-
Notifications
You must be signed in to change notification settings - Fork 34
147 lines (141 loc) · 5.3 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: Publish Packages
on:
workflow_call:
inputs:
version:
type: string
required: true
description: Version of the artifact to publish
prerelease:
type: boolean
default: false
required: false
description: Version of the artifact to publish
isPullRequest:
type: boolean
default: ${{ github.event_name == 'pull_request' }}
required: false
skipNxCache:
type: boolean
default: false
required: false
description: Skip the nx cache
gitRef:
type: string
default: ''
required: false
description: Checkout a specific git ref
secrets:
AZURE_VSC_EXT_TOKEN:
required: false
description: Token to publish Visual Studio Code extension
NPM_TOKEN:
required: false
description: PAT to publish on npmjs.org
AZURE_AUTH_TOKEN:
required: false
description: Token of the user publishing on Azure Feeds for PR Artifacts
AZURE_USERNAME:
required: false
description: Name of the user publishing on Azure Feeds for PR Artifacts
AZURE_EMAIL:
required: false
description: Email of the user publishing on Azure Feeds for PR Artifacts
CASCADING_AZURE_APP_PUBLISH_PROFILE:
required: false
description: Profile authentication to publish the Cascading Application
env:
NX_SKIP_NX_CACHE: ${{ inputs.skipNxCache }}
permissions:
contents: read
jobs:
publish:
runs-on: ubuntu-latest
env:
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
environment: ${{inputs.isPullRequest && 'development' || 'production'}}
permissions:
contents: read
# Needed to publish with provenance
id-token: write
steps:
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
fetch-depth: 2
ref: ${{ inputs.gitRef }}
- uses: ./tools/github-actions/download-build-output
- uses: ./tools/github-actions/setup
- run: yarn set:version ${{ inputs.version }}
- name: Get tag name
id: get-npm-tag
uses: ./tools/github-actions/get-npm-tag
with:
is-prerelease: ${{ inputs.prerelease }}
version: ${{ inputs.version }}
- name: Publish
run: yarn run publish --tag=${{ inputs.isPullRequest && 'pr' || steps.get-npm-tag.outputs.tag }} ${{ inputs.isPullRequest && '--userconfig=./.npmrc.pr' || ''}} --always-auth=true ${{ !inputs.isPullRequest && '--provenance' || ''}}
env:
GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
AZURE_AUTH_TOKEN: ${{ secrets.AZURE_AUTH_TOKEN }}
AZURE_USERNAME: ${{ secrets.AZURE_USERNAME }}
AZURE_EMAIL: ${{ secrets.AZURE_EMAIL }}
publish-cascading:
if: '!inputs.isPullRequest'
runs-on: ubuntu-latest
env:
APP_PATH: 'apps/github-cascading-app/dist'
environment: 'cascading-app'
steps:
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
fetch-depth: 2
- uses: ./tools/github-actions/download-build-output
- uses: ./tools/github-actions/setup
- run: yarn set:version ${{ inputs.version }}
- name: Get tag name
id: get-npm-tag
uses: ./tools/github-actions/get-npm-tag
with:
is-prerelease: ${{ inputs.prerelease }}
version: ${{ inputs.version }}
- name: 'NPM install locally'
run: |
pushd './${{env.APP_PATH}}'
npm install
popd
- name: 'Publish Cascading Azure Functions'
env:
PUBLISH_PROFILE: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_8996AC226FB9456EA73A6B8439B12946 || secrets.CASCADING_AZURE_APP_PUBLISH_PROFILE }}
if: env.PUBLISH_PROFILE != null && (github.base_ref == 'main' || github.ref_name == 'main')
uses: Azure/functions-action@238dc3c45bb1b04e5d16ff9e75cddd1d86753bd6 # v1.5.1
with:
app-name: 'github-cascading'
slot-name: 'production'
package: './${{env.APP_PATH}}'
publish-profile: ${{ env.PUBLISH_PROFILE }}
publish-extensions:
runs-on: ubuntu-latest
environment: ${{inputs.isPullRequest && 'development' || 'production'}}
needs: [publish]
steps:
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
fetch-depth: 2
- uses: ./tools/github-actions/download-build-output
- uses: ./tools/github-actions/setup
- run: yarn set:version ${{ inputs.version }}
- name: Publish Extensions
if: '!inputs.prerelease'
run: yarn run ${{ endsWith(inputs.version, '.0') && 'publish:extensions' || 'publish:extensions:affected --base=HEAD~1' }}
env:
VSCE_PAT: ${{ secrets.AZURE_VSC_EXT_TOKEN }}
CHROME_CLIENT_ID: ${{ secrets.CHROME_CLIENT_ID }}
CHROME_EXT_ID: ${{ secrets.CHROME_EXT_ID }}
CHROME_REFRESH_TOKEN: ${{ secrets.CHROME_REFRESH_TOKEN }}
- name: Expose Chrome extension artifact
if: '!inputs.prerelease'
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: chrome-extension
path: apps/chrome-devtools/chrome-extension.zip