Skip to content

Fix/Move last updated file generation to be above attestations step (… #1612

Fix/Move last updated file generation to be above attestations step (…

Fix/Move last updated file generation to be above attestations step (… #1612

Workflow file for this run

name: Publish to NPM
on:
workflow_dispatch:
inputs:
release_type:
type: choice
description: Release Type
options:
- alpha
- release
required: true
default: alpha
upgrade_type:
type: choice
description: Upgrade Type
options:
- none
- patch
- minor
# - major
required: false
default: none
dry_run:
type: boolean
description: "(Optional) Dry run"
required: false
default: false
push:
branches:
- main
env:
RELEASE_TYPE: ${{ github.event.inputs.release_type || 'alpha' }}
UPGRADE_TYPE: ${{ github.event.inputs.upgrade_type || 'none' }}
DRY_RUN: ${{ github.event.inputs.dry_run || 'false' }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event.inputs.release_type || 'alpha' }}-${{ github.event.inputs.upgrade_type || 'none' }}
cancel-in-progress: false
jobs:
Publish:
name: Publish Workflow
runs-on: ubuntu-latest-4-cores
env:
GH_TOKEN: ${{ secrets.TS_IMMUTABLE_SDK_GITHUB_TOKEN }}
NODE_OPTIONS: --max-old-space-size=14366
SDK_PUBLISH_SLACK_WEBHOOK: ${{ secrets.SDK_PUBLISH_SLACK_WEBHOOK }}
permissions:
id-token: write # ! Required for GitHub Attestations, removing will create a Sev 0 incident !
attestations: write # ! Required for GitHub Attestations, removing will create a Sev 0 incident !
steps:
- name: Check Public Release Branch
if: contains(env.RELEASE_TYPE , 'release') && (github.ref != 'refs/heads/main')
run: failure("Public releases should be only done from main branch, current branch ${{ github.ref }}")
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.TS_IMMUTABLE_SDK_GITHUB_TOKEN }}
- name: Setup
uses: ./.github/actions/setup
- name: Setup Github
run: |
git config user.name "platform-sa"
git config user.email "[email protected]"
- name: Get tags
run: git fetch --tags
- name: Workout next version string
run: |
upgrade_type=${{ env.UPGRADE_TYPE }}
if [ ${{ contains(env.UPGRADE_TYPE, 'none') }} == true ]
then
upgrade_type=""
revision_upgrade=$( ${{ contains(env.RELEASE_TYPE, 'alpha') }} && echo '--revision' || echo '')
else
upgrade_type="--$upgrade_type"
fi
echo upgrade_type=$upgrade_type
echo revision_upgrade=$revision_upgrade
./.github/scripts/version-up.sh --${{ env.RELEASE_TYPE }} $upgrade_type --apply $revision_upgrade
shell: bash
- name: Lint
run: yarn lint
- name: Get next version string
id: version
run: |
echo "NEXT_VERSION=$(git describe --tags --abbrev=0)" >> $GITHUB_OUTPUT
- name: Typecheck
run: yarn typecheck
- name: Test
run: yarn test
- name: Update package.json version for build
run: |
tmp=$(mktemp)
jq '.version = "${{steps.version.outputs.NEXT_VERSION}}"' ./sdk/package.json > "$tmp" && mv "$tmp" ./sdk/package.json
# WARNING: build step should be after typecheck and test steps. This is to make sure build artifacts are overwritten by the lint and tests steps.
- name: Build
run: |
export NODE_OPTIONS=--max-old-space-size=6144 && RELEASE_TYPE=${{ env.RELEASE_TYPE }} yarn build
ls -l ./sdk/dist/browser/checkout || echo 1
[ -d "./sdk/dist/browser/checkout" ] || { echo "Error: Directory does not exist." && exit 1; }
- name: Push tags
# Boolean inputs are not actually booleans, see https://github.com/actions/runner/issues/1483
if: (env.DRY_RUN) == 'false'
run: |
echo "$(git push --tags)"
- name: Pre Release Step
if: contains(env.RELEASE_TYPE, 'alpha')
id: pre_release
uses: JS-DevTools/npm-publish@v3
with:
token: ${{ secrets.TS_IMMUTABLE_SDK_NPM_TOKEN }}
access: public
package: ./sdk/package.json
tag: ${{ contains(env.RELEASE_TYPE, 'alpha') && 'alpha' }}
dry-run: ${{ env.DRY_RUN }}
- name: Generate last_updated.json
if: (env.DRY_RUN) == 'false'
run: |
echo "{\"timestamp\": \"$(date -u +"%Y-%m-%dT%H:%M:%SZ")\"}" > ./sdk/last_updated.json
cp ./sdk/last_updated.json ./sdk/dist/
# ! Do NOT remove - this will cause a Sev 0 incident !
- name: Generate SDK attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: './sdk'
- name: Authenticate NPM
if: contains(env.RELEASE_TYPE, 'release')
run: npm config set //registry.npmjs.org/:_authToken ${{ secrets.TS_IMMUTABLE_SDK_NPM_TOKEN }}
- name: Release
id: npm_release
if: contains(env.RELEASE_TYPE, 'release')
run: yarn release --ci --no-increment -c .release-it.json $( ${{ env.DRY_RUN }} && echo "--dry-run" || echo "") --github.tokenRef=${{ secrets.TS_IMMUTABLE_SDK_GITHUB_TOKEN }}
- name: Warm up CDN
id: warm_up_cdn
if: contains(env.RELEASE_TYPE, 'release')
run: |
wget https://cdn.jsdelivr.net/npm/@imtbl/sdk/dist/browser/checkout/widgets.js
wget https://cdn.jsdelivr.net/npm/@imtbl/sdk/dist/browser/checkout/sdk.js
# Wait for 30 seconds to make sure the tag is available on GitHub
- uses: GuillaumeFalourd/wait-sleep-action@v1
with:
time: "30"
- name: Create GitHub Release
id: gh_release
if: contains(env.RELEASE_TYPE, 'release') && env.DRY_RUN == 'false'
run: gh release create ${{ steps.version.outputs.NEXT_VERSION }} --title ${{ steps.version.outputs.NEXT_VERSION }} --draft=false --prerelease=false --generate-notes --repo immutable/ts-immutable-sdk --target main
- name: Get GitHub Release Name and URL
if: contains(env.RELEASE_TYPE, 'release') && env.DRY_RUN == 'false'
id: release
run: |
echo "RELEASE_NAME=$(gh release view --json name | jq -r .name)" >> $GITHUB_OUTPUT
echo "RELEASE_URL=$(gh release view --json url | jq -r .url)" >> $GITHUB_OUTPUT
- name: Notify SDK Slack Publish Success
if: ${{ success() && (steps.npm_release.conclusion == 'success' || steps.pre_release.conclusion == 'success') && env.DRY_RUN == 'false' }}
uses: ./.github/actions/notify-slack-publish-status
with:
message: "✅ ${{ github.triggering_actor }} successfully published SDK version ${{steps.version.outputs.NEXT_VERSION}} to NPM.\n\nhttps://www.npmjs.com/package/@imtbl/sdk/v/${{steps.version.outputs.NEXT_VERSION}}"
- name: Notify SDK Slack Publish Failure
if: ${{ failure() && (steps.npm_release.conclusion == 'failure' || steps.pre_release.conclusion == 'failure' || steps.gh_release.conclusion == 'failure') && env.DRY_RUN == 'false' }}
uses: ./.github/actions/notify-slack-publish-status
with:
message: "❌ Failed to publish SDK version ${{steps.version.outputs.NEXT_VERSION}} to NPM. ${{ github.triggering_actor }} please check the logs for more details."