Fix/Move last updated file generation to be above attestations step (… #1612
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish to NPM | |
on: | |
workflow_dispatch: | |
inputs: | |
release_type: | |
type: choice | |
description: Release Type | |
options: | |
- alpha | |
- release | |
required: true | |
default: alpha | |
upgrade_type: | |
type: choice | |
description: Upgrade Type | |
options: | |
- none | |
- patch | |
- minor | |
# - major | |
required: false | |
default: none | |
dry_run: | |
type: boolean | |
description: "(Optional) Dry run" | |
required: false | |
default: false | |
push: | |
branches: | |
- main | |
env: | |
RELEASE_TYPE: ${{ github.event.inputs.release_type || 'alpha' }} | |
UPGRADE_TYPE: ${{ github.event.inputs.upgrade_type || 'none' }} | |
DRY_RUN: ${{ github.event.inputs.dry_run || 'false' }} | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event.inputs.release_type || 'alpha' }}-${{ github.event.inputs.upgrade_type || 'none' }} | |
cancel-in-progress: false | |
jobs: | |
Publish: | |
name: Publish Workflow | |
runs-on: ubuntu-latest-4-cores | |
env: | |
GH_TOKEN: ${{ secrets.TS_IMMUTABLE_SDK_GITHUB_TOKEN }} | |
NODE_OPTIONS: --max-old-space-size=14366 | |
SDK_PUBLISH_SLACK_WEBHOOK: ${{ secrets.SDK_PUBLISH_SLACK_WEBHOOK }} | |
permissions: | |
id-token: write # ! Required for GitHub Attestations, removing will create a Sev 0 incident ! | |
attestations: write # ! Required for GitHub Attestations, removing will create a Sev 0 incident ! | |
steps: | |
- name: Check Public Release Branch | |
if: contains(env.RELEASE_TYPE , 'release') && (github.ref != 'refs/heads/main') | |
run: failure("Public releases should be only done from main branch, current branch ${{ github.ref }}") | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
token: ${{ secrets.TS_IMMUTABLE_SDK_GITHUB_TOKEN }} | |
- name: Setup | |
uses: ./.github/actions/setup | |
- name: Setup Github | |
run: | | |
git config user.name "platform-sa" | |
git config user.email "[email protected]" | |
- name: Get tags | |
run: git fetch --tags | |
- name: Workout next version string | |
run: | | |
upgrade_type=${{ env.UPGRADE_TYPE }} | |
if [ ${{ contains(env.UPGRADE_TYPE, 'none') }} == true ] | |
then | |
upgrade_type="" | |
revision_upgrade=$( ${{ contains(env.RELEASE_TYPE, 'alpha') }} && echo '--revision' || echo '') | |
else | |
upgrade_type="--$upgrade_type" | |
fi | |
echo upgrade_type=$upgrade_type | |
echo revision_upgrade=$revision_upgrade | |
./.github/scripts/version-up.sh --${{ env.RELEASE_TYPE }} $upgrade_type --apply $revision_upgrade | |
shell: bash | |
- name: Lint | |
run: yarn lint | |
- name: Get next version string | |
id: version | |
run: | | |
echo "NEXT_VERSION=$(git describe --tags --abbrev=0)" >> $GITHUB_OUTPUT | |
- name: Typecheck | |
run: yarn typecheck | |
- name: Test | |
run: yarn test | |
- name: Update package.json version for build | |
run: | | |
tmp=$(mktemp) | |
jq '.version = "${{steps.version.outputs.NEXT_VERSION}}"' ./sdk/package.json > "$tmp" && mv "$tmp" ./sdk/package.json | |
# WARNING: build step should be after typecheck and test steps. This is to make sure build artifacts are overwritten by the lint and tests steps. | |
- name: Build | |
run: | | |
export NODE_OPTIONS=--max-old-space-size=6144 && RELEASE_TYPE=${{ env.RELEASE_TYPE }} yarn build | |
ls -l ./sdk/dist/browser/checkout || echo 1 | |
[ -d "./sdk/dist/browser/checkout" ] || { echo "Error: Directory does not exist." && exit 1; } | |
- name: Push tags | |
# Boolean inputs are not actually booleans, see https://github.com/actions/runner/issues/1483 | |
if: (env.DRY_RUN) == 'false' | |
run: | | |
echo "$(git push --tags)" | |
- name: Pre Release Step | |
if: contains(env.RELEASE_TYPE, 'alpha') | |
id: pre_release | |
uses: JS-DevTools/npm-publish@v3 | |
with: | |
token: ${{ secrets.TS_IMMUTABLE_SDK_NPM_TOKEN }} | |
access: public | |
package: ./sdk/package.json | |
tag: ${{ contains(env.RELEASE_TYPE, 'alpha') && 'alpha' }} | |
dry-run: ${{ env.DRY_RUN }} | |
- name: Generate last_updated.json | |
if: (env.DRY_RUN) == 'false' | |
run: | | |
echo "{\"timestamp\": \"$(date -u +"%Y-%m-%dT%H:%M:%SZ")\"}" > ./sdk/last_updated.json | |
cp ./sdk/last_updated.json ./sdk/dist/ | |
# ! Do NOT remove - this will cause a Sev 0 incident ! | |
- name: Generate SDK attestation | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-path: './sdk' | |
- name: Authenticate NPM | |
if: contains(env.RELEASE_TYPE, 'release') | |
run: npm config set //registry.npmjs.org/:_authToken ${{ secrets.TS_IMMUTABLE_SDK_NPM_TOKEN }} | |
- name: Release | |
id: npm_release | |
if: contains(env.RELEASE_TYPE, 'release') | |
run: yarn release --ci --no-increment -c .release-it.json $( ${{ env.DRY_RUN }} && echo "--dry-run" || echo "") --github.tokenRef=${{ secrets.TS_IMMUTABLE_SDK_GITHUB_TOKEN }} | |
- name: Warm up CDN | |
id: warm_up_cdn | |
if: contains(env.RELEASE_TYPE, 'release') | |
run: | | |
wget https://cdn.jsdelivr.net/npm/@imtbl/sdk/dist/browser/checkout/widgets.js | |
wget https://cdn.jsdelivr.net/npm/@imtbl/sdk/dist/browser/checkout/sdk.js | |
# Wait for 30 seconds to make sure the tag is available on GitHub | |
- uses: GuillaumeFalourd/wait-sleep-action@v1 | |
with: | |
time: "30" | |
- name: Create GitHub Release | |
id: gh_release | |
if: contains(env.RELEASE_TYPE, 'release') && env.DRY_RUN == 'false' | |
run: gh release create ${{ steps.version.outputs.NEXT_VERSION }} --title ${{ steps.version.outputs.NEXT_VERSION }} --draft=false --prerelease=false --generate-notes --repo immutable/ts-immutable-sdk --target main | |
- name: Get GitHub Release Name and URL | |
if: contains(env.RELEASE_TYPE, 'release') && env.DRY_RUN == 'false' | |
id: release | |
run: | | |
echo "RELEASE_NAME=$(gh release view --json name | jq -r .name)" >> $GITHUB_OUTPUT | |
echo "RELEASE_URL=$(gh release view --json url | jq -r .url)" >> $GITHUB_OUTPUT | |
- name: Notify SDK Slack Publish Success | |
if: ${{ success() && (steps.npm_release.conclusion == 'success' || steps.pre_release.conclusion == 'success') && env.DRY_RUN == 'false' }} | |
uses: ./.github/actions/notify-slack-publish-status | |
with: | |
message: "✅ ${{ github.triggering_actor }} successfully published SDK version ${{steps.version.outputs.NEXT_VERSION}} to NPM.\n\nhttps://www.npmjs.com/package/@imtbl/sdk/v/${{steps.version.outputs.NEXT_VERSION}}" | |
- name: Notify SDK Slack Publish Failure | |
if: ${{ failure() && (steps.npm_release.conclusion == 'failure' || steps.pre_release.conclusion == 'failure' || steps.gh_release.conclusion == 'failure') && env.DRY_RUN == 'false' }} | |
uses: ./.github/actions/notify-slack-publish-status | |
with: | |
message: "❌ Failed to publish SDK version ${{steps.version.outputs.NEXT_VERSION}} to NPM. ${{ github.triggering_actor }} please check the logs for more details." |