Create workflows to release Node.js adapter from own repo #521
Conversation
There was a problem hiding this comment.
Couple of notes:
- I think this workflow doesn't need individual jobs, this could all be handled in a single job entirely. This also reduces the amount of re-downloading artifacts and settig up tooling, and makes it all easier to follow.
- We can probably remove release related scripts such as
set-version.shandrelease.shfrom the project root.
.github/workflows/x-release.yml
Outdated
|
|
||
| jobs: | ||
|
|
||
| show-inputs: |
There was a problem hiding this comment.
There is no need for this, there is an expandable section in the action that shows all the inputs when ran on CI. See this job on the main repo for example:
There was a problem hiding this comment.
+1, copy/pasted it from the keycloak-rel, where it is used on many places. But agree not needed and will remove it.
.github/workflows/x-release.yml
Outdated
| git commit -a -m "Set version to ${{ inputs.tag }}" | ||
|
|
||
| - name: Tag commit | ||
| run: git tag --force ${{ inputs.tag }} |
There was a problem hiding this comment.
Why are we doing a --force here?
There was a problem hiding this comment.
Again, copy/paste from keycloak-rel :-)
I guess the --force is used for the case of broken release, which failed in some further step, but has already tags created. In that case, you are able to re-run the release workflow and eventually overwrite existing tag. But I guess we don't need for the node.js release as it is relatively simple IMO? So will try to remove it.
There was a problem hiding this comment.
Updated to remove --force
| run: git tag --force ${{ inputs.tag }} | ||
|
|
||
| - name: Push changes | ||
| run: git push --force origin refs/tags/${{ inputs.tag }} |
There was a problem hiding this comment.
This would only push the tag right? Don't we also want to push the commit itself?
There was a problem hiding this comment.
The commit itself is pushed just into the tag. But it is not pushed to the main branch (or release/X.Y branch) itself. I think it is done intentionally that way and it is the approach used in all Keycloak repositories.
For example last commit in the 26.0.7 tag contains the version commit: https://github.com/keycloak/keycloak-nodejs-connect/commits/26.0.7/ .
But the release/26.0 branch itself, from which the tag was created, does not contain that version commit: https://github.com/keycloak/keycloak-nodejs-connect/commits/release/26.0 .
I prefer to be consistent with other Keycloak repositories and hence keep put the version commit just to the tag. Or did you mean something different?
.github/workflows/x-release.yml
Outdated
| else | ||
| echo 'false' | ||
| fi | ||
| )" >> $GITHUB_ENV |
There was a problem hiding this comment.
Let's not push this into the env, an individual step can have outputs that can be read in other steps (see GitHub documentation).
There was a problem hiding this comment.
Ok, thanks. Was again copy/paste existing stuff from keycloak-rel . Will try to improve it.
mposolda
force-pushed
the
520-release-wf
branch
from
10dc7df to
0a8a83e
Compare
+1 for the point 1. I will rewrite that to use the steps only and not individual jobs. Was trying to be consistent with For (2), I will remove |
closes keycloak#520 Signed-off-by: mposolda <[email protected]> Co-authored-by: Jon Koops <[email protected]> Signed-off-by: Marek Posolda <[email protected]>
mposolda
force-pushed
the
520-release-wf
branch
from
efeafcb to
9e81c9f
Compare
|
@jonkoops Updated a PR to:
Re-review welcome |
closes #520
Ability to release node.js adapter from it's own repository. PR introduces 2 workflows:
Release nightly- for trigger nightly releases of node.js adapterRelease- for trigger regular release of node.js adapterWorkflows are doing same steps like the related workflows in
keycloak-rel. There is related PR to keycloak-rel, which removes the node.js related workflows fromkeycloak-rel: keycloak-rel-testing/keycloak-rel#45 (So far only PR to the "testing" fork of keycloak-rel)Secrets needed
The workflows require secret present in the repository, which is not there yet:
NPM_TOKEN- Token needed to be able to publish to npm registry like https://www.npmjs.com/package/keycloak-connect/v/26.0.7 . Needed only forRelease(not needed forRelease nightly)Note that
GH_TOKENorGITHUB_TOKENis not needed as a secret in the repository due it is created automatically and has the needed permissions.Testing
Workflows tested in my own fork (everything work as expected, but publishing to NPM was only executed with
--dry-run, so did not publish anything. I don't have properNPM_TOKENanyway in my repository):https://github.com/mposolda/keycloak-nodejs-connect/actions/runs/12242029832
https://github.com/mposolda/keycloak-nodejs-connect/actions/runs/12242053798