feat: generate and use new token scoped to startup lib #51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Publish dev npm package to GitHub | |
| on: | |
| push: | |
| branches: | |
| - 'dev' | |
| paths-ignore: | |
| - package.json | |
| - package-lock.json | |
| workflow_dispatch: | |
| jobs: | |
| build-and-publish: | |
| runs-on: ubuntu-latest | |
| env: | |
| GH_TOKEN: '${{ secrets.FRMS_COE_STARTUP }}' | |
| permissions: | |
| packages: write | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Setup Node.js (.npmrc) | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 16.x | |
| registry-url: https://npm.pkg.github.com/ | |
| # Defaults to the user or organization that owns the workflow file | |
| scope: '@tazama-lf' | |
| - name: Set up NPM authentication | |
| run: | | |
| echo "//npm.pkg.github.com/:_authToken=${{ secrets.FRMS_COE_STARTUP }}" > ~/.npmrc | |
| cat .npmrc | |
| - name: Configure Git | |
| run: | | |
| git config user.email ${{ secrets.GH_EMAIL }} | |
| git config user.name ${{ secrets.GH_USERNAME }} | |
| - name: Version bumping | |
| env: | |
| GH_TOKEN: '${{ secrets.FRMS_COE_STARTUP }}' | |
| run: | | |
| commit_message=$(git log -1 --pretty=%B) | |
| echo "Commit message: $commit_message" | |
| if [[ "$commit_message" == *'feat!:'* ]]; then | |
| npm version major | |
| elif [[ "$commit_message" == *"feat:"* ]]; then | |
| npm version minor | |
| else | |
| npm version prerelease --preid=rc | |
| fi | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build library | |
| run: npm run build | |
| - name: Publish package | |
| env: | |
| GH_TOKEN: ${{ secrets.FRMS_COE_STARTUP }} | |
| run: | | |
| npm publish | |
| - name: Capture Version | |
| id: capture_version | |
| run: | | |
| export version=$(jq -r '.version' package.json) | |
| echo "VERSION=$version" >> $GITHUB_ENV | |
| - name: Push Changes in package.json and make PRs | |
| run: | | |
| export GH_USERNAME=${{ secrets.GH_USERNAME }} | |
| export GH_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
| git config --global user.name ${{ secrets.GH_USERNAME }} | |
| # Clear the GITHUB_TOKEN environment variable and use a temporary file for gh authentication | |
| echo "${{ secrets.GITHUB_TOKEN }}" > /tmp/gh_token | |
| unset GITHUB_TOKEN | |
| unset GH_TOKEN | |
| gh auth login --with-token < /tmp/gh_token | |
| git clone https://${{ secrets.GH_USERNAME }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git | |
| REPO_NAME=$(basename -s .git https://github.com/${{ github.repository }}.git) | |
| cd $REPO_NAME | |
| echo "Currently in repository directory: $(pwd)" | |
| if git ls-remote --heads origin version-bump | grep version-bump; then | |
| # Branch exists, pull the latest changes | |
| git checkout version-bump | |
| git pull origin version-bump | |
| else | |
| # Branch does not exist, create it | |
| git checkout -b version-bump | |
| fi | |
| git config --global user.email ${{ secrets.GH_EMAIL }} | |
| git config --global user.name ${{ secrets.GH_USERNAME }} | |
| # print current version | |
| sed -i 's/"version": "[^"]*"/"version": "'"${{ env.VERSION }}"'"/' package.json | |
| cat package.json | |
| git add . | |
| git commit -m "chore: Bump version after publishing to Github NPM" || echo "No changes to commit" | |
| git push origin version-bump || git push origin version-bump --force | |
| gh pr create --title "build: Automated PR; Bump version after publishing to Github NPM" --body "This pull request updates the version in the `package.json` and `package-lock.json` after the package was published." --base dev --head version-bump --assignee ${{ secrets.GH_USERNAME }} --label build || echo "PR already exists, updating existing PR" | |
| PR_ID=$(gh pr view --json number -q ".number") | |
| echo "PR_ID=$pr_id" >> $GITHUB_ENV | |
| # Cleanup | |
| rm /tmp/gh_token | |
| # Send Slack Notification | |
| - name: Send Slack Notification | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| run: | | |
| # Fetch the PR ID from the environment | |
| PR_ID=${{ env.PR_ID }} | |
| curl -X POST -H 'Content-type: application/json' --data '{ | |
| "blocks": [ | |
| { | |
| "type": "header", | |
| "text": { | |
| "type": "plain_text", | |
| "text": "New NPM GitHub package published :white_check_mark:", | |
| "emoji": true | |
| } | |
| }, | |
| { | |
| "type": "section", | |
| "fields": [ | |
| { | |
| "type": "mrkdwn", | |
| "text": "*Github Repository:*\nhttps://github.com/${{ github.repository }}" | |
| }, | |
| { | |
| "type": "mrkdwn", | |
| "text": "*Pull Requests:*\n<https://github.com/${{ github.repository }}/pull/${{ steps.capture_pr.outputs.PR_ID }}|List${{ steps.capture_pr.outputs.PR_ID }}>" | |
| } | |
| ] | |
| }, | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "Please head over to the github repository and merge the PR linked above to update the `package.json` with the newly published npm package." | |
| } | |
| } | |
| ] | |
| }' $SLACK_WEBHOOK_URL |