -g @salesforce/cli
- run: sf plugins install @salesforce/sfdx-scanner@latest-rc
# Log the installed plugins for easier debugging.
- run: sf plugins
# Attempt to run the smoke tests.
- run: smoke-tests/smoke-test${{ matrix.os.exe }} sf
# Upload the smoke test result as an artifact, so it's visible for later.
- uses: actions/upload-artifact@v3
if: ${{ always() }}
with:
name: ${{ runner.os }}-smoke-test-results
path: smoke-test-results
# Step 4: Promote the release candidate to latest.
promote-to-latest:
needs: rc-test
runs-on: ubuntu-latest
steps:
- uses: actions/setup-node@v3
with:
node-version: 'lts/*'
- run: |
echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc
npm dist-tag add @salesforce/sfdx-scanner@${{ github.event.release.tag_name || inputs.tag }} latest